Privacy policy – Gesundheitszentrum Mümmelmannsberg

Data protection information

§ 1 Information on the collection of personal data

(1) In the following, we provide information about the processing of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, email addresses, user behavior.
(2) The controller pursuant to Art. 4 (7) GDPR is:
Gesundheit für Billstedt/Horn UG (haftungsbeschränkt)
Hermannstraße 10
20095 Hamburg
Phone: +49 40 73 67 71 30
Email: kontakt(at)gesundheit-bh.de

You can contact our external data protection officer at:
Ms. Kerstin Lange
c/o Vater Solution GmbH
Boschstraße 5
24118 Kiel
E-mail: kelange(at)vater-gruppe.de

(3) Contacting us
When you contact us by email or via a contact form, the data you provide (your email address, your name and telephone number if applicable) will be stored by us in order to answer your questions.
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us in accordance with Art. 6 para. 1 lit. f GDPR or on your consent in accordance with Art. 6 para. 1 lit. a GDPR, if this has been requested.
We will retain the contact data until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after your inquiry has been processed). Mandatory statutory provisions - in particular retention periods - remain unaffected.

(4) We use service providers who work exclusively on our behalf and in accordance with our instructions to provide the service offered, e.g. to host our systems or operate our IT. These providers have been carefully selected by us and are regularly monitored.
Your data will only be stored by us for as long as it is required for the purposes on which the processing is based. Beyond this, we only store data insofar as we are legally obliged to do so, e.g. due to statutory retention obligations.

§ 2 Your rights

(1) You have the following rights vis-à-vis a controller with regard to the personal data concerning you:
- right of access,
- right to rectification or erasure,
- right to restriction of processing,
- right to object to processing,
- right to data portability.

(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

§ 3 Processing of personal data when visiting our website

When using the website for information purposes, i.e. simply viewing it without registering and without providing us with any other information, we process the personal data that your browser transmits to our server. The data described below is technically necessary for us to display our website to you and to ensure stability and security and must therefore be processed by us: IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (page visited), access status/HTTP status code, amount of data transferred in each case, website from which the request comes, browser, operating system, language and version of the browser software. The storage period is 14 days. The legal basis is Art. 6 para. 1 lit. f GDPR.

§ 4 Objection or revocation against the processing of your data

(1) If you have given your consent to the processing of your data, you can withdraw this consent at any time by contacting the controller using the contact details provided above. Such a revocation affects the permissibility of the processing of your personal data after you have given it to us. The permissibility of the processing of your data up to the time of your revocation remains unaffected.

(2) Insofar as we base the processing of your personal data on the balancing of interests, you can object to the processing. This is the case if, in particular, the processing is not necessary for the performance of a contract with you, which is described by us in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data in the way we do. In the event of your objection, we will examine the situation and will either discontinue or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.

§ 5 Data protection information for applicants

We are delighted that you are interested in us and are applying for a position in our company. We would like to provide you with the following information on the processing of your personal data in connection with your application.

We process the data that you have sent us in connection with your application in order to check your suitability for the position (or any other open positions in our companies) and to carry out the application process.

The legal basis for the processing of your personal data in this application procedure is primarily Art. 6 para. 1 lit. b GDPR. This permits the processing of data required in connection with the decision to establish an employment relationship.
Should the data be required for legal prosecution after completion of the application process, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. Our interest then lies in the assertion of or defense against claims.

Applicants' data will be deleted after 6 months in the event of a rejection.
If you have agreed to your personal data being stored for a longer period, we will transfer your data to our applicant pool. The data will be deleted there after two years.
If you have been accepted for a position as part of the application process, the data will be transferred to your personnel file.

Your application data will be reviewed by HR managers after we receive your application. Suitable applications are then forwarded internally to the department managers responsible for the respective open position. The further process is then coordinated. Within the company, only those persons have access to your data who need it for the proper course of our application process.
Please do not send us any photos, details of your marital status or other sensitive data.

§ 6 Our presence on social networks

(1) We have various presences on social media platforms. We have presences on LinkedIn, Facebook, Instagram, X and YouTube.
Types of data processed: Contact data (e.g. email, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
Data subjects: Users (e.g. website visitors, users of the social media platforms).
Purposes of processing: Contact requests and communication; feedback (e.g. collecting feedback via online form); marketing.
The legal basis for the processing of your data on the social media platforms is Art. 6 para. 1 lit. f GDPR.

Facebook: Social network; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; parent company: Meta Platforms Inc, Menlo Park, California, USA.
Facebook data policy: https://www.facebook.com/policy
In addition to presenting information and news about our group of companies, we also use Facebook to evaluate the Insights service. This is done on the basis of joint responsibility. The regulations for internal INSIGHTS processing at Facebook can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data
and are briefly summarized here:
Data subject rights can be asserted with Facebook Ireland and with us, but the primary responsibility under the GDPR for the processing of Insights data lies with Facebook.
We do not make any decisions regarding the processing of Insights data and all other information arising from Art. 13 GDPR, including the legal basis, identity of the controller and storage duration of cookies on user end devices.
Facebook complies with all obligations under the GDPR with regard to the processing of Insights data. Facebook Ireland provides the essentials of the Page Insights Supplement to data subjects.
For more information, see the Facebook Privacy Policy.
Privacy Policy: https://www.facebook.com/about/privacy
Meta-contractual addendum for the transfer of European data (with standard contractual clauses): https://www.facebook.com/legal/EU_data_transfer_addendum

Instagram: Social network; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; parent company: Meta Platforms Inc., Menlo Park, California, USA.
Cookie Policy: https://help.instagram.com/1896641480634370?ref=ig
Instagram Privacy Policy: https://instagram.com/about/legal/privacy.

X: Social network; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; parent company: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA;
Privacy Policy: https://twitter.com/privacy
Settings: https://twitter.com/personalization

YouTube: On our website we link to our YouTube channel.
service provider is Google Ireland Limited (incorporated and operated under Irish law) (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland
Privacy Policy: https://policies.google.com/privacy
Opt-Out: https://adssettings.google.com/authenticated

LinkedIn: Social network; service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland;
Data protection information: https://www.linkedin.com/legal/privacy-policy Standard contractual clauses: https://legal.linkedin.com/dpa
Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Data processing agreement: https://legal.linkedin.com/dpa
For the internal processing of Page Insights at LinkedIn, please refer to the regulations at https://legal.linkedin.com/pages-joint-controller-addendum.

(2) We use the technical platform and services of the providers for these information services. We would like to point out that you use our presence on social media platforms and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). When you visit our websites, the providers of the social media platforms collect, among other things, your IP address and other information that is stored on your device in the form of cookies. This information is used to provide us, as the operator of the accounts, with statistical information about the interaction with us.

(3) The data collected about you in this context is processed by the platforms and may be transferred to countries outside the European Union, in particular the USA. According to their own statements, all of the aforementioned providers maintain an adequate level of data protection. The European Commission has issued the adequacy decision on the EU-U.S. Data Privacy Framework ("DPF"). The EU Commission has thus determined that those companies in the USA that are subject to the self-certification mechanism of the EU-U.S. Data Privacy Framework and are named in a published list offer an adequate level of protection.

Meta Platforms Inc., Menlo Park, California, USA ("Meta") and Google LLC, Mountain View, California have certified themselves for the EU-U.S. Data Privacy Framework (successor to the "Privacy Shield") with regard to the processing of personal data in the European Union.

We do not know how the social media platforms use the data from your visit to our account and interaction with our posts for their own purposes, how long this data is stored and whether data is passed on to third parties. Data processing may differ depending on whether you are registered and logged in to the social network or whether you visit the site as a non-registered and/or non-logged-in user. When you access a post or the account, the IP address assigned to your end device is transmitted to the provider of the social media platform. If you are currently logged in as a user, a cookie on your device can be used to track how you have moved around the network. Buttons integrated into websites enable the platforms to record your visits to these websites and assign them to your respective profile. This data can be used to tailor content or advertising to you. If you want to avoid this, you should log out or deactivate the "stay logged in" function, delete the cookies on your device and restart your browser.

(4) As the provider of the information service, we also only process the data from your use of our service that you provide to us and that requires interaction. For example, if you ask a question that we can only answer by email, we will store your information in accordance with the general principles of our data processing, which we describe in this privacy policy.

(5) To exercise your rights as a data subject, you can contact us or the provider of the social media platform. If one party is not responsible for responding or must receive the information from the other party, we or the provider will then forward your request to the respective partner. Please contact the operator of the social media platform directly for questions about profiling and the processing of your data when using the website. If you have any questions about the processing of your interaction with us on our site, please write to the contact details provided by us above [siehe unter § 1 (2)].

(6) What information the social media platform receives and how it is used is described by the providers in their data protection notices. There you will also find information about contact options and the settings options for advertisements.

§ 7 Timeliness

This privacy policy is dated 12.01.2024. However, we would like to point out that it may be necessary to revise this privacy policy from time to time due to actual or legal changes.