Privacy Policy

DATA PROTECTION DECLARATION

1. General information and principles of data processing

We are pleased that you are visiting our website. The protection of your privacy and the protection of your personal data when using our website is an important concern for us. According to Art. 4 No. 1 GDPR, “personal data” is any information relating to an identified or identifiable natural person. This includes, for example, information such as your first and last name, your address, your telephone number, your email address, but also your IP address. Data that cannot be linked to your person, such as anonymised data, is not personal data for the purposes of GDPR. Processing (e.g. collection, storage, retrieval, consultation, use, transmission, erasure or destruction) in accordance with Art. 4 No. 2 GDPR always requires your consent or another legal basis. Processed personal data must be erased as soon as the purpose of the processing has been achieved and there are no longer any statutory retention obligations to be complied with.

Here you will find information on how we handle your personal data when you visit our website. In order to provide the functions and services of our website, it is necessary for us to collect personal data about you. Below you will also find information on the type and scope of the respective data processing, the purpose and the corresponding legal basis as well as the respective storage period. This privacy policy only applies to this website. It does not apply to third-party websites to which we merely refer via a hyperlink. We cannot assume any responsibility for the confidential handling of your personal data on these third-party websites, as we have no influence on whether they comply with the statutory data protection regulations. For information on how third parties handle your personal data, please refer directly to their websites.

2. Controller

Jointly responsible for data processing are:

OCM Klinik GmbH, represented by the managing director Cathleen Wenning-Weber
OCM Gemeinschaftspraxis GbR, represented by the managing director Cathleen Wenning-Weber
OCM Medizinisches Versorgungszentrum GbR, represented by the medical director Prof. Dr. med. Martin Jung

Jointly accessible at: 
Steinerstr. 6
81369 Munich
Phone: +49 89.206082-0
Fax: +49 89.206082-333
info@ocm-muenchen.de
www.ocm-muenchen.de

3. Data Protection Officer

If you have any questions about data protection, you can also contact our data protection officer at any time:

Dr Georg F. Schröder, LL.M.
legal data Schröder Rechtsanwaltsgesellschaft mbH
Prannerstr. 1
80333 Munich
Tel: +49-89 - 954 597 520
Fax: +49-89 - 954 597 522
E-Mail: georg.schroeder@legaldata.law

4. Processing of Health Data

a) Type and scope of data collection

We process your personal data, in particular your health data, if you are a patient with us or make an enquiry. This includes medical histories, diagnoses, therapy suggestions and findings that we or other doctors collect. Other doctors or psychotherapists with whom you are receiving treatment may also provide us with data for these purposes (e.g. in doctor's letters).

b) Purpose and legal basis of data collection

Data processing is carried out based on legal requirements in order to fulfil the treatment contract between you and your doctor and the associated obligations. The collection of health data is a prerequisite for your treatment. If the necessary information is not provided, careful treatment cannot take place. The legal basis for processing your data is Article 9 para 2 lit. h GDPR in conjunction with §22 para 1 no 1 lit. b of the German Federal Data Protection Act (BDSG). 

c) Storage period

We will only store your personal data for as long as is necessary to carry out the treatment. Due to legal requirements, we are obliged to store this data for at least 10 years after completion of the treatment. Other regulations may stipulate longer retention periods, for example 30 years for X-ray records in accordance with Section 28 (3) of the X-ray Ordinance (RöV).

5. Electronic Patient File (hereafter: ePF)

a) Type and scope of data collection

You can authorise our doctors to use your ePF. Our doctors will then have access to the health data stored in your electronic health card (eHC) to the extent of your authorisa-tion. You can authorise this either via the app provided by your health insurance provider or directly at our clinic using your electronic health card. Use of the ePF is voluntary for you. You will not be at any disadvantage if you decide not to use the ePF. At your request, we will fill your electronic patient file with the health data available to us (e.g. medical his-tories, diagnoses, treatment suggestions and findings). Patients are entitled to have data transferred to and stored in the ePF, provided that this data is processed electronically by the service providers participating in statutory health insurance (SHI-) accredited medi-cal care as part of the treatment of the insured person and provided that this does not conflict with other legal provisions. Under data protection law, your health insurance fund is responsible for providing the electronic patient file.

b) Purpose and legal basis of data collection

The purpose of data processing is the use of the ePF. The legal basis for the processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR, Art. 9 GDPR in conjunction with §339 para. 1 SGB V and §§344, 344-348 SGB V.

c) Storage period

We will only have access to your ePF for as long as you wish. You have the option of limit-ing the duration of our access through technical settings in your app. You have the op-tion of deleting individual components of your ePF at any time. You also have the option to close your ePF completely at any time, i.e. to have it deleted. To do this, you must re-voke the consent you have given to your health insurance company to use the ePF.

6. Provision and Use of the Website / Server Log Files

a) Type and scope of data processing

If you use this website without transmitting data to us in any other way (e.g. by registering or using the contact form), we collect technically necessary data in the form of log data (so-called log files), which are automatically transmitted to our server by your end device, including

IP address
Date and time of the request
URL of the accessed subpage
URL of the page from which the redirection to our site took place (so-called referrer URL)
Access status/HTTP status code
Type, language and version of the browser software
Operating system

b) Purpose and legal basis of data processing

This processing is technically necessary in order to be able to display our website to you. We also use the data to ensure the security and stability of our website. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR. The processing of the aforementioned data is necessary for the provision of a website and thus serves to safeguard the legitimate interest of our company.

c) Storage period

As soon as the aforementioned personal data is no longer required to display the web-site, it will be deleted within seven days after visiting our website. The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user can not object to this aspect. Further storage may take place in individual cases if this is required by law.

7. Data Collection for the Implementation of pre-contractual Measures and for Contract Fulfilment

a) Type and scope of data processing

We collect personal data about you in the pre-contractual area and upon concluding a contract. This concerns, for example, first and last name, address, e-mail address, telephone number or bank details.

b) Purpose and legal basis of data processing

We collect and process this data exclusively for the purpose of executing the contract or fulfilling pre-contractual obligations.
The legal basis for this is Art. 6 para. 1 lit b GDPR. If you have also given your consent, the additional legal basis is Art. 6 para. 1 lit. a GDPR.

c) Storage period

The data will be deleted as soon as it is no longer required for the purpose of its processing. In addition, there may be statutory retention obligations of up to 10 years, for example retention obligations under commercial or tax law in accordance with the German Commercial Code (HGB) or the German Fiscal Code (AO). If such retention obligations exist, we will block or delete your data when these statutory retention periods expire.

8. Contact Form

a) Type and scope of data processing

On our website, we give you the opportunity to contact us using the provided form for this purpose. As part of the process of sending your enquiry via the contact form, a reference is made to this privacy policy to obtain your consent.

If you use the contact form at www.ocm-muenchen.de/de/kontakt or the contact form at https://www.ocm-muenchen.de/en/orthopedic-surgery-germany, the following personal data may be processed by you:

Customer number
Title
First name
Surname
Postcode
Town
Country
E-mail address
Telephone number
Subject
Content of the message
Any other fields contained in the respective form

When using the contact form, your personal data will not be passed on to third parties.

b) Purpose and legal basis

The purpose of providing your contact details is to be able to respond to your enquiry.
The legal basis for the processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR, which you can revoke at any time for the future.

c) Storage period

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions - in particular retention periods under the German Commercial Code (HGB) or the German Fiscal Code (AO) - remain unaffected by this.

9. contact options by e-mail

a) Type and scope of data processing

You can apply to us by e-mail. When you apply, we collect and store the data that you send us by e-mail (see also section 11 of this privacy policy) or enter in our application form on the website.

b) Purpose and legal basis

The purpose of data processing is to respond appropriately to your enquiry. The legal basis for this is Art. 6 para. 1 lit. f GDPR. There is a legitimate interest in processing your personal data in order to process your enquiry.

c) Storage period

The duration of the storage of the above-mentioned data depends on the reason of your contact. Your personal data will be deleted regularly if the purpose of the communica-tion no longer applies and storage is no longer required due to statutory retention obli-gations. This may result, for example, from the settlement of your request.

10. Smart Telephone Assistant

a) Type and scope of data processing

We use the telephone assistant of the provider Aaron GmbH, Schinkestr. 9, 12047 Berlin, e-mail: hi@aaron.ai (‘Aaron.ai’). With the telephone assistant, you can reach us at any time, even when we are currently looking after our patients or if you call outside our office hours. The telephone assistant will answer and ask for the necessary information for your enquiry (e.g. making an appointment). You can also tell the telephone assistant how we can best reach you. Our practice team receives this information on the computer and can get in touch with you promptly - by phone or text message. With the telephone assistant, your enquiry can be received at any time and then processed by us in a targeted manner.

b) Purpose and legal basis

The purpose of the processing is to manage and process your requests (e.g. making appointments). We have concluded an order processing contract with Aaron.ai that meets the requirements of Art. 28 GDPR. Aaron.ai is legally and contractually obliged to maintain confidentiality and to protect your data. Data processing outside the European Union does not take place.

c) Storage period

After your request has been processed, your data will be deleted from the web-based application, but no later than 3 months after the process has been completed.
Further information on data protection at Aaron.ai can be found in the provider's privacy policy at: https://www.aaron.ai/datenschutz

11. Job application process

a) Type and scope of data processing

You can apply to us by e-mail. When you apply, we collect and store the data you provide to us (see also section 9 of this privacy policy) or enter in our application form on the website.

b) Purpose and legal basis of data processing

We only process your data for the purpose of processing your application. Your data will not be passed on to third parties. The legal basis for the processing is Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 BDSG. If, in the event of a rejection, you give us your consent to the further storage of your data so that we can return to your application in the future, the legal basis is Art. 6 para. 1 lit. a GDPR.

c) Storage period

If we are unable to offer you a position, we will store your data for a maximum of six months after the end of the application process, taking into account § 61b para 1 ArbGG in conjunction with § 15 AGG. The start of the period is the receipt of the rejection letter.
If you have given us your consent to include you in our applicant pool, we will store your data for a maximum of two years.

d) Data transfer

Your data will only be passed on to the departments involved in the decision process (e.g. HR or the relevant specialist division, practice management).
In addition, we may be obliged by law, administrative or court order to transfer your data to public authorities (e.g. public prosecutor's office, police, supervisory authorities, tax office, social insurance institutions, etc.).
Other data recipients may be those bodies for which you have given us your consent to transfer data.

12. Matomo

This website uses the open-source web analysis service Matomo. Matomo uses technol-ogies that enable cross-page recognition of the user to analyse user behaviour (e.g. de-vice fingerprinting). The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymised before storage. With the help of Ma-tomo, we are able to collect and analyse data about the use of our website by the website visitors. This enables us to find out, among other things, when which pages were accessed and from which region. We also record various log files (e.g. IPaddress, referrer, browser and operating system used) and can measure whether our website visitors per-form certain actions (e.g. clicks, purchases, etc.). The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the anonymised analysis of user behaviour in order to optimise both its website and its advertising.

IP anonymisation

We use IP anonymisation for the analysis with Matomo. This means that your IP address is shortened before it is analysed so that it can no longer be clearly assigned to you.

Hosting

We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.

13. Integration of YouTube Videos 

We use the YouTube embedding function to display and play videos from the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: support-deutschland@google.com (“Google”). The extended data protection mode is used here, which, according to the provider, only initiates the storage of user information when the videos are played. If the playback of embedded YouTube videos is started, the provider “YouTube” uses cookies to collect information about user behavior. According to YouTube, these are used, among other things, to record video statistics, improve user-friendliness and prevent abusive behavior. If you are logged in to Google, your data can be assigned directly to your account when you click on a video. If you do not wish to be associated with your YouTube profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and analyzes them. Such an evaluation is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your consent. Regardless of whether the embedded videos are played, a connection to the Google network “DoubleClick” is established each time this website is accessed, which can trigger further data processing operations without our influence. Further information on data protection at “YouTube” can be found in the provider's privacy policy at: https://www.google.de/intl/de/policies/privacy

14. Jameda Widgets and Seals 

The Jameda widget is integrated on this website. The Jameda widget is an offer from jameda GmbH, Balanstraße 71a, 81541 Munich. A widget is a small window that displays variable information. The seal works in a similar way, i.e. it does not always look the same, but the display changes regularly. Although the corresponding content is displayed on our website, it is retrieved from the jameda servers at that moment. Only in this way can the current content always be shown, especially the current rating. For this purpose, a data connection is established from this website to jameda and jameda receives certain technical data (date and time of the visit; the page from which the query is made; Internet Protocol address (IP address) used, browser type and version, device type, operating system and similar technical information), which are necessary for the content to be delivered. However, this data is only used to provide the content and is not stored or used in any other way. With the integration, we pursue the purpose and the legitimate interest of presenting current and correct content on our homepage. The legal basis is Art. 6 para. 1 lit. f GDPR. We do not store the aforementioned data as a result of this integration. Fur-ther information on data processing by jameda can be found in the privacy policy at https://www.jameda.de/info/datenschutz.

15. Social Media

a) Type and scope of data processing

Our website contains links to our profiles on social networks. We provide information there about our products and current special offers. No data is transferred to the opera-tors of the social networks when you load our website, but only when you actively follow the link to our profile on the respective social network. If you access our profile page on a social network, the operator of the social network may place cookies on your device, re-gardless of whether you have an account with the network or whether you are logged in there. Cookies are data packets that mark the user's end device with a specific identifier. Cookies are primarily used to display personalized advertising to visitors to social net-works, including our profile pages.

This is done, for example, by displaying advertisements from advertising partners of the social network whose websites the user has previously visited on the pages of the social network.
Cookies also enable us to compile statistics about the use of our profile page (e.g. num-ber of page views, user categories). If we receive such statistical analyses from the opera-tor of the social network, the data is anonymized by the operator beforehand, i.e. it is not possible for us to assign usage data to an individual user. However, if you are logged in to the social network, the operator of the social network may be able to assign the visit to our profile on the social network to your existing account there.

We have no influence on which data is collected and transmitted by the operator of the social network, to which third party recipients the data is transmitted and how long the data is stored by the operator of the social network. Please refer to the privacy policy of the respective social network.

We do not transmitt your data collected on our profile page on the respective social net-work to third parties unless this is necessary on the basis of your consent or to fulfill a contract with you. If we use external service providers (e.g. in the area of IT), this takes place in the form of order processing with the service provider, on the basis of which the service provider is obliged to process data in accordance with our instructions. In addi-tion, data may be passed on to courts and competent law enforcement and supervisory authorities based on official orders and legal obligations.
You are not obliged to provide us with your data on our profile pages on social networks. If you do not want the operators of the social networks to collect data from you on our profile pages, you can prevent this by not accessing our profile pages.

We delete private messages that you send us via social networks one year after the last communication with you. We will always keep your public posts (e.g. in our timeline) published permanently until you expressly request their deletion.

We reserve the right to delete illegal content published by users on our profile page on the respective social network, e.g. copyright infringements or statements relevant under criminal law.
According to the case law of the European Court of Justice, we are jointly responsible with the operator of the respective social network for the operation of our profile page with regard to compliance with data protection regulations. In this context, the operator of the social network provides the associated IT infrastructure and the website of the social network and is generally the primary point of contact when it comes to the pro-cessing of your data on the pages of the social network (e.g. information or deletion). However, you can also assert your legal rights against us. In this case, we will forward your requests to the operator of the social network.

b) Purpose and legal basis of data processing

The purpose we pursue in processing your data on our profile page on social networks is to provide information about our offers and services and to respond to any inquiries on our profile page. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR. In this re-spect, public relations work is covered by our legitimate interests within the meaning of the provision.

c) Social networks used

Below you will find the contact details of the respective operators of the social networks we use as well as a link to the respective privacy policy for further information on data protection on the social networks:

Facebook:
Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2 D02 X525, Ireland
www.facebook.com/about/privacy/

Instagram:
Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2 D02 X525, Ireland
https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect

YouTube:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 D04 E5W5, Ireland
policies.google.com/privacy

LinkedIn:
Provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland
en.linkedin.com/legal/privacy-policy

The US providers Facebook, Google and LinkedIn may transfer personal data to the USA. This provider obliges recipients located outside the European Union (EU) or the con-tracting states of the Agreement on the European Economic Area (EEA) to comply with an appropriate standard of data protection on the basis of so-called EU standard con-tractual clauses. Please note, however, that we cannot guarantee that these providers definitely comply with the required data protection standard.

16. Data Transmission

We only disclose your personal data to third parties if:
• You have given your express consent to this in individual cases in accordance with Art. 6 para. 1 lit. a GDPR;
• This is legally permissible and necessary in accordance with Art. 6 para. 1 lit. b GDPR or Art. 9 para. 2 lit. h GDPR in conjunction with § 22 para. 1 no. 1 lit. b BDSG for the fulfillment of a contractual relationship with you or the implementation of pre-contractual measures;
• Pursuant to Art. 6 para. 1 lit. c GDPR, there is a legal obligation for the disclosure (e.g. to authorities, social security institutions, health insurance companies, su-pervisory authorities and law enforcement authorities);
• The disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary to safeguard legitimate company interests and to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data (e.g. to debt collection service providers);
• We use external service providers (so-called processors) for processing in accordance with Art. 28 GDPR, who process data in accordance with our instructions and are obliged to handle your data carefully (e.g. in the areas of IT or marketing).

When transferring data to external bodies in third countries, i.e. outside the European Union (EU) or the contracting states of the Agreement on the European Economic Area (EEA), we ensure that these bodies treat your personal data with the same level of protection as within the EU or the EEA. We only transfer personal data to third countries where the EU Commission has confirmed an adequate level of protection or where we can ensure the careful handling of personal data through contractual agreements or other suitable guarantees.

17. Data Security and Security Measures

We are committed to protecting your privacy and treating your personal data confidentially. To this end, we take extensive technical and organizational security precautions, which are regularly reviewed and adapted to technological progress. These include the use of recognized encryption methods (SSL or TLS). However, data that is disclosed without encryption, for example by unencrypted e-mail, may be read by third parties. We have no influence over this. It is the responsibility of the user to protect the data provided by them against misuse by means of encryption or in any other way.

18. Changes to the Privacy Policy

We reserve the right to update this statement at any time if necessary.

19. Your Legal Rights

Below you will find your legal rights in relation to your personal data. Details can be found in Articles 7, 15-22 and 77 GDPR. You can also contact us as the controller (section 2) or our data protection officer (section 3) in this regard.

 a) Right to withdraw your consent under data protection law pursuant to Art. 7 para. 3 sentence 1 GDPR
You can withdraw your consent to the processing of your personal data at any time with effect for the future. However, this does not affect the lawfulness of the processing carried out up to the point of withdrawal.
b) Right to information in accordance with Art. 15 GDPR
You have the right to request confirmation as to whether we are processing personal data concerning you. If this is the case, you have the right to information about this personal data and to further information, e.g. the purposes of processing, the categories of personal data processed, the recipients and the planned duration of storage or the criteria for determining the duration.
c) Right to rectification and completion in accordance with Art. 16 GDPR
You have the right to request the rectification of inaccurate data without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete data.
d) Right to erasure (“right to be forgotten”) pursuant to Art. 17 GDPR
You have the right to erasure if the processing is not necessary. This is the case, for example, if your data is no longer required for the original purposes, if you have revoked your declaration of consent under data protection law or if the data has been processed unlawfully.
 e) Right to restriction of processing in accordance with Art. 18 GDPR
You have a right to restriction of processing, e.g. if you believe that the personal data is incorrect.
f) Right to data portability pursuant to Art. 20 GDPR
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format.
g) Right to object pursuant to Art. 21 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of certain personal data concerning you.
In the case of direct advertising, you as the data subject have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
h) Automated decision-making in individual cases including profiling in accordance with Art. 22 GDPR
You have the right not to be subject to a decision based solely on automated processing - including profiling - except in the exceptional cases mentioned in Art. 22 GDPR.
A decision based solely on automated processing - including profiling - does not take place.
i) Complaint to a data protection supervisory authority pursuant to Art. 77 GDPR
 
You can also lodge a complaint with a data protection supervisory authority at any time, for example if you are of the opinion that the data processing does not comply with data protection regulations.

Responsible supervisory authority:
Bavarian State Office for Data Protection Supervision
P.O. Box 1349
91504 Ansbach
Germany
Telephone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
E-mail: poststelle@lda.bayern.de

20. Analysis Tools and Advertising

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is assigned to the user's end device. It is not assigned to a user ID.

We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected data records and uses machine learning technologies for data analysis.

Google Analytics engages technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

IP anonymization

Google Analytics IP anonymization is activated. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout.
You can find more information on how Google Analytics handles user data in Google's privacy policy: support.google.com/analytics/answer/6004245.

Order processing

We have concluded an order processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Ana-lytics.

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Bar-row Street, Dublin 4, Ireland.

Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States.

Google Tag Manager is used based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Con-sent can be withdrawn at any time.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data pro-tection standards. Further information on this can be obtained from the provider at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms into Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms led to the display of our advertisements and how many advertise-ments led to corresponding clicks.

The use of this service is based on your consent as defined in Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be withdrawn at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Com-mission. Details can be found here: policies.google.com/privacy/frameworks and business.safety.google/controllerterms/.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data pro-tection standards. Further information on this can be obtained from the provider at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active

Google Ads Remarketing

This website uses the functions of Google Ads Remarketing. The provider is Google Ire-land Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Ads Remarketing, we can assign people who interact with our online offer to specific target groups in order to subsequently display interest-based advertising in the Google advertising network (remarketing or retargeting).

Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to Google's cross-device functions. In this way, interest-based, personalized ad-vertising messages that have been adapted to you depending on your previous usage and surfing behavior on one device (e.g. cell phone) can also be displayed on another of your devices (e.g. tablet or PC).

If you have a Google account, you can object to personalized advertising by clicking on the following link: https://adssettings.google.com/anonymous?hl=de

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be withdrawn at any time.

Further information and the data protection provisions can be found in Google's privacy policy at: https://policies.google.com/technologies/ads?hl=de.

Google is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data pro-tection standards. Further information on this can be obtained from the provider at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active.

Target group formation with customer matching

Among other things, we use Google Ads Remarketing customer matching to create target groups. Here we transfer certain customer data (e.g. email addresses) from our customer lists to Google. If the customers in question are Google users and logged into their Google account, they are shown suitable advertising messages within the Google network (e.g. on YouTube, Gmail or in the search engine).

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google conversion tracking, Google and we can recognize whether the user has performed certain actions. For example, we can evaluate which buttons on our website were clicked by how often and which products were viewed or purchased par-ticularly frequently. This information is used to create conversion statistics. We can find out therefore the total number of users who have clicked on our ads and what actions they have taken. We do not receive any information with which we can personally identify the user. Google itself uses further cookies or comparable recognition technologies for identification purposes.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

You can find more information about Google Conversion Tracking in Google's privacy policy: https://policies.google.com/privacy?hl=de

21. Cookies

Our Internet pages use so-called ‘cookies’. Cookies are small data packets and do not cause any damage to your end device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.

Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies can be used to analyse user behaviour or for advertising purposes.

Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping basket function) or to optimise the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies and comparable recognition technologies has been provided, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG); consent can be withdrawn at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
You can find out which cookies and services are used on this website in this privacy policy.

Consent with Cookiebot

Our website uses Cookiebot's consent technology to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document this in accordance with data protection regulations. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter referred to as ‘Cookiebot’).

When you enter our website, a connection is established to Cookiebot's servers in order to obtain your consent and other declarations regarding cookie use. Cookiebot then stores a cookie in your browser in order to be able to assign the consents given or their withdrawal to you. The data collected in this way is stored until you ask us to delete it, delete the Cookiebot cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected.

Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

Order processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which guarantees that Cookiebot processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.