DATA PROTECTION
VITALplus physiotherapy
Data protection
This data protection declaration clarifies the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and the websites, functions and content associated with it, as well as external online presences, such as our social media profile (hereinafter referred to as collectively referred to as “Online Offering”). With regard to the terms used, such as "processing" or "person responsible", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Responsible:
Physiotherapy Vitalplus
cf Physio Greifswald GmbH
Ernst-Thälmann-Ring 56
17491 Greifswald
Managing Director: Mr. Stefan Blank
Contact:
Telephone: 03834-8383814
Email: info@vitalplus-physio.de
Types of data processed:
- Inventory data (eg, names, addresses).
- Contact information (e.g., email, phone numbers).
- Content data (e.g., text input, photographs, videos).
- Usage data (e.g. websites visited, interest in content, access times).
- Meta/communication data (e.g. device information, IP addresses).
Categories of data subjects
Visitors and users of the online offer (in the following we refer to the persons concerned as "users".
purpose of processing
- Provision of the online offer, its functions and content.
- Answering contact requests and communicating with users.
- Safety measures.
- Reach measurement/marketing
Relevant legal bases
In accordance with Art. 13 GDPR, we will inform you of the legal basis for our data processing. If the legal basis is not mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 (1) lit. a and Art Answering inquiries is Article 6(1)(b) GDPR, the legal basis for processing to fulfill our legal obligations is Article 6(1)(c) GDPR, and the legal basis for processing to safeguard our legitimate interests is Article 6(1)(c) GDPR 6 Paragraph 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 Paragraph 1 lit. d GDPR serves as the legal basis.
Changes and updates to the privacy policy
We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as the changes in the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.
Safety measures
In accordance with Art. 32 GDPR, we take appropriate technical measures, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing as well as the different probability of occurrence and severity of the risk for the rights and freedoms of natural persons and organizational measures to ensure a level of protection appropriate to the risk; The measures include, in particular, securing the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, transfer, securing availability and their separation. Furthermore, we have set up procedures that ensure that the rights of data subjects are exercised, that data is deleted and that data is reacted to if the data is at risk. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software and processes, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Article 25 GDPR).
The security measures include, in particular, the encrypted transmission of data between your browser and our server.
Cooperation with processors and third parties
If, as part of our processing, we disclose data to other people and companies (contract processors or third parties), transmit it to them or otherwise grant them access to the data, this is only done on the basis of legal permission (e.g. if the data is transmitted to third parties, as to payment service providers, pursuant to Art. 6 Para. 1 lit. b GDPR is required for the fulfillment of the contract), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties to process data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 DSGVO.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or this happens as part of the use of third-party services or disclosure or transmission of data to third parties, this only takes place if it is to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means that the processing takes place, for example, on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to that of the EU (e.g. for the USA through the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
Rights of data subjects
You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.
You have accordingly. Art. 16 DSGVO the right to request the completion of the data concerning you or the correction of incorrect data concerning you.
In accordance with Art. 17 GDPR, you have the right to demand that the data in question be deleted immediately, or alternatively, in accordance with Art. 18 GDPR, to demand a restriction of the processing of the data.
You have the right to request that you receive the data that you have provided to us in accordance with Art. 20 GDPR and to request that it be transmitted to other responsible parties.
You also have the right, in accordance with Article 77 GDPR, to lodge a complaint with the competent supervisory authority.
right of withdrawal
You have the right to revoke your consent in accordance with Article 7 (3) GDPR with effect for the future.
Right to object
You can object to the future processing of data relating to you at any time in accordance with Art. 21 GDPR. The objection can be made in particular against processing for direct advertising purposes.
Cookies and the right to object to direct advertising
We use temporary and permanent cookies, ie small files that are stored on the user's device (for an explanation of the term and function, see the last section of this data protection declaration). Some of the cookies are used for security or are required for the operation of our online offer (e.g. for the presentation of the website) or to save the user decision when confirming the cookie banner. In addition, we or our technology partners use cookies for range measurement and marketing purposes, about which users are informed in the course of the data protection declaration.
A general objection to the use of cookies for online marketing purposes can be raised for a large number of services, especially in the case of tracking, via the US sitehttp://www.aboutads.info/choices/or the EU sidehttp://www.youronlinechoices.com/be explained. Furthermore, the storage of cookies can be achieved by switching them off in the browser settings. Please note that in this case not all functions of this online offer can be used.
deletion of data
The data processed by us will be deleted or their processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage requirements. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.
According to legal requirements, storage is carried out in particular for 6 years in accordance with Section 257 (1) HGB (books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with Section 147 (1) AO (books, records, management reports , accounting documents, commercial and business letters, documents relevant to taxation, etc.).
Provision of contractual services
We process inventory data (e.g. names and addresses as well as contact details of users), contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Article 6 Paragraph 1 lit b. GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.
Deletion takes place after statutory warranty and comparable obligations have expired, the necessity of storing the data is checked every three years; in the case of legal archiving obligations, the deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) storage obligation); Information in the customer account remains until it is deleted.
health care benefits
We process the data of our patients and interested parties and other clients or contractual partners (uniformly referred to as "patients") in accordance with Article 6 (1) (b) GDPR in order to provide them with our contractual or pre-contractual services. The data processed here, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship. The processed data basically includes the patient's inventory and master data (e.g. name, address, etc.), as well as contact data (e.g. e-mail address, telephone number, etc.), contract data (e.g. services used, products purchased, costs, names of contact persons) and payment data (e.g., bank details, payment history, etc.).
As part of our services, we can also process special categories of data in accordance with Article 9 Paragraph 1 GDPR, here in particular information on the health of the patient, possibly with reference to their sex life or sexual orientation. To this end, if necessary, we will obtain, in accordance with Article 6 Paragraph 1 Letter a., Article 7, Article 9 Paragraph 2 Letter a. DSGVO an express consent of the patients and otherwise process the special categories of data for health care purposes on the basis of Art. 9 Para. 2 lit h. GDPR, Section 22 Paragraph 1 No. 1 b. BDSG.
If necessary for the fulfillment of the contract or by law, we disclose or transmit patient data in the context of communication with medical professionals, third parties who are required or typically involved in the fulfillment of the contract, such as laboratories, billing offices or comparable service providers, provided this is necessary for the provision of our services in accordance with Art. Art. 6 para. 1 lit b. DSGVO serves, according to Art. 6 Para. 1 lit c. GDPR is prescribed, serves our interests or those of patients in efficient and cost-effective healthcare as a legitimate interest pursuant to Article 6 Paragraph 1 lit f. GDPR or pursuant to Article 6 Paragraph 1 lit d. GDPR is necessary. to protect the vital interests of patients or another natural person or within the scope of consent in accordance with Article 6 Paragraph 1 Letter a., Article 7 GDPR.
The data will be deleted if the data is no longer required to fulfill contractual or legal duties of care or to deal with any warranty and comparable obligations, with the necessity of storing the data being checked every three years; Otherwise, the statutory retention requirements apply.
Therapeutic services and coaching
We process the data of our clients and prospects and other clients or contractual partners (uniformly referred to as "clients") in accordance with Article 6 Paragraph 1 Letter b) GDPR in order to provide them with our contractual or pre-contractual services. The data processed here, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship. The processed data basically includes inventory and master data of the client (e.g. name, address, etc.), as well as contact data (e.g. e-mail address, telephone number, etc.), contract data (e.g. services used, fees, names of contact persons, etc.) and payment data (eg, bank details, payment history, etc.).
As part of our services, we can also process special categories of data in accordance with Article 9 Paragraph 1 GDPR, in particular information on the health of the client, possibly with reference to their sex life or sexual orientation, ethnic origin or religious or ideological beliefs . To this end, if necessary, we will obtain, in accordance with Article 6 Paragraph 1 Letter a., Article 7, Article 9 Paragraph 2 Letter a. DSGVO an explicit consent of the client and otherwise process the special categories of data for health care purposes on the basis of Art. 9 Para. 2 lit h. GDPR, Section 22 Paragraph 1 No. 1 b. BDSG.
If necessary for the fulfillment of the contract or by law, we disclose or transmit the data of the clients in the context of communication with other specialists, third parties who are required or typically involved in the fulfillment of the contract, such as billing offices or comparable service providers, provided this is necessary for the provision of our services in accordance with Art. 6 paragraph 1 letter b. DSGVO serves, according to Art. 6 Para. 1 lit c. GDPR is prescribed, serves our interests or those of our clients in efficient and cost-effective healthcare as a legitimate interest pursuant to Article 6 Paragraph 1 lit f. GDPR or pursuant to Article 6 Paragraph 1 lit d. GDPR is necessary. to protect the vital interests of the client or another natural person or within the scope of consent in accordance with Article 6 Paragraph 1 Letter a., Article 7 GDPR.
The data will be deleted if the data is no longer required to fulfill contractual or legal duties of care or to deal with any warranty and comparable obligations, with the necessity of storing the data being checked every three years; Otherwise, the statutory retention requirements apply.
Contractual Services
We process the data of our contractual partners and interested parties as well as other clients, customers, clients, clients or contractual partners (uniformly referred to as "contractual partners") in accordance with Article 6 Paragraph 1 lit. b. GDPR in order to provide you with our contractual or pre-contractual services. The data processed here, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship.
The processed data includes the master data of our contractual partners (e.g. names and addresses), contact data (e.g. e-mail addresses and telephone numbers) as well as contract data (e.g. services used, contract content, contractual communication, names of contact persons) and payment data (e.g. bank details, payment history).
In principle, we do not process special categories of personal data, unless these are part of commissioned or contractual processing.
We process data that is required to justify and fulfill the contractual services and point out the need to provide them if this is not evident to the contractual partner. Disclosure to external persons or companies will only take place if it is required under a contract. When processing the data provided to us as part of an order, we act in accordance with the instructions of the client and the legal requirements.
When using our online services, we can save the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests, as well as the interests of the user in protection against misuse and other unauthorized use. In principle, this data will not be passed on to third parties unless it is necessary to pursue our claims in accordance with Article 6 (1) (f) GDPR or there is a legal obligation to do so in accordance with Article 6 (1) (c). GDPR.
The data will be deleted if the data is no longer required to fulfill contractual or legal duties of care or to deal with any warranty and comparable obligations, with the necessity of storing the data being checked every three years; Otherwise, the statutory retention requirements apply.
Revocation of your consent to data processing
Some data processing operations are only possible with your express consent. You can revoke your consent that you have already given at any time. An informal message by e-mail is sufficient for the revocation. The legality of the data processing that took place up until the revocation remains unaffected by the revocation.
Right to lodge a complaint with the competent supervisory authority
As a data subject, you have the right to lodge a complaint with the competent supervisory authority in the event of a breach of data protection law. The competent supervisory authority with regard to data protection issues is the state data protection officer of the federal state in which our company is based. The following link provides a list of data protection officers and their contact details: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to third parties. It is provided in a machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done to the extent that it is technically feasible.
Right to information, correction, blocking, deletion
You have the right to free information about your stored personal data, the origin of the data, its recipient and the purpose of the data processing and, if necessary, a right to correction, blocking or deletion of this data at any time within the framework of the applicable legal provisions. You can contact us at any time using the contact options listed in the legal notice if you have any further questions on the subject of personal data.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses an SSL or. TLS encryption. This means that data that you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the "https://" address line of your browser and by the lock symbol in the browser line.
Server log files
The provider of the website automatically collects and stores information in server log files, which your browser automatically transmits to us. These are:
- Visited page on our domain
- Date and time of server request
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- IP address
This data is not merged with other data sources. The basis for data processing is Art. 6 Paragraph 1 lit. b GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures.
Registration on this site
You can register on our website to use certain functions. The transmitted data is used exclusively for the purpose of using the respective offer or service. Mandatory information requested during registration must be provided in full. Otherwise we will refuse the registration.
In the event of important changes, for example for technical reasons, we will inform you by e-mail. The e-mail will be sent to the address given during registration.
The data entered during registration is processed on the basis of your consent (Article 6 (1) (a) GDPR). You can revoke your consent that you have already given at any time. An informal message by e-mail is sufficient for the revocation. The legality of the data processing that has already taken place remains unaffected by the revocation.
We store the data collected during registration during the period that you are registered on our website. Your data will be deleted if you cancel your registration. Statutory retention periods remain unaffected.
contact form
Data transmitted via the contact form will be stored, including your contact details, in order to be able to process your request or to be available for follow-up questions. This data will not be passed on without your consent.
The data entered in the contact form is processed exclusively on the basis of your consent (Article 6 (1) (a) GDPR). You can revoke your consent that you have already given at any time. An informal message by e-mail is sufficient for the revocation. The legality of the data processing operations that took place up until the revocation remains unaffected by the revocation.
Data transmitted via the contact form will remain with us until you ask us to delete it, revoke your consent to storage or there is no longer any need for data storage. Mandatory legal provisions - in particular retention periods - remain unaffected.
Newsletter Data
To send our newsletter, we need an e-mail address from you. It is necessary to verify the e-mail address provided and to consent to receiving the newsletter. Additional data is not collected or is voluntary. The data is used exclusively for sending the newsletter.
The data provided when registering for the newsletter will only be processed on the basis of your consent (Article 6 (1) (a) GDPR). You can revoke your consent that you have already given at any time. An informal message by e-mail is sufficient for the revocation or you can unsubscribe via the "unsubscribe" link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
Data entered to set up the subscription will be deleted if you unsubscribe. If this data has been transmitted to us for other purposes and elsewhere, it will remain with us.
YouTube
Our website uses plugins from YouTube to integrate and display video content. The provider of the video portal is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
When a page with an integrated YouTube plugin is called up, a connection to the YouTube servers is established. This tells YouTube which of our pages you have accessed.
YouTube can assign your surfing behavior directly to your personal profile if you are logged into your YouTube account. You can prevent this by logging out beforehand.
YouTube is used in the interest of an attractive presentation of our online offers. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR.
Details on handling user data can be found in YouTube's data protection declaration at: https://www.google.de/intl/de/policies/privacy.
cookies
Our website uses cookies. These are small text files that your web browser stores on your end device. Cookies help us to make our offer more user-friendly, effective and secure.
Some cookies are “session cookies.” Such cookies are automatically deleted at the end of your browser session. On the other hand, other cookies remain on your end device until you delete them yourself. Such cookies help us to recognize you when you return to our website.
With a modern web browser you can monitor, restrict or prevent the setting of cookies. Many web browsers can be configured in such a way that cookies are automatically deleted when the program is closed. The deactivation of cookies can result in limited functionality of our website.
The setting of cookies, which are necessary to carry out electronic communication processes or to provide certain functions you want (e.g. shopping cart), takes place on the basis of Article 6 Paragraph 1 Letter f GDPR. As the operator of this website, we have a legitimate interest in the storage of cookies for the technically error-free and smooth provision of our services. If other cookies are set (e.g. for analysis functions), they will be treated separately in this data protection declaration.
Google Analytics
Our website uses functions of the web analysis service Google Analytics. The provider of the web analysis service is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
Google Analytics uses "cookies." These are small text files that your web browser stores on your end device and enable analysis of website usage. Information generated by cookies about your use of our website is transmitted to a Google server and stored there. Server location is usually the USA.
Google Analytics cookies are set on the basis of Article 6 (1) (f) GDPR. As the operator of this website, we have a legitimate interest in analyzing user behavior in order to optimize our website and, if necessary, advertising.
IP anonymization
We use Google Analytics in connection with the IP anonymization function. It ensures that Google shortens your IP address within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA. There may be exceptional cases in which Google transmits the full IP address to a server in the USA and shortens it there. On our behalf, Google will use this information to evaluate your use of the website, to create reports on website activity and to provide us with other services related to website activity and internet usage. The IP address transmitted by Google Analytics is not merged with other Google data.
browser plug-in
The setting of cookies by your web browser can be prevented. However, this could limit some functions of our website. You can also prevent the collection of data relating to your website use, including your IP address and subsequent processing by Google. This is possible by downloading and installing the browser plugin available via the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Objection to data collection
You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to our website: Disable Google Analytics.
For details on how Google Analytics handles user data, see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
order processing
In order to fully comply with the legal data protection requirements, we have concluded an order processing contract with Google.
Demographic characteristics in Google Analytics
Our website uses the "demographic characteristics" function of Google Analytics. It can be used to create reports that contain statements about the age, gender and interests of the site visitors. This data comes from interest-based advertising from Google and visitor data from third-party providers. It is not possible to assign the data to a specific person. You can deactivate this function at any time. This is possible via the ad settings in your Google account or by generally prohibiting the collection of your data by Google Analytics, as explained in the point "Objection to data collection".
PayPal
Our website allows payment via PayPal. The provider of the payment service is PayPal (Europe) S.à.rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg.
If you pay with PayPal, the payment data you have entered will be transmitted to PayPal.
Your data is transmitted to PayPal on the basis of Article 6 (1) (a) GDPR (consent) and Article 6 (1) (b) GDPR (processing to fulfill a contract). You can revoke your consent that you have already given at any time. Data processing operations in the past remain effective in the event of revocation.
Google AdSense
Our website uses Google AdSense. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
Google AdSense is used to integrate advertisements and sets cookies. Cookies are small text files that your web browser stores on your end device to analyze how the website is used. Google AdSense also uses web beacons. Web beacons are invisible graphics that enable an analysis of visitor traffic on our website.
Information generated by cookies and web beacons is transmitted to and stored by Google on servers. Server location is the USA. Google may pass this information on to contractual partners. However, Google will not merge your IP address with other data stored by you.
AdSense cookies are stored on the basis of Article 6 (1) (f) GDPR. As the website operator, we have a legitimate interest in analyzing user behavior in order to optimize our website and our advertising.
With a modern web browser you can monitor, restrict and prevent the setting of cookies. The deactivation of cookies can result in limited functionality of our website. By using our website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
Google AdWords and Google Conversion Tracking
Our website uses Google AdWords. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States.
AdWords is an online advertising program. As part of the online advertising program, we work with conversion tracking. After clicking on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that your web browser stores on your end device. Google AdWords cookies lose their validity after 30 days and are not used to personally identify users. We and Google can use the cookie to recognize that you have clicked on an ad and were forwarded to our website.
Each Google AdWords customer receives a different cookie. The cookies are not traceable across AdWords advertiser websites. Conversion cookies are used to create conversion statistics for AdWords customers who use conversion tracking. Adwords customers find out how many users clicked on their ad and were redirected to pages with a conversion tracking tag. However, AdWords customers do not receive any information that would allow users to be personally identified. If you do not wish to participate in tracking, you can object to its use. Here the conversion cookie must be deactivated in the user settings of the browser. This means that there is no inclusion in the conversion tracking statistics.
"Conversion cookies" are stored on the basis of Article 6 (1) (f) GDPR. As the website operator, we have a legitimate interest in analyzing user behavior in order to optimize our website and our advertising.
Details on Google AdWords and Google Conversion Tracking can be found in Google's data protection regulations: https://www.google.de/policies/privacy/.
With a modern web browser you can monitor, restrict or prevent the setting of cookies. The deactivation of cookies can result in limited functionality of our website.
Google Web Fonts
Our website uses web fonts from Google. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
By using these web fonts, it is possible to present you with the presentation of our website that we want, regardless of which fonts are available to you locally. This is done by retrieving the Google Web Fonts from a Google server in the USA and the associated transfer of your data to Google. This is your IP address and which of our pages you have visited. Google Web Fonts are used on the basis of Art. 6 Para. 1 lit. f GDPR. As the operator of this website, we have a legitimate interest in the optimal presentation and transmission of our website.
The company Google is certified for the US-European data protection agreement "Privacy Shield". This data protection agreement is intended to ensure compliance with the data protection level applicable in the EU.
You can find details about Google Web Fonts at: https://www.google.com/fonts#AboutPlace:about and further information in Google's data protection regulations: https://policies.google.com/privacy/partners?hl=de