Datenschutz

Privacy policy

introduction

Thank you for visiting our website. Using our website is possible without providing any personal data. However, if you wish to use a special service offered by the naturopathic practice of Dr. Hennig via our website, the processing of personal data may become necessary. In the event that personal data is processed and there is no legal basis for such processing, we will obtain the consent of the data subject. The processing of personal data, such as the name, address, email address, or telephone number of the data subject, is always carried out in compliance with the European General Data Protection Regulation (GDPR) and the country-specific data protection law applicable to the naturopathic practice of Dr. Hennig. In this privacy policy, our company informs data subjects about the type, scope, and purpose of the personal data we process. Furthermore, data subjects are informed about their rights. To ensure the most comprehensive protection possible for the data processed via this website, the naturopathic practice of Dr. Hennig, as the data controller, has implemented extensive technical and organizational measures. Nevertheless, data transmissions on the internet can have security vulnerabilities, and complete protection is not possible. Therefore, every data subject is free to transmit personal data to us via other means, for example, by telephone. 1. Definitions This privacy policy uses terms defined in the General Data Protection Regulation (GDPR). To ensure this privacy policy is easy to read and understand, we explain the terminology used here: 1.1. Personal Data Personal data is any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. 1.2. Data Subjects Data subjects are individuals whose personal data is processed by the controller. 1.3. Processing: Processing means any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. 1.4. Restriction of processing: Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future. 1.5. Pseudonymisation: Pseudonymisation means the processing of personal data in such a way that the personal data can no longer be attributed to a data subject without the aid of additional information. This additional information must be kept securely and separately so that the personal data cannot be attributed to the data subject. 1.6. Controller: The controller or data controller is the company or person, public authority, agency or other body which, alone or jointly with others, decides on the processing of personal data. 1.7. 1.8. Processor: A processor is a company, person, public authority, agency, or other body that processes personal data on behalf of the controller. 1.9. Recipient: A recipient is a company, person, public authority, agency, or other body to whom personal data have been disclosed by transmission. However, public authorities that may receive personal data in the framework of an inquiry are not considered recipients. 1.10. Third Party: A third party is a company, person, public authority, agency, or body other than the data subject, the controller, or the processor, and which, under the direct authority of the controller or processor, is authorized to process personal data. 1.11. Consent: Consent means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. Name and address of the data controller: The data controller within the meaning of the General Data Protection Regulation (GDPR), other data protection laws applicable in the Member States of the European Union, and other provisions of a data protection nature is: Naturopath Dr. Stephan Hennig, Adenauer Allee 23, 53111 Bonn, Germany, Email: info@naturheilpraxis-drhennig.de. Any data subject may contact us at any time with questions or suggestions regarding data protection. Name and address of the State Commissioner for Data Protection and Freedom of Information: State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, P.O. Box 20 04 44, 40102 Düsseldorf, Germany, Tel.: 49 211/38424-0, Fax: 49 211/38424-10, Email: poststelle@ldi.nrw.de. 3. Cookies: The websites of the naturopathic practice Dr. Hennig use cookies. Cookies are text files that are stored and saved on a computer system via an internet browser. Many cookies contain a unique identifier, a so-called cookie ID. This cookie ID allows visited websites and servers to be associated with the internet browser used to access the site, in which this cookie was stored. This enables the visited websites and servers to distinguish the user's internet browser from other internet browsers that contain different cookies. This allows a specific internet browser, and therefore potentially a user, to be recognized and identified. By using cookies, the naturopathic practice of Dr. Hennig can optimize the presentation of information and offers on our website for the user. Cookies enable us to recognize users of our website. The purpose of this recognition is to make it easier for users to use our website. The user can prevent the storage of cookies by our website at any time by adjusting the settings of their internet browser and thus permanently object to the storage of cookies. Cookies that have already been stored can be deleted at any time. This is possible in all common internet browsers. By deactivating cookies, the user may not be able to fully utilize all the functions of our website. Collection of General Data and Information: Our website collects a range of general information each time it is accessed by a data subject or an automated system. This general information is stored in the log files of our web server. The following may be collected: the browser and version used, the operating system used by the accessing system, the website from which an accessing system reached our website, the sub-pages accessed on our website by an accessing system, the date and time of access to our website, an internet protocol address (IP address), the internet service provider of the accessing system, and other similar information that serves to prevent attacks on our systems. When using this general data and information, the naturopathic practice of Dr. Hennig does not draw any conclusions about the data subject. Rather, this information is needed to correctly deliver the content of our website, to optimize advertising for it, to ensure the long-term functionality of our systems and the technology of our website, and to provide law enforcement agencies with the information necessary for prosecution in the event of a cyberattack. This anonymously collected information is statistically evaluated by the naturopathic practice of Dr. Hennig. This information is further analyzed to enhance data protection and data security and to ensure the protection of the personal data we process. The anonymous data from the log files is stored separately from any personal data provided by a data subject. 5. Registration on our website: The data subject has the option to register on our website of the data controller by providing personal data. The personal data transmitted to the controller is determined by the respective input form used for registration. The personal data entered by the data subject is collected and stored exclusively for registration purposes. The controller may transfer this data to one or more processors, who will also use the personal data exclusively for internal purposes attributable to the controller. Furthermore, by registering on the website of the data controller, the IP address assigned by the data subject's internet service provider, the date, and the time of registration are stored. Storing this data serves to prevent misuse of our services. This data can help to investigate criminal offenses. This data will not be disclosed to third parties unless there is a legal obligation to do so or disclosure is necessary for law enforcement purposes. The registration of the data subject, through the voluntary provision of personal data, enables the data controller to offer the data subject content or services that are only available to registered users. Registered users have the option to modify the personal data provided during registration at any time or to have it completely deleted from the data controller's database. Within the legal framework, the data controller will provide any data subject, upon request, with information about which personal data concerning them is stored. Furthermore, the data controller will correct or delete personal data at the request or instruction of the data subject, provided that no legal retention obligations prevent this. The data protection officer and all employees of the data controller are available to the data subject as points of contact in this regard. 6. Contact Options via the Website The website of the naturopathic practice Dr. Hennig contains an email address, a fax number, and a telephone number, which enable quick electronic contact and direct communication with our company. If a data subject contacts the controller via email or a contact form, the personal data transmitted by the data subject will be stored automatically. Such personal data transmitted on a voluntary basis by a data subject to the controller will be stored exclusively for the purpose of processing the request or contacting the data subject. This personal data will not be disclosed to third parties. 7. Comment Function in the Blog on the Website: The naturopathic practice of Dr. Hennig offers users a blog located on the controller's website. Here, it is possible to leave individual comments on specific posts. A blog is a publicly accessible portal maintained on a website in which one or more persons (bloggers) publish articles or write down their thoughts in so-called blog posts. The blog posts can be commented on by third parties. If a data subject leaves a comment in the blog published on this website, in addition to the comment left by the data subject, information about the time the comment was submitted and the username (pseudonym) chosen by the data subject will also be stored and published. Furthermore, the IP address assigned by the data subject's internet service provider (ISP) is also logged. This IP address is stored for security reasons in case the data subject infringes the rights of third parties or posts unlawful content through a comment. This collected personal data will not be disclosed to third parties unless such disclosure is required by law or serves the legal defense of the data controller. 8. Subscription to Comments on the Blog on the Website: Comments posted on the blog of the naturopathic practice of Dr. Hennig can be subscribed to by third parties. In particular, a commenter can subscribe to subsequent comments on a specific blog post. If a data subject chooses to subscribe to comments, the data controller will send an automatic email as confirmation to verify that the owner of the specified email address has opted for this feature. The option to subscribe to comments can be canceled at any time. 9. Routine Erasure and Blocking of Personal Data The controller processes and stores personal data only for the period necessary to achieve the purpose of storage or as long as this is provided for in laws or regulations to which the controller is subject. If the purpose of storage ceases to apply or the storage period prescribed by the competent legislator expires, the personal data is routinely blocked or erased in accordance with legal requirements. 10. Rights of the Data Subject 10.1. Right to Confirmation Every data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to exercise this right, he or she may contact our data protection officer or another employee. 10.2. Right of Access Every data subject whose personal data are being processed has the right to obtain from the controller, free of charge, information about the personal data stored about him or her and a copy of this data. Furthermore, the data subject has the right to obtain information about the following: the purposes of the processing; the categories of personal data being processed; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. The data subject also has the right to be informed whether personal data are transferred to a third country or to an international organization. were. If this is the case, the data subject also has the right to be informed of the appropriate safeguards relating to the transfer. If a data subject wishes to exercise this right of access, they can contact our data protection officer or another employee of the controller at any time. 10.3. Right to rectification. Every data subject whose personal data is being processed has the right to request the immediate rectification of inaccurate personal data concerning them. Furthermore, the data subject has the right, taking into account the purposes of the processing, to have incomplete personal data completed, including by means of providing a supplementary statement. If a data subject wishes to exercise this right to rectification, they can contact our data protection officer or another employee of the controller at any time. 10.4. Right to erasure (right to be forgotten): Every data subject whose personal data is being processed has the right to request from the controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies and where the processing is not necessary: The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed. The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing. The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR. The personal data have been unlawfully processed. The personal data have to be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject. The personal data was collected in relation to information society services offered pursuant to Article 8(1) GDPR. If one of the aforementioned grounds applies and a data subject wishes to have their personal data stored at the naturopathic practice of Dr. Hennig erased, they can contact us. We will ensure that the erasure request is complied with immediately. If the personal data of the naturopathic practice of Dr. Hennig has been made public and our company, as the controller pursuant to Article 17(1) GDPR, is obliged to erase the personal data, the naturopathic practice of Dr. Hennig, taking into account available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the published personal data that the data subject has requested the erasure by those other controllers of any links to, or copies or replications of, such personal data, insofar as processing is not necessary. 10.5. Right to restriction of processing. Every data subject whose personal data is being processed has the right to request from the controller the restriction of processing where one of the following applies: The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data. The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead. The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims. The data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject. If one of the above conditions applies and a data subject requests the restriction of processing of personal data processed by the naturopathic practice of Dr. Anyone wishing to request the restriction of their personal data stored by Hennig can contact our data protection officer or another employee of the controller at any time. An employee will then arrange for the restriction of processing. 10.6. Right to data portability Every data subject has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format. He also has the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Furthermore, when exercising the right to data portability pursuant to Article 20(1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others. To assert the right to data portability, the data subject may contact the naturopathic practice of Dr. Hennig at any time. 10.7. Right to object: Every data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions. In the event of such an objection, the naturopathic practice of Dr. Hennig will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the purpose of establishing, exercising or defending legal claims. Where the naturopathic practice of Dr. Hennig processes personal data for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing. This also applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to processing for direct marketing purposes, the naturopathic practice of Dr. Hennig will no longer process the personal data for these purposes. Hennig will no longer process the personal data for these purposes. Furthermore, the data subject has the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out by the naturopathic practice of Dr. Hennig for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest. To exercise the right to object, the data subject can contact the naturopathic practice of Dr. Hennig directly. The data subject is also free, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise his or her right to object by automated means using technical specifications. 10.8. Automated individual decision-making, including profiling: Every data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless the decision is necessary for entering into, or performing, a contract between the data subject and the controller, or is authorized by law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or is based on the data subject's explicit consent. If the decision is necessary for entering into, or performing, a contract between the data subject and the controller, or is based on the data subject's explicit consent, the naturopathic practice of Dr. Hennig takes appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, including at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision. If the data subject wishes to assert rights relating to automated decision-making, he or she can contact our data protection officer or another employee of the controller. 10.9. Right to withdraw consent under data protection law. Every data subject has the right to withdraw his or her consent to the processing of personal data at any time. If the data subject wishes to exercise his or her right to withdraw consent, he or she can contact our data protection officer or another employee of the controller at any time. 11. Data protection in applications and the application process. The controller collects and processes the personal data of applicants for the purpose of processing the application. Processing may also be carried out electronically. This is particularly the case if an applicant submits corresponding application documents to the controller electronically, for example by email or via a web form on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with legal regulations. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, unless other legitimate interests of the controller preclude deletion. A legitimate interest in this sense is, for example, the need to retain evidence in proceedings under the German General Equal Treatment Act (AGG). 12. Legal Basis for Processing: Article 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations that are necessary for carrying out pre-contractual measures, such as in cases of inquiries about our products or services. If our company is subject to a legal obligation that requires the processing of personal data, such as for fulfilling tax obligations, the processing is based on Article 6(1)(c) GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises and their name, age, health insurance details, or other vital information had to be disclosed to a doctor, hospital, or other third party. In this case, the processing would be based on Article 6(1)(d) GDPR. Finally, processing operations could be based on Article 6(1)(f) GDPR. This legal basis applies to processing operations not covered by any of the aforementioned legal bases if the processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Such processing operations are permitted to us in particular because they have been specifically mentioned by the legislator (Recital 47, sentence 2, GDPR). 13. Legitimate interests in the processing pursued by the controller or a third party. If the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is the conduct of our business activities for the benefit of the well-being of all our employees and our shareholders. 14. Duration for which the personal data will be stored. The criterion for the duration of storage of personal data is the respective statutory retention period. After expiry of this period, the corresponding data is routinely deleted, provided it is no longer required for the performance of a contract or for taking steps prior to entering into a contract. 15. Legal or contractual requirements for providing personal data; necessity for entering into a contract; obligation of the data subject to provide the personal data; possible consequences of failure to provide such data. We inform you that the provision of personal data is partly required by law (e.g., tax regulations) or may also arise from contractual provisions (e.g., information about the contracting party). In some cases, concluding a contract may require a data subject to provide us with personal data, which we then need to process. The data subject is obligated to provide us with personal data in order to conclude a contract. If the data subject does not provide their personal data, no contract can be concluded with them. Before providing personal data, the data subject can contact the naturopathic practice of Dr. Hennig. We will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract, or necessary for concluding the contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be. 16. Existence of automated decision-making: Our company does not use automated decision-making or profiling. Information on data protection pursuant to Art. 13 GDPR: With the following information, we would like to inform you about which personal data we collect and for what purposes we process this data. 1. Data Processing We process your personal data for the following purposes: 1. Contract-Related Data Processing In the context of initiating or fulfilling a contract, we collect personal data of the customer or the contact persons designated by our customers, in particular the customer's or contact person's name and contact details (e.g., telephone number, email address, postal address). We process the data we collect for the purpose of fulfilling the contract, e.g., processing customer orders including delivery of our products. The legal basis for this processing is Article 6 Paragraph 1 Sentence 1 lit. b) GDPR. The processing of your data is necessary for accepting and processing the order and for fulfilling the mutual obligations arising from the contract. The personal data we collect is stored only as long as necessary to achieve the purpose for which the data was collected. This is generally no longer the case once the contract has been concluded and we are not obligated to store the data beyond this period due to tax and commercial law regulations. 2. Data Processing for Direct Marketing Purposes We reserve the right to process personal data provided to us within the scope of the contractual relationship (e.g., surname, first name, postal address, and any other information provided to us (e.g., position, field of expertise)) in order to send our customers information about products or invitations to relevant events (e.g., symposia, webinars) by mail. The legal basis for this processing is the balancing of interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests are: - Optimizing the dialogue with customers/professionals - Targeted information about products and services within the scope of direct marketing - Continuing education on indications and applications. We will only use the email address provided to us for direct marketing purposes if the data subject has expressly consented to this. The legal basis is Art. 6 para. 1 sentence 1 lit. a) GDPR. Every customer or contact person can object to the processing of their personal data at any time free of charge and with effect for the future by sending a message to the contact details of the controller listed under point IV or via the link provided for this purpose in an email sent by us, or by withdrawing their consent. 3. Data Processing in the Context of Customer Service and Consulting Within our central Customer Relationship Management (CRM) system, we collect personal data from customers, in particular their first and last name and address. This information also applies to potential customers. We also use our CRM system to document visits and contacts with our customers. In this context, additional data, such as information about a visit by our sales representative, is collected. We also offer our customers the opportunity to contact us via a digital platform (remote platform) for online meetings. If necessary, training sessions, consulting, or sales meetings can also be conducted remotely via this platform. Access data for these remote meetings will be sent by email. The legal basis for this processing is the balancing of interests pursuant to Art. 6 para. 1 sentence 1 lit. f) or consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR. Our legitimate interests are: - Optimizing dialogue with customers/professional groups - Targeted customer support Customers or contact persons may object to the processing of their personal data at any time, free of charge and with effect for the future, by sending a message to the contact details of the data controller listed under Section IV, or revoke their consent. We generally collect personal data directly from the data subject. In addition, we access publicly available sources, such as industry directories or address lists, and commission address service providers for address verification purposes. The following data categories are processed in this context: Name data (e.g., surname), address and contact details (e.g., address, email address), professional data (e.g., specialist medical information). II. Disclosure of personal data to third parties. Your personal data will only be disclosed to third parties if this is necessary for the performance of the contract with you, if the disclosure is permissible based on a balancing of interests pursuant to Art. 6 para. 1 lit. f) GDPR, if we are legally obligated to disclose the data, or if you have given your consent. Internal recipients of the data are internal departments (e.g., the finance department). We use external service providers to process personal data (e.g., for organizing events, for direct marketing) within the framework of commissioned data processing pursuant to Article 28 GDPR. These service providers have been carefully selected by us and are bound by our instructions. Your personal data is processed by us in data centers within the EU/EEA. Data is not transferred to a third country (outside the EU/EEA) or to an international organization. III. Data Subject Rights If we process personal data, data subjects have the following rights: If processing is based on Article 6(1)(f) GDPR, the data subject may object to the processing of their personal data in accordance with Article 21 GDPR. The processing of personal data for advertising/marketing purposes can be objected to at any time – without giving reasons. The data in question will then no longer be processed for advertising/marketing purposes. If personal data has been provided to us based on consent, data subjects have the right to withdraw their consent at any time without giving reasons by sending a message to the address below. You may revoke your consent at any time by contacting the entity named in section IV. This applies in particular to consent to the processing of personal data for email and telephone marketing. Revoking your consent does not affect the lawfulness of processing based on consent before its withdrawal. Furthermore, data subjects may exercise the following rights – provided the respective legal requirements are met: - Article 15 GDPR Right of access: Right to information about the data we have stored about you. - Article 16 GDPR Right to rectification: Right to rectification of inaccurate personal data concerning you. - Article 17 GDPR Right to erasure: Erasure of your personal data, provided there are no legal retention obligations. - Article 18 GDPR Right to restriction of processing: Under certain conditions, you have the right to have your personal data blocked and no longer processed. - Article 20 GDPR Right to data portability: Right to data portability of the personal data concerning you that you have provided to us. There is no automated decision-making. including profiling pursuant to Article 22 paragraphs 1 and 4 GDPR. Data subjects also have the right to lodge a complaint with a supervisory authority.