Datenschutzerklärung

Privacy Policy pursuant to the General Data Protection Regulation (GDPR)

The following information provides a simple overview of what happens to your personal data (hereinafter referred to as „Data“) when you visit our online offering and its associated websites, functions, and content, as well as external online presences such as social media profiles (hereinafter collectively referred to as the „Online Offering“).

Personal data includes all information by which you can be personally identified. Detailed information on the subject of data protection can be found in our Privacy Policy listed below this text. Should you have any questions regarding the terminology used, such as „processing“ or „controller,“ we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR). Data processing on this website is carried out by the following responsible website operator:

Controller

The Controller within the meaning of Section 3 (7) of the Federal Data Protection Act (BDSG) and the Service Provider within the meaning of Section 13 of the Telemedia Act (TMG) is:

Boris Dinjus
Akupunkturzentrum Frankfurt
Palmengartenstraße 6
60325 Frankfurt am Main
Germany

Further details can be found in the Legal Notice (Impressum) of this website.

Your Rights

You have the following rights regarding the personal data concerning you:

• the right of access,
• the right to restriction of processing,
• the right to rectification and erasure of data,
• the right to object to the processing of data,
• the right to data portability.

Summary: You have the right at any time to receive information free of charge regarding the origin, recipient, and purpose of your stored personal data. You also have the right to request the rectification, blocking, or erasure of this data—provided that such erasure does not conflict with the rights and obligations of third parties, such as our statutory duty to retain invoices. For this purpose, and for further questions on the subject of data protection, you may contact us at any time at the address provided in the Legal Notice of this website. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

Data Collection on This Website:

Your data is collected, on the one hand, by you communicating it to us. This may, for example, involve data that you enter into a contact form. Other data is collected automatically by our IT systems when you visit the website. This primarily consists of technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter our website.

Types of Data Processed:

• Identity data (e.g., names, addresses that you enter into our contact form or otherwise provide to us)
• Contact data (e.g., email address, telephone numbers that you enter into our contact form or otherwise provide to us)
• Content data (e.g., text entries, photographs, videos that you enter into our contact form or otherwise submit to us)
• Usage data (e.g., visited websites, interest in content, access times)
• Meta/communication data (e.g., device information, IP addresses)

Our legitimate interest in data processing lies in the performance of a contract with you.

Categories of Data Subjects

Visitors and users of the Online Offering—hereinafter we also refer to the data subjects collectively as „Users.“

Purpose of Processing

A portion of the data is collected to ensure the error-free and secure provision of the website. Other data may be used to analyze your user behavior. We process your data for:

• Provision of the Online Offering, its functions, and content
• Responding to contact requests and communicating with Users
• Security measures
• Reach measurement/Marketing

The aforementioned data is also stored in so-called log files on the servers of the company commissioned with the web hosting of our website(s). This data is not stored together with other personal data. The collection and temporary storage of the IP address are necessary to enable the display of our website on your terminal device. For this purpose, your IP address must be stored for the duration of the website visit. Storage in log files serves to ensure the functionality and optimization of our website as well as the security of our information technology systems. An evaluation of this data for marketing purposes does not take place.

The data described in this section, which serves the provision of our website, is deleted when you end your visit to our website. The collection of the aforementioned data for the provision of our website and its storage in log files is strictly necessary for the operation of our website. There is no possibility to object. Our legitimate interest in data processing lies in the purposes stated herein.

Withdrawal of Your Consent

Many data processing operations are only possible with your express consent. You may withdraw consent already granted at any time. An informal notification by email to us is sufficient for this purpose. The legality of the data processing carried out until the withdrawal remains unaffected by the withdrawal.

Right to Data Portability

You have the right to have data that we process automatically on the basis of your consent or in performance of a contract handed over to you or to a third party in a standard, machine-readable format. If you request the direct transfer of data to another controller, this will only be done to the extent technically feasible.

SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from „http://“ to „https://“ and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties. This is the technical design. A voluntary recommendation exceeding the information obligations of the GDPR: Irrespective of the SSL encryption of our website, we generally recommend that you do not transmit sensitive personal information by email or otherwise online. The most secure method for this is a personal conversation. Please therefore limit your details to general data such as appointment requests and confirmations.

Access, Blocking, Erasure

Within the framework of the applicable statutory provisions, you have the right at any time to free access to your stored personal data, its origin and recipients, and the purpose of the data processing and, if applicable, a right to rectification, blocking, or erasure of this data. For this purpose, as well as for further questions on the subject of personal data, you may contact us at any time at the address provided in the Legal Notice. Collected customer data will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

Objection to Promotional Emails

The use of contact data published within the scope of the Legal Notice (Impressum) obligation for the purpose of sending unsolicited advertising and information materials is hereby prohibited. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of promotional information, such as spam emails.

Terminology Used

„Personal data“ means any information relating to an identified or identifiable natural person (hereinafter „Data Subject“); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

„Processing“ means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers virtually any handling of data.

„Controller“ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Relevant Legal Bases

In accordance with Art. 13 GDPR, we hereby inform you of the legal bases for our data processing. Unless the legal basis is explicitly and/or separately mentioned in the Privacy Policy, the following applies: The legal basis for obtaining consent is Art. 6 (1) (a) and Art. 7 GDPR; the legal basis for processing for the performance of our services and implementation of contractual measures as well as responding to inquiries is Art. 6 (1) (b) GDPR; the legal basis for processing for compliance with our legal obligations is Art. 6 (1) (c) GDPR; and the legal basis for processing for the protection of our legitimate interests is Art. 6 (1) (f) GDPR. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) (d) GDPR serves as the legal basis.

Cooperation with Processors and Third Parties

Insofar as we disclose data to other persons and companies (processors or third parties) within the scope of our processing, transmit it to them, or otherwise grant them access to the data, this shall only be done on the basis of a legal permission (e.g., if a transmission of the data to third parties, such as payment service providers, is required for the performance of a contract pursuant to Art. 6 (1) (b) GDPR), if you have consented, if a legal obligation provides for it, or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.). On the basis of Art. 28 GDPR, we may commission third parties to process data on the basis of a so-called „Data Processing Agreement“ (DPA).

Transfers to Third Countries

Insofar as we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs within the scope of using third-party services or disclosure or transmission of data to third parties, this shall only take place if it occurs for the fulfillment of our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Art. 44 et seq. GDPR are met. This means, for example, that processing takes place on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU (e.g., for the USA through the „Data Privacy Framework“) or compliance with officially recognized special contractual obligations (so-called „Standard Contractual Clauses“).

Rights of Data Subjects
You have the right to demand confirmation as to whether relevant data is being processed and to information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.

Based on Art. 16 GDPR, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.

In accordance with Art. 17 GDPR, you have the right to demand that relevant data be erased immediately, or alternatively, in accordance with Art. 18 GDPR, to demand restriction of the processing of the data. The data will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected by this.

You have the right to request to receive the data concerning you that you have provided to us in accordance with Art. 20 GDPR and to demand its transmission to other controllers.

Furthermore, pursuant to Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority. A list of data protection officers of the German federal states and their contact details can be found on the website accessible via the following link: [https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html](https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html).

Right of Withdrawal
You have the right to withdraw consents granted pursuant to Art. 7 (3) GDPR with effect for the future. Statutory retention periods remain unaffected.

Right to Object
You may object to the future processing of data concerning you in accordance with Art. 21 GDPR at any time. The objection may be made in particular against processing for the purposes of direct marketing.

Cookies and Right to Object to Direct Marketing
The internet pages partially use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offering more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called „session cookies.“ They are automatically deleted after your visit. Other cookies remain stored on your terminal device until you delete them. These cookies enable us to recognize your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for specific cases or generally, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

Cookies that are required to carry out the electronic communication process or to provide certain functions you desire are stored on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g., cookies for analyzing your surfing behavior) are stored, these are treated separately in this Privacy Policy.

We may use temporary and permanent cookies and clarify this within the scope of our Privacy Policy.

If you as a user do not want cookies to be stored on your computer, you are requested to deactivate the corresponding option in the system settings of your browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to significant functional limitations of this online offering.

Erasure of Data
The data processed by us will be erased or its processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated within the scope of this Privacy Policy, the data stored by us will be erased as soon as it is no longer required for its intended purpose and no statutory retention obligations conflict with the erasure. Insofar as data is not erased because it is required for other and legally permissible purposes, its processing will be restricted, i.e., the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

According to statutory requirements in Germany, retention occurs in particular for 6 years pursuant to Section 257 (1) HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years pursuant to Section 147 (1) AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).

Matomo

This website uses the open-source web analysis service Matomo. Matomo uses technologies that enable cross-page recognition of the user for the analysis of user behavior (e.g., cookies or device fingerprinting). The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymized before storage.

With the help of Matomo, we are able to collect and analyze data about the use of our website by website visitors. This allows us, among other things, to find out when which page views were made and from which region they originate. We also collect various log files (e.g., IP address, referrer, browser, and operating systems used) and can measure whether our website visitors perform certain actions (e.g., clicks, purchases, etc.).

The use of this analysis tool is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its web offering and its advertising. If a corresponding consent was requested, processing takes place exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

IP Anonymization

During the analysis with Matomo, we use IP anonymization. Your IP address is shortened before the analysis so that it can no longer be uniquely assigned to you.

Opt-out complete; your visits to this website will not be recorded by the Web Analytics tool. Note that if you clear your cookies, delete the opt-out cookie, or if you change computers or Web browsers, you will need to perform the opt-out procedure again.

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

You are not opted out. Uncheck this box to opt-out. You are currently opted out. Check this box to opt-in.

The tracking opt-out feature requires cookies to be enabled.

Business-Related Processing

In addition, we process:

• Contractual data (if you have entered into a contract with the operator of the website) as well as
• Payment data (e.g., bank details, payment history) of our customers / clients, interested parties, and business partners for the purpose of providing contractual services.

The business-related processing of data constitutes our legitimate interest.

Collection of Access Data and Log Files

We, or our hosting provider, collect access data and log files about every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests. Access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider.

Log file information is stored for security reasons (e.g., to investigate misuse or fraud) for a maximum duration of 7 days and then deleted. Data whose further retention is required for evidentiary purposes is exempt from erasure until the final clarification of the respective incident. This data is not merged with other data sources.

The basis for data processing is Art. 6 (1) (b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

Performance of Contractual Services

We process identity data (e.g., names and addresses as well as contact data of users) and contractual data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 (1) (b) GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.

Within the scope of using our online services, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests as well as the user’s interest in protection against misuse and other unauthorized use. This data is generally not passed on to third parties unless it is required to pursue our claims or there is a legal obligation to do so pursuant to Art. 6 (1) (c) GDPR.

We process usage data (e.g., the visited websites of our online offering, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile, for example, to display product information to the user based on services previously utilized.

Data is erased after the expiry of statutory warranty and comparable obligations; the necessity of storing the data is reviewed every three years; in the case of statutory archiving obligations, erasure takes place after their expiry. Details in any customer account remain until its deletion.

Contacting Us

When contacting us (e.g., via contact form, email, telephone, or social media), the user’s details are processed for the purpose of handling the contact request and its processing pursuant to Art. 6 (1) (b) GDPR. The users‘ details may be stored in a Customer Relationship Management system („CRM system“) or comparable inquiry organization.

If you send us inquiries via the contact form, your details from the inquiry form, including the contact data provided therein, will be stored by us for the purpose of processing the inquiry and for follow-up questions. We do not pass on this data without your consent.

The processing of the data entered into the contact form thus takes place exclusively on the basis of your consent (Art. 6 (1) (a) GDPR). You can withdraw this consent at any time. An informal notification by email to us is sufficient for this purpose. The legality of the data processing operations carried out until the withdrawal remains unaffected by the withdrawal.

The data you enter into the contact form remains with us until you request erasure, withdraw your consent to storage, or the purpose for data storage no longer applies (e.g., after the processing of your inquiry has been completed). Mandatory statutory provisions—in particular retention periods—remain unaffected.

We delete inquiries once they are no longer required. We review the necessity every two years; furthermore, statutory archiving obligations apply.

Online Presences in Social Media
We maintain online presences within social networks and platforms to communicate with customers, interested parties, and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.

Unless otherwise stated in our Privacy Policy, we process user data if they communicate with us within social networks and platforms, e.g., post contributions on our online presences or send us messages.

Social Media
Sharing content via plugins (Facebook, Google+1, Twitter & Co.)

The content on our pages can be shared in social networks such as Facebook, Twitter, or Google+ in a privacy-compliant manner. This page uses the eRecht24 safe sharing tool for this purpose. This tool only establishes direct contact between the networks and users when the user actively clicks on one of these buttons.

An automatic transfer of user data to the operators of these platforms does not occur through this tool. If the user is logged into one of the social networks, an information window appears when using the social buttons of Facebook, Google+1, Twitter & Co., in which the user can confirm the text before sending.

Our users can share the content of this page in social networks in a privacy-compliant manner without complete surfing profiles being created by the operators of the networks.

Integration of Third-Party Services and Content

Within our Online Offering, we use content or service offerings from third-party providers on the basis of our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our Online Offering within the meaning of Art. 6 (1) (f) GDPR) to integrate their content and services, such as videos or fonts (hereinafter collectively referred to as „Content“).

This always presupposes that the third-party providers of this Content perceive the IP address of the users, as they could not send the Content to their browser without the IP address. The IP address is thus required for the display of this Content. We endeavor to only use such Content whose respective providers use the IP address solely for the delivery of the Content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as „web beacons“) for statistical or marketing purposes. Through „pixel tags,“ information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, visit time, and other information about the use of our Online Offering, and can also be linked to such information from other sources.

YouTube

Wir integrate videos from the platform „YouTube“ provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: [https://www.google.com/policies/privacy/](https://www.google.com/policies/privacy/), Opt-Out: [https://adssettings.google.com/authenticated](https://adssettings.google.com/authenticated).

When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube is in the interest of an appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.

Further information on the handling of user data can be found in YouTube’s Privacy Policy at: [https://www.google.de/intl/de/policies/privacy](https://www.google.de/intl/de/policies/privacy).

Google Maps

We integrate maps from the „Google Maps“ service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: [https://www.google.com/policies/privacy/](https://www.google.com/policies/privacy/), Opt-Out: [https://adssettings.google.com/authenticated](https://adssettings.google.com/authenticated).

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.

The use of Google Maps is in the interest of an appealing presentation of our online offerings and the easy findability of the locations indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.

More information on the handling of user data can be found in Google’s Privacy Policy: [https://www.google.de/intl/de/policies/privacy/](https://www.google.de/intl/de/policies/privacy/).

Google Fonts

We integrate fonts („Google Fonts“) provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: [https://www.google.com/policies/privacy/](https://www.google.com/policies/privacy/), Opt-Out: [https://adssettings.google.com/authenticated](https://adssettings.google.com/authenticated). When a page is called up, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

For this purpose, the browser you are using must connect to Google’s servers. As a result, Google becomes aware that our website was accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.

If your browser does not support web fonts, a default font from your computer will be used.

Further information on Google Web Fonts can be found at [https://developers.google.com/fonts/faq](https://developers.google.com/fonts/faq) and in Google’s Privacy Policy: [https://www.google.com/policies/privacy/](https://www.google.com/policies/privacy/).

Google ReCaptcha

We integrate the function for detecting bots, e.g., for entries in online forms („ReCaptcha“), provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: [https://www.google.com/policies/privacy/](https://www.google.com/policies/privacy/), Opt-Out: [https://adssettings.google.com/authenticated](https://adssettings.google.com/authenticated).

Would you like me to translate the Legal Notice (Impressum) as well to ensure consistent legal terminology across your website?