Data protection information according to Art. 13 DSGVO
Dear Ladies and Gentlemen
In the following, we would like to inform you pursuant to Art. 13 DSGVO about the processing of your personal data when you use our website or individual functions of the website. We will explain to you who is responsible for processing your data and which data we process for which purposes and the basis legal basis we use to justify the processing. Furthermore, we will explain to you which data we may pass on to third parties and which rights the GDPR grants you with regard to data processing.
1. The basics of data processing and your rights under the GDPR
Everyone who processes personal data in the European Union must comply with the regulations of the General Data Protection Regulation (GDPR). This ensures that data processing of personal data is always lawful, fair, and transparent (Article 5 GDPR). To help you better understand what rights you have, we would like to briefly explain how the GDPR works.
The GDPR regulates the processing of personal data. What exactly is meant by this is defined by the GDPR in Art. 4 (1) No. 1 GDPR. According to this, personal data is any information relating to an identified or identifiable natural person ("data subject") (e.g., your name or IP address). Processing in this context is anything that someone can do with this data (e.g., store, share, delete, etc.).
If a data controller wants to process data of natural persons, he needs a legal basis. That means, that he may only process data if the GDPR permits this. The conditions under which processing is permitted can be found in Article 6 of the GDPR. According to this, processing is permitted if it is
- based on the consent of the data subject;
- is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures;
- is necessary for compliance with a legal obligation to which the controller is subject;
- protects vital interests of the data subject or another natural person;
- is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or
- if it is necessary for the purposes of safeguarding the legitimate interests of the controller or a third party.
For you to be able to assess whether these requirements are met, the GDPR stipulates that we inform you about the individual processing operations (Art. 13 GDPR). This privacy Information precisely pursues this goal.
For example, if we process data on the basis of our legitimate interest, you have the right to be informed about which interests we pursue with the processing. You also have the right to object to such processing (Art. 21 GDPR). We will then examine your objection.
If, on the other hand, we process data based on your consent, then you may revoke this consent at any time. However, if the processing of this data is also necessary for the performance of a contract or to provide certain functions, we may then no longer be able to provide them.
In addition, according to the GDPR, you always have the following rights: according to Art. 15 GDPR, the right to information; according to Art. 17 GDPR, the right to rectification and erasure; according to Art. 18, the right to restrict processing of data; according to Art. 21, the right to object to data processing in case of legitimate interest; and according to Art. 20, the right to data portability.
In addition, you have the right to complain to the competent supervisory authority pursuant to Art. 77 DSGVO.
2. Name and contact details of the responsible person
Responsible for the operation of the website https://www.dermtest.com/ is:
Christian Koop, MD
Phone: +49 174 2843426
Email: [email protected]
Our data protection officer is Ms. Anneli Lebert.
Email: ann[email protected]
3. The purposes for which the personal data are to be processed, the legal basis for the processing and the planned storage period
In the following, we inform you about which data we collect for which purposes and the legal basis for this.
3.1. Data processing for informational use of the website
When you access our website, the following data, so-called log files, are sent to the website server by your browser:
- Access time
- IP or DNS address
- Command requested by the server
- File name and path
- Type of transmission protocol, e.g. https
- server response
- URL previously visited by the visitor
- bytes transferred
- browser used
- operating system used
The above data is processed by us for the following purposes:
- Ensuring smooth access to the website,
- Ensuring a comfortable use of our website,
- Enabling error analysis if there have been problems.
The legal basis for the processing is our legitimate interest (Art. 6 para. 1 sentence 1 letter f) DSGVO). Without the processing of these log files, the smooth operation of the website is not possible. However, we do not use the collected data under any circumstances to draw conclusions about your person. Thus, they are not used to evaluate your behaviour and are not associated with other collected data. This data is stored for a maximum of seven days.
3.2. Data processing when contacting us by e-mail
If you contact us via e-mail, then we process the data for one or more of the following purposes:
- Responding to contact requests and communicating with users,
- Provision of an offer,
- Provision of contractual services, service, and customer care.
The legal basis for the processing is the fulfilment of a contract, or the implementation of pre-contractual measures (Art. 6 para. 1 (1) lit. b) GDPR). The data will be stored until the purpose of your request has been achieved. Hereafter, we only retain the data if we are legally obliged to do so (e.g., for tax reasons) or if we need the data to enforce or defend claims. The legal basis for this is our legitimate interest.
3.3. Publishing contact data
On our website we offer, if you as a physician use one of our products, that we publish your contact data on our website. The legal basis for the publication in this case is Art. 6 para. 1 lit. b) DSGVO. If you no longer want this, please contact us.
4.1. Google Analytics
We use Google Analytics on our website, a web analytics service provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses "cookies", which are text files placed on your device, to help the website analyse how users use the site. The prerequisite for this is your express consent. Google Analytics may also use so-called web beacons (invisible graphics). Through these web beacons, information such as visitor traffic to websites can be analysed.
The personal data is transferred to Google servers in the USA or other third countries and stored there. Therefore, we use Google Analytics only with activated IP anonymization ("anonymize IP"). This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
The following types of data are processed by Google:
- Online identifiers (including cookie identifiers).
- IP address
- Device identifiers
In addition, you can find more detailed information about the processed information at https://policies.google.com/privacy?hl=de#infocollect .
Furthermore, we have concluded a data processing agreement with Google for the use of Google Analytics (pursuant Art. 28 GDPR). The purpose of this contract is to ensure that Google may only process the data according to our instructions. This prevents misuse of the data.
By integrating Google Analytics, we pursue the purpose of analysing user behaviour on our website and being able to react to this. This allows us to continuously improve our offer.
The purpose of processing the data collected in the course of the declaration of consent is to record your consent (Art. 6 para. 1 lit. f) GDPR).
The legal basis for the processing of personal data described here in the course of the measurement procedure is your express consent pursuant to Section 25 TTDGS in conjunction with. Art. 6 para. 1 lit. a) GDPR.
4.2. Facebook Pixel, Custom Audiences, Facebook Remarketing.
Another cookie that we use on our website is the "Facebook Pixel", as well as the service Custom Audiences and Facebook Conversions from Facebook. "Facebook" is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
The purpose is the analysis, optimization, and economic operation of the online offer remarketing tags of the social network Facebook. We can thus target groups of visitors with Facebook ads.
For more information on the Facebook Pixel, please visit: https://www.facebook.com/business/help/651294705016616
For more information on Facebook Custom Audiences, please visit: https://developers.facebook.com/docs/marketing-api/audiences-api/websites and https://developers.facebook.com/docs/facebook-pixel/pixel-with-ads/conversion-tracking.
Information on standard contractual clauses can be found here:
The legal basis for the processing of personal data described here is Section 25 TTDSG in conjunction with. Art. 6 para. 1 lit. a) DSGVO.
5. Social media
We use the social media service Facebook to operate a Facebook fan page. We operate this fan page together with Facebook. We have therefore concluded a joint responsibility agreement with Facebook, which you can view here: https://www.facebook.com/legal/controller_addendum. There you can see who is responsible for which data processing i.e., for which purposes and on which legal basis the personal data is processed.
When you visit our Facebook page, Facebook collects, among other things, your IP address and other information that is present in the form of cookies on your PC. This information is used to provide us, as operators of the Facebook pages, with statistical information about the use of the Facebook page. Facebook provides more detailed information on this at the following link https://www.facebook.com/privacy/explanation.
The data collected about you in this context is processed by Facebook Ltd. and may be transferred to servers outside the European Union. Facebook describes in general terms what information it receives and how it is used in its data usage guidelines. There you will also find information on how to contact Facebook and on the settings options for advertisements. The data usage guidelines are available at the following link:
Facebook's full data policies can be found here:
More information about Facebook and other social networks and how you can protect your data can also be found at youngdata.de.
We also use the short message service Twitter, "Twitter", Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
The data collected about you when using the service is processed by Twitter Inc. and may be transferred to countries outside the European Union. This data includes your IP address, the application you use, information about the terminal device you use (including device ID and application ID), information about visited websites, your location, and your mobile provider.
This data is assigned to the data of your Twitter account or your Twitter profile.
Furthermore, you have the option of requesting information via the Twitter data protection form or the archive requirements:
We, as the provider of the information service, also collect and process data from your use of our short messaging service.
You have options to restrict the processing of your data in the general settings of your Twitter account and under the item "Privacy and security". In addition, you can restrict Twitter's access to contact and calendar data, photos, location data, etc. on mobile devices (smartphones, tablet computers) in the settings options there. However, this depends on the operating system used. More information on these points is available on the following Twitter support pages:
For more information about Twitter and other social networks and how you can protect your data, please also visit www.youngdata.de.
6. Recipients or categories of recipients of personal data
6.1. General information on the transfer of data
In principle, we do not transfer personal data to third parties. We only make an exception to this if, for example, there is a legal obligation to do so, such as in the context of criminal prosecution vis-à-vis authorities and courts. In addition, we may transfer data to our parent company if we have a legitimate interest in this regard within the meaning of Art. 6 (1) lit. f GDPR.
If we use service providers to process the personal data, e.g. in the context of web hosting, then we conclude a contract for commissioned processing with them in accordance with Art. 28 GDPR. This ensures that the service provider may only process your data in accordance with our instructions.
7. Transfer of data to third countries or international organizations
There is no transfer of data to third countries.
8. Existence of automated decision-making including profiling and, if applicable, further effects.
Automated decision-making or profiling does not take place.
9. SSL or TLS encryption
This website uses standard technology to secure the internet connection. SSL or TLS encryption ensures that data transmitted between the website and users cannot be read by third parties. For this purpose, encryption algorithms are used to encode the transmission.