Privacy policy

1. Data privacy at a glance

General information
The following information gives a simple overview of what happens to your personal data when you visit our website. Personal data is any data that can be used to identify you personally. Detailed information about data protection can be found in our privacy policy listed below this text.

Data collection on our website

Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. Their contact details can be found in the imprint of this website.

How do we collect your data?
On the one hand, your data is collected when you provide it to us. This can be, for example, data that you enter into a contact form.
Other data is collected automatically by our IT systems when you visit the website. This is mainly technical data (e.g. internet browser, operating system or time of page access). This data is collected automatically as soon as you enter our website.

What do we use your data for?
Part of the data is collected to ensure the error-free provision of the website. Other data may be used to analyse your user behaviour.

What rights do you have regarding your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data at any time free of charge. You also have the right to request the correction, blocking or deletion of this data. You can contact us at any time at the address given in the imprint for this or any other questions on the subject of data protection. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

2. General notes and mandatory information

Privacy
The operators of these sites take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

When you use this website, various personal data will be collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purposes this is done.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) may have security gaps. It is not possible to completely protect the data from access by third parties.

Note on the responsible body
The person responsible for data processing on this website is:

Kliniken Schmieder (Foundation & Co.) KG
Zum Tafelholz
78476 Allensbach
Germany
Phone: + 49 7533 808 0
E-Mail: info@kliniken-schmieder.de

The responsible party is the natural or legal person who, alone or jointly with others, decides on the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

Data protection officer
We have appointed a data protection officer for our company.

Mein-Datenschutzbeauftragter.de
Mr. Philipp Herold
Phone: +49 451 160 852 13
E-Mail: Datenschutz@kliniken-schmieder.de

3. Data collection on our website

Here you can adjust your consents to cookies and tracking

Cookies are small text files that are stored on your data carrier and store certain settings and data for exchange with our system via your browser. A cookie usually contains the name of the domain from which the cookie data was sent, as well as information about the age of the cookie and an alphanumeric identifier.

Cookies allow our systems to recognize the user’s device and make any preferences available immediately. As soon as a user accesses the platform, a cookie is transferred to the hard drive of the user’s computer. Cookies help us to improve our website and provide you with a better and more tailored service. They enable us to use your computer or to recognize your (mobile) device when you return to our website and thereby to:

  • Use cookies to store information about your preferred activities on the website in order to tailor our website to your individual interests.
  • Speed up the processing of your requests.

We work with third-party services that help us to make the website and the website more interesting for you. Therefore, when you visit the website, cookies from these partner companies (third parties) are also stored on your hard drive. These are cookies that are automatically deleted after a specified time.

For more information on the individual third-party providers, please refer to the Cookie Consent Tool and the data protection notices stored therein.

If you do not wish browser cookies to be used, you can set your browser to not accept the use of cookies. Please note that in this case you may only be able to use our website to a limited extent or not at all. If you only want to accept our own cookies, but not the cookies of our service providers and partners, you can select the “Block third-party cookies" setting in your browser. We are not responsible for the use of third-party cookies.

Server log files
If you use the website for informational purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to use our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Website from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.

This website is hosted by an external service provider. The personal data collected on this website is stored on their servers.

We use the following hosting provider:
Host Europe GmbH
Friesenplatz 4
50672 Cologne
Germany

Data processing agreement
We have concluded a data processing agreement (DPA) with the hosting provider. This is a contract required by data protection law that ensures that the personal data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

In addition to the data, cookies are stored on your computer when you use our website. Further information on this can be found under the item “Cookies" in this privacy policy as well as in the consent management tool used.

Contact/Registration form
If you send us contact requests via the contact/registration form, your details from the contact form, including the contact details you provide there, will be stored by us for the purpose of processing the request and in the event of follow-up questions. We will not pass on this data without your consent.

The processing of the data entered in the contact/registration form is therefore carried out exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. All you need to do is send us an informal message by e-mail. The lawfulness of the data processing operations carried out until the revocation remains unaffected by the withdrawal. The data you enter in the contact/registration form will remain with us until you request us to delete it, revoke your consent to storage or the purpose for which the data is stored no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.

4.Integration of third-party services

Our website uses content, services and services from other providers. These are, for example, services for statistical evaluation of the use and visit of our website. In order for this data to be accessed and displayed in the user’s browser, the user’s IP address must be transmitted to the third-party providers.

Even though we try to only use third-party providers who only need the IP address to be able to deliver content or even work with anonymized IP addresses, we have no influence on whether the IP address may be stored. Information on the third-party providers used can be found below in this privacy policy.

Google Tag Manager

Type and extent of data processing

We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags through an interface and allows us to control the precise integration of services on our website. This allows us to flexibly integrate additional services in order to evaluate users’ access to our website.

Purpose and legal basis

The use of Google Tag Manager is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TTDSG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The transfer of data to the USA is carried out in accordance with Art. 45 (1) GDPR on the basis of the adequacy decision of the European Commission. The participating U.S. companies and/or their U.S. subcontractors are certified according to the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. For more information, see the privacy policy for Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

Google Analytics

Type and extent of data processing

We use Google Analytics 4 from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offering. This includes, for example, the number of visits to our online offering, the time spent on the website, subpages visited or the browser used. Google Analytics 4 uses cookies, scripts and pixels to evaluate user behavior, as well as algorithms based on machine learning, which automatically evaluate event data such as scrolling movements. This information is used, among other things, to compile reports on the activity of the website.

Purpose and legal basis

The use of Google Analytics is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TTDSG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The transfer of data to the USA is carried out in accordance with Art. 45 (1) GDPR on the basis of the adequacy decision of the European Commission. The participating U.S. companies and/or their U.S. subcontractors are certified according to the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Analytics: https://policies.google.com/privacy.

Google Fonts

Type and extent of data processing

We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offering. To obtain these fonts, you connect to Google Ireland Limited servers, whereby your IP address is transmitted.

Purpose and legal basis

The use of Google Fonts is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TTDSG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The transfer of data to the USA is carried out in accordance with Art. 45 (1) GDPR on the basis of the adequacy decision of the European Commission. The participating U.S. companies and/or their U.S. subcontractors are certified according to the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Fonts: https://policies.google.com/privacy.

Google ReCaptcha

Type and extent of data processing

We have components of Google reCAPTCHA integrated on our website. Google reCAPTCHA is a service provided by Google Ireland Limited and allows us to distinguish whether a contact request originates from a natural person or is automated by a program. When you access this content, you connect to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. Furthermore, Google reCAPTCHA records the user’s dwell time and mouse movements in order to distinguish automated queries from human ones. This data will be processed exclusively for the purposes mentioned above and to maintain the security and functionality of Google reCAPTCHA.

Purpose and legal basis

The use of Google reCAPTCHA is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TTDSG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The transfer of data to the USA is carried out in accordance with Art. 45 (1) GDPR on the basis of the adequacy decision of the European Commission. The participating U.S. companies and/or their U.S. subcontractors are certified according to the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. For more information, please refer to the privacy policy for Google reCAPTCHA: https://policies.google.com/privacy?hl=en-US.

Vimeo

Type and extent of data processing

We have integrated Vimeo Video on our website. Vimeo Video is a component of Vimeo, LLC’s video platform that allows users to upload content, share it over the Internet, and get detailed statistics.

Vimeo Video allows us to integrate content from the platform into our website.

Vimeo Video uses cookies and other browser technologies to evaluate user behavior, recognize users and create user profiles. This information is used, among other things, to analyze the activity of the content listened to and to compile reports.

When you access this content, you connect to servers of Vimeo, LLC, 555 W 18th St, New York, New York 10011, whereby your IP address and, if applicable, browser data such as your user agent are transmitted.

Purpose and legal basis

The use of Vimeo is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TTDSG.

In cases where there is no adequacy decision by the European Commission (including US companies that are not certified according to EU-U.S. DPF), we have agreed with the recipients of the data other appropriate safeguards within the meaning of Art. 44 et seq. GDPR. Unless otherwise specified, these are standard contractual clauses issued by the EU Commission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these Standard Contractual Clauses can be found at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Vimeo, LLC. For more information, please refer to the privacy policy for Vimeo Video: https://vimeo.com/privacy.

Akamai CDN

Type and extent of data processing

We use Akamai CDN to properly deliver the content on our website. Akamai CDN is a service provided by Akamai Technologies, Inc., which acts as a content delivery network (CDN) on our website.

A CDN helps to make content from our online offering, especially files such as graphics or scripts, available more quickly with the help of regionally or internationally distributed servers. When you access this content, you connect to servers of Akamai Technologies, Inc., Cambridge, Massachusetts, US, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed solely for the purposes set out above and to maintain the security and functionality of Akamai CDN.

Purpose and legal basis

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision as well as the optimisation of our online offer in accordance with Art. 6 (1) (f) GDPR.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The transfer of data to the USA is carried out in accordance with Art. 45 (1) GDPR on the basis of the adequacy decision of the European Commission. The participating U.S. companies and/or their U.S. subcontractors are certified according to the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Akamai Technologies, Inc. For more information, please refer to the Privacy Statement for Akamai CDN: https://www.akamai.com/de/de/privacy-policies/.

7Visuals

Type and extent of data processing

On our website, we use the service of 7Visuals, Oskar Eyb, Danneckerstr. 7, 70182 Stuttgart, Germany. With the help of 7Visuals, we can present the Kliniken Schmieder on our website with the help of an interactive 360° display. In the process, a connection is established to the servers of 7Visuals and, among other things, your IP address is transmitted. The transmitted data will only be collected and transmitted for the mentioned purpose.

Purpose and legal basis

The use of the 7Visuals service is based on our legitimate interest in the proper and appealing presentation of our website in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by 7Visuals. Further information can be found in the privacy policy for 7Visuals: https://www.7visuals.com/impressum/datenschutzerklaerung/

Panorama Services

Type and extent of data processing

On our website, we use the service of View3 GmbH (panomaker), Wettinerstr. 45, 08280 Aue. With the help of the panorama service, we can present the Kliniken Schmieder on our website with the help of an interactive 360° presentation. In doing so, a connection to the servers of View3 GmbH is established and, among other things, your IP address is transmitted. The transmitted data will only be collected and transmitted for the mentioned purpose.

Purpose and legal basis

The use of the Panorama Service is based on our legitimate interest in the proper and appealing presentation of our website in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by View3 GmbH. Further information can be found in the privacy policy for 7Visuals: https://panomaker.de/de/datenschutzerklaerung/.

Data integrity

We take appropriate measures to implement the protection of your data technically and organizationally. Our employees are obliged to comply with data protection, our service providers commissioned with data processing are carefully selected and also committed to data protection. Please note that an unencrypted data transmission (by e-mail or via other web forms) may be read by unauthorized persons outside our sphere of influence. If you want to transmit sensitive data to us unencrypted, we therefore recommend that you use other transmission methods.

Storage period

Unless otherwise consented to or revoked, data will only be stored for as long as it is necessary to fulfil the purpose of processing. Saved online applications will be deleted 4 months after the advertised position has been filled, unless we have given our consent for the application data to remain in our talent pool for the purpose of filling a vacancy at a later date and may be used in a later recruitment process.

References and links

When accessing websites to which reference is made as part of our website, information such as name, address, e-mail address, browser properties, etc. may be asked again. This Privacy Policy does not govern the collection, disclosure or handling of personal data by third parties.

Third-party service providers may have different and separate policies regarding the collection, processing and use of personal data. It is therefore advisable to check the websites of third parties before entering personal data.

Rights of the data subject

You have the right to:

  • In accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can obtain information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, where appropriate, meaningful information on its details;
  • In accordance with Art. 16 GDPR, to demand the correction of incorrect or complete personal data stored by us without undue delay;
  • In accordance with Art. 17 GDPR, to request the deletion of your personal data stored by us, insofar as the processing is not necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
  • In accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you oppose its deletion and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
  • In accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller (data portability);
  • In accordance with Art. 7 para. 3 GDPR, to revoke your consent at any time. As a result, we are no longer allowed to continue the data processing that was based on this consent in the future and
  • Pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or place of work or our company headquarters.
  • Right to object

Insofar as your personal data is processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, insofar as there are reasons for doing so that arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.

If you would like to make use of your right of revocation or objection, it is sufficient to send an e-mail to Datenschutz@kliniken-schmieder.de.

Transfer of data to third parties and/or third countries

The disclosure of your personal data will take place as described below.

The data will also be passed on if we are entitled or obliged to pass on data on the basis of statutory provisions and/or official or court orders. This may include, in particular, the provision of information for the purposes of law enforcement, to avert danger or to enforce intellectual property rights.

Insofar as your data is passed on to service providers to the extent necessary, they will only have access to your personal data to the extent necessary to perform their tasks. These service providers are obliged to treat your personal data in accordance with applicable data protection laws, in particular the GDPR. Insofar as your personal data is processed on our behalf on the basis of data processing agreements in accordance with Art. 28 GDPR, we ensure that the processing of personal data is carried out in accordance with the General Data Protection Regulation.

We attach great importance to processing your data within the EU/EEA. However, we may use service providers who process data outside the EU/ EEA. In these cases, we ensure that an adequate level of data protection comparable to the standards within the EU is established at the recipient’s premises prior to the transfer of your personal data. This can be achieved, for example, through EU standard contracts or binding corporate rules or special conventions to which the company may submit.