Privacy Policy

Dear website visitors,

Thank you very much for visiting our website!

We appreciate your interest in our company and our services.

Through this Privacy Policy, we would like to inform you about the processing of your personal data (hereinafter referred to as “data”) resulting from your visit to or use of the features on our website.

Please read this privacy policy carefully before continuing to visit our website or using the features contained therein.

By visiting our website, you consent to the processing and use of your data as described below.

Our privacy policy applies only to our website and not to third-party websites.

Hereinafter, the collection, processing and use of your data are collectively referred to as “processing” in accordance with Article 4(2) of the GDPR.

Data Protection and Data Security

Protecting your privacy is a matter of great importance to us. To safeguard your data, our company implements a wide range of technical and organisational measures designed to effectively prevent unauthorised access, disclosure, manipulation, loss and unauthorised deletion.

The measures we have put in place are subject to continuous updating. In doing so, we adhere to legal requirements, best practice approaches and state-of-the-art technology.

Below, we inform you about the nature, scope and purpose of the processing of your data within our company, insofar as this results from your visit to or use of the functions of our websites.

The person responsible for this privacy policy and this website

Kinderklinik Schömberg gGmbH
Römerweg 7
75328 Schömberg

Data protection contact person at the data controller

Kinderklinik Schömberg gGmbH
Römerweg 7
75328 Schömberg
For the attention of the Data Protection Officer
datenschutz@kiklisch.de

Personal data

According to Article 4(1) of the GDPR, personal data is any information relating to an identifiable natural person. This includes, for example, details such as first name and surname, address, email address, telephone or mobile number, and, as a rule, the IP address.

Scope of data processing

As a general rule, we aim to limit the processing of data during your visit to our websites to the minimum necessary. Furthermore, we generally only collect data from you that is strictly necessary to fulfil the intended purpose.

Furthermore, we do not knowingly collect any data from minors (i.e. persons under the age of 18). In cases where we discover that data has been provided to us by minors, we will delete this data immediately. We recommend that parents and guardians monitor the internet activities of the minors in their care.

Retention period

Unless otherwise stated in the following information, we will only retain data for as long as is necessary to fulfil the purpose of processing or to meet our contractual or legal obligations.

Retention period for application documents: max. 6 months, unless a longer retention period has been agreed with the respective applicant.

Retention period for enquiries: max. 6 months or earlier, provided the purpose of data processing no longer applies or has been fulfilled beforehand. Where enquiries lead to a business relationship, until the end of the business relationship in accordance with the commercial and tax law provisions of the German Commercial Code (HGB) and the German Fiscal Code (AO); in such cases, between 6 and 10 years, depending on the nature of the communication content and the type of document (e.g. business letter, invoice, contracts, etc.).

Retention period for business partner communications: until the end of the business relationship, in accordance with the commercial and tax law provisions of the German Commercial Code (HGB) and the German Fiscal Code (AO); in such cases, between 6 and 10 years, depending on the nature of the communication content and the type of document (e.g. business letter, invoice, contracts, etc.).

Profiling (= automated decision-making)

Profiling is any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

As a responsible company, we do not use automated decision-making or profiling.

Consent via Usercentrics

This website uses Usercentrics’ consent technology to obtain your consent to the storage of certain cookies on your device or to the use of certain technologies, and to document this in accordance with data protection regulations. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, website: usercentrics.com/de/ (hereinafter “Usercentrics”).

When you visit our website, the following personal data is transmitted to Usercentrics:

Your consent(s) or the withdrawal of your consent(s)

Your IP address

Information about your browser

Information about your device

The time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser to be able to associate the consents you have given or their withdrawal with you. The data collected in this way is stored until you request its deletion, delete the Usercentrics cookie yourself, or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected.

The Usercentrics banner on this website was configured using eRecht24. You can recognise this by the eRecht24 logo appearing in the banner. To display the eRecht24 logo in the banner, a connection is established with eRecht24’s image server. The IP address is also transmitted in this process, but is stored in the server logs only in anonymised form. The eRecht24 image server is located in Germany with a German provider. The banner itself is provided exclusively by Usercentrics.

Usercentrics is used to obtain the legally required consents for the use of certain technologies. The legal basis for this is Article 6(1)(c) of the GDPR.

Data Processing

We have entered into a data processing agreement (DPA) for the use of the service mentioned above. This is a contract required under data protection law, which ensures that the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Purpose of data processing

If you voluntarily provide us with your data for the purposes listed below, we will process and use this data exclusively for the purposes for which you have provided it to us. These currently include the following purposes:

Technical management of the websites

For the technical management and to ensure the security of our websites, we process the following data, for example when creating log files:

• Date and time of your visit to the website
• The website from which you accessed our websites
• The operating system you are using
• The browser you are using
• The IP address from which you visit our websites
• The language settings used on your device
• The pages of our website that you have accessed or the files downloaded from our websites
• The amount of data transferred during your visit to our websites
• A notification as to whether the access to our websites was successful

We process this data exclusively for the aforementioned statistical and non-commercial purposes in pseudonymised form, so that any identification of you as an individual is prevented as far as possible.

The processing is carried out to safeguard our legitimate interests and is based on the legal basis of Article 6(1)(f) of the GDPR.

Opinion and Satisfaction Analysis

If you voluntarily provide us with your data to share praise, comments, suggestions or criticism, we will process this data solely for the purpose of

• responding appropriately to your criticism and, following an assessment of your concern, implementing appropriate improvements where necessary.
• using your suggestions and comments as an opportunity to further improve our services.
• We will pass on your praise to the relevant departments as a token of appreciation.

Transfer or disclosure of your data

We will not, as a matter of principle, transfer your data processed by us to third parties or disclose it to our partners or affiliated companies without your express consent, unless this:

• is necessary for the performance of our contractually agreed services.
• becomes necessary to enforce our claims.
• is legitimised by a statutory provision or we are legally obliged to disclose the data.
• is necessary for the purposes of criminal prosecution, to avert danger or to protect our websites.
• is necessary to enforce the rights of third parties or within the scope of statutory disclosure obligations or a court order requiring the disclosure of information.

OpenStreetMap

We use the “OpenStreetMap” mapping service provided by the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom (hereinafter “OSMF”) on our websites.

The processing of your IP address is technically necessary for the integration and display of OpenStreetMap, so that the content can be sent to your browser. Consequently, a connection is established with the OpenStreetMap servers and your IP address is transmitted to them.

Further information regarding the processing of your data can be found at: https://wiki.osmfoundation.org/wiki/Privacy_Policy

ReadSpeaker

We use the “ReadSpeaker” service provided by ReadSpeaker GmbH, Am Sommerfeld 7, 86825 Bad Wörishofen, Germany (hereinafter “ReadSpeaker”), on our websites to offer a text-to-speech function and thereby ensure accessibility.

ReadSpeaker collects only the data necessary for the operation and use of ReadSpeaker and does not use this data for any marketing or tracking purposes.

The setting of a temporary cookie is technically necessary for ReadSpeaker to function. Further information on cookies can be found in the “Cookies” section of this privacy policy.

The use of ReadSpeaker is based on our legitimate interest pursuant to Article 6(1)(f) of the GDPR, in order to be able to offer accessible websites.

YouTube with enhanced privacy settings

This website embeds videos from YouTube. The operator of the site is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in enhanced privacy mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. However, the enhanced privacy mode does not necessarily prevent data from being shared with YouTube partners. Thus, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.

As soon as you start a YouTube video on this website, a connection is established with YouTube’s servers. In doing so, the YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to link your browsing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, after starting a video, YouTube may store various cookies on your device or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, amongst other things, to collect video statistics, improve user-friendliness and prevent fraud attempts.

Where applicable, further data processing operations may be triggered after a YouTube video has started, over which we have no control.

The use of YouTube is in the interest of presenting our online services in an appealing manner. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. Where consent has been sought, processing takes place exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent may be withdrawn at any time.

Further information on data protection at YouTube can be found in their privacy policy at: policies.google.com/privacy.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

Cookies

We use ‘cookies’ on our websites. Cookies are text files that are stored on the device you are using to access our websites.

We currently use only temporary cookies (known as session cookies). Temporary cookies are automatically deleted as soon as you close your browser or end the session.

Cookies help us

• to improve the user-friendliness and accessibility of our websites

Cookies are only set if the relevant service (e.g. voice output) is expressly used by the user and are therefore permitted without the user’s consent (see Section 25(2)(2) of the TTDSG).

If you do not wish cookies to be stored on your device, you can set your browser to notify you when cookies are placed or to refuse them. You can also choose whether to accept or block only certain categories of cookies or all of them. Further information on managing cookies can be found in the online help section of your browser.

If you block the cookies we use, we would like to inform you that you may not be able to use certain functions of our websites (e.g. voice output) at all, or only to a limited extent.

Instagram

To promote our company externally, we operate a company page (also known as a ‘fan page’) on the social media platform ‘Instagram’ operated by Meta Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland), hereinafter referred to as ‘Meta’. To this end, we have entered into a joint controller agreement with Meta. The key provisions of this agreement are:

• Meta is responsible for enabling you to exercise your rights under the GDPR. You can contact Meta at https://www.facebook.com/help/contact/1650115808681298 or via the contact details provided in Meta’s privacy policy. You can contact Meta’s Data Protection Officer at https://www.facebook.com/help/contact/540977946302970. You may also contact us using the contact details provided regarding the exercise of your rights in connection with the processing of personal data within the scope of Page Insights (= anonymised statistics). In such cases, we will forward your enquiry to Meta.
• The lead supervisory authority responsible for monitoring the processing of Page Insights is the Irish Data Protection Commission. You have the right to lodge a complaint with the Irish Data Protection Commission at www.dataprotection.ie or with any other supervisory authority.

If you visit our company page on Instagram, Meta processes your personal data – such as your IP address and, where applicable, data you have published in your profile – regardless of whether you have an Instagram account or not. Meta also processes data regarding your interaction with our company page (e.g. whether you follow us or ‘like’ posts).

Meta processes this data in order to provide us with page insights regarding our company page. We use these statistics to obtain information about the visibility of our company page and, where appropriate, to take suitable measures to improve visibility.

Should you leave comments under our posts or send us direct messages, we process your data (e.g. name and other details you have provided) in order to communicate with you.

The processing carried out by us is based on the legal basis of Article 6(1)(f) of the GDPR.

Meta cannot rule out the transfer of personal data to the USA or another non-EU country. Please refer to the information provided by Meta: https://www.facebook.com/privacy/policy/.

Linked websites

Our websites contain links to external websites. We have no influence over the content of these websites and therefore accept no responsibility or liability for the lawfulness, accuracy, presentation or completeness of the content published, displayed or accessible there.

We hereby inform you that when you visit these external websites, your IP address may be logged by the respective website operator.

When you leave our websites, we recommend that you check the privacy policy of the external website operators before visiting the websites or using the functions available there.

Right of access

Visitors to our website have the right, in accordance with Article 15 of the GDPR, to request information at any time and free of charge regarding the personal data processed by our organisation. The scope of this information is set out in Article 15 of the GDPR.

Please send your request for information by email to the following address (datenschutz@kiklisch.de) or by post to the following address: Kinderklinik Schömberg gGmbH, Römerweg 7, 75328 Schömberg, for the attention of the Data Protection Officer.

Right to rectification of your data

In accordance with Article 16 of the GDPR, you have the right to request the rectification or completion of any inaccurate or incomplete data concerning you. We will examine such requests and take the necessary measures where justified.

Right to erasure and restriction of processing of your data

Under Article 17 of the GDPR, you have the right to have your data erased.

The data we hold about you will be destroyed or deleted in accordance with data protection regulations if

• the statutory retention periods have expired, or
• the collection or processing is or was unlawful, or
• the data is no longer necessary for the purposes for which it was collected, or
• provided you have withdrawn your consent to the processing and use
• provided that you object to the processing of your data in accordance with Article 21 of the GDPR and there are no overriding legitimate grounds for the processing

We would like to inform you that complete erasure will only take place after the expiry of the relevant periods under tax and commercial law. Until these periods have expired and until final erasure, your data will be blocked accordingly and will not be further processed by us.

Right to restriction of data processing

Under Article 18 of the GDPR, you have the right to request that we restrict the processing of your data in the cases and to the extent specified in Article 18 of the GDPR. We will examine such requests and, where justified, take the necessary measures.

Right to data portability

Under Article 20 of the GDPR, you have the right to receive the data we process about you in a structured, commonly used and machine-readable format. At your express request, we will transmit your data to the recipients you have clearly specified, provided that we are technically able to do so and that this is permitted under data protection law.

Right to withdraw consent and right to object

You have the right, at any time and without giving reasons, to withdraw your consent to the processing of your data free of charge with effect for the future, or to object to the processing of your data in accordance with Article 21 of the GDPR. Please send your withdrawal of consent or objection by email to the following address (datenschutz@kiklisch.de) or by post to the following address: Kinderklinik Schömberg gGmbH, Römerweg 7, 75328 Schömberg, for the attention of the Data Protection Officer.

Right to lodge a complaint with a supervisory authority

Under Article 14 in conjunction with Article 77 of the GDPR, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your data infringes the GDPR. The competent supervisory authority is the one in the jurisdiction where our company has its registered office.

Right to an effective judicial remedy against the controller

Under Article 79 of the GDPR, you have the right to an effective judicial remedy if you consider that your rights set out above have been infringed as a result of the processing of your data by us or by a processor we have engaged, which does not comply with the requirements of the GDPR.

Liability and the right to compensation

Under Article 82 of the GDPR, you are entitled to compensation, which you may claim from us or from the processors we have engaged, provided that you have suffered material or non-material damage as a result of a breach of the GDPR.

Changes to the Privacy Policy

This Privacy Policy will be updated with future effect in the event of new legal requirements or significant changes to the functionality of our websites. We therefore recommend that you review our Privacy Policy at regular intervals.

Last updated: 16 March 2023