Data Protection Policy of Dermatest GmbH
1. Name and contact details of the responsible person and the data protection officer
2. Declaration of the processing of personal data
2.1 Notes on the website
2.1.1 Basic functions of the website
Every time content on the website is accessed, data is temporarily stored that may allow identification. The following data is collected:
- Date and time of access
- IP address
- Host name of the accessing computer
- Website from which the website was accessed
- Websites accessed via the website
- Page visited on our website
- Message whether the retrieval was successful
- Transmitted data volume
- Information about the browser type and version used
- Operating System
The temporary storage of data is necessary for the course of a website visit in order to enable the delivery of the website. Further storage of log files takes place in order to ensure the functionality of the website and security of the information technology systems. These purposes also constitute our legitimate interest in data processing (Art. 6 para. 1 letter f DSGVO.
The website is hosted by an external service provider within the EU. The hoster receives the above data as a processor.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. When the website is provided, this is the case when the respective session is over. The log files are kept directly and exclusively accessible to administrators for up to 24 hours. After that, they are only indirectly available via the reconstruction of backup tapes and are finally deleted after four weeks.
l. Furthermore, cookies are stored on your computer when you use the website. Cookies are small text files that are stored on your hard drive in relation to the browser you are using and which provide the party setting the cookie (in this case, us) with certain information. Cookies cannot run programs or transmit viruses to your computer. They serve to make the internet offer as a whole more user-friendly and effective.
II. We use transient cookies on our website. Transient cookies are automatically deleted when the user closes the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from the visitor’s browser can be assigned to the joint session. This allows the visitor’s computer to be recognized when the visitor returns to your website.
III. We use persistent cookies. Persistent cookies are automatically deleted after a predefined period of time, which may differ depending on the cookie. We delete the cookies according to the deletion period.
2.1.3 Google Tag Manager
2.1.4 Google Analytics
With your consent, this website uses the service “Google Analytics”, which is offered by Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland).
Google Analytics serves to analyze the website use by the user. The service uses “cookies” – text files that are stored on your terminal device. The information gathered by the cookies is usually transferred to a Google server in the USA and stored there.
IP- Anonymization is enabled on this website. The user’s IP address is abbreviated within the member states of the European Union and the European Economic Area. Through this abbreviation, your personal IP-Address falls away. Under the terms of the commissioned data agreement, which the website operators have concluded with Google Inc. The information collected is used to analyze website use and website activity and to provide services related to internet use.
By clicking on this link, you prevent Google Analytics from collecting data about you on this website. By clicking on the link above, you will download an “opt-out cookie”. Your browser must therefore generally allow the storage of cookies for this purpose. If you delete your cookies regularly, you will need to click on the link again each time you visit this website.
2.1.5 Google Ads and Google Conversion Tracking
We use the online advertising program Google Ads on our website and, as part of Google Ads, “conversion tracking” by Google (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland).)
Google Ads enables us to advertise our offers on external websites with the help of advertising material (so-called Google Ads). We have a legitimate interest in optimizing advertising for you and achieving a fair calculation of advertising costs. The legal basis is Art. 6 para. 1 lit.a DSGVO, namely your express consent.
When you click on an ad placed by Google, a cookie is set for conversion tracking. These cookies lose their validity after 30 days and are not used for personal identification of the user. As each Google Ads client receives a different cookie, these cookies cannot be tracked across Google Ads clients’ websites either.
We only learn the total number of users who have clicked on our ads and what actions they have taken. We do not receive any information with which we can personally identify the user.
If you would like to prevent tracking, you can deactivate the Google conversion tracking cookie via your internet browser under user settings.
You can permanently deactivate the conversion cookies by setting your browser accordingly or download and install the browser plug-in available at the following link:
http://www.google.com/settings/ads/plugin?hl=de. In this case, certain functions of this website may not be available or may only be available to a limited extent.
2.1.6 Google Maps
With your consent, this website uses the service “Google Maps (API)”, which is offered by Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland).
Google Maps is a web service for displaying interactive maps (land maps) to visually display geographic information. By using this service, you will be shown our location, and it will be easier for you to find us.
Information about your use of our website (such as your IP address) is transmitted to Google servers and stored there when you call up sub-pages in which Google Maps is integrated. This is done regardless of whether Google provides a user account via which you are logged in or whether a user account exists. If you are logged in to Google, your data will immediately be linked to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google saves your data (even for users who are not logged in) as usage profiles and evaluates them.
2.1.7 General contact form, contact form for volunteers and contact form for callback service
If you communicate with us via our contact form, we collect the following data: Surname, first name, salutation, address, date of birth, e-mail address, telephone number, your personal message and the status of acknowledgment of the data protection declaration. These are used to allocate the request and to subsequently answer it.
Alternatively, you can contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.
The processing of the personal data from the contact form serves solely to process the contact. If contact is made by e-mail, this is also the necessary legitimate interest for the processing of data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The legal basis for the processing of the data is Art. 6 (2) if the user has given his consent. 1 lit. (a) GDPR. The legal basis for the processing of the data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. (f) GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. (b) GDPR.
Recipients of the data may be processors. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is over when it can be inferred from the circumstances that the facts in question have been finally clarified.
The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In this case, the conversation cannot be continued. All personal data that was saved in the course of making contact will be deleted in this case.
If there is a contractual relationship, we are subject to the statutory retention periods according to the German Commercial Code and delete your data after these periods have expired.
The provision of your personal data is voluntary. However, we can only process your request if you provide us with your name, email address and the reason for the request.
2.1.8 Facebook Presence
https://www.facebook.com/settings?tab=ads (registration required)
In the event that Facebook passes on personal data to its parent company, Facebook Inc., Menlo Park, California, USA, (Facebook Inc.), Facebook Inc. is certified according to the EU-US Privacy Shield and thus gives the promise to comply with European data protection standards. For more information on the Privacy Shield, see below:
Information on the status of the certification of Facebook Inc. can be obtained from:
Facebook provides us with various anonymized statistics about the visitors to our fan page as part of the so-called Page Insights. We have no influence on the creation of this information, in particular we cannot stop the collection and processing by Facebook. For a selectable period of time as well as for the categories fans, subscribers, reached persons and interacting persons, Facebook provides us with the following anonymized data regarding our fan page:
- Total number of page views
- “Like” comments
- Page activity
- Post Interactions
- Video views
- Post reach
- Shared content
- Percentage of men and women
- Country and city of origin
For more information on Page Insights, please visit the relevant Facebook website at:
We use this information to make our Fan page and the content contained on it more attractive for visitors to our page. This also represents our legitimate interest within the meaning of our legal basis for this processing in accordance with Art. 6 Paragraph 1 Sentence 1 lit. (f) GDPR.
The mutual obligations in relation to joint controllership are set out in the “Side Insights Controller Addendum”. Herein, Facebook assumes primary responsibility within the meaning of the GDPR for the processing of Insights data and declares that it will fulfill all obligations under the GDPR with regard to the processing of Insights data (including Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR). With regard to the processing of Insights data, only Facebook can make and implement decisions. Since Facebook has sole discretion as to how to fulfill its obligations under this Agreement, we have no influence on Facebook’s compliance with data protection obligations. If we receive any inquiries relating to Insights data, we are obliged to pass on all relevant information to Facebook.
2.1.9 YouTube Presence
I. We use the provider YouTube to embed videos. YouTube is operated by YouTube LLC with its principal place of business at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google, Inc. located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The YouTube plugin used on our website is only activated when you click the “Play” button and thus agree to the use of YouTube. With your consent, a connection to the YouTube servers will be established, and the plugin will be displayed. This transmits which of our websites you have visited to the YouTube server. If you are logged in to YouTube as a member, YouTube assigns this information to your personal user account. When using the plugin, such as clicking the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your YouTube user account and other user accounts of the companies YouTube LLC and Google Inc. before using our website. log out and delete the corresponding cookies of the companies.
2.1.10 Instagram Presence
According to the case law of the European Court of Justice, we are jointly responsible with Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (Facebook) within the meaning of data protection law for the processing of personal data collected by Facebook when you visit our fan page.
https://www.facebook.com/settings?tab=ads (registration required)
In the event that Facebook passes on personal data to its parent company, Facebook Inc., Menlo Park, California, USA, (Facebook Inc.), Facebook Inc. is certified under the EU-US Privacy Shield, thereby providing a commitment to adhere to European data protection standards. For more information on the Privacy Shield, see below:
Information on the status of the certification of Facebook Inc. can be obtained from:
Facebook provides us with various anonymized statistics about the visitors to our Instagram fan pages as part of the so-called Page Insights. We have no influence on the creation of this information, in particular we cannot stop the collection and processing by Facebook. For a selectable period of time and for the categories of fans, subscribers, people reached and people interacting, the following anonymous data is provided to us by Facebook with regard to our fan page:
Activity: This section provides insights about our profiles including interactions (like profile visits and website clicks, how many people saw our content and where they found it).
Content: Here we get insights on posts, stories and promotions.
Audience: Here we learn more about our subscribers and our audience.
For more information, visit: https://help.instagram.com/788388387972460?helpref=faq_content
We use this information to make our fan page and the content contained on it more attractive for visitors to our page. This also represents our legitimate interest within the meaning of our legal basis for this processing in accordance with Art. 6 Paragraph 1 Sentence 1 lit. (f) GDPR.
We endeavor to conclude an agreement on joint responsibility with Facebook, also with regard to the Instagram service. To date, Facebook has not commented on the Instagram service. With regard to the processing of Insights data, only Facebook can make and implement decisions. We have no influence over this. If we receive inquiries in connection with the Insights data, we are obliged to forward all relevant information to Facebook.
2.1.11 Twitter Presence
Our presence on Twitter enables us to present our company to the users of this network and to communicate with them. Twitter is operated by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland.
We would like to point out that you use Twitter and its functions at your own risk. This applies in particular to the use of the interactive functions (e.g. sharing, rating).
We have no influence on the type or scope of the data processed by Twitter, the type of processing and use or the transfer of this data to third parties. We also have no effective control options in this respect. By using Twitter, your personal data will be processed by Twitter Inc. collected, transmitted, stored, disclosed and used, regardless of your residency in the United States, Ireland and any other country where Twitter Inc. is engaged in business, transmitted and stored and used there.
On the one hand, Twitter processes your voluntarily entered data such as name and username, e-mail address, telephone number or the contacts in your address book if you upload or synchronize it. On the other hand, Twitter also evaluates the content you share to determine which topics you are interested in, stores and processes confidential messages that you send directly to other users and can determine your location using GPS data, information about wireless networks or your Determine IP address in order to send you advertising or other content.
2.1.12 LinkedIn Presence
Our presence on LinkedIn enables us to present our company to the users of this network and to communicate with them. The offer is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The data provided by you directly and by LinkedIn is used exclusively for the purpose of presenting our company to the users of the network and communicating with them, as well as to increase our level of awareness and to promote our image building as a legitimate interest within the meaning of Art 6 Para 1 lit f GDPR) to be able to offer you the most interesting information for you.
We would like to point out that you use LinkedIn and its functions at your own risk. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).
Even if we inform you about data protection at LinkedIn from a transparency point of view, this data protection declaration is limited to data processing and purposes that are defined or carried out by us.
With regard to other data processing and purposes over which we have no influence and which are determined and carried out by LinkedIn alone, please contact the provider.
LinkedIn provides us with various anonymous statistics about the visitors to our fan page as part of the so-called page insights. These so-called “profile insights” are aggregate statistics created based on certain actions and logged by LinkedIn when users and visitors interact with our company profile and related content.
2.1.13 Xing Presence
Our presence on Xing enables us to present our company to the users of this network and to communicate with them. The provider is New Work SE, Am Strandkai 1, 20457 Hamburg.
You can follow our company profile (by clicking on the “Follow” button). As soon as you follow our company profile, you will be displayed as a follower and informed about content created by us.
You also have the option of commenting on our posts, marking them as “interesting” and “recommending”.
If we create an event, you can take part in it by clicking on the “Are you there?” button. You will then receive a confirmation of participation by email and a request to register at the email address you provided.
We use your information to increase our company’s presence, as well as to recognize and evaluate interest in created articles and events. Our legitimate interest within the meaning of our legal basis for this processing is represented in accordance with Art. 6 Paragraph 1 Sentence 1 lit. (f) GDPR.
We would like to point out that you use Xing and its available functions, at your own risk. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).
Even if we inform you about data protection at Xing from a transparency point of view, this data protection declaration is limited to data processing and purposes that are defined or carried out by us.
With regard to other data processing and purposes over which we have no influence and which are determined and carried out by Xing alone, please contact the provider.
Our presence on TikTok enables us to present our company to the users of this network and to communicate with them. The operator and entity responsible for data protection is TikTok Inc., 10100 Venice Blvd., Culver City, CA 90232, USA; Representative of TikTok Inc. in the EU i. S.v. Art. 27 GDPR is News Republic SAS, Rue Robert Caumont, 33049 Bordeaux Cedex, France.
For our presence in Korea, we use the Naver service. Naver Corporation in Seongnam, Gyeonggi-do, Korea is responsible.
First information for our visitors can be found on Wikipedia: https://de.wikipedia.org/wiki/Naver
2.2 Notes for Customers and Suppliers
We process personal data that we receive from you as part of your business relationship with us. In addition, we process personal data to the extent necessary to provide service to you, that we collect from accessible sources (e.g. Register of Commerce and Associations,
press, media) that we have permissibly obtained and may process.
We process the following categories of personal data about you: personal details (name, professional address and contact details), data from consultation and service calls.
We process personal data on the basis of Art. 6 para. 1 clause 1(f) of the GDPR. The processing serves the implementation of our contracts or pre-contractual measures with you and the execution of your order, as well as all activities necessary for the operation and administration of our company. The respective
details on the purpose of data processing can be found in the respective contract documents and terms and conditions.
Beyond the actual fulfillment of the contract, we process personal data in accordance with Art. 6 para. 1 clause 1(f) of the GDPR. This is permissible to the extent that processing is necessary to protect our legitimate interests or those of a third party, provided your interests or fundamental rights and freedoms which require the protection of personal data do not prevail. Such a legitimate interest exists, for example, in the:
– The review and optimization of procedures for needs analysis and direct customer contact
– For advertising our company’s own products and for market and opinion surveys
– Assertion of legal claims and defense in legal disputes
– Ensuring the IT security and IT operations of the company
In addition, we process data in accordance with Art. 6 para. 1 letter c DS-GVO personal data, to the extent that this is necessary for the fulfillment of legal obligations to which we are subject as a company. The purposes of processing include i.a. e.g. B. commercial and tax law storage obligations according to § 257 Commercial Code (HGB) and § 147 Tax Code (AO).
Within our company, those departments that need your data to fulfill their contractual and legal obligations will have access to it. Processors employed by us (Article 28 GDPR) may also receive data for these purposes. These are companies in the categories of IT services, logistics, debt collection, advisory and consulting, as well as sales and marketing.
If necessary, we process and store personal data for the duration of the business relationship. This also includes the initiation and execution of a contract. In addition, we store personal data to the extent of which we are legally obliged to do so. Corresponding proof and storage obligations result from the Commercial Code and the Tax Code. The periods specified there for retention or documentation are six years in accordance with commercial law requirements under § 257 HGB and up to ten years
due to tax requirements in accordance with § 147 AO.
For the conclusion of the contract, it is necessary that you provide us with data. Without this data, we will most likely have to refuse conclusion of the contract or will no longer be able to carry out an existing contract and may have to terminate it.
2.2 Notice to Applicants
We process the data that you have sent us in connection with your application in order to check your suitability for the position (or any other open positions in our company) and to carry out the application process.
Applicant data will be deleted after 6 months in the event of rejection. In the event that you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, your data will be deleted after two years.
If you have been awarded a position as part of the application process, the data from the applicant data system will be transferred to our personnel information system and will then be subject to statutory storage periods.
The legal basis for the processing of your personal data in this application process is primarily § 26 BDSG – new. According to this, the processing of the data required in connection with the decision on the establishment of an employment relationship is permissible.
This data is processed on the basis of Art. 6 1 lit. b GDPR (performance of contract or pre-contractual measures).
If the data may be required for legal prosecution after the application process has been completed, data processing based on the requirements of Art. 6 GDPR, in particular for the protection of legitimate interests according to Art. 6 para. 1 lit. (f) GDPR. Our interest then lies in the assertion or defense of legal claims.
3. Your rights as a data subject
3.1 Your rights
In accordance with Art. 15 DS-GVO, you have the right to receive information regarding the data stored about you. If incorrect personal data have been processed, you have the following rights pursuant to Art. 16 DS-GVO
right to rectification (Article 16 GDPR) If the legal requirements are met, you can request the deletion or restriction of processing and object to data processing (Art. 17, 18 and 21 DS-GVO). According to Art. 20 GDPR, you can assert the right to data portability for data that is processed automatically on the basis of your consent or a contract with you.
You can exercise these rights against us at the address given above under the heading “Name and contact details of the person responsible”.
3.2 Revocation of any consent you may have given
3.3 Right of appeal
If you believe that data processing violates data protection law, you have
the right to complain to a data protection supervisory authority of your choice (Art. 77 GDPR in conjunction with Section 19 BDSG).
This also includes the data protection supervisory authority responsible for us, which you can find under the following contact details:
North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information, Postfach 20 04 44, 40102 Düsseldorf, 0211/38424-0, firstname.lastname@example.org.
3.4 Information about your right of object according to Art. 21 DS-GVO
1. You have the right, for reasons that arise from your particular situation, at any time against the processing of personal data concerning you, which is based on Art. 6 para. 1 p. 1 (f)
GDPR (data processing on the basis of a balance of interests) takes place to lodge an objection. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 DS-GVO, which we use for credit assessment or for advertising purposes.
If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
2. In individual cases, we process your personal data in order to operate direct advertising. You have the right to object at any time to the processing of data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be made informally and should be sent to us at the address given above in the “Name and contact details of the person responsible”.