Privacy Policy

Data Privacy Statement

This Privacy Policy provides information about how we collect and use personal data during the use of our website. Personal data means any information relating to an identified or identifiable natural person. In particular, this includes information that enables us to identify you, such as your name, telephone number, address or e-mail address. Statistical data that we collect when you visit our website that cannot be associated with your person, does not fall under the term of personal data.

You can print or save this privacy policy by using the usual functions of your browser.

 

1.  Contact Person

Contact person and the controller of the processing of your personal data when you visit this website in accordance with the basic EU data protection regulation (GDPR) is

DDB Health GmbH
Blumenstraße 28
80331 München
Tel: +49 89 665 32 09

Mail: [email protected]

If you have any questions regarding data protection in connection with the use of our website, you can also contact our data protection officer at any time. She can be reached at the following address:

Herr Oliver Stutz

datenschutz nord GmbH

Konsul-Smidt-Straße 88

28217 Bremen

Tel: +49 421 69 66 32-0

E-Mail: [email protected]

 

 

2.  Data processing on our website

2.1.   Visit our website / access data

Every time you use our website, we collect access data that your browser automatically transmits to enable you to visit the website. The access data includes, for example, the IP address of the requesting device, the date and time of the request and the address of the website accessed and the requesting website. The processing of this access data is necessary to enable you to visit the website and to ensure the long-term functionality and security of our systems. The access data is temporarily stored in internal log files in order to produce statistical data on the use of our website, to further develop our website with regard to the usage habits of our visitors (e.g. if the proportion of mobile devices with which the pages are called up increases) and to generally maintain our website administratively. The legal basis is Art. 6 (1) lit. b GDPR. The information stored in the log files does not allow any direct conclusion to your person.

 

2.2. Contact

You have several possibilities to contact us. This includes, for example, contact forms, by telephone, e-mail or mail. In this context, we process the contact and other data you provide us exclusively for the purpose of communicating with you. The legal basis is Art. 6 (1) lit. b GDPR.

 

2.3. Applications

You can apply to us for open positions at any time. The purpose of data collection is to select applicants for possible employment. In this context, we process the contact and other data (e.g. application documents, certificates, CV, date of earliest possible job start, salary expectation) submitted by you for processing your application. The legal basis for processing your application documents is Art. 6 (1) lit. b and Art. 88 (1) GDPR in conjunction with § 26 para. 1 sentence 1 BDSG (German Federal Data Protection Act).

 

3. Transfer of data

The data collected by us will only be transfered to third parties if:

  • you have given your explicit consent according to Art. 6 (1) lit. a GDPR;
  • the disclosure according to Art. 6 (1) lit. f GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an predominating interest worthy of protection in not disclosing your data;
  • we are legally obliged according to Art. 6 (1) lit. c GDPR; or
  • this is legally permissible and is required under Art. 6 (1) lit. b GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures that are taken at your request.

Part of the data processing can be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may include data centers that store our website and databases, IT service providers that maintain our systems, and consulting firms. If we provide data to our service providers, they may use the data exclusively for the fulfilment of their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have appropriate technical and organisational measures in place to protect the rights of the persons concerned and are regularly monitored by us.

 

4. Time of storage

In principle, we only store personal data as long as it is necessary to fulfil contractual or legal obligations for which we have collected the data. Afterwards we delete the data immediately unless we need the data until the end of the limitation period to prove legal claims or due to retention obligations. For evidence purposes, we must store contract data for three years from the end of the year in which the business relationship with you ends. This is the earliest a legal claim can become barred. Even after that, we still have to store some of your data due to accounting requirements. We are obliged to do so on the basis of retention obligations that may arise from the german national law (Handelsgesetzbuch, Abgabenordnung, Kreditwesengesetz, Geldwäschegesetz, Wertpapierhandelsgesetz.) The periods specified there for the storage of documents are two to ten years.

 

5. Your rights

You have the right to request information about the processing of your personal data by us at any time. We will explain the processing to you and provide you with an overview of the data stored about you as part of the provision of information. If data about you is incorrect or not up-to-date anymore, you can demand a correction of your data. You may also request that your data will be deleted. If, in exceptional cases, deletion is not possible due to other legal requirements the data will be blocked so that it is only available for this legal purpose. You may also have the processing of your data restricted if you believe that the data we have stored is incorrect. You also have the right to data portability. We will send you a digital copy of your personal data on request.

To exercise your rights as described here, you may contact the contact addresses mentioned above at any time. You can also do so if you want to receive copies of guarantees to prove an adequate level of data protection.

You have the right to object to data processing based on Art. 6 (1) lit. e or f GDPR. You have the right to complain to our data protection supervisory authority. You may exercise this right before a supervisory authority in the member State in which you are staying, working or where your rights might be infringed. As our registered office is in Berlin, the responsible supervisory authority is:

Bayerisches Landesamt für Datenschutzaufsicht
Postfach 606
91511 Ansbach
Deutschland
Tel: +49 (0) 981 53 1300
Fax: +49 (0) 981 53 98 1300
E-Mail: [email protected]

 

6.  Objection and withdrawal of consent

According to Article 7 (3) GDPR, you have the right to withdraw your given consent at any time. As a result, we will no longer process data based on this consent. The withdrawal of consent shall not affect the lawfulness of processing based on given consent before its withdrawal.

If we process your data on the basis of legitimate interests according to Art. 6 (1) lit. f GDPR, you have the right to object to the processing of your data according to Article 21 GDPR and to give us reasons which arise from your particular situation and which in your opinion indicate that your interests worthy of protection predominate.

If you object to data processing for direct advertising purposes, you have a general right of objection, which we will implement without you giving reasons.

If you would like to make use of your right of withdrawal or objection, an informal message to one of the contact addresses mentioned above is sufficient.

 

7.   Data security

We maintain current technical measures to guarantee data security, in particular to protect your personal data from unauthorized access by third parties and from risks during transmission. These measures are implemented to the current state of the art in each case.

 

8. Changes to our privacy policy

We may update this privacy policy from time to time, for example when we update our website or when legal or regulatory requirements are changing.

 

© DDB Health GmbH – May 2019