Data Privacy Statement
1. Contact Person
Contact person and the controller of the processing of your personal data when you visit this website in accordance with the basic EU data protection regulation (GDPR) is
DDB Health GmbH
Tel: +49 89 665 32 09
Mail: [email protected]
If you have any questions regarding data protection in connection with the use of our website, you can also contact our data protection officer at any time. She can be reached at the following address:
ISiCO Datenschutz GmbH
Am Hamburger Bahnhof 4
Tel: +49 30 213 002 85 0
Fax: +49 30 213 002 89 9
E-Mail: [email protected]
2. Data processing on our website
2.1. Visit our website / access data
Every time you use our website, we collect access data that your browser automatically transmits to enable you to visit the website. The access data includes, for example, the IP address of the requesting device, the date and time of the request and the address of the website accessed and the requesting website. The processing of this access data is necessary to enable you to visit the website and to ensure the long-term functionality and security of our systems. The access data is temporarily stored in internal log files in order to produce statistical data on the use of our website, to further develop our website with regard to the usage habits of our visitors (e.g. if the proportion of mobile devices with which the pages are called up increases) and to generally maintain our website administratively. The legal basis is Art. 6 (1) lit. b GDPR. The information stored in the log files does not allow any direct conclusion to your person.
You have several possibilities to contact us. This includes, for example, contact forms, by telephone, e-mail or mail. In this context, we process the contact and other data you provide us exclusively for the purpose of communicating with you. The legal basis is Art. 6 (1) lit. b GDPR.
You can apply to us for open positions at any time. The purpose of data collection is to select applicants for possible employment. In this context, we process the contact and other data (e.g. application documents, certificates, CV, date of earliest possible job start, salary expectation) submitted by you for processing your application. The legal basis for processing your application documents is Art. 6 (1) lit. b and Art. 88 (1) GDPR in conjunction with § 26 para. 1 sentence 1 BDSG (German Federal Data Protection Act).
3. Transfer of data
The data collected by us will only be transfered to third parties if:
- you have given your explicit consent according to Art. 6 (1) lit. a GDPR;
- the disclosure according to Art. 6 (1) lit. f GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an predominating interest worthy of protection in not disclosing your data;
- we are legally obliged according to Art. 6 (1) lit. c GDPR; or
- this is legally permissible and is required under Art. 6 (1) lit. b GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures that are taken at your request.
4. Time of storage
In principle, we only store personal data as long as it is necessary to fulfil contractual or legal obligations for which we have collected the data. Afterwards we delete the data immediately unless we need the data until the end of the limitation period to prove legal claims or due to retention obligations. For evidence purposes, we must store contract data for three years from the end of the year in which the business relationship with you ends. This is the earliest a legal claim can become barred. Even after that, we still have to store some of your data due to accounting requirements. We are obliged to do so on the basis of retention obligations that may arise from the german national law (Handelsgesetzbuch, Abgabenordnung, Kreditwesengesetz, Geldwäschegesetz, Wertpapierhandelsgesetz.) The periods specified there for the storage of documents are two to ten years.
5. Your rights
You have the right to request information about the processing of your personal data by us at any time. We will explain the processing to you and provide you with an overview of the data stored about you as part of the provision of information. If data about you is incorrect or not up-to-date anymore, you can demand a correction of your data. You may also request that your data will be deleted. If, in exceptional cases, deletion is not possible due to other legal requirements the data will be blocked so that it is only available for this legal purpose. You may also have the processing of your data restricted if you believe that the data we have stored is incorrect. You also have the right to data portability. We will send you a digital copy of your personal data on request.
To exercise your rights as described here, you may contact the contact addresses mentioned above at any time. You can also do so if you want to receive copies of guarantees to prove an adequate level of data protection.
You have the right to object to data processing based on Art. 6 (1) lit. e or f GDPR. You have the right to complain to our data protection supervisory authority. You may exercise this right before a supervisory authority in the member State in which you are staying, working or where your rights might be infringed. As our registered office is in Berlin, the responsible supervisory authority is:
Bayerisches Landesamt für Datenschutzaufsicht
Tel: +49 (0) 981 53 1300
Fax: +49 (0) 981 53 98 1300
E-Mail: [email protected]
6. Objection and withdrawal of consent
According to Article 7 (3) GDPR, you have the right to withdraw your given consent at any time. As a result, we will no longer process data based on this consent. The withdrawal of consent shall not affect the lawfulness of processing based on given consent before its withdrawal.
If we process your data on the basis of legitimate interests according to Art. 6 (1) lit. f GDPR, you have the right to object to the processing of your data according to Article 21 GDPR and to give us reasons which arise from your particular situation and which in your opinion indicate that your interests worthy of protection predominate.
If you object to data processing for direct advertising purposes, you have a general right of objection, which we will implement without you giving reasons.
If you would like to make use of your right of withdrawal or objection, an informal message to one of the contact addresses mentioned above is sufficient.
7. Data security
We maintain current technical measures to guarantee data security, in particular to protect your personal data from unauthorized access by third parties and from risks during transmission. These measures are implemented to the current state of the art in each case.
© DDB Health GmbH – May 2018