The data protection officer of Helios Health GmbH can be contacted at the above address, Attn: Data Protection Officer, or at Datenschutzbeauftragter@helios-gesundheit.de.
For clinic-related topics, please contact the respective data protection officer of the individual clinic. You will find the contact details on the respective website of the Helios Clinic concerned.
2. Processing of your personal data
When visiting our website
When you visit our website, our servers, by default, temporarily store the connection data of the requesting computer for the purpose of system security, the Internet pages that you visit with us, the date and duration of your visit, the identification data and the type of browser and operating system used, as well as the website from which you are visiting us (server log data). Any other personal information such as your name, address, telephone number or e-mail address will not be collected. In addition, the server log data is not linked with personal data. The data mentioned before are processed by us for the following purposes:
- Ensuring functionality and fault-free operation of our website
- Ensuring proper use of our website,
- Evaluation of system security and stability
The legal basis for data processing is Article 6 sec. 1 lit. f) GDPR. Our legitimate interest follows from the above listed purposes for data collection. In no case shall we use the collected data for the purpose of drawing conclusions on your person.
3. When you actively provide information
We will process data you actively provided to us for instance when filling in online forms when contacting us by means of communication such as e-mail, telephone or mail. In case of online forms, the purpose for which you provide us with your personal data can be found on the form itself, generally the purpose will be to communicate with you. We do this based on your prior given consent (Art. 6 sec. 1 lit. a) GDPR) or, in order to execute a contract you are party to (Art. 6 sec. 1 lit. b) GDRP), or based on our legitimate interest in communicating with you and answer your inquiry, which is not overridden by your interests, rights or freedoms since you contacted us yourself (Art. 6 sec. 1 lit. f) GDPR).
Personal data collected by us for the use of the contact form will be automatically deleted upon completion of the request you have made.
Registration for the launch of the DEMO-C4U2BE
We process data you actively provide to us in the course of registration for the launch of the DEMO-C4U2BE. For the registration, please follow this link .
The personal data required for the registration are:
Title, Name, Surname, Company, Organization, E-Mail-Address, and the Information whether it is an arrival from abroad or not.
This data will be used exclusively for processing your registration and will be deleted automatically after the launch of the DEMO-C4U2BE, on the 5th of April.
Please note that with the registration you consent to receiving important information via e-mail concerning the event (e.g., current coronavirus-related regulations) in advance of the launch of DEMO-C4U2BE.
The legal basis for the processing your personal data in the course of the registration is Art. 6 sec. 1 lit. a GDPR.
We use the service of fischerAppelt AG, Waterloohain 5, 22769 Hamburg (hereinafter fischerAppelt) to organise the launch and have concluded a data processing agreement with fischerAppelt. In this contract, we both agreed to comply with the applicable data protection regulations.
Further information on data protection and fischerAppelt services can be found here.
4. Transfer of Personal Data to Third Parties
We only transfer your personal data to third parties if:
- you have expressly consented to the transfer in accordance with Art. 6 sec. 1 lit. a GDPR;
- the transfer is necessary for the fulfilment of a contract with you pursuant to Art. 6 sec. 1 lit. b GDPR or
- there is a legal obligation for the transmission according to Art. 6 sec. 1 lit. c GDPR.
The transmitted data may be used by the third party exclusively for the specified purposes.
5. Third Country Transfer
Transfer of personal data to an unsafe third country will only take place if you have been informed in advance and the requirements of Art. 44 et seqq. GDPR are met.
A third country is deemed to be unsafe if the EU Commission has not issued an adequacy decision for this country pursuant to Art. 45 sec. 1 GDPR confirming that adequate protection for personal data exists in the state.
The U.S. is assessed by the European Court of Justice as a country with an inadequate level of data protection according to EU standards. In particular, there is a risk that personal data may be processed by the U.S. authorities, possibly without any means of redress.
We will only transfer your personal data to the U.S. or other unsafe third countries if:
- you have expressly consented to the transfer in accordance with Art. 49 sec. 1 lit. a GDPR,
- the recipient provides sufficient guarantees in accordance with Art. 46 GDPR for the protection of personal data,
- the transfer is necessary for the performance of contractual obligations between you and us, or
- another exception of Art. 49 of the GDPR applies.
We use both first and third party cookies. Any cookies that are placed by the website you are visiting are called first-party cookies, whereas cookies which are from a domain different than the domain of the website you are visiting are called third party cookies.
The types of cookies we use on this website fall under two categories, essential and non-essential cookies, whereas non-essential cookies (also known as optional cookies) enable basic functions such as page navigation and access to secure areas of our website. These cookies are necessary in order for our page to function properly.
Non-essential cookies are not necessary for our website to function properly; however, they help us to better tailor our service to you. In the case of non-essential cookies, we differentiate between:
Preference cookies - allow a website to remember information that affects the way a website functions or looks, such as your preferred language or the region you are in.
Statistics cookies - help website owners understand how users interact with websites by collecting and reporting information anonymously.
Marketing cookies – are used to track users on a website. The intention is to show ads that are relevant and engaging to the individual user and therefore more valuable to publishers and advertising third parties.
Unclassified cookies - are cookies that we are currently trying to classify, along with providers of individual cookies.
You are free to use our website with only the essential cookies, to make an individual choice regarding optional cookies, or to consent to the use of all cookies by selecting “Accept All Cookies” in the cookie consent manager tool. However, if you disable cookies or delete cookies stored on your computer, this may result in limited use of the website.
By clicking on “Allow All Cookies”, you also consent to your data being processed outside the EU in third countries, including the U.S., pursuant to Art. 49 sec. 1 lit. a GDPR. The U.S. is assessed as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by the U.S. authorities, possibly without any legal remedy. If you click on "Only Essential Cookies", the transmission described above will not take place.
You can revoke your consent for the future at any time. The following options are available to you for this purpose:
- You can change or revoke your consent via the cookie consent manager tool. You can access the tool via the button on the left at the bottom of the website.
- If you would like to exercise your right of revocation or objection in another way, please contact us by e-mail at Datenschutzbeauftragter@helios-gesundheit.de.
Your revocation does not affect the lawfulness of the processing carried out until revocation.
We use consent manager tool of Cybot A/S Havnegade 39, 1058 Kopenhagen, Denmark. In this context, date and time of the visit, browser and consent information as well as the IP address of the requesting device are processed. The legal basis is Art. 6 sec. 1 lit. f GDPR. Management of legally required consent is to be regarded as a legitimate interest within the meaning of the aforementioned provision. For further information on data protection at Cybot, please click here.
We use Google Analytics, a Web Analytics service from Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google") for the purpose of design and continuous optimization of our pages. In this context, pseudonymised usage profiles are created and cookies are placed. The information generated by the cookie about your use of this website, such as
- browser type/version,
- operating system used,
- referrer URL (previously visited page),
- hostname of accessing computer (IP address),
- time of server request,
are transferred to a Google server in the United States and stored.
The information is used to evaluate the use of the website, to compile reports on the website activities and to provide further services related to use of the website for the purposes of market research and appropriate design of our internet pages. This information may also be transferred to third parties if this is required by law or if third parties have to process this data.
The personal data collected via cookies is automatically deleted after 12 months.
We only use Google Analytics with activated IP anonymisation. This means that the IP address of the user is shortened by Google within the European Union or in other states that are party to the Agreement on the European Economic Area. In no case will your IP address be merged with other data from Google.
We will only transfer your data to Google if you expressly consent to its processing by Google (Art. 6 sec. 1 lit. a GDPR). In this case, while being aware of the risks mentioned under section 5, you also consent to your data being transferred to the USA in accordance with Art. 49 sec. 1 lit. a GDPR.
You can revoke your consent for the future at any time using our consent manager tool [clickable link]. You can access the tool via the link at the end of the website.
Further information on data protection and the information on processing of personal data with regards to Google Analytics can be found here.
Google Adwords Conversion Tracking
We use Google AdWords conversion tracking (hereinafter Google Adwords to collect the use of our website statistically and to evaluate it for the purpose of optimizing our website. Google AdWords will set a cookie) on your computer, provided that you have reached our website via a Google ad.
These cookies expire after 30 days and are not intended for personal identification. If the user visits certain pages of the AdWords customer's website and the cookie has not yet expired, Google and the customer can see that the user clicked on the ad and was redirected to that page.
Each AdWords customer receives a different cookie. This means that cookies cannot be tracked through the AdWords customer's Web pages. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers will see the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive any information that allows users to identify themselves personally.
The use of Google Adwords is based on your consent in accordance with Art. 6 sec. 1 lit. a GDPR. When giving consent, you also consent to your data being transferred to the USA in accordance with Art. 49 sec. 1 lit. a GDPR.
You can revoke your consent for the future at any time using our consent manager tool [clickable link]. You can access the tool via the link at the end of the website.
Further information on data protection and the information on processing of personal data with regards to Google Adwords can be found here.
7. Embedded Youtube Videos
As part of the activity feed, we have embedded videos from YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) on our website from time to time.
The implementation is based on your consent according to Art. 6 sec. 1 lit. a GDPR. In this case, you also consent to the transfer of your data to the U.S. in accordance with Art. 49 sec. 1 lit. a GDPR in the knowledge of the risks described above.
By loading the videos on our website, data is forwarded to Google. In particular, Google is informed which of our websites you have visited and receives device-specific information including the IP address.
The YouTube videos are integrated in the so-called "extended data protection mode", which, according to the provider, only triggers the storage of user information when the videos are played. If you call up a page that has an embedded video, this only establishes a connection to the YouTube servers and the content is displayed on the website by informing your browser when you actually watch the video.
If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account before activating the play button.
We will only transfer your data if you expressly consent to the processing by Google. In this case, you also consent to the transfer of your data to the U.S. in accordance with Art. 49 sec. 1 lit.a GDPR, in full knowledge of the risks described under section 5 of this policy.
You can revoke your consent for the future at any time using our consent manager tool. You can access the tool via the link at the end of the website.
8. Social Media
We implemented activity feeds of social media providers on our website (in our case namely those of Facebook, Twitter, Instagram, YouTube, LinkedIn, Xing and Google+). These activity feeds are deactivated by default. If you choose to use these activity feeds, you will be asked for your consent regarding the respective transfer of your data. The transfer of data takes place in order to enable you to use and connect with the services of these social media providers. Your consent provides the legal basis for this transfer of your personal data by Helios Health (Art. 6 sec. 1 lit. a) GDPR). In addition, if you are currently logged in to a social network of one of the listed providers, your activity may be linked to your user account by the respective social media provider at the same time. If you activate the activity feeds of social media providers your web browser will connect to the servers of the respective providers and send your specific user data. The transmitted data may encompass: date and time of your visit on our website, URL of the website you are on, URL of the website you visited before, used browser, used operating system, and your IP-Address.
All processing of personal data in relation to the activity feed is carried out by and in responsibility of these providers. Helios Health is not responsible for such processing of personal data.
We link from our site to offers from Facebook (Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland) to make your use more personal. For this we use a symbolin the Facebook design, if you click this symbol, the page you called will be handed over to Facebook and you will be forwarded to Facebook accordingly.
Facebook will then receive the information that your browser has called the corresponding page of our website; even if you don't have a Facebook account or you are currently not logged in. This information (including your IP address) is transmitted by your browser directly to a server from Facebook in the USA and stored there.
If you are logged in to Facebook, Facebook can directly assign your visit to our website to your Facebook account. Facebook can use this information for the purpose of advertising, market research and on-demand design of Facebook pages. To do this, Facebook will create usage, interest, and relationship profiles, such as to evaluate your use of our website with regard to the ads you have displayed on Facebook, other Facebook users about your activities on our website. Information and to provide other services related to the use of Facebook.
We link from our site to offers from Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A.; responsible for the data processing of persons living outside the United States is the Twitter international Company, one Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland.) We use a symbol in Twitter design, which will direct you to the "share" function of Twitter and where you can share content.
If you click this symbol, the page you called will be handed over to Twitter and you will be forwarded to Twitter accordingly.
Twitter receives the information that your browser has called the corresponding page of our website (even if you do not have a Twitter account or are not currently logged in to Twitter). This information (including your IP address) is transmitted by your browser directly to a server of Twitter in the USA and stored there.
We link from our website to Instagram website, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram").
If you visit the site and are logged in to your Instagram account at the same time, Instagram will be able to direct you to your Instagram account.
Please note that the exact data processing at Instagram is not our knowledge.
We link from our website to Xing AG, Dammtor Straße 30, 20354 Hamburg, Germany (hereinafter referred to as "Xing"). If you access the site and are logged in to your Xing account at the same time, Xing can directly assign the visit to our website to your Xing account.
Please note that the exact data processing at Xing is not our knowledge.
We link from our website to LinkedIn Corporation Web site, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter referred to as "LinkedIn"). When you visit the site and are logged into your LinkedIn account at the same time, LinkedIn is able to directly associate our site with your LinkedIn account.
Please note that the exact data processing at LinkedIn is not our knowledge.
We link from our website to website: Pinterest Inc., 808 Brannan Street San Francisco, CA 94103-490, USA). If you go to the site and are logged in to your Pinterest account at the same time, Pinterest can directly assign the visit to our website to your Pinterest account.
Please note that the exact data processing at Pinterest is not our knowledge.
We link from our website to the website of Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter 'Google').
If you visit the site and are logged into your Google account at the same time, Google will be able to direct you to your Google account.
You have the right:
- In accordance with article 15 GDPR to request information about your personal data processed by us. In particular information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, limitation of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected by us, as well as the existence of an automated decision-making process, including profiling and, where appropriate, information on their details;
- In accordance with article 16 GDPR immediately request the rectification of incorrect or complete personal data stored by us;
- In accordance with article 17 GDPR to request the deletion of your personal data stored by us;
- In accordance with article 18 GDPR to restrict the processing of your personal data, insofar as the accuracy of the data is contested by you, the processing is unlawful, but you reject the deletion and we no longer need the data, but you need to assert, exercise or defend legal claims;
- In accordance with article 20 GDPR to receive your personal data which you have provided us in a structured, commonly used and machine-read format and require the transmission to another person responsible;
- In accordance with article 7 sec. 3 GDPR to revoke your once-given consent from us at any time. As a result, we are not allowed to continue the data processing based on this consent for the future
- According to article 77 GDPR to complain to a supervisory authority.
Right of objection
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on lit. e) or lit. f) of Art. 6 sec. 1 GDPR. In this case, Helios Health shall no longer process personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
To enforce any of the aforementioned rights, please contact us through one of the communication channels mentioned above.
10. Data Security
Your data are stored in a secure operating environment and are not accessible to the public.
In certain cases, your personal data is encrypted during transmission by the so-called Transport Layer Security (TLS). This means that communication between your computer and our servers is done using a recognized encryption method if your browser supports TLS.