Schön Klinik data protection declaration
Section 1 Information on the collection of personal data
(1) This document is intended to provide information about the collection of personal data when our website is used. Personal data includes all data related to you personally, such as your name, address, email addresses or user behaviour.
(2) The responsible person under article 4 paragraph 7 of the EU General Data Protection Regulation (GDPR) is the Schön Klinik SE (hereinafter “SKS”), Balanstraße 71a , 81541 München, e-mail: info(at)schoen-klinik.de (see our legal notice). Our data protection officer can be reached at datenschutz(at)schoen-klinik.de or our mailing address and add “the data protection officer.”
(3) If you contact us by email or using a contact form, the data shared by you (your email address and your name and telephone number if provided) will be stored by us so that we can answer your query. We either delete the data we collect as part of this process once we no longer need to store it or limit data processing if there are statutory retention requirements.
(4) If we employ third-party service providers for individual functions relating to our products or services, or we would like to use your data for commercial purposes, we will inform you as described below about the relevant procedures in detail by email. When we do this, we will also inform you of the specified criteria relating to the duration of storage.
Section 2 Your rights
(1) You have the following rights regarding personal data that relates to you:
- the right of access to the data,
- the right to have data corrected or deleted,
- the right to limit data processing,
- the right to object to data processing,
- the right of data portability.
(2) You also have the right to make a complaint to a data protection authority regarding the processing of your personal data by us.
Section 3 Collection of personal data when you use our website
(1) If you use our website purely for informational purposes, i.e. when you do not register with us or transfer us information in any other way, we only collect the personal data that your browser sends to our server. When you view our website, we collect the following data, which we require for technical purposes to display our website correctly and to ensure stability and security (the legal basis for this is article 6 paragraph 1 page 1 lit. f GDPR):
- IP address
- date and time of request
- time zone difference from Greenwich Mean Time (GMT)
- content of request (specific page)
- access status/HTTP status code
- amount of data transferred
- website from which the request originates
- operating system and associated desktop environment
- language and version of browser software.
(2) In addition to the data listed above, cookies will be stored on your computer when you use our website. Cookies are small text files that are arranged and stored on your hard drive by the browser you use and that can be used by the website that sets the cookie (in this case, us) to collect certain information. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the internet as a whole more user-friendly and efficient.
a) This website uses the following types of cookies, the scope and functioning of which are explained below:
- Transient cookies (see b)
- Persistent cookies (see c).
b) Transient cookies are deleted automatically when you close your browser. This includes session cookies in particular. These store a ‘session ID’ that can be used to match the various queries submitted by your browser in one session. This means your browser can be recognised if you return to our website later. Session cookies are deleted when you log out or close your browser.
c) Persistent cookies are deleted automatically after a specified time, which can differ depending on the cookie itself. You can delete cookies in your browser’s security settings at any time.
d) You can configure your browser setup the way you want; for example, you may wish to reject third party cookies or all cookies. Please be advised that you may not be able to use all the functions of the products and services.
e) The flash cookies used are not collected by your browser, but by your Flash plug-in. We also use HTML5 storage objects, which are saved on your device. These objects store the required data regardless of the browser you use and do not have an automatic expiry date. If you do not wish to allow processing of Flash cookies, you must install the appropriate add-on, e.g. “Better Privacy” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or Adobe Flash Cookie Killer for Google Chrome. You can prevent the use of HTML5 storage objects by setting your browser to private mode. We also recommend regularly deleting your cookies and browser history manually.
Section 4 Other functions and features of our website
(1) In addition to purely informational use of our website, we offer various services for you to take advantage of if you are interested. To do this, you must usually submit more personal data, which we will use to render the selected service and to which the data processing principles described above apply.
(2) We sometimes use external service providers to process your data. We select and commission these service providers carefully; they are bound by our instructions and are monitored regularly.
(3) Furthermore, we may pass on your personal data to third parties with whom we offer participation in sales, competitions, contracts or similar services. You will be provided with more information on this when you submit your personal data or below in the description of our products and services.
(4) Where our service providers or partners have headquarters in a country outside the European Economic Area (EEA), we will inform you of the consequences of this in the description of the service.
Section 5 Revocation or withdrawal from data processing
(1) If you have granted consent to the processing of your data, you can withdraw this at any time. This withdrawal relates to permission to process your personal data after you have given us this permission.
(2) Where we base the processing of your personal data on the balance of interests, you can submit an objection to data processing. This is the case in particular if the processing is not required to fulfil a contract with you; this is explained below in the description of the functions. When submitting your objection, we ask for your reasons for requesting that we do not continue to process your personal data. If the objection is justified, we will check the circumstances and will either cease or adjust the processing of your data or present compelling reasons for continuing to process your data.
(3) You can, of course, revoke your consent to the processing of your data for the purpose of marketing and data analysis at any time. You can find more information about your right to withdraw from marketing using the following contact details:
Special products and services on the website
(1) With your consent, you can subscribe to our newsletter, which we will use to inform you about our current products and services that might interest you. The services that are promoted are listed in the declaration of consent.
(2) We use the ‘double-opt-in process’ for subscriptions to our newsletter. This means we send you an email to the email address you submitted when you subscribed, in which we ask for confirmation that you wish to receive the newsletter. If you do not confirm your subscription within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we will store your assigned IP addresses and the times of application and confirmation. The purpose of this process is to keep evidence of your subscription and to expose any abuse of your personal data, should this become necessary.
(3) The only piece of your information that is required to subscribe to our newsletter is your email address. The submission of other, specially marked data is voluntary and will be used to contact you personally. After confirmation from you, we will store your email address for the purpose of sending the newsletter. The legal basis for this is article 6 paragraph 1 page 1 lit. a GDPR.
(4) You can withdraw your consent to receiving the newsletter at any time and unsubscribe from the newsletter. You can submit this withdrawal by clicking on the link provided in each newsletter email to send an email to “newsletter(at)schoen-kliniken.de” or in writing using the contact information given in the Imprint section.
(5) Please be advised that we analyse your user behaviour when we send you our newsletter. For the purpose of this analysis, the emails we send contain ‘web beacons’ and tracking pixels, which are single-pixel image files that are stored on our website. For this analysis, we link the data listed in section 3 and the web beacons with your email address and an individual ID. Links contained in the newsletter also contain this ID. This data is collected in pseudonymised form only; this means the IDs are not linked to any other personal data of yours and it is impossible to link it to you directly. You can withdraw permission for this tracking by clicking on the special link provided in each email or by informing us using another method of contact. The information is stored for as long as you are subscribed to the newsletter. After you unsubscribe, we will store the data anonymously for statistical purposes.
2. Use of social media plug-ins
(1) We currently use the following social media plug-ins: Facebook, Google+, Twitter.
(2) Neither do we have any influence on the data collected or the data processing procedures nor are we aware of the full extent of the data collection, purposes of processing or storage periods. We also have no information regarding deletion of the data collected by the plug-in provider.
(3) The plug-in provider stores the data collected about you as a user profile and uses this for the purposes of marketing, market research and/or the needs-based design of their website. This analysis is performed (even for users who are not logged in) in particular for the purpose of displaying relevant advertisements and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this right, you must contact the relevant plug-in provider. We offer you the opportunity to interact with the social networks and other users via the plug-ins, so that we can improve our products and services and continue to develop them in a way that is interesting for you as a user. The legal basis for the use of plug-ins is art. 6 paragraph 1 page 1 lit f. GDPR.
(4) Data will be passed on regardless of whether you have an account with the plug-in provider and are logged in. If you are logged in with the plug-in provider, the data we have collected about you will be directly matched to your existing account with the plug-in provider. If you press the activated button and link to the site, for example, the plug-in provider will store this information in your user account as well and will share it publicly with your contacts. We recommend logging out of social networks regularly after using them, but especially before using the button, in order to avoid being matched to your profile by the plug-in provider in this way.
(5) You can find more information on the purpose and extent of data collection and its processing by the plug-in provider in the data protection declarations from these providers linked below. You can also find more information there on your rights relating to this and the settings available to you to protect your privacy.
(6) Addresses for the various plug-in providers and URLs with data protection information:
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; more information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has signed up to the EU-US Privacy Shield; https://www.privacyshield.gov/EU-US-Framework.
b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google has signed up to the EU-US Privacy Shield; https://www.privacyshield.gov/EU-US-Framework.
c) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has signed up to the EU-US Privacy Shield; https://www.privacyshield.gov/EU-US-Framework.
3. Incorporation of YouTube videos
(1) We have incorporated YouTube videos in our online services, which are stored on http://www.youtube.com and can be played directly on our website. These are all incorporated in “expanded data protection mode”, i.e. no data about you as a user is transferred to YouTube if you do not play the videos. The data listed in paragraph 2 is transferred only if you play the videos. We have no influence over this data transfer.
(2) When you visit the website, YouTube will be informed that you have requested the corresponding page on our website. In addition, the data listed under section 3 of this declaration will be transferred. This will occur regardless of whether YouTube has provided a user account and you have logged into it or if you do not have an account. If you are logged into Google, your data will be matched directly to your account. If you would not like your data to be matched to your profile with YouTube, you must log out before activating the button. YouTube stores your data as a user profile and uses this for the purposes of marketing, market research and/or the needs-based design of their website. This analysis is performed (even for users who are not logged in) in particular for the purpose of serving relevant advertisements and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles being; to exercise this right, you must contact YouTube.
(3) You can find more information on the extent and purpose of data collection and its processing by YouTube in the data protection declaration. You can also find more information there on your rights relating to this and the settings available to you to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google processes your personal data in the USA as well and has signed up to the EU-US Privacy Shield; https://www.privacyshield.gov/EU-US-Framework.
4. Incorporation of Google Maps
(1) We use Google Maps on this website. This allows us to display interactive maps directly on the website and allows you to use the map function easily.
(2) When you visit the website, Google will be informed that you have requested the corresponding page on our website. In addition, the data listed under section 3 of this declaration will be transferred. This will occur regardless of whether Google has provided a user account and you have logged into it or if you do not have an account. If you are logged into Google, your data will be matched directly to your account. If you would not like your data to be matched to your profile with Google, you must log out before activating the button. Google stores your data as a user profile and uses this for the purposes of marketing, market research and/or the needs-based design of their website. This analysis is performed (even for users who are not logged in) in particular for the purpose of serving relevant advertisements and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this right, you must contact Google.
(3) You can find more information on the purpose and extent of data collection and its processing by the plug-in provider in the data protection declarations from the providers. You can also find more information there on your rights and the settings available to you to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google processes your personal data in the USA as well and has signed up to the EU-US Privacy Shield; https://www.privacyshield.gov/EU-US-Framework.
5. Implemented Technologies
6.1 Applicant data
We process all applicant data that you provide to us solely for the purpose of carrying out the application process. The applicant data required for this process is marked as such in the online form. By transmitting applicant data to us, you state that you as an applicant agree to the processing of this data for the purpose of carrying out the application process. In addition to this mandatory data, you can also give us extra information as an applicant voluntarily.
The information you provide may be further processed by us for the purposes of the employment relationship if your application is successful.
If your application for a position is not successful, your information will be deleted.
Your applicant data will be deleted after six months so that we can respond to any questions about your application and meet the obligations to provide proof from the General Equal Treatment Act (AGG).
The legal basis for the processing of your applicant data to fulfil our (pre-)contractual obligations in the context of the application process is art. 6(1)b GDPR, art. 6(1)f GDPR within the meaning of section 26 of the Federal Data Protection Act.
If you voluntarily disclose personal data to us during the application process that falls within special categories within the meaning of art. 9(1) GDPR, this data shall also be processed pursuant to art. 9(2)b GDPR (e.g. health records, such as severe disability or ethnic origin). If special categories of personal data within the meaning of art. 9(1) GDPR are requested from you during the application process, this data shall also be processed pursuant to art. 9(2)a GDPR (e.g. health records if required for professional practice). The data controller within the meaning of art. 4(7) GDPR is the clinic or company for whose post you are applying, as well as Schön Klinik SE, Balanstraße 71a, 81541 München, as joint controllers pursuant to art. 26 GDPR.
6.2 Applicant database
If you are not considered for the current job posting, we offer you the option of including your applicant data in the applicant pool for two years on a basis of voluntary consent. This allows us to contact you regarding recruitment for any other open positions that arise. Inclusion in the applicant database does not have any impact whatsoever on your chances regarding the current job posting. You may revoke your consent to be included in the application database at any time with effect for the future. The data will be deleted after two years. The use of your applicant data for the period of two years is subject to your consent pursuant to art. 6(1)b and art. 7 GDPR.