Schön Klinik data protection declaration
Section 1 Information on the collection of personal data
(1) This document is intended to provide information about the collection of personal data when our website is used. Personal data includes all data related to you personally, such as your name, address, email addresses or user behaviour.
(2) The responsible person under article 4 paragraph 7 of the EU General Data Protection Regulation (GDPR) is the Schön Klinik Management SE (hereinafter “SKM”), Seestraße 5a , 83209 Prien am Chiemsee, e-mail: info(at)schoen-klinik.de (see our legal notice). Our data protection officer can be reached at datenschutz(at)schoen-klinik.de or our mailing address and add “the data protection officer.”
(3) If you contact us by email or using a contact form, the data shared by you (your email address and your name and telephone number if provided) will be stored by us so that we can answer your query. We either delete the data we collect as part of this process once we no longer need to store it or limit data processing if there are statutory retention requirements.
(4) If we employ third-party service providers for individual functions relating to our products or services, or we would like to use your data for commercial purposes, we will inform you as described below about the relevant procedures in detail by email. When we do this, we will also inform you of the specified criteria relating to the duration of storage.
Section 2 Your rights
(1) You have the following rights regarding personal data that relates to you:
- the right of access to the data,
- the right to have data corrected or deleted,
- the right to limit data processing,
- the right to object to data processing,
- the right of data portability.
(2) You also have the right to make a complaint to a data protection authority regarding the processing of your personal data by us.
Section 3 Collection of personal data when you use our website
(1) If you use our website purely for informational purposes, i.e. when you do not register with us or transfer us information in any other way, we only collect the personal data that your browser sends to our server. When you view our website, we collect the following data, which we require for technical purposes to display our website correctly and to ensure stability and security (the legal basis for this is article 6 paragraph 1 page 1 lit. f GDPR):
- IP address
- date and time of request
- time zone difference from Greenwich Mean Time (GMT)
- content of request (specific page)
- access status/HTTP status code
- amount of data transferred
- website from which the request originates
- operating system and associated desktop environment
- language and version of browser software.
(2) In addition to the data listed above, cookies will be stored on your computer when you use our website. Cookies are small text files that are arranged and stored on your hard drive by the browser you use and that can be used by the website that sets the cookie (in this case, us) to collect certain information. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the internet as a whole more user-friendly and efficient.
a) This website uses the following types of cookies, the scope and functioning of which are explained below:
- Transient cookies (see b)
- Persistent cookies (see c).
b) Transient cookies are deleted automatically when you close your browser. This includes session cookies in particular. These store a ‘session ID’ that can be used to match the various queries submitted by your browser in one session. This means your browser can be recognised if you return to our website later. Session cookies are deleted when you log out or close your browser.
c) Persistent cookies are deleted automatically after a specified time, which can differ depending on the cookie itself. You can delete cookies in your browser’s security settings at any time.
d) You can configure your browser setup the way you want; for example, you may wish to reject third party cookies or all cookies. Please be advised that you may not be able to use all the functions of the products and services.
e) The flash cookies used are not collected by your browser, but by your Flash plug-in. We also use HTML5 storage objects, which are saved on your device. These objects store the required data regardless of the browser you use and do not have an automatic expiry date. If you do not wish to allow processing of Flash cookies, you must install the appropriate add-on, e.g. “Better Privacy” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or Adobe Flash Cookie Killer for Google Chrome. You can prevent the use of HTML5 storage objects by setting your browser to private mode. We also recommend regularly deleting your cookies and browser history manually.
Section 4 Other functions and features of our website
(1) In addition to purely informational use of our website, we offer various services for you to take advantage of if you are interested. To do this, you must usually submit more personal data, which we will use to render the selected service and to which the data processing principles described above apply.
(2) We sometimes use external service providers to process your data. We select and commission these service providers carefully; they are bound by our instructions and are monitored regularly.
(3) Furthermore, we may pass on your personal data to third parties with whom we offer participation in sales, competitions, contracts or similar services. You will be provided with more information on this when you submit your personal data or below in the description of our products and services.
(4) Where our service providers or partners have headquarters in a country outside the European Economic Area (EEA), we will inform you of the consequences of this in the description of the service.
Section 5 Revocation or withdrawal from data processing
(1) If you have granted consent to the processing of your data, you can withdraw this at any time. This withdrawal relates to permission to process your personal data after you have given us this permission.
(2) Where we base the processing of your personal data on the balance of interests, you can submit an objection to data processing. This is the case in particular if the processing is not required to fulfil a contract with you; this is explained below in the description of the functions. When submitting your objection, we ask for your reasons for requesting that we do not continue to process your personal data. If the objection is justified, we will check the circumstances and will either cease or adjust the processing of your data or present compelling reasons for continuing to process your data.
(3) You can, of course, revoke your consent to the processing of your data for the purpose of marketing and data analysis at any time. You can find more information about your right to withdraw from marketing using the following contact details:
Special products and services on the website
(1) With your consent, you can subscribe to our newsletter, which we will use to inform you about our current products and services that might interest you. The services that are promoted are listed in the declaration of consent.
(2) We use the ‘double-opt-in process’ for subscriptions to our newsletter. This means we send you an email to the email address you submitted when you subscribed, in which we ask for confirmation that you wish to receive the newsletter. If you do not confirm your subscription within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we will store your assigned IP addresses and the times of application and confirmation. The purpose of this process is to keep evidence of your subscription and to expose any abuse of your personal data, should this become necessary.
(3) The only piece of your information that is required to subscribe to our newsletter is your email address. The submission of other, specially marked data is voluntary and will be used to contact you personally. After confirmation from you, we will store your email address for the purpose of sending the newsletter. The legal basis for this is article 6 paragraph 1 page 1 lit. a GDPR.
(4) You can withdraw your consent to receiving the newsletter at any time and unsubscribe from the newsletter. You can submit this withdrawal by clicking on the link provided in each newsletter email to send an email to “newsletter(at)schoen-kliniken.de” or in writing using the contact information given in the Imprint section.
(5) Please be advised that we analyse your user behaviour when we send you our newsletter. For the purpose of this analysis, the emails we send contain ‘web beacons’ and tracking pixels, which are single-pixel image files that are stored on our website. For this analysis, we link the data listed in section 3 and the web beacons with your email address and an individual ID. Links contained in the newsletter also contain this ID. This data is collected in pseudonymised form only; this means the IDs are not linked to any other personal data of yours and it is impossible to link it to you directly. You can withdraw permission for this tracking by clicking on the special link provided in each email or by informing us using another method of contact. The information is stored for as long as you are subscribed to the newsletter. After you unsubscribe, we will store the data anonymously for statistical purposes.
2. Use of social media plug-ins
(1) We currently use the following social media plug-ins: Facebook, Google+, Twitter.
(2) Neither do we have any influence on the data collected or the data processing procedures nor are we aware of the full extent of the data collection, purposes of processing or storage periods. We also have no information regarding deletion of the data collected by the plug-in provider.
(3) The plug-in provider stores the data collected about you as a user profile and uses this for the purposes of marketing, market research and/or the needs-based design of their website. This analysis is performed (even for users who are not logged in) in particular for the purpose of displaying relevant advertisements and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this right, you must contact the relevant plug-in provider. We offer you the opportunity to interact with the social networks and other users via the plug-ins, so that we can improve our products and services and continue to develop them in a way that is interesting for you as a user. The legal basis for the use of plug-ins is art. 6 paragraph 1 page 1 lit f. GDPR.
(4) Data will be passed on regardless of whether you have an account with the plug-in provider and are logged in. If you are logged in with the plug-in provider, the data we have collected about you will be directly matched to your existing account with the plug-in provider. If you press the activated button and link to the site, for example, the plug-in provider will store this information in your user account as well and will share it publicly with your contacts. We recommend logging out of social networks regularly after using them, but especially before using the button, in order to avoid being matched to your profile by the plug-in provider in this way.
(5) You can find more information on the purpose and extent of data collection and its processing by the plug-in provider in the data protection declarations from these providers linked below. You can also find more information there on your rights relating to this and the settings available to you to protect your privacy.
(6) Addresses for the various plug-in providers and URLs with data protection information:
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; more information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has signed up to the EU-US Privacy Shield; https://www.privacyshield.gov/EU-US-Framework.
b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google has signed up to the EU-US Privacy Shield; https://www.privacyshield.gov/EU-US-Framework.
c) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has signed up to the EU-US Privacy Shield; https://www.privacyshield.gov/EU-US-Framework.
3. Incorporation of YouTube videos
(1) We have incorporated YouTube videos in our online services, which are stored on http://www.youtube.com and can be played directly on our website. These are all incorporated in “expanded data protection mode”, i.e. no data about you as a user is transferred to YouTube if you do not play the videos. The data listed in paragraph 2 is transferred only if you play the videos. We have no influence over this data transfer.
(2) When you visit the website, YouTube will be informed that you have requested the corresponding page on our website. In addition, the data listed under section 3 of this declaration will be transferred. This will occur regardless of whether YouTube has provided a user account and you have logged into it or if you do not have an account. If you are logged into Google, your data will be matched directly to your account. If you would not like your data to be matched to your profile with YouTube, you must log out before activating the button. YouTube stores your data as a user profile and uses this for the purposes of marketing, market research and/or the needs-based design of their website. This analysis is performed (even for users who are not logged in) in particular for the purpose of serving relevant advertisements and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles being; to exercise this right, you must contact YouTube.
(3) You can find more information on the extent and purpose of data collection and its processing by YouTube in the data protection declaration. You can also find more information there on your rights relating to this and the settings available to you to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google processes your personal data in the USA as well and has signed up to the EU-US Privacy Shield; https://www.privacyshield.gov/EU-US-Framework.
4. Incorporation of Google Maps
(1) We use Google Maps on this website. This allows us to display interactive maps directly on the website and allows you to use the map function easily.
(2) When you visit the website, Google will be informed that you have requested the corresponding page on our website. In addition, the data listed under section 3 of this declaration will be transferred. This will occur regardless of whether Google has provided a user account and you have logged into it or if you do not have an account. If you are logged into Google, your data will be matched directly to your account. If you would not like your data to be matched to your profile with Google, you must log out before activating the button. Google stores your data as a user profile and uses this for the purposes of marketing, market research and/or the needs-based design of their website. This analysis is performed (even for users who are not logged in) in particular for the purpose of serving relevant advertisements and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this right, you must contact Google.
(3) You can find more information on the purpose and extent of data collection and its processing by the plug-in provider in the data protection declarations from the providers. You can also find more information there on your rights and the settings available to you to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google processes your personal data in the USA as well and has signed up to the EU-US Privacy Shield; https://www.privacyshield.gov/EU-US-Framework.
5. Online marketing
5.1 Use of Google Adwords conversion
(1) We use the Google Adwords product to advertise our attractive products and services on external websites using advertising media (‘Google Adwords’). We can determine in relation to the advertising campaign data how successful the specific advertising campaigns are. We are interested in using this to show you advertisements that are interesting to you, to design our website in a more interesting way for you and to achieve a fair calculation of advertising costs.
(2) The advertising media are delivered by Google via an ‘ad server’. For this purpose, we use ad server cookies, which can be used to monitor specific parameters for measuring success, such as the display of advertisements or clicks by the user. If you are brought to our website by a Google advertisement, Google Adwords will store a cookie on your PC. These cookies usually expire after 30 days and should not then be able to identify you personally. The Unique Cookie ID, number of Ad Impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (a marker that the user no longer wants to be contacted) are usually saved to this cookie as analysis values.
(3) These cookies allow Google to recognise your internet browser if you return. If a user visits specific pages on the website of an Adwords customer and the cookie on their computer has not yet expired, Google and the customer can determine that the user has clicked on the advertisement and been forwarded to this page. Each Adwords customer is assigned a different cookie. Cookies cannot be traced back via the websites of Adwords customers. We ourselves do not collect any personal data in the advertising media named above. We are provided only with statistical analysis by Google. We can use this analysis to determine which of the advertising media we use are particularly effective. We do not receive any more data on the use of the advertising media, and in particular we cannot identify users using this information.
(4) Because of the marketing tools used, your browser automatically makes a direct connection to Google's server. We have no influence on the extent and further use of the data collected by Google through the use of this tool and therefore advise you of our understanding of the process: the incorporation of Adwords conversion means that Google is informed that you have requested part of our website or have clicked on one of our advertisements. If you are registered with one of Google's services, Google can match the visit to your account. Even if you are not registered or logged in with a Google service, there is a possibility that the provider might find out and store your IP address.
(5) You can prevent involvement in this tracking process in various ways: a) using the appropriate setting in your browser software; rejecting third-party cookies in particular should mean that you do not receive any advertisements from third-party companies; b) deactivating the cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”, https://www.google.de/settings/ads; this setting will be erased when you delete your cookies; c) by deactivating interest-based advertising from a provider who is part of the “About Ads” self-regulation campaign via the link http://www.aboutads.info/choices; these settings will be erased when you delete your cookies; d) by permanently deactivating it in your browsers, Firefox, Internet Explorer or Google Chrome at the link http://www.google.com/settings/ads/plugin. Please be advised that you may not be able to use all the functions of the products and services if you do this.
(6) The legal basis for the processing of your data is article 6 paragraph 1 page 1 lit. f GDPR. You can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org. Google has signed up to the EU-US Privacy Shield; https://www.privacyshield.gov/EU-US-Framework.
5.2 DoubleClick by Google
Because of the marketing tools used, your browser automatically makes a direct connection to Google's server. We have no influence on the extent and further use of the data collected by Google through the use of this tool and therefore advise you of our understanding of the process: the incorporation of DoubleClick means that Google is informed that you have requested part of our website or have clicked on one of our advertisements. If you are registered with one of Google's services, Google can match the visit to your account. Even if you are not registered or logged in with a Google service, there is a possibility that the provider might find out and store your IP address.
The DoubleClick Floodlight cookies used also allow us to see whether you take certain actions on our website after visiting or clicking on one of our display/video ads on Google or another platform via DoubleClick (conversion tracking). DoubleClick uses this cookie to see the content with which you interacted on our website so that we can send you targeted advertising later on.
There are multiple ways to prevent participation in this tracking method:
- by adjusting the appropriate settings in your browser software; suppressing third-party cookies in particular will stop you from receiving third-party ads;
- by disabling the cookies for conversion tracking and adjusting your browser settings so that cookies from the domainwww.googleadservices.comare blocked,https://www.google.de/settings/ads, although this setting is deleted when you delete your cookies;
- by disabling interest-based ads from the provider, which are part of the “About Ads” self-regulatory program, via the linkhttp://www.aboutads.info/choices, although this setting will be deleted when you delete your cookies;
- through permanent deactivation in your Firefox, Internet Explorer or Google Chrome browsers under the linkhttp://www.google.com/settings/ads/plugin,
- by using the appropriatecookies setting. Please be advised that you may not be able to use all the functions of the products and services if you do this.
More information on DoubleClick by Google can be found athttps://www.google.de/doubleclick and http://support.google.com/adsense/answer/2839090, as well as general information on data protection at Google:https://www.google.de/intl/de/policies/privacy. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) athttp://www.networkadvertising.org. Google has signed up to the EU-US Privacy Shield;https://www.privacyshield.gov/EU-US-Framework.
In addition to Adwords conversion, we use the Google Remarketing application. This is a process we would like to use to address you. This application can be used to show you our advertisements on other websites after you have visited our website. This is done using cookies stored in your browser that are used by Google to determine and analyse your user behaviour when you visit various websites. Google can use this information to determine that you visited our website in the past. According to statements made by Google, they do not combine data collected as part of Remarketing with any personal data relating to you that has been stored by Google. In particular, according to Google, pseudonymisation is used for Remarketing.
5.4 Use of web analysis services from intelliAd Media GmbH
This website uses theweb analysis service with bid management from intelliAd Media GmbH, Sendlinger Str. 7, 80331 Munich. To design this website in a needs-based way and to optimise it, anonymised user data is collected and aggregated and user profiles are created in which this data is combined with pseudonyms. When intelliAd tracking is used, cookies are stored locally. The anonymised user data and profiles may be used by both the website operator and by other customers of intelliAd to identify user interests; your identity as a website visitor cannot be inferred from this. You have the right to object to your (anonymised) user data being collected and stored, even in the future. Use theintelliAd opt-out feature to do this.
This website uses Mouseflow, a web analysis tool of Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, to record randomly selected visitors (only with anonymised IP address). The tool tracks mouse movements and clicks to provide an account of individual website visits and deduce potential for improvement from this. This information cannot be used to identify you and will not be shared with third parties. If you do not want your visit to be recorded, you can disable tracking on all websites that use Mouseflow at the following link: http://www.mouseflow.de/opt-out/
6.1 Applicant data
We process all applicant data that you provide to us solely for the purpose of carrying out the application process. The applicant data required for this process is marked as such in the online form. By transmitting applicant data to us, you state that you as an applicant agree to the processing of this data for the purpose of carrying out the application process. In addition to this mandatory data, you can also give us extra information as an applicant voluntarily.
The information you provide may be further processed by us for the purposes of the employment relationship if your application is successful.
If your application for a position is not successful, your information will be deleted.
Your applicant data will be deleted after six months so that we can respond to any questions about your application and meet the obligations to provide proof from the General Equal Treatment Act (AGG).
The legal basis for the processing of your applicant data to fulfil our (pre-)contractual obligations in the context of the application process is art. 6(1)b GDPR, art. 6(1)f GDPR within the meaning of section 26 of the Federal Data Protection Act.
If you voluntarily disclose personal data to us during the application process that falls within special categories within the meaning of art. 9(1) GDPR, this data shall also be processed pursuant to art. 9(2)b GDPR (e.g. health records, such as severe disability or ethnic origin). If special categories of personal data within the meaning of art. 9(1) GDPR are requested from you during the application process, this data shall also be processed pursuant to art. 9(2)a GDPR (e.g. health records if required for professional practice). The data controller within the meaning of art. 4(7) GDPR is the clinic or company for whose post you are applying, as well as Schön Klinik Management SE, Seestraße 5a, 83209 Prien am Chiemsee, as joint controllers pursuant to art. 26 GDPR.
6.2 Applicant database
If you are not considered for the current job posting, we offer you the option of including your applicant data in the applicant pool for two years on a basis of voluntary consent. This allows us to contact you regarding recruitment for any other open positions that arise. Inclusion in the applicant database does not have any impact whatsoever on your chances regarding the current job posting. You may revoke your consent to be included in the application database at any time with effect for the future. The data will be deleted after two years. The use of your applicant data for the period of two years is subject to your consent pursuant to art. 6(1)b and art. 7 GDPR.