Updated April 2020
Table of contents
I. Controller’s name and address
II. Data Protection Officer’s contact details
III. General information on data processing
IV. Data subject’s rights
V. Provision of the platform and creation of log files
VI. Use of cookies
VII. Email contact
VIII. Hosting
IX. Used plugins
X. Online Training
XI. Hotline
I. Controller’s name and address
GetOn acts as sole Data Controller, fully responsible for any data processing activity in compliance with the General Data Protection Regulation and applicable local Privacy law. Allianz Partners does not have access to any of your personal data which can be collected via using this app. Allianz Partners does not determine the purpose or the means of the processing of personal data. If you have any Privacy related questions, please contact (GetOn Data Protection Officer) or check Privacy information as provided by GetOn.
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States and other provisions of data protection law is:
GET.ON Institut fuer Online Gesundheitstrainings GmbH
Rothenbaumchaussee 209
20149 Hamburg
Germany
+49 (0)40 / 532 528 67
kontakt@hellobetter.de
www.hellobetter.de
II. Data protection officer’s contact details
The controller’s Data Protection Officer is:
c/o GET.ON Institut für Online Gesundheitstrainings GmbH
Oranienburger Str. 86a
10178 Berlin
E-Mail: datenschutz@hellobetter.de
III. General information on data processing
1. Scope of the personal data processing
As a rule, we only process our users’ personal data to the extent necessary to provide a functioning website, our content and our services. The personal data of our users is normally processed only with user consent. An exception applies in those cases in which prior consent cannot be obtained for practical reasons and the processing of the data is required by statutory provisions.
2. Legal basis for the processing of personal data
If we obtain the data subject’s consent for processing personal data, Art. 6(1)(1)(a) EU General Data Protection Regulation (GDPR) is the legal basis.
For the processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6(1)(1)(b) GDPR is the legal basis. The same applies to processing operations that are necessary to carry out pre-contractual measures.
If the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6(1) (1)(b) GDPR is the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, the legal basis is Art. 6(1)(1)(d) GDPR.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and the interests, fundamental rights and fundamental freedoms of the data subject do not prevail over the first-mentioned interests, then Art. 6(1)(1)(f) GDPR is the legal basis for processing.
3. Data deletion and storage period
The data subject’s personal data shall be erased or blocked once the purpose for storage no longer exists. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. Data is also blocked or erased when a storage period specified by the aforementioned laws expires, unless it is necessary to continue to store the data for conclusion or performance of a contract.
IV. Data subject’s rights
If your personal data is processed, you are a data subject within the meaning of the GDPR, and you are entitled to the following rights with regard to the controller:
1. Right to information
You may obtain confirmation from the controller as to whether or not it is processing your personal data.
In the event of such processing, you may request the following information from the controller:
• the purposes for which personal data is processed;
• the categories of personal data that are processed;
• the recipients or categories of recipient to whom your personal data has been or will be disclosed;
• the planned storage duration of your personal data, if it is not possible to give specific details, criteria for determining the storage duration;
• the existence of a right to rectification or deletion of the data subject’s personal data, a right to restriction of processing by the controller or to of a right to objection to such processing;
• the existence of the right to appeal to a supervisory authority;
• where the personal data is not collected from the data subject, any available information as to their source;
• the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful data about the involved logic, scope and intended impact of such processing with regard to the data subject.
You have the right to request information as to whether your personal data is transferred to a third country or to an international organisation. In this relation, you may request to be informed of the appropriate guarantees in connection with the transfer pursuant to Art. 46 GDPR.
This right to information may be limited if it is likely to render impossible or seriously hinder the achievement of the research or statistical purposes and the limitation is necessary for the achievement of the research or statistical purposes.
2. Right to rectification
If your processed personal data is incorrect or incomplete, you have the right to ask the controller to correct and/or complete the data. The controller must make the correction without delay.
Your right to rectification may be limited if it is likely to render impossible or seriously hinder the achievement of the research or statistical purposes and the limitation is necessary for the achievement of the research or statistical purposes.
3. Right to restriction of processing
Under the following conditions, you may request that processing of your personal data is restricted:
• if you dispute the accuracy of your personal data for a period of time that allows the controller to verify the accuracy of the personal data;
• the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
• the controller no longer needs the personal data for the purposes of processing, but you need this to assert, exercise or defend legal claims, or
• if you have lodged an objection against the processing pursuant to Art. 21(1) GDPR, and it has not yet been established whether the controller’s legitimate reasons outweigh yours.
Where – with the exception of its storage – the processing of your personal data has been restricted, such data may not be processed without your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State.
If the processing was restricted in accordance with the above conditions, the controller will inform you before the restriction is lifted.
Your right to restriction of processing may be limited if it is likely to render impossible or seriously hinder the achievement of the research or statistical purposes and the limitation is necessary for the achievement of the research or statistical purposes.
4. Right to deletion
a) Duty to delete
You may obtain from the controller the erasure of your personal data without undue delay and the controller has the obligation to erase this data without undue delay where one of the following grounds applies:
• Your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
• You revoke your consent to which the processing is subject pursuant to Art. 6(1)(1)(a) GDPR or Art. 9(2)(a) GDPR and no other legal basis for the processing exists.
• You object to the processing pursuant to Art. 21(1) GDPR and there are no legitimate reasons for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
• Your personal data was processed unlawfully.
The deletion of your personal data is necessary to fulfil a legal obligation under Union or national law to which the controller is subject.
Your personal data concerning was collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.
b) Information to third parties
Where the controller has made your personal data public and is obliged pursuant to Art. 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, must take reasonable steps, including technical measures, to inform other controllers processing the personal data that you have requested these controllers to delete any links to, or any copy or replication of, this personal data.
(c) Exceptions
The right to deletion does not exist if the processing is necessary
• for the exercise of freedom of expression and information;
• to fulfil a legal obligation which requires the processing under the law of the Union or of the Member States to which the controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
• for reasons of public interest in the field of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) GDPR in so far as the right referred to in (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
• for the assertion, exercise or defence of legal claims.
5. Right to rectification
If you have exercised your right to rectify, delete or limit the processing of your personal data vis-à-vis the controller, the latter is obliged to notify all recipients to whom your personal data has been disclosed of such rectification, deletion or limitation, unless this proves impossible or involves a disproportionate effort.
You have the right vis-à-vis the controller to be informed of such recipients.
6. Right to data portability
You have the right to receive your personal data that you provided to the controller in a common and machine-readable format. Furthermore, you have the right to transmit this data to another controller without hindrance by the controller to whom you provided the data, provided that
• the processing is based on consent pursuant to Art. 6(1)(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(1)(a) GDPR and
• the processing is carried out using automated procedures.
By exercising this right, you also have the right to ensure that your personal data is transmitted directly from one controller to another, if this is technically feasible. In doing so, the freedoms and rights of other persons may not be impaired.
The right to data transfer does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6(1)(1)(e) or (f) GDPR, including profiling based on those provisions.
The controller will no longer process your personal data unless it can establish compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or unless the processing is for the purposes of asserting, exercising or defending legal claims.
Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing; this also includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the controller will no longer process your personal data for such purposes.
Notwithstanding Directive 2002/58/EC, you can also exercise your right of objection relating to the use of data society services by means of automated procedures that use technical specifications.
You also have the right to object, for reasons emanating from your particular situation, to the processing of your personal data for the purposes of scientific or historical research or for statistical purposes in accordance with Art. 89(1) GDPR. This right to object may be limited if it is likely to render impossible or seriously hinder the achievement of the research or statistical purposes and the limitation is necessary for the achievement of the research or statistical purposes.
8. Right to revoke the declaration of consent under data protection law
You have the right to revoke your consent given under data protection law at any time. The revocation of consent does affect the lawfulness of processing based on consent before its revocation.
9. Automated decision in individual cases including profiling
You have the right not to be subject to any decision based solely on automated processing, including profiling, that has any legal effect on you or similarly significantly affects you. This shall not apply if the decision
• is necessary for the conclusion or fulfilment of a contract between you and the controller,
• is authorised by Union or national legislation to which the controller is subject, and that legislation provides for appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
• is made with your express consent.
However, these decisions may not be based on special categories of personal data in accordance with Art. 9 (1) GDPR, unless Art. 9(2) (a) or (b) GDPR applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.
With regard to the cases referred to in (1) and (3) above, the controller shall take appropriate measures to safeguard your rights and freedoms and your legitimate interests, which include at least the right to obtain the intervention of any person from the side of the controller, to express your point of view and to challenge the decision.
10. Right to complain to a supervisory authority.
Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State where you reside, where your place of work is based or where the alleged infringement took place, if you consider that the processing of your personal data is in infringement of the GDPR.
The supervisory authority to which the complaint has been submitted will inform the complainant of the status and the results of the complaint, including the possibility of a legal remedy under Art. 78 GDPR.
V. Provision of the platform and creation of log files
1. Description and scope of the data processing
Whenever our website is requested, our system automatically collects data and information from the computer system of the requesting computer.
The following data is collected in this regard:
- Information about the browser type and version used
- The user’s operating system
- The user’s IP address
- Date and time of access
- Websites from which the user’s system accesses our website
- Websites that are requested by the user’s system via our website
This data is not stored in our system’s log files. This data is not stored together with the user’s other personal data.
2. Purpose of the data processing
Temporary storage of the IP address in the system is necessary to enable delivery of the website to the user’s computer. To this end, the user’s IP address must remain stored for the duration of the session.
The storage of data in log files serves to ensure the functionality of the website. The data is also used to optimise the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.
These purposes also include our legitimate interest in data processing pursuant to Art. 6(1)(1)(f) GDPR.
3. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6(1)(1)(f) GDPR.
4. Duration of storage
The data is deleted once it is no longer needed to fulfil the purpose for which it was collected. If data is collected to aid provision of the website, this is the carried out when the relevant session has ended.
If the data is stored in log files, this is carried out after seven days at the latest. It is possible that data may be stored beyond this time. In this case, the users’ IP addresses are deleted or distorted to ensure that assignment to the calling client is no longer possible.
5. Objection and removal option
The collection of data to provide the website and the storage of data in log files are essential for operation of the website. Accordingly, the user has no option to object.
VI. Use of cookies
1. Description and scope of the data processing
Our website uses cookies. Cookies are small text files that are stored in an internet browser or that an internet browser stores on the user’s computer. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
We use cookies to make our website more user-friendly. Some elements of our website require that the visiting browser can also be identified after changing the page.
The following data is stored and transmitted in the cookies:
- Log-in information
We also use cookies on our website, which enable us to analyse the surfing behaviour of our users.
The following data can be transmitted in this way:
- Frequency of page views
- Use of website functions
The user data collected in this way is pseudonymised by technical means. Therefore, it is no longer possible to assign the data to the visiting user. The data is not stored together with other personal data of users.
2. Purpose of the data processing
Technically necessary cookies are used to help simplify the use of websites for users. It may not be possible to offer some features of our website without the use of cookies. It is necessary for these that the browser is recognised even after a page change.
We require cookies for the following applications:
- Transfer of language settings
- Security
The user data collected via technically necessary cookies is not used to create user profiles.
The analysis cookies are used to improve the quality of our website and its contents. Analysis cookies help us to learn how the website is used, which enables us to consistently improve our offers.
To optimise user-friendliness and improve the range of services (statistical and marketing purposes)
3. Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6(1)(1)(f) GDPR.
The legal basis for the processing of personal data using these technically necessary cookies is Art. 6(1)(1)(f) GDPR.
4. Duration of storage, option to object and possibility of removal
Cookies are stored on the user’s computer and are transmitted to our site by the user. Therefore, as a user you also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may be the case that some website features will no longer be usable to the full extent.
If you use version 12.1 or later of the Safari browser, cookies are automatically deleted after seven days. This also applies to opt-out cookies, which are set to prevent tracking measures.
VII. Email contact
1. Description and scope of the data processing
On our website, it is possible to contact us via the provided email address. In this case, the user’s personal data that is transmitted with the email is stored.
The data is used solely for processing the conversation.
2. Purpose of the data processing
When contacting us by email, this is also the necessary legitimate interest in processing the data.
3. Legal basis for data processing
If the user has given their consent, the legal basis for the data processing is Art. 6 (1) (a) GDPR.
The legal basis for the processing of data that is transmitted in the course of sending an email is Art. 6(1)(f) GDPR. If you contact us via email with the intention of concluding a contract with the company, the additional legal basis for the processing is Art. 6 (1) lit. f GDPR.
4. Duration of storage
The data is deleted once it is no longer needed to fulfil the purpose for which it was collected. For personal data that was sent via email, this is then the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been successfully resolved.
Personal data additionally collected during the sending operation is erased after not more than seven days.
5. Objection and removal option
The user may at any time revoke their consent to the processing of personal data. If the user contacts us by email, they may at any time object to the storage of their personal data. In such a case, the conversation may not be continued.
Users can send an email to support@hellobetter.de
In such a case, all personal data that was stored in the course of making contact is deleted.
Users can send an email to support@hellobetter.de
VIII. Hosting
The platform is hosted on servers by a service provider we have commissioned.
Our service provider is:
Telekom Cloud
The servers automatically collect and store information in server log files, which your browser automatically transmits when you visit the platform. The stored information comprises:
• Browser type and browser version
• Operating system in use
• Referrer URL
• Host name of the accessing computer
• Date and time of the server request
• IP address
This data is not combined with other data sources. This data is collected based on Art. 6(1)(f) GDPR. The platform operator has a legitimate interest in the technically error-free display and optimisation of its platform: the server log files must be recorded for this purpose.
The platform’s server is geographically located in Germany.
IX. Used plugins
We use plugins for various purposes. The plugins used are listed below:
Use of Facebook Pixel
1. Scope of the personal data processing
On our online presence, we use the Facebook Pixel from Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA and its representatives in the Union Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal H, D2 Dublin, Ireland (hereinafter referred to as Facebook). It allows us to track users’ actions after they have seen or clicked a Facebook ad. Consequently, personal data can be stored and evaluated: in particular the user’s activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and the operating system), data about the shown advertisements (in particular which advertisements were shown and whether the user clicked on them) and also data from advertising partners (in particular pseudonymised user IDs). This allows us to track the effectiveness of Facebook advertising for statistical and market research purposes.
This can involve transferring data to Facebook’s servers in the USA. Facebook has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, Facebook undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
The data collected in this way is anonymous for us: in other words, we do not see individual users’ personal data. However, this data is stored and processed by Facebook. According to Facebook’s data usage policy, Facebook can associate this data with your Facebook account and also use it for its own advertising purposes.
Further information about Facebook’s data processing can be found here:
https://www.facebook.com/policy.php
2. Purpose of the data processing
The Facebook Pixel is used to analyse and optimise advertising measures.
3. Legal basis for the processing of personal data
In principle, the legal basis for the processing of users’ personal data is the user’s consent in accordance with Art 6(1)(1)(a) GDPR.
4. Duration of storage
We will store your personal information for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law, for example for tax or bookkeeping purposes.
5. Revocation and removal option
You have the right to revoke your consent given under data protection law at any time. The revocation of consent does affect the lawfulness of processing based on consent before its revocation.
You can prevent Facebook from collecting and processing your personal information by stopping third-party cookies from being stored on your computer. You can do this by using the “Do Not Track” feature of a browser that supports this, by disabling the execution of script code in your browser or by using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
Information on objection and removal options vis-à-vis Facebook can be found at:
https://www.facebook.com/policy.php
Use of Google Analytics
1. Scope of the personal data processing
We use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and its representative in the Union Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as Google). Among other things, Google Analytics examines the origin of visitors, their length of stay on individual pages and the use of search engines, which enables the success of advertising campaigns to be better monitored. Google saves a cookie on your computer for this purpose. Consequently, personal data can be stored and evaluated: in particular the user’s activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and the operating system), data about the shown advertisements (in particular which advertisements were shown and whether the user clicked on them) and also data from advertising partners (in particular pseudonymised user IDs). The information generated by the cookie about your use of this online presence is generally transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this online presence, your IP address will be abridged in advance by Google within the Member States of the European Union or in other states parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the US and abridged there.
Google has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, Google undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
IP anonymisation is active on this online presence. On behalf of the operator of this website, Google will use this information to evaluate your use of the online presence, to compile reports on online presence activity and to provide other services relating to online presence activity and internet usage to the online presence operator. The IP address provided by your browser as part of Google Analytics will not be merged with other Google data. You can prevent cookies from being saved by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to fully utilise all the functions of our online presence.
Further information about Google’s data processing can be found here:
https://policies.google.com/privacy?gl=DE&hl=de
2. Purpose of the data processing
The purpose of the personal data processing is addressing a target group that has already expressed an initial interest by visiting the site.
3. Legal basis for the processing of personal data
In principle, the legal basis for the processing of users’ personal data is the user’s consent in accordance with Art 6(1)(1)(a) GDPR.
4. Duration of storage
We will store your personal information for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law. According to its own information, Google anonymises advertising data in server logs by deleting parts of the IP address and cookie information after 9 and 18 months respectively.
5. Revocation and removal option
You have the right to revoke your consent given under data protection law at any time. The revocation of consent does affect the lawfulness of processing based on consent before its revocation.
You can prevent Google from collecting and processing your personal information by stopping third-party cookies from being stored on your computer. You can do this by using the “Do Not Track” feature of a browser that supports this, by disabling the execution of script code in your browser or by using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
In addition, you may prevent Google from tracking the data (including your IP address) generated by the cookie and your use of the online presence (including your IP address) as well as the processing of this data by Google, by clicking on the link below and downloading and installing the available browser plugin.
https://tools.google.com/dlpage/gaoptout?hl=en
You can deactivate Google’s use of your personal data via the following link:
https://adssettings.google.com
Information on objection and removal options vis-à-vis Google can be found at:
https://policies.google.com/privacy?gl=DE&hl=de
Use of Google Tag Manager
1. Scope of the personal data processing
We use Google Tag Manager (https://tagmanager.google.com) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and the representative in the Union Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as Google). The Google Tag Manager allows you to manage and bundle tags from Google and third-party services into a single online presence. Tags are small pieces of code on an online presence that are used to measure traffic and behaviour, measure the impact of online advertising and social channels, use remarketing and targeting and test and optimise your online presence. When a user visits your online presence, the current tag configuration is sent to the user’s browser. It contains instructions on the tags that should be triggered. Google Tag Manager will trigger other tags that may collect data. You will find information on this in the paragraphs regarding the use of the corresponding services in this Privacy Policy Google Tag Manager does not access this data.
This can involve transferring data to Google’s servers in the USA. Google has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, Google undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
For more information about Google Tag Manager, see https://support.google.com/tagmanager/answer/6102821?hl=en and Google’s Privacy Policy https://policies.google.com/privacy?hl=en
2. Purpose of the data processing
The purpose of the personal data processing is the collected and clear management and efficient integration of third-party services.
3. Legal basis for the processing of personal data
In principle, the legal basis for the processing of users’ personal data is the user’s consent in accordance with Art 6(1)(1)(a) GDPR.
4. Duration of storage
We will store your personal information for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law. According to its own information, Google anonymises advertising data in server logs by deleting parts of the IP address and cookie information after 9 and 18 months respectively.
5. Revocation and removal option
You have the right to revoke your consent given under data protection law at any time. The revocation of consent does affect the lawfulness of processing based on consent before its revocation.
You can prevent Google from collecting and processing your personal information by stopping third-party cookies from being stored on your computer. You can do this by using the “Do Not Track” feature of a browser that supports this, by disabling the execution of script code in your browser or by using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
In addition, you may prevent Google from tracking the data (including your IP address) generated by the cookie and your use of the online presence (including your IP address) as well as the processing of this data by Google, by clicking on the link below and downloading and installing the available browser plugin.
https://tools.google.com/dlpage/gaoptout?hl=en
You can deactivate Google’s use of your personal data via the following link:
https://adssettings.google.com
Information on objection and removal options vis-à-vis Google can be found at:
https://policies.google.com/privacy?gl=DE&hl=de
Use of Bing Ads
1. Scope of the personal data processing
We use the conversion tracking tool Bing Ads from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter referred to as Microsoft). When doing so, Bing Ads stores a cookie on your computer if you have accessed our online presence via a Bing Ads ad. Consequently, personal data can be stored and evaluated: in particular the user’s activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and the operating system), data about the shown advertisements (in particular which advertisements were shown and whether the user clicked on them) and also data from advertising partners (in particular pseudonymised user IDs). We only know the total number of users who clicked on a Bing ad and were then redirected to the conversion page.
The data is transferred to Microsoft servers in the USA.
Microsoft has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, Microsoft undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active
Further information about Microsoft’s data processing can be found here:
https://privacy.microsoft.com/en-us/privacystatement
2. Purpose of the data processing
This allows Microsoft Bing and us to see that someone clicked on an ad, was redirected to our online presence and then reached a predetermined target page (conversion page).
3. Legal basis for the processing of personal data
In principle, the legal basis for the processing of users’ personal data is the user’s consent in accordance with Art 6(1)(1)(a) GDPR.
4. Duration of storage
We will store your personal information for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law, for example for tax or bookkeeping purposes.
5. Revocation and removal option
You have the right to revoke your consent given under data protection law at any time. The revocation of consent does affect the lawfulness of processing based on consent before its revocation.
You can prevent Microsoft from collecting and processing your personal information by stopping third-party cookies from being stored on your computer. You can do this by using the “Do Not Track” feature of a browser that supports this, by disabling the execution of script code in your browser or by using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
You can deactivate Microsoft’s use of your personal data via the following link:
https://account.microsoft.com/privacy/ad-settings/
Information on objection and removal options vis-à-vis Microsoft can be found at:
https://privacy.microsoft.com/en-us/privacystatement.
Use of Google AdWords
1. Scope of the personal data processing
We use Google Adwords from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and its representative in the Union Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as Google). We use this service to place advertisements. Google saves a cookie on your computer for this purpose. Consequently, personal data can be stored and evaluated: in particular the user’s activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and the operating system), data about the shown advertisements (in particular which advertisements were shown and whether the user clicked on them) and also data from advertising partners (in particular pseudonymised user IDs).
This can involve transferring data to Google’s servers in the USA. Google has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, Google undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Further information about Google’s data processing can be found here:
https://policies.google.com/privacy?gl=DE&hl=de
2. Purpose of the data processing
We are only informed about the total number of users who have reacted to our advert. No information is passed on which we could use to identify you. It is not used for tracing purposes.
3. Legal basis for the processing of personal data
In principle, the legal basis for the processing of users’ personal data is the user’s consent in accordance with Art 6(1)(1)(a) GDPR.
4. Duration of storage
We will store your personal information for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law, for example for tax or bookkeeping purposes.
5. Revocation and removal option
You have the right to revoke your consent given under data protection law at any time. The revocation of consent does affect the lawfulness of processing based on consent before its revocation.
You can prevent Google from collecting and processing your personal information by stopping third-party cookies from being stored on your computer. You can do this by using the “Do Not Track” feature of a browser that supports this, by disabling the execution of script code in your browser or by using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
You can deactivate Google’s use of your personal data via the following link:
https://adssettings.google.com
Information on objection and removal options vis-à-vis Google can be found at:
https://policies.google.com/privacy?gl=DE&hl=de
Use of Google Ads Remarketing
1. Scope of the personal data processing
We use Google Ads remarketing from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and its representative in the Union Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as Google). Google Remarketing is used to re-target visitors to the online presence for advertising purposes via Google Ads. With the help of Google Ads Remarketing, target groups (“similar target groups”) can be created, who, for example, have requested certain pages. This makes it possible to identify a user on other online presences and display targeted advertising. To do this, Google save a cookie on the computer. Consequently, personal data can be stored and evaluated: in particular the user’s activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and the operating system), data about the shown advertisements (in particular which advertisements were shown and whether the user clicked on them) and also data from advertising partners (in particular pseudonymised user IDs).
This can involve transferring data to Google’s servers in the USA. Google has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, Google undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Further information about Google’s data processing can be found here:
https://policies.google.com/privacy?gl=DE&hl=de
2. Purpose of the data processing
The purpose of the personal data processing is to address a target group. The cookies stored on the user’s end device recognise the user when they visit an online presence and can therefore display advertising that is in line with the user’s interests.
3. Legal basis for the processing of personal data
In principle, the legal basis for the processing of users’ personal data is the user’s consent in accordance with Art 6(1)(1)(a) GDPR.
4. Duration of storage
We will store your personal information for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law, for example for tax or bookkeeping purposes.
5. Revocation and removal option
You have the right to revoke your consent given under data protection law at any time. The revocation of consent does affect the lawfulness of processing based on consent before its revocation.
You can prevent Google from collecting and processing your personal information by stopping third-party cookies from being stored on your computer. You can do this by using the “Do Not Track” feature of a browser that supports this, by disabling the execution of script code in your browser or by using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
In addition, you may prevent Google from tracking the data (including your IP address) generated by the cookie and your use of the online presence (including your IP address) as well as the processing of this data by Google, by clicking on the link below and downloading and installing the available browser plugin.
https://tools.google.com/dlpage/gaoptout?hl=en
You can deactivate Google’s use of your personal data via the following link:
https://adssettings.google.com
Information on objection and removal options vis-à-vis Google can be found at:
https://policies.google.com/privacy?gl=DE&hl=de
Use of cookies:
1. Scope of the personal data processing
We use functions of Taboola Germany GmbH, Alt-Moabit 2, 10557 Berlin, Germany (hereinafter: Taboola). The Taboola Plugin allows user-specific recommendations for content and ads based on surfing behaviour and customer interests that help improve the user-friendliness of our website. To do this, Taboola saves a cookie on the computer. Consequently, personal data can be stored and evaluated: in particular the user’s activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and the operating system), data about the shown advertisements (in particular which advertisements were shown and whether the user clicked on them) and also data from advertising partners (in particular pseudonymised user IDs).
Further information about Taboola’s data processing can be found here:
https://www.taboola.com/de/privacy-policy
2. Purpose of the data processing
The use of the Taboola Plug-in serves to improve the user-friendliness of our online presence and services.
3. Legal basis for the processing of personal data
In principle, the legal basis for the processing of users’ personal data is the user’s consent in accordance with Art 6(1)(1)(a) GDPR.
4. Duration of storage
Your personal information will be stored for 18 months and then anonymised. Subsequently, the anonymised data is stored for as long as is legally required, e.g. for tax and accounting purposes.
5. Revocation and removal option
You have the right to revoke your consent given under data protection law at any time. The revocation of consent does affect the lawfulness of processing based on consent before its revocation.
You can prevent Taboola from collecting and processing your personal information by stopping third-party cookies from being stored on your computer. You can do this by using the “Do Not Track” feature of a browser that supports this, by disabling the execution of script code in your browser or by using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
Information on objection and removal options vis-à-vis Taboola can be found at:
https://www.taboola.com/de/privacy-policy
Use of Adobe Fonts
1. Scope of the personal data processing
We use Adobe Fonts from Adobe Systems Software Ireland Limited, 6 Riverwalk, Naas Road 24, Dublin, Ireland (hereinafter referred to as Adobe). When the page is retrieved, the fonts are transferred to the browser cache so it can use them to visually improve the display of various information. If the browser does not support Adobe fonts or prevents access, the text is displayed in a standard font. No cookies are stored on the visitor’s computer when the page is requested. Data that is transmitted in connection with the page request is transferred to resource-specific domains such as use.typekit.net or use.typekit.com. When doing so, the following data will be processed:
- Provided fonts
- ID of the WEB PROJECT
- JavaScript version of the WEB PROJECT (string)
- Type of WEB PROJECT (string “configurable” or “dynamic”)
- Embedding type (whether you use the JavaScript or CSS embed code)
- Account ID (identifies the customer from whom the WEB PROJECT originates)
- Service that provides the fonts (for example, Adobe Fonts or Edge Web Fonts)
- Application that requests the fonts (e.g. Adobe Muse)
- Server that provides the fonts (for example, Adobe Fonts or corporate CDN)
- Host name of the page on which the fonts are loaded
- The time it takes the web browser to download the fonts
- The time from downloading the fonts with the web browser to applying the fonts
- Whether an ad blocker is installed, to determine if the ad blocker is interfering with the proper tracking of page views
- IP address of the website visitor, operating system and browser version
This can involve transferring data to Adobe’s servers in the USA. Adobe has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, Adobe undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt0000000TNo9AAG&status=Active
Further information about Adobe’s data processing can be found here:
https://www.adobe.com/de/privacy/policies/adobe-fonts.html and
https://www.adobe.com/uk/privacy/policy.html
2. Purpose of the data processing
The use of Adobe fonts serves to ensure that our texts are presented in an appealing way. If your browser does not support this function, your computer uses a standard font is used for the display.
3. Legal basis for the processing of personal data
In principle, the legal basis for the processing of users’ personal data is the user’s consent in accordance with Art 6(1)(1)(a) GDPR.
4. Duration of storage
We will store your personal information for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law.
5. Revocation and removal option
You have the right to revoke your consent given under data protection law at any time. The revocation of consent does affect the lawfulness of processing based on consent before its revocation.
You can prevent Adobe from collecting and processing your personal information by stopping third-party cookies from being stored on your computer. You can do this by using the “Do Not Track” feature of a browser that supports this, by disabling the execution of script code in your browser or by using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
You can deactivate Adobe’s use of your personal data via the following link:
https://www.adobe.com/de/privacy/opt-out.html
Information on objection and removal options vis-à-vis Adobe can be found at:
https://www.adobe.com/de/privacy/policies/adobe-fonts.html and https://www.adobe.com/uk/privacy/policy.html
Use of Google Webfonts
1. Scope of the personal data processing
We use Google Web Fonts from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and its representative in the Union Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as Google). When the page is retrieved, the Webfonts are transferred to the browser cache so it can use them to visually improve the display of various information. If the browser does not support Google Webfonts or prevents access, the text is displayed in a standard font. No cookies are stored on the visitor’s computer when the page is requested. Data that is transmitted in connection with the page request is transferred to resource-specific domains such as https://fonts.googleapis.com or https://fonts.gstatic.com. Consequently, personal data can be stored and evaluated: in particular, the activity of the user (in particular which pages have been visited and which elements were clicked) and device and browser information (in particular the IP address and operating system).
This can involve transferring data to Google’s servers in the USA. Google has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, Google undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
The data is not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail.
Further information about Google’s data processing can be found here:
https://policies.google.com/privacy?gl=DE&hl=de
2. Purpose of the data processing
The use of Google Webfonts serves to ensure that our texts are presented in an appealing way. If your browser does not support this function, your computer uses a standard font is used for the display.
3. Legal basis for the processing of personal data
In principle, the legal basis for the processing of users’ personal data is the user’s consent in accordance with Art 6(1)(1)(a) GDPR.
4. Duration of storage
We will store your personal information for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law, for example for tax or bookkeeping purposes.
5. Objection and removal option
You can prevent Google from collecting and processing your personal information by stopping third-party cookies from being stored on your computer. You can do this by using the “Do Not Track” feature of a browser that supports this, by disabling the execution of script code in your browser or by using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
You can deactivate Google’s use of your personal data via the following link:
https://adssettings.google.com
Information on objection and removal options vis-à-vis Google can be found at:
https://policies.google.com/privacy?gl=DE&hl=de
Use of MailChimp
1. Scope of the personal data processing
To send our newsletter, we use the service provider MailChimp from The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318, USA (hereinafter referred to as MailChimp) MailChimp is an email marketing provider and enables us to communicate directly with potential customers via email newsletters. If you register for the newsletter, the data you entered during the newsletter registration is transferred to MailChimp and stored there. Consequently, additional personal data can be stored and evaluated: in particular, the activity of the user (in particular which pages have been visited and which elements were clicked) and device and browser information (in particular the IP address and operating system).
This can involve transferring data to Mailchimp’s servers in the USA. MailChimp has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, MailChimp undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active
MailChimp also stores your data. Your data will not be passed on to third parties in connection with receiving the newsletter and MailChimp does not acquire the right to pass on your data. After registration, MailChimp will send you an email to confirm this. Furthermore, MailChimp offers different analysis options with regard to how the sent newsletters are opened and used, e.g. how many users have received an email, if emails have been rejected and if users have unsubscribed from the list after receiving an email.
Further information about MailChimp’s data processing can be found here:
https://MailChimp.com/legal/privacy/
2. Purpose of the data processing
The personal data collected during registration for the newsletter is used exclusively for sending our newsletter, possibly for invitations to events and, if you are already our customer, for our customer email. Subscribers to the newsletter may also be notified by email if this is necessary for the operation of the newsletter service or registration, as might be the case in the event of changes to the newsletter or technical changes.
3. Legal basis for the processing of personal data
In principle, the legal basis for the processing of users’ personal data is the user’s consent in accordance with Art 6(1)(1)(a) GDPR.
4. Duration of storage
We will store your personal information for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law. Additionally, you can contact MailChimp and request deletion of your data.
5. Revocation and removal option
You have the right to revoke your consent given under data protection law at any time. The revocation of consent does affect the lawfulness of processing based on consent before its revocation.
You can revoke your consent to the storage of your data and its use for sending the newsletter by MailChimp at any time. You can exercise your right of revocation at any time by sending an email to MailChimp or by clicking on the link provided in each newsletter.
Information on objection and removal options vis-à-vis MailChimp can be found at:
https://MailChimp.com/legal/privacy/
X. Online Training
You can find the Privacy Policy for the HelloBetter Online Training at https://hellobetter.de/privacy-policy-training.
XI. Hotline
1. Description and scope of the data processing
On our website, we provide a telephone number with which you can contact psychologists and psychotherapists free of charge
In this event, the user’s personal data transmitted during the call setup is processed.
To provide the hotline, we use Amazon Connect from Amazon Web Service Inc, 410 Terry Avenue North, Seattle WA 98109, USA (hereinafter referred to as Amazon Connect). Amazon Connect is a contact-centre service provided via the Amazon Web Services (AWS) cloud.
Personal data is consequently stored and evaluated in server log files, in particular the telephone number and the beginning and end time of the telephone call.
Other information voluntarily shared during the telephone call is only recorded and forwarded to the relevant police department if the caller exhibits a suicidal behaviour.
Data is transferred to AWS servers in the USA. AWS has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, AWS undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4&status=Active
For more information about AWS’ collection and storage of data, please visit: https://aws.amazon.com/privacy/
2. Purpose of the data processing
The purpose of the data processing is the provision of free telephone advice from psychologists and psychotherapists to people who are experiencing difficulties in coping with the coronavirus crisis.
3. Legal basis for data processing
The legal basis for the processing of data from the telephone call is the caller’s consent, Art. 6(1)(1)(f) GDPR.
The legal basis for the processing of the special category of personal data within the meaning of Art. 9(1) GDPR is consent pursuant to Art. 6(1)(1)(a) GDPR in conjunction with Art. 9(2)(a).
The legal basis for the processing of data transmitted during the technically necessary call set-up is Art. 6(1)(f) GDPR.
4. Duration of storage
The data is deleted once it is no longer needed to fulfil the purpose for which it was collected. The personal data collected during the call setup is deleted after 24 months at the latest.
5. Objection and removal option
The user may at any time revoke their consent to the processing of personal data. If the user contacts us, they may at any time object to the storage of their personal data. In such a case, all personal data that was stored in the course of making contact is erased.
This Privacy Policy was created with the support of DataGuard.