Data Protection Declaration

I.       Name and address of the controller

The controller within the meaning of the GDPR and other national data protection legislation of the member states as well as other data protection provisions is the

Kinderwunschzentrum Heidelberg Drs. Seehaus, Parta, Tesarz, Thöne

Römerstr. 3, 69115 Heidelberg

Tel: 06221- 89 300 0, Email: info@kwz-hd.de

Website: www.kwz-heidelberg.de

 

II.      Name and address of the data protection coordinator

The controller’s data protection coordinator is:

Dr. rer. nat. Thomas Zahn; address as above; Email: zahn@kwz-hd.de

 

III.   General information on data processing

1.     Scope of processing of personal data

We collect and use the personal data of our users only as far as is necessary in order to provide a functional website as well as our contents and services. Our users’ personal data are only collected and used with the consent of the user. Usage of the website does not give rise to a contractual relationship between the user and the provider, so no contractual or semi-contractual claims against the provider are possible.

2.     Legal basis for the processing of personal data

To the extent that we request the consent of the person concerned in order to process personal data, this is done on the basis of Art. 6 para. 1 lit. a of the EU-GDPR.

The legal basis for processing personal data necessary for the fulfillment of a contract with the person concerned as a contractual party is Art. 6 para. 1 lit. b of the GDPR. This also applies to processes necessary for the implementation of pre-contractual measures.

If the processing is necessary to safeguard the legitimate interests of our company or of a third party and if the interests of the person concerned do not outweigh the former interests, Art. 6 para. 1 lit. f GDPR is the legal basis for the processing.

3.     Data deletion and storage period

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage becomes obsolete. Storage may also occur if stipulated by the European or national legislator in EU regulations, laws and other provisions the controller is subject to. Blockage and deletion of data are also performed if a storage period foreseen in the above-mentioned provisions expires unless there is a need to continue storing the data in order to conclude or fulfill a contract.

 

IV.   Provision of the website and generation of logfiles

The provider of this website is 1&1 Internet SE, Montabaur. When accessing the general information of the KWZ Heidelberg, information about user access is only saved for statistical purposes in anonymised logfiles. Adobe Analytics (Omniture) and Google Analytics are used for this purpose. Both systems use so-called cookies, i.e. text files saved on your computer, enabling an analysis of the usage you are making of the website.

The cookie-generated information about the usage of this website (including your IP address) are transmitted to a server run by Adobe or Google and saved there. 1&1 will use this information in order to evaluate your usage of the website, to compile reports about the website activities for the website operator and to provide further services related to the website and internet usage. In no case will 1&1 link your IP adress with other 1&1 data. You may prevent the installation of cookies by adjusting the settings of your browser software. However, we would point out that in this case, you may not be able use the full scope of all the functions provided by the website.

In addition, you can prevent the collection of cookie-generated data related to your usage of the website by Adobe or Google as well as the processing of the data by downloading and installing the browser plugin accessible by the following link:

For Adobe: http://www.adobe.com/de/privacy/opt-out.html

For Google: tools.google.com/dlpage/gaoptout

 

V.        Contact form and email contact

1.         Description and scope of data processing

A contact form is available on our website which can be used in order to contact us electronically. If a user makes use of it, the data entered into the mask are transferred to us and stored. These data are:

Obligatorily: First name, surname, email address and, optionally, phone no., street and number, town and country.

At the time of sending the message, the following data will be stored additionally:

Type/version of browser, operating system, referrer URL (website visited previously), IP address of user and date and time of registration

As part of the sending process, your consent will be requested for the processing of the data; reference is made to this data protection declaration.

Alternatively, it is possible to contact us using the email address provided. In this case, the user’s personal data sent along with the email are stored. We would like to inform you that emails are transmitted in non-encrypted form. If we receive an email from you, we assume that we are entitled to answer it by email.

In this context, no data are passed on to third parties. The data are used exclusively to process the conversation.

2.     Legal basis for data processing

If the user has given his/her consent, the legal basis for processing the data is Art. 6 para. 1 lit. a GDPR.

The legal basis for processing data transmitted as part of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the email contact aims at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

3.     Purpose of data processing

We only process the personal data from the entry form for contact processing purposes. If the contact is made via e-mail, this is the justification for processing the data.

The other personal data processed during the transmission process serve the purpose of preventing an abuse of the contact form and guaranteeing the security of our IT systems.

4.     Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose of their collection. For the personal data from the input screen of the contact form and those sent via e-mail, this is the case once the respective conversation with the user has been concluded. The conversation has been concluded if it can be taken from the circumstances that the respective matter has been settled conclusively.

The personal data collected additionally during the transmission process will be deleted after a period of seven days at the latest.

5.     Right of objection and deletion

The user may withdraw his/her consent for the processing of personal data at any time. If the user contacts us via e-mail, he/she may object to the storage of his/her personal data any time. In this case, the conversation cannot be continued. In that case, please contact us.

In this case, any personal data stored during the contacting will be deleted.

VI.   Rights of the person concerned

If your personal data are processed, you are a concerned person within the meaning of the GDPR and have the following rights vis-a-vis the controller:

1.     Right to receive information

You are entitled to receive a confirmation from the controller as to whether any personal data about you have been processed by us.

If such processing has occurred, you may demand information about the following:

(1)       the purposes for which personal data are processed;

(2)       the categories of personal data processed;

(3)       the receivers or categories of receivers to whom your personal data have been disclosed or will be disclosed;

(4)       the planned duration of storage of your personal data or, if no concrete information about this can be given, criteria for the determination of storage time;

(5)       the existence of the right to correction or deletion of your personal data, of the right to limitation of processing by the controller or of a right to objection to such processing;

(6)       the existence of a right to complain with a supervisory body;

(7)       any available information about the origin of the data if the personal data have not been collected from the person concerned;

(8)       the existence of automated decision-making including profiling according to Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information about the algorithms involved and the intended effects of such processing for the person concerned.

You have the right to demand information about whether your personal data are sent to a third country or international organisation. In this context, you may demand to be informed about appropriate guarantees acc. to Art. 46 GDPR in the context of the transmission.

2.     Right to correction

If your processed personal data are incorrect or incomplete, you have the right to have them corrected and/or completed by the controller.

3.     Right to restriction of processing

You may demand to have the processing of your personal data restricted under the following conditions:

(1)       if you deny the correctness of your personal data for a period sufficient to allow the controller to check the correctness of the personal data;

(2)       if the processing is illegal and you reject the deletion of your personal data and demand the limitation of the usage of the personal data instead;

(3)       if the controller no longer needs the personal data for the purposes of processing, but you need them to invoke, exercise or defend legal claims, or

(4)       if you have objected to the processing under Art. 21 para. 1 GDPR and it is not clear yet whether the legitimate reasons of the controller take precedence over your reasons.

If the processing of your personal data has been restricted, these data may only be processed – apart from their storage – with your consent or in order to invoke, exercise or defend legal claims or to protect the rights of another natural or legal person or on the grounds of an important public interest of the Union or a member state.

If the restriction of processing has been restricted under the above-mentioned conditions, you will be informed by the controller before the restriction is lifted.

 

4.     Right to deletion

a)      Duty of deletion

You may demand to have your personal data deleted immediately by the controller and the controller is obliged to delete these data immediately if one of the following reasons applies:

(1)       Your personal data are no longer necessary for the purposes for which they have been collected or otherwise processed.

(2)       You withdraw your consent which was the basis for processing under Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a, and there is no other legal basis for the processing.

(3)       You object to the processing under Art. 21 para. 1 GDPR and there are no higher-ranking legitimate reasons for processing, or you object to processing under Art. 21 para. 2 GDPR.

(4)       Your personal data have been processed illegally.

(5)       The deletion of your personal data is necessary to fulfill a legal duty under the law of the Union or the law of the member states the controller is subject to.

(6)                   Your personal data have been collected with respect to information society services offered under Art. 8 para. 1 GDPR.

b)     Information to third parties

If the controller has published your personal data and is obliged to delete them under Art. 17 para. 1 GDPR, the controller will take appropriate – also technical –  measures, having regard to the available technology and the implementation costs, in order to inform those responsible for processing the personal data that you as the person concerned have demanded the deletion of all links to these personal data or of copies or replications of these personal data.

c)      Exceptions

No right to deletion applies if the processing is necessary

(1)       to exercise the freedom of expression and right to information;

(2)       in order to fulfill a legal obligation requiring processing under the law of the Union or the member states the controller is subject to or in order to perform a task which lies in the public interest or corresponds to the exercise of public authority transferred to the controller;

(3)       for reasons of public interest in the area of public health under Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 GDPR;

(4)       for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes under Art. 89 para. 1 GDPR where the right under para. a) is likely to make the realisation of the goals of this processing impossible or compromise it severely, or

(5)       in order to invoke, exercise or defend legal claims.

5.     Right to information

If you have invoked your right to correction, deletion or restriction of processing vis-a-vis the controller, the controller is obliged to inform all recipients of your personal data about this correction or deletion of the data or restriction of processing, unless this proves impossible or involves an undue burden.

You have the right to be informed about these recipients by the controller.

6.     Right to data portability

You have the right to receive your personal data you have provided to the controller in a structured, conventional and machine-readable format. You also have the right to transmit these data to another controller without obstruction by the controller to whom the data were provided if

(1)       the processing is based on a consent under Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit a GDPR or a contract under Art. 6 para. 1 lit. b GDPR and

(2)       the processing is done using automated procedures.

In exercising this right and to the extent technically feasible, you also have the right to see to it that your personal data are transmitted directly from one controller to another. The freedoms and rights of other persons must not be compromised by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task which is in the public interest or is performed in the exercise of a public authority transferred to the controller.

7.     Right to object

You have the right to object any time for reasons resulting from your special situation to the processing of your personal data which is based on Art. 6 para. 1 lit. e or f GDPR; this also applies to any profiling based on these provisions.

The controller will cease to process your personal data, unless the controller can provide compelling legitimate grounds for the processing which outweigh our interests, rights and freedoms, or the processing serves the purpose of invoking, exercising or defending legal claims.

If your personal data are processed for direct advertising purposes, you have the right to object to the processing of your personal data for these purposes; this also applies to profiling to the extent it is related to such direct advertising.

If you object to the processing for the purposes of direct advertising, your personal data will no longer be processed for these purposes.

In the context of the usage of information society services and irrespective of Directive 2002/58/EC, you may exercise your right to appeal using automated procedures involving technical specifications.

8.     Right to withdrawal of the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law any time. This withdrawal does not affect the legitimacy of the processing carried out based on the consent up until the time of withdrawal.

 

9.     Right to appeal to a supervisory authority

Without prejudice to another legal remedy under administrative law or to a judicial remedy, you have the right to appeal to a supervisory authority, in particular in the member state of your place of residence or work or the place of the alleged violation, if you believe that the processing of your personal data violates the GDPR.

The supervisory authority with whom the appeal has been raised will inform the appellant about the status and results of the appeal, including the possibility of a judicial remedy under Art. 78 GDPR.