Privacy statement according to the DSGVO (GDPR)

 

I. Name and address of the person responsible

The person responsible within the meaning of the Basic Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is:

Stephan Scholz
Praxis an den Quellen
Burgstrasse 6-8

65183 Wiesbaden
Germany

Tel .: +49.(0)611 – 374837
E-Mail: info@zahnarzt-scholz-wiesbaden
Website: www.zahnarzt-scholz-wiesbaden.de

Domains: (1) www.zahnarzt-scholz-wiesbaden.de, (2) www.praxis-an-den-quellen.de (forwarding to domain (1))

Road: Burgstrasse 6-8
Location: 65183 Wiesbaden
Telephone number: 0611 – 374837

E-Mail: info@zahnarzt-scholz-wiesbaden
Website: www.zahnarzt-scholz-wiesbaden.de

Germany

II. Name and address of the data protection officer

The data protection officer of the responsible person is:

Name: Stephan Scholz

Road: Burgstrasse 6-8
Location: 65183 Wiesbaden
Telephone number: 0611 – 374837

E-Mail: info@zahnarzt-scholz-wiesbaden
Website: www.zahnarzt-scholz-wiesbaden.de

Germany

III. General data processing policy

1. Scope of the processing of personal data

In principle, we only collect and use personal data of our users to the extent necessary for the provision of a functional website as well as of our content and services. The collection and use of personal data of our users takes place regularly only with the consent of the user. An exception applies in cases where prior consent cannot be given or reasonably obtained, and the processing of the data is permitted by law.

2. Legal basis for processing of personal data

Insofar the obtaining of the consent of users for processing their personal data Art. 6 para. 1 lit. a EU General Data Protection Regulation (DSGVO / GDPR) serves as the legal basis.

Insofar as the processing of personal data is required to fulfil a legal obligation to which the concerned person is subject, Art. 6 para. 1 lit. c DSGVO serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is required to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c DSGVO serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d DSGVO serves as the legal basis.

If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, basic rights, and fundamental freedoms of the person concerned do not outweigh the former interest, Art. 6 para. 1 lit. f DSGVO serves as the legal basis for the processing.

3. Data deletion and storage duration

Personal data of the party in question will be deleted or blocked as soon as the purpose of the storage is no longer needed.
In addition, such storage may be provided for by European or national legislators in EU regulations, laws, or other regulations to which the controller is subject. We will block or delete the data stored even if a storage period prescribed by the mentioned standards expires, unless there is a need for further data storage for the conclusion of fulfilment of a contract.

4.     Links to other websites

This website contains links to other websites. This privacy policy only applies to this website. If you go to another website from this one, read the privacy policy on that website to find out what it does with your information.

V. Provision of the website and creation of logfiles

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.
The domains

are set not to create web server log files. We consciously abstain from the possibility to create web server log files / storing and using IP addresses.

Log files are only created in connection with

  • the use of cookies (see section V)
  • the contact form (see section VI)
  • the blog comment function (see section VII)
  • social media postings / the social media buttons (see section VIII)

The following data is collected in the web server:

a. Hourly evaluation (The hourly statistics provide information about average data request / transfer volumes related to times of day in a selected month.)

b- Timeout of a visit (Such requests are recorded as visits by the statistics that result in a page impression. The requesting IP address is provided with a time frame, within which repeated requests are counted during the same session.)

c. Number of browsers (setting: statistics of the 15 most frequently used browsers

d. Number of Referers (setting: the 30 most common URLs from which our Do-main was accessed)

e. Number of start pages (setting: the 10 most frequent start pages of the domain (s)

f. Number of end pages ((Setting: the 10 most frequently used end pages of the domain (s)

The data is also stored in the log files of our system. Not affected by this are the IP addresses of the user or other data that allow the assignment of the data to a user. This data is not stored together with other personal user data.

2. Legal basis for data processing

The legal basis for the temporary storage of the data is Art. 6 para. 1 lit. f DSGVO.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. To do this, the user’s IP address must be kept for the duration of the session.

This is our legitimate interest in the processing of data within the meaning of Art. 6 para. 1 lit. f DSGVO.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary for the achievement of the purpose of its processing. If the data is gathered in order to provide the website, this is the case when the respective session is completed.

5. Option to object and to have personal data erased

The collection of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Consequently, the user has no right to object for privacy reasons.

V. Use of cookies

1.a) Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or the Internet browser on the user’s computer system. When a user visits a website that uses cookies, a cookie is downloaded onto and stored on his computer system. This cookie contains a unique string that allows to identify the browser when the website is visited again by the user.

This website uses Google Maps. a product of Google Inc. (Google Inc., 1600 Amphitheater Parkway, Mountainain View, CA 94043, USA.) By using this site, you consent to the collection, processing and use of the data automatically collected by Google Inc, its agents, as well as third parties. You can find the terms of use of Google Maps under „Terms of Use of Google Maps“. (https://www.google.com/intl/de_de/help/terms_maps.html, http://www.google.com/policies/privacy ).

General information: To disable Google Analytics, Google provides a browser plug-in at http://tools.google.com/dlpage/gaoptout?hl=en.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

The following data is stored in and transmitted by the cookies:

(1) Language settings

(2) The user’s IP address of the (temporary)

(3) Login information

(4) Date and time of registration

(5) Geolocation data

Privacy Policy for Google Analytics & Opt-out

Our website uses Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To disable Google Analytics, Google provides a browser plug-in at http://tools.google.com/dlpage/gaoptout?hl=en

Here you can disable Cookies and Google Analytics

Dienst
Grund der Nutzung
AGB
Aktiviert

Cookies
Wir benutzen Cookies um das Besucherverhalten zu analysieren.

Google Analytics
Google Analytics wird zum Anlayiseren des Websitetraffics verwendet.

Da Sie nicht eingeloggt sind speichern wir diese Einstellungen in einem Cookie. Diese Einstellungen sind somit nur auf diesem PC aktiv.

 

Google Analytics uses cookies. These allow an analysis of the use of our website offer by Google. The information about the use of our pages (including your IP address) collected by the cookie is usually transmitted to a Google server in the US and stored there.

We point out that on this website Google Analytics has been extended by the code “gat._anonymizeIp ();” in order to ensure an anonymous collection of IP addresses (so-called IP-Masking). If the anonymization is active, Google truncates IP addresses within member states of the European Union or in other contracting states of the Agreement on the European Economic Area, and therefore no identification of your identity is possible. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.

Google complies with the privacy policy of the Privacy Shield Agreement, and is registered with the U.S. Department of Commerce Privacy Shield Program, and uses the information we collect to evaluate the use of our websites, to report on them, and provide us with other related services. Learn more at http://www.google.com/intl/en/analytics/privacyoverview.html.

1.b) Legal basis for data processing

The legal basis for the processing of personal data using cookies is Article 6 (1) lit. f DSGVO.

1. c) Purpose of data processing

The purpose of using technically necessary cookies is to facilitate the use of websites for users. Some features of our website cannot be offered without the use of cookies. Some of these features require that the calling browser can be identified even after a page change.

We require cookies for the following applications:

Below is a list of applications. In includes, for example:

(1) Accept language settings

(2) Remember keywords

(3) Statistical purposes

User data collected by cookies will not be used to create individual user profiles.

We have a legitimate interest in processing personal data for the purposes described above pursuant to Art. 6 para. 1 lit. f DSGVO.

1.d) Duration of storage, option to object and have personal data erased

Cookies are stored on the user’s computer and transmitted by our system. Therefore, as a user, you have also full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If you disable these cookies, you might not be able to use all features of our website properly.

VI.Contact form and e-mail contact

1. Description and scope of data processing

Visitors can contact us electronically by using the contact form available on our website. By choosing this option, the user’s data entered into the input mask will be transmitted to us and stored.

These data are:

  • Name (mandatory)
  • E-mail address (mandatory)
  • Subject
  • Your message

At the time of sending the message, the following data is also stored:

  • The user’s IP address
  • Date and time of registration

As you go through the sending process, we will obtain your consent and refer to this privacy statement.

Alternatively, you have the option to contact us via the e-mail address provided on our website. In this case, the user’s personal data transmitted by e-mail will be stored.

In this context, personal data will not be provided in any form to third parties without your consent. The data stored is used solely for conversation purpose.

2. Legal basis for data processing

Provided the user’s consent is obtained, the legal basis to the data processing is Art. 6 para. 1 lit. a GDPR.

The legal basis to process the data transmitted by of sending an e-mail is Article 6 (1) lit. f DSGVO. If the e-mail contact aims at the conclusion of a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

3. Purpose of data processing

The processing of personal data from the input mask only serves to create and maintain contact. In the case of contact by e-mail, this also includes the required legitimate interest in the processing of the data provided.

Other personal data processed during the mailing process serves only to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

The data will be deleted as soon as storage is no longer required for purposes as described in this policy. If personal data is gained from the input mask of the contact form and sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is considered terminated when it can be inferred from the circumstances that the relevant facts have been finally clarified.

Personal data additionally gathered during the sending process will be deleted at the latest after a period of seven days.

5. Option to object to data processing and to have personal data erased

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he may object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

In this case, all personal data stored in the course of contacting will be deleted.

VII. Blog Comment Function

To provide security against comments with illegal content, your IP address will be saved in comments on the blog until we have read and approved these comments.

With a click on „delete now“ in our deletion request form (go to form!) you can request the deletion of the stored data including ID, e-mail, first and last name. This will usually happen within a few hours.

Please note: We have closed our blog comments funktion due to data privacy reasons.

VIII. Social Media plugins

Our website uses plugins from facebook:

  • Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland („Facebook“).

The plugins are provided with an icon of the respective network and recognizable as such. Using these plugins will connect you to the social network server and share your data. Your information will only be passed on to one of these Social Media networks when you deliberately press one of the icons provided. The Social Media providers can thereby create user profiles. We point out to the fact that we have no influence on the information storage and data transfer by any external websites and pages nor on the extent to which and how these data are used.

More information about the purpose and scope of the data collection, the further processing, and use of the data collected by the providers of social media, as well as the related rights and setting options for protecting the privacy of users, can be found on the following privacy policy pages:

 

IX. Social Buttons with Shariff

In order to best protect the privacy of users of our online offer, we use the service Shariff and its share buttons for sharing content in social media, which is provided by Heise Media GmbH & Co. KG, Karl-Wiechert-Allee 10, 30625 Hannover, PO Box 61 04 07, 30604 Hannover / Yannik Ehlert. Shariff for WordPress enables website users to share favorite content without jeopardizing their privacy. The Shariff Wrapper provides sharing buttons that protect the privacy of visitors and are (according to Shariff) compliant with the General Data Protection Regulation (GDPR/DSGVO). For more information about Shariff and its privacy policy see: https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

 

X. Further Plugins

1. WP Cerber Security & Antispam

We use the service „Cerber Security & Antispam“, which is offered by Cerber Tech Inc. New York, NY, 1732 1st Ave, 10128, USA. The plugin protects websites against brute force attacks, blocks harmful requests from IPs or subnets when a defined retry limit is exceeded. This makes brute-force attacks or distributed brute-force attacks of botnets impossible. Furthermore, it is possible to restrict, block, or allow access with a Black IP Access List and a White IP Access List. (More information about the features at: https://wpcerber.com/). According to the provider, no data is collected or processed in this context – neither through the services nor through the software offered.

For more information on the collection and use of data by WP Cerber Security & Antispam, see Cerber’s Privacy Policy: https://wpcerber.com/privacy-policy/

2. YOAST SEO

In order to support SEO activities on our website we use the plugin „YOAST SEO“. According to WP-Support (https://wordpress.org/support/topic/yoast-gdpr/), the tool does not store any personal data and is therefore DSGVO/GDPR-compliant.

 

XI. Rights of the data subject

 If your data are processed you are a data subject within the meaning of DSGVO. Which gives you the following rights towards the person responsible for data privacy:

1.Right to information

You may ask the person in charge to confirm if personal data about you is processed by us.

If personal data about you is processed by us, you have the right to information from the person responsible about the following topics:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data being processed;

(4) the recipients or categories of recepients of personal data about you that have been or will be disclosed; the planned duration of the storage of the personal data about you, or, if specific information is not available, criteria for the determination of the storage period;

(5) the right to rectification or erasure of personal data about, the right to restriction of processing by the controller, or the right to object to such processing;

(6) the right to complaint to the supervisory authority;

(7) the right to obtain all information available on the source of the data, if your personal data are not collected from the person concerned;

(8) the existence of automated decision-making including profiling in accordance with Article 22 (1) and (4) DGSVO and – at least in these cases – meaningful information on the logic involved, the extent of consequences and the desired outcome of such processing for the data subject.

You have the right to request information about whether the personal data about you are being transmitted to a third country or to an international organization. In this connection, you can ask for suitable warranties in accordance with Art. 46 GDPR regarding the transfer of personal information about you.

9. Right to rectification

You have a right to rectification and / or completion towards the controller, provided that the personal data processed are incorrect or incomplete. The responsible person must carry out the correction immediately.

10. Right to restriction of processing

You may request the restriction of the processing of the personal data about you under the following conditions:

(1) if you contest the accuracy of the personal data about you for a period of time that enables the controller to verify the accuracy of the personal data;

(2) if the processing is unlawful and you reject the deletion of the personal data about you, demanding instead the restriction of the use of your personal data;

(3) if the controller no longer requires the personal data for the purposes of the processing, but you need them for the purpose of asserting, exercising or defending legal claims; or

(4) if you have filed an objection against the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of personal data about you has been restricted, these data may only be used – with the exception of their storage – to assert, exercise, or defend legal claims or to protect the rights of another natural or legal person Person or on grounds of an important public interest of the Union or a Member State.

If the restriction on the processing according to the above-mentioned conditions have been limited, you will be informed by the person in charge before the restriction is lifted.

11. Right to erasure (also known as „The right to be forgotten“)

(a) Obligation to erase personal data

You may require the controller to immediately delete the personal data about you, and the controller shall promptly delete that data if any of the following is true:

(1) Personal data about you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You revoke your consent, to which the processing acc. Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.

(3) You object to the processing according to Art. 21 para. 1 DSG-VO and there are no prior justifiable reasons for the processing, or you lodge an objection against the processing according to Art. 21 para. 2 DSGVO.

(4) The personal data about you were processed unlawfully.

(5) The deletion of the personal data about you is necessary for the fulfillment of a legal obligation in accordance with EU law or the law of Member States to which the data subject is subject.

(6) The personal data about you were collected in relation to information society services offered pursuant to Article 8 (1) DGSVO.

(b) Information to third parties

If the person in charge has made public the personal data about you, and is according to Article 17 (1) of the DGSVO bound by lay to delete these data, he is – under consideration of all available technical means od implementation – obliged to take technical and appropriate measures, to inform all staff in charge for the processing of the data about you that you as the data subject have required to erasure any link to such personal information, or any copy or replication of such personal data.

(c) Exceptions

The right to erasure does not exist if the processing is necessary

(1) to exercise the right to freedom of expression and access to  information;

(2) to fulfill a legal obligation requiring processing under EU law or Member States’ law to which the controller is subject, or to perform a task of public interest or in the exercise of official authority carried out by the person responsible;

(3) for reasons of public interest in the field of public health pursuant to Article 9 (2) lit. h and i and Art. 9 (3) DGSVO;

(4) for archival purposes of public interest, for scientific or historical research purposes, or for statistical purposes in accordance with Art. Article 89 (1) DGSVO, to the extent that the law referred to in (a) is likely to render impossible or seriously prejudice the achievement of the objectives of that processing;

(5) to assert, exercise, or defend legal claims.

12. Right to information

If you have asserted the right to rectify, delete, or limit the processing against the responsible person, the latter is obliged to inform all recipients of your personal data about their rectification or erasure, or restriction of processing, unless this proves to be impossible or involves a disproportionate effort. You have the right towards the responsible person to be informed about these recipients.

13. Right to data portability

You have the right towards the responsible person in charge to receive the personal data about in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the responsible person in charge to whom the personal data has been provided, provided that

(1) the processing is based on a consent according to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a DSGVO or on a contract according to Art. 6 para. 1 lit. b DSGVO and that

(2) the processing is carried out by automated means.

In exercising this right, you also have the right to obtain that the personal data about you are transmitted directly from one person responsible to another person in charge, insofar as this is technically feasible. Freedoms and rights of other persons may not be impaired.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of public authority delegated to the responsible person in charge.

14. Right to objection

You have, at any time and for reasons arising from your particular situation, the right to lodge an objection against the procession of personal data about you pursuant to Art. 6 para. 1 lit. e or f DSGVO; this also applies to profiling based on these regulative terms.

The responsible person in charge will no longer process the personal about you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of prosecution, exercise, or defense of legal claims.

If the personal data about you are processed in order to carry out direct advertising, you have, at any time, the right to object to the processing of the personal data about you for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct advertising.

If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

You have the option, in the context of the use of information society services – and regardless of Directive 2002/58 / EG –  to exercise your right of withdrawal by means of automated procedures that use technical specifications.

15. Right to revoke the consent to the privacy statement

You have the right to revoke your consent to the privacy statement at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

16. Automated decision on a case-by-case basis, including profiling

You have the right not to be subject to any decision based solely on automated processing, including profiling, that is legally binding on you or that similarly affects you in a similar manner. This does not apply if the decision

(1) is required for the conclusion or the fulfillment of a contract between you and the responsible person in charge,

(2) is permitted by EU or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or

(3) with your express consent.

However, these decisions must not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Article 9 (2) lit. a or g DSGVO applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases mentioned in (1) and (3), the person responsible shall take appropriate measures to protect the rights and freedoms and their legitimate interests, including at least the right to obtain the intervention of a person by the person responsible, upon presentation one’s own position and contesting the decision.

17. Right to complain to a regulatory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of its place of residence, place of work or place of alleged infringement, if you consider that the processing personal data about you is contrary to the DGSVO.

The supervisory authority, at which the complaint was lodged, informs the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 DGSVO.