Privacy Policy Helios
1. General provisions
Helios Privatkliniken GmbH is very committed to data protection. Personal data will not be collected, processed and used on our website except to the extent required for technical reasons and for the execution of individual services and contents and unless you gave your separate consent or the data are processed based on our legitimate interests. Should the use of individual contents and services on our website require the entry of personal data (e.g. the processing of enquiries made via our contact forms), we will only collect and use the data for the purpose for which you provide them.
2. Name and contact data of the controller and of the company data protection officer
This data protection information applies to the processing of your data by: Controller: Helios Privatkliniken GmbH, Else-Kröner-Str. 1, 61352 Bad Homburg v. d. H., Germany, Telephone: + 49 6172 608 4044 | Fax: +49 6172 608 2869 The company’s data protection officer may be contacted at the above-stated address, attn. data protection officer, or at data-protection-hp@helios-gesundheit.de.
3. Collection and storage of personal data, type of data and purpose for which they are used
Personal data shall be erased immediately when they are no longer needed for the purpose for which they were stored and provided there is no legal or statutory retention obligation which would be violated by such erasure and/or destruction. We will process your data as follows:
a.When you visit our website
During your visit on our websites, our webserver will automatically and temporarily store the access data of the computer from which the request was made, the pages you visit on our website, the date and duration of your visit, the identification data of your browser and operating system and the website from which you accessed our website (so-called server log data). Additional personal data such as your name, your address, telephone number or e-mail address will not be collected and the server log data will not be connected with any personal data.
We will process the above-stated information for the following purposes:
- in order to guarantee smooth connection with our website;
- in order to guarantee that you will be able to use our website as intended;
- in order to analyze system security and system stability;
- for other administrative purposes.
The legal basis for the processing of your personal data shall be Article 6, paragraph 1, clause 1, lit. f of the GDPR. Our legitimate interest is based on the above-listed purposes of data processing. In no event will we use the collected data in order to draw any conclusions about you personally. The data will be stored and erased after 13 months.
b. Cookies
We use cookies on our websites.
Cookies are small files that are stored on your hard drive and that store certain settings and data concerning your browser for the exchange with our system. Their purpose is to add user-friendliness and efficiency to the websites
You may delete cookies in the settings of your browser at any time and you may adjust your browser settings in accordance with your requirements, e.g. you may reject cookies generally. As a general rule, you may access the help function on the menu bar of your web browser and learn how to reject new cookies and delete cookies from your system. However, please be advised that you might not be able to fully use all of this website’s functions without cookies.
Some of our cookies are session cookies and will be deleted from your hard drive at the end of your browser session. In addition, we also use permanent cookies, which remain on your hard drive. When you re-visit our website, we automatically recognize you as a former visitor and your information and settings. These cookies are stored on your hard drive and will be deleted automatically after a certain period of time.
The cookies we use cannot be allocated to a specific individual. Upon activation, an identification number is allocated to the cookie. Such identification number cannot and will not be allocated to your identity. We do not store your name or similar data based on which the cookie could be allocated to you personally.
The legal basis for this type of data processing is your express consent in accordance with Article 6, para. 1, clause 1, lit. a of the GDPR, which you give when you consent to the use of cookies and tracking.
c. Analysis (Tracking)
We will use the data stipulated in a) above using a tool that replaces the last two bytes of your IP address with zeros, including for the purpose of analyzing your use of our website and of guaranteeing that our website is designed to fulfill your requirements, and of enabling us to continually improve our website. Additionally, we use tracking measures in order to compile statistics on the use of our website and in order to further improve our website.
In addition to the data stipulated in a) above, the tool also records the following data:
- device type, device model, device brand
- screen resolution
- plug-ins used (e.g. Flash, Java)
- referrer URL (previous page accessed by the user)
- country and region from which the request originated
- downloads
- clicks
- number of forms sent (depending on the goals defined)
The legal basis for this type of data processing is your express consent in accordance with Article 6, para. 1, clause 1, lit. a of the GDPR which you give when you consent to the use of cookies and tracking. The data will be stored and erased after 13 months. If you do not wish your activities on our website to be tracked or analyzed, please activate the «Do not track» setting in your browser. Please go to your browser options to activate this setting.
In addition to this internal analysis, we use third-party tracking functions in order to be able to better tailor our website to our users’ requirements. Moreover, we aim at improving our website based on the analyses of how it is used. These data are processed on the basis of your express consent in accordance with Article 6, para. 1, lit. a of the GDPR.
Please note that we can hardly influence the data processing activities of these third-party tracking tools and that the only information we have is the information that these third-party tracking tools provide in their data protection information.
aa. Google Analytics
We use Google Analytics, a web analysis service provided by Google Ireland Limited (hereinafter referred to as "Google"). This tool enables us to allocate data, sessions and user activities to a computer-independent pseudonym and to analyze a user’s activities on different devices.
Among others, the following data will be processed:
- browser type / version,
- operating system used,
- referrer URL (page visited previously),
- hostname of the computer making the request (IP address),
- time of server query
Google Analytics also uses so-called cookies (cf. c) above). The data on your visits on this website generated by such cookie shall be transmitted to and stored on one of Google's servers in the USA. If IP anonymization is activated on this website, Google shall shorten your IP address within the member states of the European Union or in other countries which are parties to the Agreement on the European Economic Area. On this website, Google Analytics was complemented by an IP anonymization function, which means that IP addresses are recorded in anonymized form (so-called IP masking). For more information on the terms and conditions of use and on data protection at Google, please go to https://www.google.com/analytics/terms/de.html or https://policies.google.com/?hl=de.
Google will use such data in order to analyze your visits on our website for us, to compile reports on the website activities and in order to render other services in connection with the use of the website and of the internet.
The data Google provides will be stored and erased after 12 months.
You can prevent the collection of your personal data in relation to your use of the website as generated by the cookie (incl. your IP address) and their transmission to Google as well as the processing of such data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de"
You may also place a so-called opt-out cookie, which will prevent the collection of your data on the occasion of future visits on our website. In order to prevent Google Analytics from collecting data from various devices, you will have to opt out on all devices you use. Please set the opt-out cookie by clicking here: Deactivate Google Analytics. This opt-out cookie only works on the device and for the browser you use, including this website. It will be stored locally on your device. If you delete cookies, you will have to set the opt-out cookie again.
bb) Yandex.Metrica
This website uses Yandex.Metrica web analysis, provided by YANDEX LLC, 16, Leo Tolstoy St., Moscow, 119021, Russia (hereinafter referred to as „Yandex“).
Yandex.Metrica also uses so-called cookies (cf. c) above).
The cookies contain the following data (without limitation):
- device type, device model, device brand
- screen resolution
- plug-ins used (e.g. Flash, Java)
- referrer URL (previous page accessed by the user)
- country and region from which the request originated
- clicks
- number of forms sent (depending on the goals defined)
-
The information provided by the cookies help us to improve our website.
The information the cookies collect on your use of our website will be sent to Yandex and stored on servers within the EU and Russia.
Please note that Russia is a so-called third country and the EU does not consider its data protection level to be adequate.
Yandex will process your data in order to analyze your use of the website, to compile reports for us and to render other services. Yandex processes the data as stipulated in its terms of use. In addition, Yandex might also transmit such data to third parties to the extent this is stipulated by law or if such third parties process such data for Yandex.
For more detailed information on Yandex‘ data processing activities, please go to https://yandex.com/legal/privacy/.
The data we receive from Yandex will be stored and erased after 12 months.
You may delete cookies in the settings of your browser at any time and you may adjust your browser settings in accordance with your requirements, e.g. you may reject cookies generally. As a general rule, you may access the help function on the menu bar of your web browser and learn how to reject new cookies and delete cookies from your system. However, please be advised that you might not be able to fully use all of this website’s functions without cookies Alternatively, you may download and install the browser tool offered at https://yandex.com/support/metrika/general/opt-out.html.
cc) Web beacons
We use „web beacons“, „pixel tags“, „transparent GIFs“ or similar measures (hereinafter referred to as "Web Beacons") on our website. A Web Beacon is a picture file, mostly one individual pixel, that is embedded in our websites. Usually, Web Beacons are invisible to the user. They enable us to count the number of visitors on our website who access individual pages, to offer branded services and to create statistics on the use of our website.
The data will be stored and erased after 13 months.
d) Registration for one of our newsletters
In order to be able to send you our newsletter, we need your e-mail address and, for the purpose of the so-called double opt-in, the confirmation that you are in fact the owner of the stated e-mail address and that you wish to receive our newsletter.
For this purpose, we will send you an e-mail to the account you stated after you registered for our newsletter. With this e-mail we ask you to confirm that you wish to receive our newsletter by clicking on the link contained in the e-mail. Thereafter, you will receive the newsletter for which you registered. We only use your e-mail address for sending our newsletter and will not disclose it to any third party. The legal basis for the processing of your data in this case is Article 6, para. 1, clause 1, lit. a of the GDPR.
You may withdraw your registration for the newsletter and your related consent at any time. A link for deregistration is included at the bottom of every newsletter.
4. Our contact forms
a) When using our contact form
Should you have any questions, you may contact us via the contact form on our website. In this case, you will have to enter a valid e-mail address so that we know who sent the request and in order to enable us to answer it. You may provide additional information if you wish to do so.
The processing of your data for the purpose of your request is subject to Article 6, para. 1, clause 1, lit. a of the GDPR based on your voluntarily given consent.
The personal data we collect via our contact form will be automatically erased after your request has been settled.
b) When using our chats
Our website provides you with the opportunity to contact our coordinators via Chatra. Chatra is provided by Roger Wilco LLC, 2200 Clarendon Blvd., Suite 1400A, Arlington, VA 22201, USA, Tel. 1-703-243-6333. Your use of Chatra is deemed to be your consent to Chatra's privacy policy, which is published at: https://chatra.io/privacy-policy/. Please read it carefully before using the service. Any and all information and data will be processed by Chatra and stored on servers in the USA (among others). In order to protect your data in the USA, Chatra, in accordance with its own statements, is voluntarily certified in accordance with the Data Protection Convention between the USA and the EU, the co-called Privacy Shield, and undertakes to comply with the EU data protection regulations. For more detailed information on the Privacy Shield please klick on the following link: https://www.privacyshield.gov.
Chatra collects the following data:
- duration of your visit
- pages visited
- your location (determined based on your IP address)
- referrer URL
- operating system
- browser version
When you contact us via Chatra, the following additional data may be collected in case you enter them:
- contact data
- last and first name
- e-mail address
- telephone number
- chat logs and the files exchanged between you and our support team
For more information on how Chatra processes these data, please click on the following link: https://chatra.io/privacy-policy/.
Data processing for the purpose of your contacting us via chat is subject to Article 6, para. 1, clause 1, lit. a of the GDPR based on your voluntarily given consent, which shall be deemed given if you use the chat function.
If you do not agree to this process, please do not use our chat function but contact us via e-mail or telephone.
c) When using our call back function
You may fill in your telephone number and, if you wish, your name and desired time for the call, in the form on our website and we will call you back at the desired time. The processing of your data for the purpose of your request is subject to Article 6, para. 1, clause 1, lit. a of the GDPR based on your voluntarily given consent. The personal data we collect via our call back form will be erased automatically after your request has been settled.
5. Social media plug-ins
On our website, we use social plug-ins of the social networks Facebook, Twitter, Instagram and YouTube (Google) in accordance with Article 6, para. 1, clause 1, lit f of the GDPR, employing the so-called Sharriff solution. For more information on this technology, please klick here. Your personal data will not be transmitted to and processed by the relevant provider unless you activate the button. The basis for our data processing activities is our legitimate interest. The underlying marketing purpose is deemed to be a legitimate interest in accordance with the GDPR. The relevant provider is obliged to guarantee that its operations comply with applicable data protection regulations. Helios Privatkliniken GmbH cannot influence the providers‘ data protection processes.
a) Facebook
On our website, we use Facebook’s social media plug-ins in order to add a personal design to the use of our website. For such purpose, we use the “Like” and “Share” buttons which are provided by Facebook.
If you activate the plug-in, your browser establishes a direct connection with Facebook’s servers. These plug-ins inform Facebook that your browser accessed the relevant page on our website, even if you do not have a Facebook account or if you have logged out of it. This information, including your IP address, is transmitted by your browser to and stored on one of Facebook’s servers in the USA. If you are logged in to your Facebook account, Facebook will be able to allocate your visit on our website to your Facebook account. When you interact with the plug-ins, e.g. if you click on the “Like” or “Share” button, the relevant information shall be transmitted from your browser to and stored on one of Facebook’s servers. In addition, this information is published on Facebook and shown to your Facebook friends.
Facebook may use this information for marketing, market research and for tailoring the Facebook pages to your needs. For such purpose, Facebook compiles user profiles, interest profiles and relationship profiles, e.g. in order to analyze your use of our websites and show you relevant ads on your Facebook page, to inform other users on your activities on our website and to render other services in connection with your use of Facebook.
If you do not wish Facebook to allocate the data collected via our website to your Facebook account, you will have to log out of your Facebook account before visiting our website. For more information on the purpose and scope as well as on the processing and use of the data by Facebook and your related rights and options for the protection of your privacy, please go to Facebook’s privacy policy at: (https://www.facebook.com/about/privacy/).
b) Twitter
Plug-ins of Twitter Inc. are integrated on our website. The Twitter plug-in (tweet button) is the Twitter logo on our website. For an overview of the tweet buttons, please go to (https://about.twitter.com/resources/buttons).
By activating the plug-ins, you establish a direct connection between your browser and the Twitter server and Twitter will be informed that you visited our website from your IP address. By clicking on the tweet button while logged in to your Twitter account, you may set a link to our websites on your Twitter profile. This means, Twitter will be able to allocate your visit on our website to your user account. We would like to point out that we, as the provider of the website, are not informed of the contents of the transmitted data and their use by Twitter.
Should you like to prevent Twitter from allocating your visit to our website to your Facebook user account, please log out from your Twitter account before you use our website. For more information please see Twitter’s privacy policy at: (https://twitter.com/privacy).
c) Instagram
On our website, we use so-called social plug-ins from Instagram operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA („Instagram“).
These plug-ins are marked with the Instagram logo, e.g. in the form of the Instagram camera. When you activate the plug-ins, your browser will establish a direct connection to Instagram's servers. Instagram will transmit to your browser the content of the plug-in and embed it in the website. Based on such embedding, Instagram will be informed that your browser accessed the relevant page on our website even if you do not have an Instagram account or if you have logged out of it.
This information, including your IP address, is transmitted by your browser to and stored on one of Instagram’s servers in the USA. If you are logged in to your Instagram account, Instagram will be able to allocate your visit on our website to your Instagram account. When you interact with the plug-ins, e.g. if you click on the Instagram button, the relevant information shall be transmitted from your browser to and stored on one of Instagram’s servers.
In addition, this information will be published on your Instagram account and displayed to your contacts.
If you do not wish Instagram to allocate the data collected via our website to your Instagram account, you will have to log out of your Instagram account before visiting our website. For more information, please see Instagram’s privacy policy at: (https://help.instagram.com/155833707900388).
d) YouTube
We use plug-ins from YouTube, a website which is operated by Google (YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA). When you activate the plug-in, a connection to YouTube's servers will be established and the YouTube server will be informed which of our pages you visited. If you are logged in to your YouTube account, you allow YouTube to directly allocate your browsing behaviour to your personal profile. You may prevent this by logging out from your YouTube account. For more information on the handling of user data, please go to YouTube’s data privacy notice at: https://www.google.de/intl/de/policies/privacy.
6. Rights of data subjects
You have the right:
- to demand information on your personal data we process in accordance with Article 15 of the GDPR. In particular, you are entitled to request information on the purpose of processing, on the categories of personal data, the categories of recipients of your data, the planned duration for which your data will be stored, the availability of the right to correction, erasure, restriction of or objection to processing, the availability of a right to complain, on the origin of the data to the extent they were not collected by us and on the question of whether there is automated decision-making and profiling and meaningful details in relation thereto;
- to demand the immediate rectification of incorrect or completion of your personal data we store about you in accordance with Article 16 of the GDPR;
- to demand erasure of your personal data in accordance with Article 17, unless the processing thereof is required in order to exercise the right to free expression of opinion and to information, to fulfill a legal obligation, for reasons of public interest or in order to assert, exercise or defend legal claims;
- to demand the restriction of processing in accordance with Article 18 of the GDPR to the extent you object to the correctness of your data, the processing thereof is illegal but you do not wish the erasure thereof and we do not need the data anymore but you need them to assert, exercise or defend legal claims or you objected to the processing of the data in accordance with Article 21 of the GDPR;
- to receive your personal data that you disclosed to us in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller in accordance with Article 20 of the GDPR;
- to withdraw your consent at any time in accordance with Article 7, para. 3 of the GDPR, with the consequence that we will not be allowed to continue to process the data that were subject to this consent;
- to lodge a complaint with a supervisory authority in accordance with Article 77 of the GDPR.
7. Right to object
To the extent your personal data are processed based on legitimate interests in accordance with Article 6, para. 1, clause 1, lit. f of the GDPR, you are entitled, in accordance with Article 21 of the GDPR, to object to the processing of your personal data on grounds relating to your particular situation or to the extent your objection relates to direct marketing. In the latter case, you have a general right to object and we will comply without any reasons relating to your particular situation. If you like to assert your revocation or objection rights, please send an e-mail to: datenschutz-privatkliniken@helios-gesundheit.de.
8. Data security
We take all required technical and organizational security measures in order to protect your personal data from loss or misuse, including without limitation storing your data in a safe and secure environment that is not publicly accessible.
In certain cases, your personal data will be encoded for transmission using the so-called transport layer security (TLS). This means, the communication between your computer and our servers is encrypted using a recognized encryption method if your browser supports TLS.
9. Updates and changes to this privacy policy
This privacy policy is applicable as of July 2019.
Based on the further development of our website and services or due to changes of the statutory or regulatory requirements, we may be obliged to change this privacy policy. The current version of our privacy policy is always available for inspection and printout here or you can request it from us directly.