Privacy Policy

Website Privacy Policy

Below, we will inform you about the processing of your personal data by us and your claims and rights under the data protection law. This Privacy Policy explains nature, scope and purpose of the processing of personal data by our website (collectively referred to as "Website"). The Privacy Policy applies regardless of the domains, systems and devices used (e.g., desktop, mobile, etc.). Personal data are any data that are personally attributable to you, e.g. name, address, e-mail addresses, user behavior. Which data are processed in detail and how they are used depends largely on which of our services are used.

1. Who is responsible for data processing and whom can I contact?

Controller is:

Qunomedical GmbH Chausseestraße 8 +49 30200042054 dataprotection@qunomedical.com

You can contact our Data Protection Officer at:

mip Consult GmbH Asmus Eggert, Attorney-at-Law Alte Jakobstr. 77 10179 Berlin, Germany +49 30200042054 dataprotection@qunomedical.com https://www.sofortdatenschutz.de

2. Which sources and data do we use?

We process personal data that we receive from you as part of your use of our website and, if applicable, our business relationship. In the case of purely informative use of the website, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you visit our website, we collect the following access data that we technically require to display our website and to ensure stability and security. The access data include the IP address, date and time of the visit, time zone difference compared to Greenwich mean time (GMT), content of the request (i.e. name of the specific visited web page), access status/HTTP status code, respective amount of transmitted data, referrer URL (previously visited page), browser type and version, operating system and its interface, language and version of the browser software, message about successful retrieval. In addition, we obtain your personal data if you contact us by using our contact form or by e-mail. Personal data here include e.g. name, company, e-mail, phone number, subject, message text (hereinafter called "contact information").

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) for the following purposes and on the following legal bases:

Purpose Insofar as you consent to the processing of personal data for specific purposes, in particular for contacting you (e.g. via our contact form or by e-mail, WhatsApp etc. for handling and processing the request, advertising by telephone, e-mail, SMS, etc.), such processing is legal as you have consented. Your consent may be revoked at any time. Please note that any revocation is effective for the future only. It does not affect any processing that was done prior to the revocation. Any revocation may be addressed to the above-mentioned contact data or to dataprotection@qunomedical.com Legal basis Consent, Art. 6 (1a) GDPR

Purpose When you contact us (via contact form or by e-mail, telephone or WhatsApp), in addition to any consent given to processing the contact request and its handling, your details are also processed based on steps taken prior to entering into a contract, Art. 6 (1b) GDPR. Legal basis Steps taken at the request of the data subject prior to entering into a contract, Art. 6 (1b) GDPR

Purpose We process your access data (see data specified under item 2 above) to safeguard our legitimate interests or those of third parties. In particular, we pursue the following legitimate interests:

  • Ensuring IT security, in particular the security of the Website; we also store the IP address in the event that someone leaves behind illegal content using the comment function (insults, prohibited propaganda, etc.) and we must be able to determine the author's identity for our own legal protection.
  • Advertising or market and opinion research, unless you have objected to the use of your data;
  • Assertion of legal claims and defense in case of legal disputes; Legal basis As part of the balancing of interests for the safeguarding of legitimate interests, Art. 6 (1f) GDPR

By ticking the checkbox for the Consent Declaration when submitting the contact form you are explicitly giving your informed consent for the collection, processing and use of the personal information, including your health data, that you provide for this purpose to us in order for us to obtain information on options for and the cost of the medical services that you are interested in. This includes the transfer of your data to hospitals, clinics or other health service providers inside and outside the EU/EEA.

Note: You can revoke this consent at any time with effect for the future by giving us notice of your revocation. Please see this Privacy Policy for contact information and detailed information on how we deal with your personal data and secure your privacy.

4. Who can access my data?

Within the organization, entities that need to know your data to fulfill our contractual and regulatory obligations can access your data. In addition, processors (Art. 28 GDPR) engaged by us may also obtain access to data for the above-mentioned purposes. These are companies in the categories IT services, printing services, telecommunications, sales and marketing. If we use processors to provide our services, we will take appropriate legal precautions as well as the relevant technical and organizational measures to protect personal data in accordance with applicable law. Any transfer of data to third parties will be made only within the scope of legal requirements. We will disclose user data to third parties only if this is required, for example, under Art. 6 (1) (b) GDPR for contract purposes or based on legitimate interests pursuant to Art. 6 (1) (f.) GDPR in the economic and effective operation of our business or if you have consented to the data transfer. If the Website is used for purely informational purpose, we generally do not disclose any data to third parties.

5. How long will my data be retained?

For security reasons (e.g. to investigate abusive or fraudulent activities) log-file information is retained for a maximum of four weeks and then deleted (see item 2 above). Data that must be retained further for evidential purposes are exempted from deletion until the respective incident has been finally clarified. If necessary, we process and retain your personal data for the duration of our business relationship, which also includes, for example, initiation and performance of a contract via the contact form or by e-mail. In addition, we are subject to various retention and documentation obligations, inter alia under the German Commercial Code (HGB) and the German Tax Code (AO). The deadlines for retention and documentation specified therein range from two to ten years. Finally, the retention period also depends on the statutory limitation periods, which for example, usually is 3 years according to Sec. 195 et seqq. of the German Civil Code (BGB), but in some cases may be as long as thirty years, with the standard limitation period being three years.

6. Are data transferred to a third country or to an international organization?

The provided data are processed within the European Union as well as in the case of Google Analytics, Twitter and Salesforce (see last two sections below for complete list) in the USA. Please note that in case of recipients of your data in countries without an adequacy decision by the Commission according to Art. 45 GDPR, as is the case with the USA, we either ensure that they are certified under the EU-U.S. Privacy Shield (such as e.g. Google) or that we have agreed on EU standard data protection clauses with such recipients. This is done to protect your data and to attain an adequate level of protection for your personal data. You have the option of obtaining a copy of, or perusing, the EU standard data protection clauses. If necessary, please contact us, using the contact details specified in item 1 above.

7. What are my data protection rights?

Each and every data subject has:

  • the right of access according to Art. 15 GDPR,
  • the right to rectification according to Art. 16 GDPR,
  • the right to erasure according to Art. 17 GDPR,
  • the right to restriction of processing according to Art. 18 GDPR and
  • the right to data portability under Art. 20 GDPR.
  • In addition, you may revoke consent in principle with effect for the future. You furthermore have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR in conjunction with Sec. 19 BDSG).

We would also like to note your right to object according to Art 21. GDPR:

Information about your right to object according to Art. 21 GDPR You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 (1) (e) GDPR (data processing in the public interest) and Art. 6 (1) (f) of the General Data Protection Regulation (data processing based on balancing of interests); this also includes profiling under these provisions within the meaning of Art. 4 No. 4 GDPR, which we use to analyze questionnaires or for advertising purposes. If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves the purposes of asserting, exercising or defending legal claims. In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is associated with such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for such purposes. Objections do not require a particular form and no costs are incurred, other than the transmission costs according to the basic tariffs. If possible, any objection should be addressed to:

Qunomedical GmbH Chausseestraße 8 10115 Berlin

or by e-mail to: dataprotection@qunomedical.com

8. To what extent do you apply automated individual decision-making, including profiling?

In principle, we do not use fully automated decision-making pursuant to Art. 22 GDPR as part of access to our Website or in the context of contact via form or by e-mail. Should we use such procedures in individual cases, we will notify you separately, if this is required by law. We do not process your data automatically with the objective of evaluating certain personal aspects (profiling).

9. Am I under any obligation to provide data?

On our Website, you must provide the personal data necessary for using our Website for technical or IT security reasons. You cannot use our Website, unless you provide the above-mentioned data. When contacting us via form or by e-mail, you only need to provide the personal data required to process your request. Otherwise we will be unable to process your request.

10. Cookies

Cookies are information transmitted from our web server or third-party web servers to the users' web browsers, where they are stored for later retrieval. Cookies are small files or other types of information storage. Cookies are used for security purposes or for the operation of our Website (e.g. for the optimal display of the website on different terminals) or to save your decision when confirming our cookie banner. We use "session cookies", which are stored only for the duration of the current visit to our Website and are an enabling factor for the use of our Website in the first place. A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the retention period. Session cookies are deleted at the latest when you have finished using our Website and close the browser. We will explain the use of cookies in the context of website tracking in the following section. If you do not want cookies to be stored on your computer, you may disable the corresponding option in your browser's system settings. Stored cookies may be deleted in the browser's system settings. Please note that disabling cookies may limit the functionality of this Website. You may object to the use of cookies for website tracking and advertising purposes through the network advertising initiative http://optout.networkadvertising.org/ or the American website http://www.aboutads.info/choices or the European website http: //www.youronlinechoices.com/uk/your-ad-choices/.

11. Google Analytics

Based on our legitimate interests, i.e. our interest in optimizing and economic operation of our Website, we use the web analytics service Google Analytics of Google Inc. ("Google"). The web analytics service Google Analytics uses cookies. The data generated by these cookies about the use of our Website usually are transmitted to a Google server in the USA and stored there. Google is certified under the EU-US Privacy Shield Agreement and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov). Google uses such data on our behalf to evaluate the use of our Website by our users, to compile reports on the activities on this Website and to provide us with further services related to the use of this Website. The processed data can be used to generate pseudonymous usage profiles. We use Google Analytics with activated IP anonymization. This means that the users' IP address is shortened by Google within the States that are party to the Agreement on the European Economic Area. The full IP address is sent to a Google server in the USA and shortened there in exceptional cases only. The IP address transmitted by the user's browser is not merged with other data provided by Google. Users may prevent the storage of cookies by setting their browser software accordingly; in addition, users may also prevent the collection of the data generated by the cookie and their transfer to Google as well as the processing of such data by Google, by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de. For more information about data processing by Google, settings and options to object, please visit the websites of Google at: https://www.google.de

12. Facebook Custom Audience Re-Targeting

Our website uses Facebook’s re-targeting technology Website Custom Audience operated by Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94394, USA („Facebook“). This tool permits our online visitors, who are Facebook members, to view relevant advertisement and offers for our services on the Facebook website. For this purpose our website contains Facebook re-targeting pixels, which permit Facebook to identify a member as a visitor of our website on the basis of pseudonymous date and use such information in order to display our advertisement or offers in the Facebook Ads network. This does not involve the collection of personally identifiably information and does therefore not enable us to identify you on Facebook. The pseudonymous data collected through the re-targeting pixels will not be connected with your Facebook user data. More information can be found on Facebook “Custom Audience” re-targeting and how you can adjust your settings at: https://www.facebook.com/settings/?tab=ads and https://www.facebook.com/about/privacy You can refuse Facebook Custom Audiences at: https://www.facebook.com/settings/?tab=ads= and http://www.youronlinechoices.com/de/praferenzmanagement/

13. Other services

On our website, we use third-party services as part of our legitimate interests within the meaning of Art. 6 (1) (f) GDPR, i.e. our interest in an optimal Website. The user's IP address is transmitted to such third-party providers. The IP address is technically required for the contents to be displayed. Third party providers may use so-called web pixels (invisible graphics, also referred to as "web beacons") for evaluation or marketing purposes. The web pixels can be used to evaluate information, such as the traffic of the Website. The third parties may store information in cookies on users' devices. We use the following third-party providers on our website:

  • Google-WebFonts, i.e. external fonts by Google, LLC., https://www.google.com/fonts. The integration of Google WebFonts is done by a server call on Google (usually in the USA). For Google's privacy policy, visit https://policies.google.com/privacy and an opt-out option is available at https://adssettings.google.com/authenticated.
  • Google Maps, provided by third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Its privacy policy is available at https://www.google.com/policies/privacy and an opt-out option is available at https://www.google.com/settings/ads/.
  • YouTube videos provided by third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For its privacy policy, visit https://policies.google.com/privacy and an opt-out option is available at https://adssettings.google.com/authenticated.
  • We include functions of Twitter in our Website. Twitter is offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The functions include the presentation of our contributions within Twitter on our Website, the link to our Twitter profile, and the ability to interact with Twitter posts and features. Twitter is certified under the Privacy Shield Agreement and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov). For Twitter's privacy policy visit https://twitter.com/de/privacy and an opt-out option is available at https://twitter.com/personalization.
  • Adroll Re-Targeting who uses technology including web beacons and cookies to collect data about our website usage and to improve the effectiveness of our marketing. Data recorded through the use of this technology is aggregated and shared with us. No personally identifiable information about you is collected or shared by AdRoll with us. More information on AdRoll’s re-targeting and how you can adjust your settings can be found at: https://www.adroll.com/about/privacy You can opt-out of AdRoll and their partners by visiting this link: https://app.adroll.com/optout/safari AdRoll is also a member of the Network Advertising Initiative (NAI) and adheres to the NAI Codes of Conduct. You may use the NAI opt out tool visiting this link: http://optout.networkadvertising.org/#!/
  • Pardot we use Pardot to analyze how visitors use the site. It uses javascript and cookies to identify site visitors, analyze email campaigns and track site forms. Anonymous visitor tracking information may be shared with other Pardot customers. For more information on Pardot cookies, visit http://help.pardot.com/customer/portal/articles/2125923-how-does-pardot-tack-activities
  • Bing tracking: if you came to our website through an advert on Bing, they can record certain related activity – as can Google (in the case of AdWords) and other third-party providers in some cases. This could include the monitoring of sent-off forms in order to measure the success of advertising methods. More information you can find here at Microsoft.
  • Picreel: https://www.picreel.com/
  • Cloudinary, the third-party provider Cloudinary Ltd. 111 W Evelyn Ave, Suite 206 Sunnyvale, CA 94086, USA. Photo data on our website are saved on the server of Cloudinary. Cloudinary allows us exclusive access to these data, which we use to present the photos on our website. Further information about the data protection policy and the protection of your privacy you can find at http://cloudinary.com/privacy and http://cloudinary.com/tos.
  • Functions of the Google+ service are integrated into our online offering. These functions are provided by the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you are logged in to your Google+ account, you can connect the content of our site with your Google+ profile by clicking on the Google+ button. This allows Google to associate your visit to our site with your user account. Please note that as the website providers, we receive no information about the content of the transferred data or their uses regarding Google+. Data protection declaration: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
  • Functions of the Instagram service are integrated into our online offering. These functions are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged in to your Instagram account, you can connect the contents of our site with your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit to our site with your user account. Please note that as the website providers, we receive no information about the content of the transferred data or their uses regarding Instagram. Data protection declaration: http://instagram.com/about/legal/privacy/.
  • Functions of the LinkedIn network are integrated into our online offering. The provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. For every request or retrieval for one of our pages which includes functions of LinkedIn, a connection to the servers of LinkedIn is created. LinkedIn will be informed that you have visited our Internet-site with your IP address. If you click the LinkedIn “Recommend” button while being logged in to your LinkedIn account, it is possible for LinkedIn to associate you and your visit to our website with your user account. Please note that as the website providers, we receive no information about the content of the transferred data or their uses regarding LinkedIn. Data protection declaration: https://www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
  • Functions of the service Twitter are integrated into our online offering. These functions are provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Through the use of Twitter and the “re-tweet” function, websites you have visited become linked with your Twitter account, and these can be seen by other users. In this way, data is transferred to Twitter. Please note that as the website providers, we receive no information about the content of the transferred data or their uses regarding Twitter. Data protection declaration from Twitter at http://twitter.com/privacy. You can adjust your data protection setting with Twitter in the account setting at http://twitter.com/account/settins.
  • Web-analysis and optimization is carried out with the help of the service Hotjar, the third-party provider Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe. With Hotjar, activity on the websites for which Hotjar applied can be monitored and analysed (heatmaps can also be established based on this activity). For example, it can be seen how far users scroll and which function buttons are clicked the most often. Furthermore, technical data such as the chosen language, system, screen resolution and browser type of the users can be detected. This way, at least a temporary profile of the users of our website be created. Moreover, it is possible with the help of Hotjar to elicit feedback directly from the users of our website. This is how we collect valuable information to help us make our website faster and more customer friendly. Data protection declaration: https://www.hotjar.com/privacy. Opt-Out: https://www.hotjar.com/opt-out.
  • Web-analysis and optimization is carried out with the help of the service Mixpanel, the third-party provider Mixpanel. To better understand how our customers use website, and in order to continuously improve it, we use the Tracking Tool from www.mixpanel.com: a web-analysis service from the provider Mixpanel. Cookies can be used in this context; these are small text files which are saved locally on the computer of the site visitors and which allow user recognition when users return to the site. Mixpanel Inc. gathers and saves user information to form pseudonym profiles. The pseudonym user-profiles are, in accordance with § 15 TelemedienG, not conflated with any individual-related data on the carrier of the pseudonym. You can stop and prevent the gathering and saving of this data for use in web-analysis with effect for the future at any time by deactivating the service by clicking “Yes, I would like to opt out” on the page https://mixpanel.com/optout/. Please note that in this case, a cookie will be put in place on your device that will ensure that no further data will be gathered or used. For this reason, you should not delete this cookie. Furthermore, we use Mixpanel to send you targeted push-notifications if you have agreed to them. If you no longer wish to receive notifications, you can deactivate them at any time in the app. You can view the Data Protection declaration (privacy policy) of Mixpanel here: https://mixpanel.com/terms. Mixpanel is certified under the Privacy Shield Agreement, which means Mixpanel guarantees to always comply with the Europen data protection laws. (https://www.privacyshield.gov/participant?id=a2zt0000000KzX1AAK&status=Active)
  • Web-analysis and optimization is carried out with the help of the service Pardot, the third-party provider Pardot, Pardot LLC, 950 E. Paces Ferry Rd. Suite 3300 Atlanta, GA 30326, USA. We use Pardot to evaluate how visitors use our website. It uses Javascript and Cookies to identify website users, to evaluate email campaigns and to track website forms. Anonymous user information can, therefore, possibly be shared with other Pardot customers. Further information about Pardot cookies you can find at the following URL: http://help.pardot.com/customer/portal/articles/2125923-how-does-pardot-tack-activities
  • Web-analysis and optimization are carried out with the help of the service Adroll, the third-party provider Adroll, 972 Mission St, 3rd Floor, San Francisco, CA 94103, USA. This allows for adverts to be targeted at Internet users who have already shown interest in our platform and our services. The effective insertions of ad-material can be made possible thanks to the concept of retargeting, which is a cookie-analysis of the previous user-behavior. Of course, this does not involve the saving of any identity-specific or personal data, and the use of the “retargeting” technology is carefully regulated by the existing legal data protection policies. You can learn more about the general data protection policy and data protection/privacy guidelines of Adroll and deny the anonymous analysis of your online behavior and activity at: (Opt-Out) http://www.adroll.com/about/privacy.
  • Web-analysis and advertising with Outbrain from the third-party provider Outbrain UK Ltd, 175 High Holborn, London WC1V 7AA, UK. If applicable, Outbrain is also used for pointing out the interesting content within our website and on the websites of third parties. Outbrain determines and displays recommendations for other articles or readings – this can be seen, for example, underneath an article you are reading – which which are based on content previously read by the user. For the adverts leading to this interest-based further content, Outbrain uses cookies, that are saved on the computer/device of the user. The advertised contents in the Outbrain widget are internally and technically controlled and delivered by Outbrain. The adverts for reading recommendations which are determined by Outbrain cookies are devised on an autonomous pseudonym basis: identity-specific or personal data of the user is not saved. The data collected and stored by Outbrain includes: device-source, browser type and an anonymised IP address of the user. To anonymize the IP address, the last octet of the IP address is removed in order to guarantee anonymity. More information about the data protection policy of Outbrain you can find at http://www.outbrain.com/de/legal/privacy. You can deny and stop the tracking used for creating adverts for suggested interest-based reading at any time; simply click on the button “Ablehnen” (“Decline”) (Opt-out) in the data protection proclamation of Outbrain which you can find at http://www.outbrain.com/de/legal/privacy.
  • Web-analysis and video recommendation with Taboola, The third-party provider, Taboola Inc. Aldgate House, 33 Aldgate High St, London EC3N 1DL, UK. Using cookies, Taboola can ascertain what video content you use and your movements on our website. In this regard, device-specific data as well as protocol data can be gathered and user profiles under pseudonym names are created. These user-profiles are not conflated with the data about the carrier of the pseudonyms and cannot lead to the revealing or sharing of your personal data. More information about Taboola and the possibilities of deactivating the use or applications of Taboola you can find at https://www.taboola.com/privacy-policy.
  • Web analysis and Tracking with Ad Up, the third-party provider Ad Up, a technology and service provider of the Axel Springer Teaser Ad GmbH (Axel-Springer-Straße 65, 10969 Berlin), (Mehr Informationen: https://www.casamundo.de/info/sicherheit-datenschutz-bei-casamundo?xd=9gvw0m_d#ee1f7dae). Through the collection of anonymized and/or pseudonym data, Ad Up is subsequently able to produce interest-based, targeted advertisements on websites for a certain time. Ad Up puts cookies in place in order to be able to offer advertisers a so-called Conversion-Tracking tool, which can determine the effectiveness of their adverts and keywords. More information about the data protection policy of the Axel Springer Teaser Ad GmbH you can find under https://www.adup-tech.com/datenschutz. There, you will find the “op-out-cookie aktivieren (activate)” button, which gives you the opportunity to opt out of cookies being created by the company in your browser and to, therefore, deactivate the application of Ad Up in your browser.
  • The sending of emails with help from ActiveCampaign: for the manual and automatic sending of emails, we use the email marketing provider Active Campaign, Chicago, USA. ActiveCampaign is certified by the Privacy Shield Agreement and gives a guarantee that it will always comply with European data-protection laws. (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active)
  • Email marketing and web-analysis with across, the third-party provider across s.r.l., sede legale: via Lagrange 35, 10123 Turin, Italy. The processing of data is carried out in order to enable the activation of our offered services; this can mean the data are used for the sending of messages and updates (also per E-post) in the name of the third-party, other customers or purchasers/customers; the data can also be used for purposes of market analysis and statistics: marketing and preferences; data can be used to serve the purposes of targeted market promotion from across. More information you can find here: http://across.it/
  • For Websites and Advertising campaigns (landing pages), we use the services of unbounce, the third-party provider unbounce Marketing Solutions Inc., 400-401 West Georgia Street, Vancouver, BC, Canada, V6B 5A1. These pages are hosted by unbounce, meaning the user’s browser communicates directly with unbounce so that the IP address of the user is transmitted and cookies can be implemented. All entries made by the user on these pages are saved by unbounce. The nexum AG company is subsequently given a access to an evaluation of the activity on these pages. Further information about unbounce and the data protection policy of unbounce can be found here: http://unbounce.com/privacy/

Last updated: June, 11th 2018