Datenschutzverordnung

1. Introduction

The following information is intended to provide you, as a data subject, with an overview of our processing of your personal data and your rights under data protection legislation. In general, it is possible to use our website without providing any personal data. However, there may be instances where the processing of personal data is necessary in order for you to take advantage of certain services provided by our company through our website. If it is necessary to process personal data and if there is no legal basis for such processing, we will, as a general rule, ask for your consent.

The processing of personal data, such as your name, address or e-mail address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to Nordstrahl. This privacy policy is provided to inform you about the scope and purpose of the personal data we collect, use and process.

As the controller, we have implemented a number of technical and organizational measures to ensure that the personal data processed through this website is protected as completely as possible. However, data transmission over the Internet may be subject to security vulnerabilities, meaning that absolute protection cannot be guaranteed. For this reason, you are free to provide us with personal data by other means of communication, such as by telephone or mail.

2. Controller

The controller within the meaning of GDPR is:

Nordstrahl MVZ GmbH
Radiotherapy practice
Prof.-Ernst-Nathan-Str. 1, 90419 Nuremberg, Germany
Phone: +49 (0)911 933560
Fax: +49 (0)911 9335699
E-mail: info@nordstrahl.de

Representative of the controller: Dr. Irina Bosancu

3. Data protection officer

You may contact the data protection officer as follows:
Mirjam Elkhader-Leeb
E-mail: leeb@nordstrahl.de

If you have any questions or suggestions regarding data protection, please contact our data protection officer directly at any time.

4. Definitions

The privacy policy is based on the terms used by the European legislative and regulatory authority for the adoption of the General Data Protection Regulation (GDPR). We want our privacy policy to be easy for the public to read and understand, as well as for our customers and business partners. To ensure this, we would like to explain some of the terminology we use.

The terms we use in this privacy policy include the following:

1. Personal data
Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).

3. Processing
Processing is any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4. Restriction of processing
Restriction of processing is the marking of stored personal data to limit their processing in the future.

5. Profiling
Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

6. Pseudonymization
Pseudonymization is the processing of personal data in a way that ensures that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

7. Processor
A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

8. Recipient
A recipient is a natural or legal person, public authority, agency or another body to whom the personal data are disclosed, whether that person or body is a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or member state law are not regarded as recipients.

9. Third party
A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

10. Consent
Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes in which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

5. Lawfulness of processing

Art. 6 para. 1 lit. a) GDPR (in connection with § 25 (1) Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz – TDDDG (formerly Telekommunikation-Telemedien-Datenschutzgesetz – TTDSG)) serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose.

If processing of personal data is necessary for the fulfilment of a contract to which you are a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 para. 1 lit. b) GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in the case of enquiries regarding our products or services.

If our company is subject to a legal obligation that requires the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 para. 1 lit. c) GDPR.

In rare cases, processing of personal data may be necessary for the protection of the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises and the visitor’s name, age, health insurance information or other vital information needed to be provided to a doctor, hospital or other third party. The processing would then be based on Art. 6 para. 1 lit. d) GDPR.

Finally, processing operations may be based on Art. 6 para. 1 lit. f) GDPR. This legal basis is used for processing operations that are not covered by any of the aforementioned legal bases and where processing is necessary for the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. We are permitted to carry out such processing operations because they have been specifically included by the European legislator. In this respect, the legislature took the view that a legitimate interest can be assumed if you are a customer of our company (Recital 47 Sentence 2 GDPR).

6. Transfer of personal data to third parties

Your personal data will not be transferred to third parties for any purposes other than those listed below.

We only disclose your personal data to third parties if:
1. You have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a) GDPR;
2. The disclosure pursuant to Art. 6 para. 1 lit. f) GDPR is permissible to safeguard our legitimate interests and there is no reason to assume that you have an overriding interest in not disclosing your data that is worthy of protection;
3. In the event that disclosure pursuant to Art. 6 para. 1 lit. b) GDPR is required for the processing of contractual relationships with you.

Personal data may be transferred to the USA in the course of the processing operations described in this privacy policy. Companies in the USA only provide an adequate level of data protection if they are compliant with the EU-US Privacy Framework, and thus the adequacy decision of the EU Commission pursuant to Art. 45 GDPR applies. We have explicitly stated this in the privacy policy for the service providers concerned. To protect your data in all other cases, we have entered into data-processing arrangements based on the European Commission’s standard contractual clauses. If the standard contractual clauses are not sufficient to establish adequate protection, your consent pursuant to Art. 49 para. 1 lit. a) GDPR may serve as the legal basis for transfers to third countries. This may not apply to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.

7. Technology

7.1 Data collection when visiting the website
If you use our website for information purposes only, do not register or otherwise provide us with information or do not give your consent to processing that requires your consent, we will collect only the information that is technically necessary to provide the service. This is data that your browser transmits to our server on a regular basis (in what are called server log files). Our website collects a range of general data and information each time you or an automated system accesses a page. These general data and information are stored in the server log files. The following may be recorded:

Browser type and version used
The operating system used by the system accessing the website
The website from which an accessing system is directed to our website (called the referrer)
The subpages of our website that are accessed by a system
The date and time of access to the website
An Internet protocol address (IP address)
The accessing system’s Internet service provider

We do not use this general data and information to draw any conclusions about you as an individual. Rather, this information is required for us to:

Correctly provide the content of our website;
Optimize the content of our website for users;
Ensure the long-term functionality of our IT systems and the website technology; and
Provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.

We therefore evaluate this collected data and information both statistically and with the aim of increasing data protection and data security in our company, to ultimately ensure the highest level of protection for the personal data we process. The server log file data are stored separately from all personal data provided by a data subject.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. The data collection purposes listed above constitute our legitimate interest.

8. Cookies

8.1 General information on cookies
Cookies are small files that your browser automatically creates and stores on your IT system (laptop, tablet, smartphone, etc.) when you visit our website.

A cookie stores information derived from the context of the specific device being used. However, this does not mean that we will immediately become aware of your identity.

Cookies are used to collect statistical information about how people are using our website and to help us evaluate our offer to you so we can optimize it. Cookies set in this way are automatically deleted after a set period of time. Please refer to the settings of the consent tool used to find out how long your cookies are stored.

8.2 Legal basis for the use of cookies
The data processed by cookies, which are required for the proper functioning of the website, are therefore necessary to safeguard our legitimate interests and those of third parties in accordance with Art. 6 para. 1 lit. f) GDPR.

For all other cookies, you have given your consent to them via our opt-in cookie banner within the meaning of Art. 6 para. 1 lit. a) GDPR.

8.3 Borlabs Cookie uses cookies to collect data generated by end users who access our website.

Without the processing described above, the website is not guaranteed to work properly. The user has no right to object as long as there is a legal obligation to obtain their consent to certain data-processing operations (Art. 7 para. 1, 6 para. 1 sentence 1 lit. c) GDPR).

9. Contents of our website

9.1 Domenico reception desk use
When you contact our Domenico online reception desk (e.g., via contact form or e-mail, chat function, appointment booking, etc.), personal data is collected. The type of information collected when you use a contact form is clear from the contact form. This information will only be stored and used for the purpose of responding to your enquiry or to contact you and for the technical administration involved. The legal basis for processing the data is our legitimate interest in responding to your request, in accordance with Art. 6 para. 1 lit. f) GDPR. The legal basis for processing is Art. 6 para. 1 lit. b) GDPR.

By entering your details, you are automatically giving your consent to this.

10. Your rights as a data subject

10.1 Right to confirmation
You have the right to request confirmation from us as to whether personal data concerning you is being processed.

10.2 Right to access – Art. 15 GDPR
You have the right to receive from us at any time, free of charge, information about the personal data stored about you and a copy of this data, in accordance with the statutory provisions.

10.3 Right to rectification – Art. 16 GDPR
You have the right to request that any inaccurate personal data concerning you be rectified. You also have the right to request to complete incomplete personal data, taking into account the purposes of processing.

10.4 Erasure – Art. 17 GDPR
You have the right to demand that we erase your personal data without undue delay, if one of the reasons provided for by law applies and insofar as the processing or storage is not necessary.

10.5 Restriction of processing – Art. 18 GDPR
You have the right to demand that we restrict processing if one of the legal requirements applies.

10.6 Data portability – Art. 20 GDPR
You have the right to receive the personal data concerning you that you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us (the party to whom the personal data have been provided), where the processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Art. 20 para. 1 GDPR, you have the right for your personal data to be transferred directly from one controller to another controller, insofar as this is technically feasible and provided that this does not adversely affect the rights and freedoms of others.

10.7 Objection – Art. 21 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you when the processing is based on Article 6 para. 1 lit. e) (data processing in the public interest) or f) (data processing on the basis of a balancing of interests) of the GDPR.

This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds to do so that override your interests, rights and freedoms or if the processing serves the establishment, exercise or defense of legal claims.

You also have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you that we carry out for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR, unless such processing is necessary for the fulfilment of a task carried out in the public interest.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

10.8 Revocation of consent under data protection law
You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

10.9 Complaint to a supervisory authority
You have the right to lodge a complaint with a supervisory authority responsible for data protection about our processing of personal data.

11. Routine storage, erasure and blocking of personal data

We process and store your personal data only for the period of time required to achieve the purpose of the storage or if the storage is covered under the legal provisions to which our company is subject.

If the storage purpose no longer applies or if a prescribed storage period expires, the personal data will be routinely blocked or erased in accordance with the statutory provisions.

12. Duration of storage of personal data

The applicable statutory retention period determines the duration of storage of personal data.

13. Updating and amending the privacy policy

This privacy policy is current and has the following status: October 2024.

It may become necessary to amend this privacy policy as a result of further development of our website and services or due to changes in legal or regulatory requirements. You can access and print out the current privacy policy at any time on the website at https://www.zap-x-nue.de/datenschutzerklaerung.
This privacy policy was created using data protection software: audatis MANAGER.