With the following information, we would like to give you, as a “data subject,” an overview of how we process your personal data and your rights under data protection laws. Using our website is basically possible without the input of personal data. However, if you wish to use special services of our clinic via our website, the processing of personal data may become necessary.
If the processing of personal data is required and there is no legal basis for such processing, we will in general obtain your consent.
The processing of personal data — e.g. your name, address, or email address — always takes place in accordance with the General Data Protection Regulation (GDPR) and in compliance with the state-specific data protection regulations applicable to LIMES Schlossklinik Bergisches Land GmbH. Through this privacy policy, we wish to inform you about the scope and purpose of the personal data we collect, use, and process.
We, as the controller, have implemented numerous technical and organizational measures to ensure the most comprehensive protection possible for the personal data processed via this website. Nevertheless, internet-based data transmissions can generally have security vulnerabilities, so absolute protection cannot be guaranteed.
For this reason, you are free to transmit personal data to us by alternative means, such as by telephone or by post.
You may also take simple and easily implementable measures to protect yourself against unauthorized access by third parties to your data. Thus, we would like to offer you some tips here on the secure handling of your data:
The controller in terms of the GDPR is:
LIMES Schlossklinik Bergisches Land GmbH
Heiligenhoven 1, 51789 Lindlar, Germany
Email: kontakt@skbl.limes.care
Representative of the controller: Dr. Gert M. Frank
You can reach the data protection officer as follows:
Bernd Kircher
Phone: 066196090636
Email: kircher@datenschutz-kanzlei.com
You may contact our data protection officer at any time with questions or suggestions regarding data protection.
This privacy policy is based on the terminology used by the European legislature when issuing the General Data Protection Regulation (GDPR). Our privacy policy is intended to be readable and understandable both for the general public and for our customers and business partners. To ensure this, we will first explain the terminology used.
Personal data are all information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, especially by assignment to an identifier such as a name, an identification number, location data, an online identifier, or one or more special characteristics reflecting the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.
A data subject is any identified or identifiable natural person whose personal data is processed by the controller (our clinic).
Processing is any operation or set of operations performed on personal data, whether or not by automated means, such as collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, distributing or otherwise making available, aligning or combining, restricting, erasing, or destroying.
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
Profiling is any form of automated processing of personal data that involves using personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movement of that natural person.
Pseudonymization is the processing of personal data in such a manner that the personal data cannot be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
A processor is a natural or legal person, authority, institution or other body which processes personal data on behalf of the controller.
A recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, whether a third party or not. Authorities which may receive personal data in the course of a particular inquiry under Union or Member State law are not considered recipients.
A third party is a natural or legal person, authority, institution or other body other than the data subject, the controller, the processor and persons who, under the direct authority of the controller or the processor, are authorized to process personal data.
Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of personal data relating to them by a statement or by a clear affirmative action.
Art. 6 (1) lit. a GDPR (in conjunction with § 25 (1) TTDSG) constitutes the legal basis for processing operations for which we obtain consent for a specific purpose.
If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, such as in the case of processing operations required for the delivery of goods or the provision of a service, the processing is based on Art. 6 (1) lit. b GDPR. The same applies to processing operations necessary for the implementation of pre-contractual measures, e.g. in the context of inquiries about our services.
If our company is subject to a legal obligation requiring the processing of personal data (e.g. for compliance with tax obligations), the processing is based on Art. 6 (1) lit. c GDPR.
In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person (Art. 6 (1) lit. d GDPR). This would occur, for example, if a visitor were injured in our facility and their name, age, health insurance data or other vital information needed to be passed on to a doctor, hospital or other third party.
Finally, processing operations may be based on Art. 6 (1) lit. f GDPR. This legal basis applies to processing operations not covered by the above legal bases if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, rights and freedoms of the data subject are not overridden. The European legislator expressly provided for such a legal basis. A legitimate interest may be assumed, for example, when you are a customer of our company (Recital 47, sentence 2 GDPR).
Disclosure of your personal data to third parties — apart from the ones listed below — does not take place. We pass on your personal data only if:
To protect your data and to possibly enable disclosure to third countries (outside the EU / EEA), we have concluded data processing agreements on the basis of the Standard Contractual Clauses of the European Commission. If the standard contractual clauses are not sufficient to ensure an adequate level of security, your consent (Art. 49 (1) lit. a GDPR) may serve as a legal basis for transfer to third countries, unless an adequacy decision by the European Commission under Art. 45 GDPR applies.
Disclosure of personal data to third parties beyond the described processing operations does not take place.
In the course of the processing operations described in this privacy policy, personal data may be transferred to the USA. The USA do not have an adequate level of data protection (according to the Schrems II ruling). In particular, U.S. enforcement agencies may require U.S. companies to disclose personal data without effective judicial recourse. We have no influence over these processing activities. To protect your data, we have concluded data processing agreements based on the Standard Contractual Clauses of the European Commission. If the standard contractual clauses do not suffice to ensure an adequate level of security, your consent (Art. 49 (1) lit. a GDPR) may serve as a legal basis for transfer to third countries. This may sometimes not apply for data transfers to third countries for which the European Commission has adopted an adequacy decision.
This site uses SSL / TLS encryption to ensure the security of data processing and to protect the transfer of confidential content (such as orders, login data, or contact requests) you send to us. You can recognize a secure connection by “https://” instead of “http://” in your browser’s address line and by the padlock symbol. We use this technology to protect the data you transmit.
When using our website for informational purposes only — i.e. if you do not register or otherwise submit information — we collect only the data that your browser transmits to our server (in so-called “server log files”). Each time a page on our website is accessed by you or an automated system, a number of general data and information are recorded and stored in the server log files.
The data collected may include:
We do not draw conclusions about your person from this data. Instead, these data and information are needed to:
These collected data and information are evaluated on the one hand statistically and on the other hand with the aim of increasing data protection and data security in our clinic, to ultimately ensure an optimal level of protection for the personal data we process. The data from server log files are stored separately from all personal data submitted by a data subject.
The legal basis for data processing is Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes listed above for data collection.
Cookies are small files that your browser automatically creates and that are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our site. In the cookie, information is stored which arises from the connection with the specific end device used. However, this does not mean that we thereby immediately gain knowledge of your identity.
We use cookies to make use of our offer more comfortable for you. Thus, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted when you leave our site.
Moreover, we also use temporary cookies to optimize user-friendliness, which remain stored on your device for a certain, fixed period. If you visit our site again to use our services, it is automatically recognized that you have already visited and which entries and settings you have made so that you do not have to re-enter them.
We also use cookies to capture the use of our website statistically and to evaluate our offer for optimization. These cookies allow us to automatically recognize that you have already visited this website. The cookies set for this purpose are automatically deleted after a specified time. The storage duration of the cookies can be derived from the settings of the consent tool used.
The data processed by cookies that are necessary for the proper functioning of the website are required to safeguard our legitimate interests and those of third parties (Art. 6 (1) lit. f GDPR).
For all other cookies, you have given consent via our opt-in cookie banner in accordance with Art. 6 (1) lit. a GDPR.
We use the consent management platform “Klaro” from KIProtect GmbH, Bismarckstr. 10-12, 10625 Berlin. This service allows us to obtain and manage users’ consent to data processing on our website.
The consent manager logs data generated by end users using our website. When an end user grants consent, the following data are automatically recorded by the consent manager:
The consent status is also stored in the user’s browser so that the website can automatically read and respect the user’s consent in all subsequent page requests and user sessions for up to 12 months.
Consent data (consent and revocation) are stored for three years. The retention period corresponds to the regular statute of limitations under § 195 BGB. The data are then deleted immediately.
The functionality of the website is not guaranteed without the processing described herein. The user has no means of objection as long as there is a legal obligation to obtain the user’s consent for certain processing operations (Arts. 7 (1), 6 (1) sentence 1 lit. c GDPR).
The consent manager is a recipient of your personal data and acts as a processor for us. The data processing takes place exclusively within the European Union.
Detailed information about the use of the consent manager can be found at: https://heyklaro.com/de/ressourcen/datenschutz
When contacting us (e.g. via contact form or email), personal data are collected. Which data are collected in the case of a contact form is evident from the respective form. These data are stored and used only for the purpose of answering your inquiry or for contacting you and the associated technical administration.
The legal basis for processing the data is our legitimate interest in answering your inquiry (Art. 6 (1) lit. f GDPR). If your contact is aimed at concluding a contract, then an additional legal basis is Art. 6 (1) lit. b GDPR.
Your data will be deleted after final processing of your inquiry — i.e. once the matter can be considered definitively resolved — unless legal retention obligations prevent deletion.
We collect and process personal data of applicants for the purpose of managing the application process. Processing may also take place electronically, e.g. if an applicant submits relevant application documents electronically (by email or via a web form). If we enter into an employment or service contract with an applicant, the submitted data will be stored for the purpose of carrying out the employment relationship in accordance with legal provisions. If we do not conclude a contract with the applicant, the application documents will be automatically deleted two months after notifying rejection, unless a deletion is prevented by other legitimate interests (e.g. evidence obligations under the General Equal Treatment Act).
The legal basis for processing your data is Art. 88 GDPR in conjunction with § 26 (1) BDSG.
If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers of similar goods or services via email. For this, we do not need separate consent under § 7 (3) UWG. The processing is carried out solely on the basis of our legitimate interest in personalized direct advertising (Art. 6 (1) lit. f GDPR). If you initially objected to use of your email for this purpose, no further mailings will be sent. You have the right to object at any time with future effect via a communication to the controller. Only transmission costs according to base rates will be incurred by you. Upon receiving your objection, we will immediately cease using your email address for advertising.
Our email newsletter is sent using the technical service provider The Rocket Science Group, LLC d/b/a MailChimp (675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA), to whom we forward the data you provided during newsletter registration. This forwarding is done as part of a processing agreement. Please note that your data is generally transferred to a MailChimp server in the USA and stored there.
MailChimp uses this information for sending and for statistical evaluation of the newsletter on our behalf. The sent emails include web beacons or tracking pixels (1-pixel image files) stored on our website, which allow determining whether a newsletter email has been opened and which links possibly clicked. Technical information is also collected, e.g. time of retrieval, IP address, browser type and operating system. The data are collected pseudonymously and are not linked to your further personal data. Direct personal attribution is thus excluded. These data are used only for statistical analysis of newsletter campaigns. The results of these analyses may be used to better tailor future newsletters to recipients’ interests.
If you object to data analysis for statistical purposes, you must unsubscribe from the newsletter.
You may revoke the consent you have given at any time. You may also prevent storage of cookies by appropriate settings of your browser. By disabling JavaScript or installing a JavaScript blocker (e.g. https://noscript.net or https://www.ghostery.com), you can prevent the storage and transmission of personal data. Note that these measures may mean that not all functions of our website are available.
Furthermore, MailChimp may itself use the data in accordance with Art. 6 (1) lit. f GDPR on the basis of its own legitimate interest in service optimization and market research, for example to determine from which countries recipients come. However, MailChimp does not use the data to send messages to individuals itself or to forward it to third parties.
To protect your data in the USA, we have entered into a data processing agreement (“Data-Processing Agreement”) with MailChimp based on the Standard Contractual Clauses of the European Commission. The agreement can be viewed under: https://mailchimp.com/legal/forms/data-processing-agreement/.
You can view MailChimp’s privacy policy here: https://mailchimp.com/legal/privacy/
In order to communicate with you via social networks and inform you about our services, we operate our own pages there. When you visit one of our social media pages, we are jointly responsible, in terms of Art. 26 GDPR, with the provider of the respective social media platform for the data processing triggered thereby. We are not the original provider of these pages but use them only within the possibilities offered by the respective providers.
Therefore, we point out in advance that your data may also be processed outside the European Union or the European Economic Area. Use may thus involve privacy risks, since asserting your rights (e.g. access, deletion, objection) may be more difficult, and the processing in social networks is often done directly for advertising purposes or to analyze user behavior by the providers, without our ability to influence it.
The processing operations described are carried out pursuant to Art. 6 (1) lit. f GDPR on the basis of our legitimate interest and the respective provider’s legitimate interest in communicating or informing you in a modern way. If the providers require you to give consent to data processing as a user, the legal basis is Art. 6 (1) lit. a GDPR in conjunction with Art. 7 GDPR.
Since we have no access to the providers’ data holdings, we recommend that you exercise your rights (e.g. access, correction, deletion, objection) directly with the provider concerned.
Below we list further information about data processing in the social networks we use:
(Co-)responsible for data processing in Europe:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy Policy: https://www.facebook.com/about/privacy
(Co-)responsible in Germany:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy Policy: https://instagram.com/legal/privacy/
(Co-)responsible for data processing in Europe:
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Privacy Policy: https://www.linkedin.com/legal/privacy-policy
(Co-)responsible for data processing in Europe:
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland
Privacy Policy: https://twitter.com/de/privacy
Data requests for your data: https://twitter.com/settings/your_twitter_data
(Co-)responsible for data processing in Europe:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy Policy: https://policies.google.com/privacy
(Co-)responsible for data processing in Germany:
New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung
Data disclosure for XING members: https://www.xing.com/settings/privacy/data/disclosure
We use Google Analytics 4 (GA4), a web analytics service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).
In this context, pseudonymized usage profiles are created and cookies (see “Cookies” section) are used. The information generated by the cookie about your use of this website may include:
The pseudonymized data may be transferred to and stored by Google on a server in the USA.
The information is used to evaluate website usage, compile reports on website activity, and provide further services connected to website usage and internet usage (e.g. market research and demand-based design of the pages). The information may also be transferred to third parties insofar as this is legally required or third parties process the data on behalf of Google. These processing operations occur only with your explicit consent (Art. 6 (1) lit. a GDPR).
The default storage period set by Google is 14 months. In general, personal data will be retained as long as necessary to fulfill the processing purpose; the data is deleted once this purpose is no longer applicable.
Google LLC, as a U.S. company, is certified under the EU–US Data Privacy Framework, and thus an adequacy decision under Art. 45 GDPR applies, meaning personal data may be transferred to the U.S. without additional safeguards.
For further information on data protection when using GA4, see: https://support.google.com/analytics/answer/12017362?hl=de
We have integrated Google Ads on this website. The operator of the Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads is an internet advertising service that allows advertisers to place ads either in Google search results or in the Google advertising network. Advertisers can specify certain keywords in advance so that ads are shown when a user enters a relevant keyword. In the Google advertising network, ads are distributed across topic-relevant websites using an algorithm, taking the previously specified keywords into account.
If you arrive on our website via a Google ad, a conversion cookie will be placed on your device. A conversion cookie expires after 30 days and is not used for your identification. The cookie allows tracking whether a user who came to our site via a Google ad subsequently completed or abandoned a transaction (e.g. shopping cart).
The information collected using the conversion cookie is processed by Google to generate visit statistics for our website. These statistics are used by us to determine how many users were referred via ads, and to optimize our ads for the future. Neither our company nor other advertisers receive identifying information.
Through the use of the conversion cookie, personal information, such as the visited pages of our website, is stored. On each visit to our pages, personal data, including your IP address, is transmitted to Google in the USA. This data is stored there. In some cases, Google may pass on such data to third parties.
These processing operations occur only with your explicit consent (Art. 6 (1) lit. a GDPR). Google LLC is certified under the EU–US Data Privacy Framework (as noted above), meaning an adequacy decision under Art. 45 GDPR allows transfer of personal data to the U.S. without additional safeguards.
You can find additional information and data protection provisions from Google under: https://www.google.de/intl/de/policies/privacy/
To support the legitimate interests of the XYZ group (Art. 6 (1) lit. f GDPR) in optimizing the marketing and sales presence of our corporate headquarters and subsidiaries, it may be necessary to share certain personal data within the group. This concerns in particular contact data, information about your interests and your usage of our products and services.
On this website we use the Google Tag Manager service. The operator of Google Tag Manager is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Through this tool, “website tags” (i.e. keywords embedded in HTML elements) can be managed and deployed via an interface. The Tag Manager allows automated tracking of which button, link, or personalized image you clicked and records which content of our website is particularly interesting to you. The Tag Manager does not access the data itself. If you deactivate tracking at the domain or cookie level, this remains in effect for all tags implemented through Google Tag Manager.
These processing operations occur only with your explicit consent (Art. 6 (1) lit. a GDPR). More information on Google Tag Manager and its privacy policy can be viewed at: https://www.google.com/intl/de/policies/privacy/
We use the tool “Microsoft Teams” (“MS Teams”) for communication (chat, phone conferences, online meetings, video conferences). The operator is Microsoft Ireland Operations Ltd., 70 Sir John Rogerson’s Quay, Dublin, Ireland, part of the Microsoft group based in Redmond, Washington, USA.
When using MS Teams, the following personal data is processed:
To enable video and audio, data from your device’s microphone and camera are processed. You may deactivate the camera or microphone at any time via the Teams applications.
If consent is requested, processing is done only based on Art. 6 (1) lit. a GDPR. In the context of an employment relationship, processing is based on § 26 BDSG. For contract-related use, the legal basis is Art. 6 (1) lit. b GDPR. In other cases, the legal basis is Art. 6 (1) lit. f GDPR, where we have a legitimate interest in conducting meetings effectively.
If recordings are made, we will inform you before the meeting and ask for your consent if required. You may leave the meeting if you do not agree.
As a cloud-based service, MS Teams processes the data in relation to Microsoft’s legitimate business operations. Insofar as Microsoft processes personal data independently, it acts as a separate data controller. If you visit Microsoft’s Teams website, Microsoft is responsible for data processing there. Detailed privacy information about Microsoft Teams is available at: https://docs.microsoft.com/de-de/microsoftteams/teams-privacy
Our site includes plugins from the video portal Vimeo (Vimeo, LLC, 555 West 18th Street, New York, NY, USA). When you access a page of our site containing such a plugin, your browser establishes a direct connection to Vimeo’s servers. The plugin content is delivered directly by Vimeo and embedded in your browser. By doing this, Vimeo receives the information that your browser has accessed the corresponding page, even if you do not have or are not logged into a Vimeo account. The information (including your IP address) is transmitted directly from your browser to a Vimeo server in the USA and stored there.
If you are logged into Vimeo, Vimeo can directly assign the visit to your Vimeo account. If you interact with the plugin (e.g. pressing the play button), this information is also transmitted and stored.
If you do not want Vimeo to assign data collected through our website to your Vimeo account, you should log out of Vimeo before visiting our website.
For videos on our site, Vimeo’s own tracking is automatically integrated. We have no influence over that. Google Analytics also uses cookies for Vimeo video tracking — again, we cannot control that.
These processing operations occur only with your explicit consent (Art. 6 (1) lit. a GDPR).
Vimeo’s privacy policy can be viewed at: https://vimeo.com/privacy
We integrate components from YouTube. The operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA, USA, and YouTube is a subsidiary of Google Ireland Limited. If you are logged into YouTube while visiting a page on our site containing a YouTube video, YouTube/Google can recognize which page you visited. These data are collected by Google and YouTube, and assigned to your YouTube account.
This occurs independently of whether you click the video or not.
If you don’t want such data transfer or assignment, you must log out of YouTube before visiting our site.
These processing operations occur only with your explicit consent (Art. 6 (1) lit. a GDPR).
YouTube’s privacy policy can be viewed at: https://www.google.de/intl/de/policies/privacy/
You have the right at any time to obtain from us free information about the personal data stored about you as well as a copy thereof, subject to legal restrictions.
You have the right to request correction of incorrect personal data concerning you. You also have the right to request completion of incomplete personal data, considering the purposes of processing.
You have the right to request that we delete personal data concerning you without delay, provided one of the legally permissible grounds applies and processing or storage is no longer required.
You have the right to request restriction of processing under certain legal conditions.
You have the right to receive personal data concerning you, which you provided to us, in a structured, commonly used, machine-readable format. You have the right to transmit these data to another controller without hindrance from us, provided processing is based on consent (Art. 6 (1) lit. a) or Art. 9 (2) lit. a) or a contract (Art. 6 (1) lit. b) and the processing is done by automated means, unless retention is required by public interest or exercise of official authority.
You have the right to object at any time to processing of personal data concerning you which is based on Art. 6 (1) lit. e (public interest) or f (legitimate interests). This also applies to profiling based on these provisions. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or the data is required for the assertion, exercise or defense of legal claims.
In individual cases, we may process personal data for direct advertising. You may object to processing for such purposes at any time. This also applies to profiling insofar as it is related to direct advertising. If you object, we will stop processing the personal data for these purposes.
You also have the right to object to processing for scientific, historical research or statistical purposes under Art. 89 (1) GDPR, unless such processing is necessary for performing a task carried out in the public interest.
You may exercise your objection right using automated procedures (where technically feasible), regardless of the Directive 2002/58/EC.
You have the right to withdraw your consent to processing of personal data at any time, with effect for the future.
You have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data.
We process and store your personal data only for as long as the retention period required to achieve the processing purpose or as prescribed by applicable laws. Once the purpose ceases to apply or a statutory retention period expires, personal data are routinely blocked or deleted in compliance with legal requirements.
The criterion for the duration of storage is the respective statutory retention period. After the period expires, the relevant data are routinely deleted, provided that they are no longer needed for contract performance or contract initiation.
This privacy policy is currently valid and has effect as of: October 2022.
Due to further development of our websites and offerings or changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The current version can always be accessed and printed at https://www.limes-schlossklinik-bergisches-land.de/datenschutz/
This privacy policy was created with the support of the data protection software: Kircher Datenschutz-Board.