Privacy Policy

For primekliniks, the protection of personal data is of utmost priority. Therefore, we would like to inform you here about how we protect your privacy on www.primekliniks.de when you provide us with your personal data. In addition to complying with the applicable data protection laws in Germany, we are committed to handling your data responsibly with these guidelines so that your privacy is protected at all times. It is important to us that you feel secure when visiting our websites. If you have any further questions regarding the collection and processing of your personal data or specific processes, our data protection officer is available for further inquiries using the contact options provided below.

Responsible Entity

1.1 Name and Address of the Controller

The controller as defined in Article 4(7) of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection regulations is:

primekliniks UG (haftungsbeschränkt)

Lilienthalstraße 5

64347 Griesheim

Germany

Registration Number: HRB 105690,

Local Court (Amtsgericht) Darmstadt

Contact: Lilienthalstraße 5,

64347 Griesheim

Email: info@primekliniks.de

1.2 Name and Address of the Data Protection Officer

For any questions regarding the collection and processing of your personal data, you can contact our Data Protection Officer at the following addresses:

By Email: info@primekliniks.de By Mail: primekliniks UG (limited liability) Data Protection Officer Olimpia Best Lilienthalstraße 5 64347 Griesheim

General Notes on the Use of the Website "primekliniks.de"

The use of this website is generally possible anonymously. When you access the website, information of a general nature is automatically collected. This information includes, for example, the type of web browser, operating system used, the domain name of your internet service provider, and similar data. These are solely information that does not allow any conclusions to be drawn about your person. Such data is generated when accessing any other website on the internet or app content and is not a specific function of our website. Information of this kind is collected exclusively in anonymized form and statistically evaluated by us.

We only store your personal data if you provide it to us. For instance, we need data such as your name and email address in order to respond to your application, see also Section 2.4. The personal data collected in this way is used exclusively for the purpose for which you provided it to us, particularly within the context of displaying a comment under the name you entered.

Details of the procedures:

2.1 Provision of the Website primeklinik.de and Creation of Log Files

2.1.1 Description and Scope of Data Processing

Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing device. The following data is collected, provided it is transmitted due to your browser settings:

Information about the type and version of the browser
The user's operating system
The user's IP address (shortened by one octet)
Date and time of access
The last website visited from which the user's system accessed our website

This data is temporarily stored in log files on our system. Storage of this data alongside other personal data of the user does not occur.

2.1.2 Legal Basis for Data Processing

The legal basis for the temporary storage of data and log files is Art. 6(1) sentence 1 lit. f) GDPR.

2.1.3 Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer; otherwise, the function of the website would be impaired. For this purpose, the user's IP address must be stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. Additionally, the data helps us optimize the website and ensure the security of our information technology systems. Furthermore, the processing of this data is carried out for fraud prevention and tracking purposes. Our legitimate interest in data processing according to Art. 6(1) sentence 1 lit. f) GDPR lies in these purposes.

2.2 Use of Cookies and Tools

2.2.1 Description and Scope of Data Processing

We use so-called "cookies" and similar technologies to offer you a wide range of functions and to make the use of our websites more convenient. "Cookies" are small files that are stored on your device with the help of your internet browser. Similar technologies can include pixels, plugins, scripts, local storage, or other comparable technologies for storing information (hereinafter collectively referred to as "cookies"). We distinguish between strictly necessary cookies, which are essential for the use of our websites, performance cookies, which generate and evaluate aggregated data for website usage and statistics to provide better performance and optimize our business operations, as well as marketing cookies and third-party cookies. Strictly necessary cookies are used in accordance with § 25(2) No. 2 Telecommunications and Telemedia Data Protection Act ("TTDSG") without your consent. If personal data is processed from these cookies, the processing is carried out to ensure that our website operates correctly, Art. 6(1) sentence 1 lit. b GDPR, your cookie selection, especially your consent or non-consent to the use of cookies, is correctly stored, Art. 6(1) sentence 1 lit. c) GDPR, § 25 TTDSG. Conversely, cookies that are not strictly necessary are only set based on your consent according to § 25(1) TTDSG (Art. 6(1) sentence 1 lit. a GDPR). If personal data is processed from these cookies, this processing is also based on your consent. If you do not wish to use cookies or similar technologies, you can prevent the storage of cookies and similar technologies on your computer through corresponding settings in your internet browser. Please note that this may limit the functionality and scope of our offer. You can generally object to the setting of cookies through your browser settings. For a precise description of the cookies, please refer to the cookie settings.

2.2.2 Purpose of Data Processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. It is necessary for these functions that the browser is recognized even after a page change. Analysis cookies are used to improve the quality and content of our website. Through analysis cookies, we learn how the website is used and can continuously optimize our offering. Please refer to the details on web analysis for the exact purpose.

2.2.3 Duration of Storage, Objection, and Removal Options

Cookies are stored on the user's computer and transmitted to our site from there. Therefore, you as a user have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

2.3 Application Process

2.3.1 Scope of Processing Personal Data

You are welcome to apply to us, we prefer www.primekliniks.de. For this purpose, we collect the following data in particular: First name, Last name, Phone number, Email address, Other data that you provide to us in order to process these subsequently in the application process. For processing on the occasion of the application process, see also the data protection notices at https://primekliniks.de.

2.3.2 Legal Basis for Data Processing

The legal basis for processing the data is Art. 6(1) sentence 1 lit. b), 88 GDPR, §26(1) BDSG, as we need this data to initiate a possible employment contract with you.

2.3.3 Purpose of Data Processing

The collection of data serves to process the application of the respective applicant within the application process, Art. 6(1) sentence 1 lit. b), 88 GDPR in conjunction with § 26 BDSG. You are not required to provide such data, but if you do not, your application may not be considered or only to the extent of the data you provided.

2.3.4 Duration of Storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. Generally, we store your personal data for the duration of the application process plus an additional period of up to 6 months. If an employment contract is concluded with you, we will also store the data during the employment relationship or beyond as required for this purpose.

2.4 Abuse of the Website

2.4.1 Description and Scope of Data Processing

If it serves to clarify misuse of the platform, is necessary for legal action, or there is a legal obligation to disclose it, personal data will be disclosed to authorities - especially law enforcement and tax authorities - for our legal defense and, if necessary, to affected third parties. Disclosure may also occur if it serves to enforce our terms and conditions or other agreements, or is required by a legal or administrative order or court decision.

2.4.2 Legal Basis for Data Processing

The legal basis for processing is Art. 6(1) sentence 1 lit. c) and f) GDPR.

2.4.3 Purpose of Data Processing

Data processing is essential to ensure the security of our information technology systems and processes in accordance with Art. 32 GDPR, as well as to comply with legal and regulatory requirements. Our legitimate interest in data processing according to Art. 6(1) sentence 1 lit. f) GDPR lies in these purposes.

2.4.4 Duration of Storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection.

2.4.5 Objection and Removal Options

The processing of data in cases of misuse is essential to prevent the abuse of the services provided and to protect our rights and the rights of third parties. Therefore, there is no possibility of objection on the part of the user.

2.5 Social Media Channels

2.5.1 General Information

Below you will find information on the personal data we collect when using our social media channels and the services and functions contained therein, and how we process this data for which purposes.

2.5.1.1 Responsible Parties

For the data processing described below, we are partially responsible, and partially the platform operators of the respective social media channel. For specific processes (e.g., Facebook Insights, Instagram Insights, or LinkedIn Page Insights), the respective platform operator and we are jointly responsible within the meaning of Art. 26 GDPR. We will inform you separately about the processing of your data under joint responsibility (see below).

2.5.1.2 Social Media Channels

We operate the following social media channels:

LinkedIn: www.linkedin.de
Xing: www.xing.de

2.5.2 Information regarding the Processing of Personal Data by PRIMEKLINIKS

2.5.2.1 Contact/Inquiries

When you contact us, we use your name and other data provided in your inquiry or on your social media profile to process and respond to your request. In some cases, we may share your content on our social media channel if this is a function of the social media channel and communicate through it. If you submit an inquiry via the social media channel, we may also refer you to other secure communication channels as necessary for the response. You can always send your inquiries to our contact options listed above. We collect and process this data to fulfill your request either in the context of fulfilling or initiating a contract, Art. 6(1) sentence 1 lit. b) GDPR, or based on our legitimate interests under Art. 6(1) sentence 1 lit. f) GDPR, to provide comprehensive service to visitors of our social media channels and particularly to handle their concerns. We store the data related to your inquiries for 6 years or 10 years, starting from the end of the year in which we received your inquiries, if required under Art. 6(1) sentence 1 lit. c) GDPR, § 257 (1), 4 HGB or § 147 (1), 3 and 4 AO. Otherwise, we store the aforementioned data for a period of three years, starting from the end of the year in which the inquiry was made. Your inquiries will be deleted when we no longer need them for legal reasons, especially for enforcement, security, or defense of claims. All public posts by you remain indefinitely in the timeline, unless we delete them (e.g., due to an update of the underlying topic or a violation of rights) or you delete the post yourself.

2.5.2.2 Community Features

On our social media channels, we offer various community features (e.g., posting wall posts, leaving comments, or liking/sharing posts). Please note that our social media channels are publicly accessible, and all personal information you publish can be viewed by others. We cannot control how other users of our social media channels use this information. The data entered as part of the community features is collected for the intended provision of community functions by us. The related data processing is regularly based on our legitimate interest in providing the corresponding functions on our social media pages (Art. 6(1) sentence 1 lit. f) GDPR) and possibly on your consent to the platform operator (Art. 6(1) sentence 1 lit. a) GDPR) or your contractual relationship with the operator (Art. 6(1) sentence 1 lit. b) GDPR). Content posted in community areas may be stored indefinitely. If you wish at any time for posted content to be removed, please send us a corresponding message, e.g., by email, to the email address provided above.

2.5.2.3 Event Invitations

Occasionally, events are announced on our social media channels for which you may need to register. When registering online for events, the following data may be collected: name, address, email address, telephone number(s). This data is required to process event registrations, manage events, and capture customer information. The legal basis for this processing is Art. 6(1) sentence 1 lit. b) GDPR. In the case of consent given during registration, the processing is based on Article 6(1) sentence 1 lit. a) GDPR. The collected data will be deleted after the event, unless there are legal retention obligations.

2.5.2.4 Recipients and Transmitters of Data to Third Countries

When using our respective social media channel, the initial recipient of the data is the respective social media operator, who may pass on the data to third parties for their own purposes and under their own responsibility. In particular, the platform operator may also transfer personal data to other companies of the social media operator (e.g., Facebook or LinkedIn companies). We point out that through this data processing by the platform operators, user data may be processed outside the European Union (EU) or the European Economic Area (EEA). If there is no adequacy decision by the EU Commission for the respective countries, the social media operators use the EU standard contractual clauses approved by the EU Commission. Please refer to the privacy policy of the respective platform operator for details.

2.5.3 Information regarding the Processing of Personal Data by the Platform Operator

In addition to the described data processing, the respective social media operators independently collect and process personal data from you when you visit our social media channels and/or interact with them or our posts. This applies in particular if you are logged in or registered with the respective network. Even if you are not logged into a network, the operators collect certain personal data when you access the page, such as unique identifiers associated with your browser or device. Please note that this data may be consolidated across different platforms and services operated by the same operator. PRIMEKLINIKS has no influence on the type and scope of data processed by the respective platform operator, the type of processing and use, or the disclosure of this data to third parties. We also do not have effective control in this regard. For questions regarding the processing of your data in connection with the use of your user profile, please contact the platform operator. For more information on data processing by platform operators, please refer to the privacy policy of the respective platform operator (see above).

2.5.4 Joint Responsibility, Art. 26 GDPR

For the web tracking methods used by the platform operators on our social media channels, the platform operators and we act as joint controllers. This applies to Facebook Insights, Instagram Insights, and LinkedIn Page Insights. Web tracking can occur regardless of whether you are logged into the social media platform. We have little influence over the web tracking methods of the social media platform and cannot disable them. We only receive anonymized statistics ourselves. We do not have access to personal data processed by the platform operator. The legal basis for web tracking methods is Art. 6(1) sentence 1 lit. f) GDPR. Our legitimate interest here lies in optimizing our social media channel. You can find information on how to exercise your rights to prevent these web tracking methods in the privacy policies listed above.

Disclosure of Your Personal Data

In principle, your personal data will only be disclosed without your explicit prior consent in the following cases: when necessary for the execution of the (imminent) contractual relationship with you or for the application process (Art. 6 para. 1 sentence 1 lit. b) GDPR) or with a person authorized by you (Art. 6 para. 1 sentence 1 lit. b) GDPR); for example, by transferring data to suppliers, service providers (as described below), or customers.

Where necessary to investigate unlawful use of our services or for law enforcement purposes, personal data may be disclosed to law enforcement authorities and, if applicable, to affected third parties. However, this is only done if there are specific indications of unlawful or abusive behavior. Transmission may also occur when necessary to enforce our general terms and conditions or other agreements. Furthermore, we are legally obligated to provide information to certain public authorities upon request. These include law enforcement agencies, governments prosecuting misdemeanors with fines, and tax authorities. The disclosure of this data is based on our legitimate interest in combating abuse, law enforcement, and securing and enforcing claims (Art. 6 para. 1 sentence 1 lit. f) GDPR) or on a legal obligation under Art. 6 para. 1 sentence 1 lit. c) GDPR, for example, by disclosing relevant data to PRIMEKLINIKS UG (limited liability) for tax purposes, to tax authorities, auditors/lawyers, and similar entities.

To provide our services, we rely on contractually affiliated third parties and external service providers ("processors"). In such cases, we disclose personal data to these processors so that they can process it further. These processors are carefully selected and regularly audited by us to ensure that your rights and freedoms are protected. Processors may only use the data for the purposes specified by us and are contractually obligated to handle your data in accordance with this privacy policy and German data protection laws.

In addition to the aforementioned service providers, we use the following processors: server hosts and cloud providers, EDI providers, email providers, software service providers. We disclose data to processors based on Art. 28 para. 1 GDPR or alternatively based on our legitimate interest in the economic and technical benefits associated with using specialized processors (Art. 6 para. 1 sentence 1 lit. f) GDPR). In cases where personal data is transferred to a processor outside the EU and no adequacy decision exists, PRIMEKLINIKS ensures proper data processing through measures under Art. 46 et seq. GDPR; for more information, please contact the data protection officer.

As part of the development of our business, the structure of PRIMEKLINIKS UG (limited liability) may change due to changes in legal form, establishment, acquisition, or sale of subsidiaries, business units, or components. In such transactions, customer information is shared with the part of the business being transferred. Whenever personal data is disclosed to third parties to the extent described above, we ensure that this is done in accordance with this privacy policy and relevant data protection laws. The disclosure of personal data is justified by our legitimate interest in adapting our corporate form to economic and legal circumstances (Art. 6 para. 1 sentence 1 lit. f) GDPR).

3. Rights of Data Subjects

If your personal data is processed, you are considered a data subject under the GDPR, and you have the following rights, unless exceptions apply:

3.1 Right to Information

As a data subject, you have the right to obtain confirmation from the controller as to whether or not personal data concerning you is being processed. If such processing exists, you have the right to be informed about these personal data and to receive the information specified in Art. 15 GDPR in detail.

3.2 Right to Rectification

Furthermore, as a data subject, you have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you and, if necessary, the completion of incomplete personal data (Art. 16 GDPR).

3.3 Right to Restriction of Processing

In addition, the data subject has the right to request from the controller the restriction of processing if one of the conditions specified in Art. 18 GDPR applies, for example, if the data subject has objected to processing pending the verification by the controller.

3.4 Right to Erasure

Finally, as a data subject, you have the right to request the erasure of personal data concerning you without undue delay from the controller if one of the grounds listed in Art. 17 GDPR applies, such as when the data are no longer necessary for the purposes pursued (right to erasure).

3.5 Right to Notification

If you have exercised your right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients from the controller.

3.6 Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, where the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, and the processing is carried out by automated means. In exercising this right, you further have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This right shall not adversely affect the rights and freedoms of others. The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

3.7 Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

If personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

3.8 Right to Withdraw Consent

You have the right to withdraw your consent to the processing of your personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

3.9 Automated Individual Decision-Making Including Profiling

Currently, we do not employ automated processing to make decisions or create profiles that would fall under Article 22(1) and (4) of the GDPR.

Nevertheless, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision is necessary for entering into or performance of a contract between you and the controller, is authorized by Union or Member State law to which the controller is subject, and that law contains suitable measures to safeguard your rights, freedoms, and legitimate interests, or is based on your explicit consent. However, such decisions shall not be based on special categories of personal data referred to in Article 9(1) GDPR, unless Article 9(2)(a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In cases mentioned in (1) and (3) above, the controller implements suitable measures to safeguard your rights, freedoms, and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your own point of view, and to contest the decision.

3.10 Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to them infringes the GDPR (Article 77 GDPR). The data subject can exercise this right with a supervisory authority in the Member State of their habitual residence, place of work, or place of the alleged infringement.

In Hessen, the competent supervisory authority is: The Hessian Commissioner for Data Protection and Freedom of Information P.O. Box 31 63 65021 Wiesbaden Gustav-Stresemann-Ring 1 65189 Wiesbaden E-Mail: poststelle@datenschutz.hessen.de

For any further questions, our Data Protection Officer is available to assist you.

Deletion of Your Data

Unless otherwise stated previously, we generally delete or anonymize your personal data as soon as it is no longer needed for the purposes for which we collected or used it in accordance with the above paragraphs, and unless there are other legitimate reasons for retaining it. We may store a backup copy for 30 days. We also store or use your data when we are legally obligated to do so or when the data is needed long-term for law enforcement or to secure, assert, or enforce legal claims. The retention periods then depend on the respective legal provision or the legal situation. If data must be stored for legal reasons, processing will be restricted. The data will then no longer be available for further use.

Updating the Privacy Policy

The current version of this privacy policy is always available at: https://www.primekliniks.de Last updated: 11.06.2024