Menu
This privacy policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as „data“) within our online offering and its associated websites, functions, and content, as well as external online presences, such as our social media profiles. (hereinafter collectively referred to as „online offering“). With regard to the terminology used, such as „personal data“ or their „processing,“ we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
digiFORT Gesundheit & Pflege GmbH
Street No.: Wilhelmshöher Allee 287
Postcode, Town, Country: 34131, Kassel, Germany
Managing Director: Holger Strehlau
Email address: info@digifort-experts.de
No special categories of data are generally processed, unless these are provided by the users of the processing, for example, entered in online forms.
Visitors and users of the online offer. Below, we will also refer to the affected persons collectively as „users“.
In accordance with Article 13 of the GDPR, we hereby inform you of the legal bases for our data processing. Where the legal basis is not mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 GDPR, the legal basis for processing to fulfil our services and carry out contractual measures as well as respond to enquiries is Article 6(1)(b) GDPR, the legal basis for processing to fulfil our legal obligations is Article 6(1)(c) GDPR, and the legal basis for processing to safeguard our legitimate interests is Article 6(1)(f) GDPR. In cases where vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.
We ask that you regularly inform yourself about the content of our privacy policy. We will adapt the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require an action on your part (e.g., consent) or other individual notification.
3.1 In accordance with Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, appropriate technical and organisational measures to ensure a level of security appropriate to the risk; the measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, disclosure, safeguarding of availability and its separation. We have also set up procedures to ensure that data subjects' rights are exercised, data is deleted and we respond to data threats. Furthermore, we take the protection of personal data into account as early as the development and selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 GDPR).
Security measures include, in particular, the encrypted transmission of data between your browser and our server.
4.1. If we disclose or transmit data to other persons and companies (contract processors or third parties) within the scope of our processing, or otherwise grant them access to the data, this will only occur on the basis of a legal permission (e.g. if the transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR), you have consented, a legal obligation provides for this, or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
4.2. Where we commission third parties to process data on the basis of a so-called „order processing contract“, this is done on the basis of Art. 28 GDPR.
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only take place if it is done to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual authorisations, we only process or have the data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means, for example, that the processing takes place on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to the EU (e.g. for the USA through the „Privacy Shield“) or compliance with officially recognised special contractual obligations (so-called „standard contractual clauses“).
6.1. You have the right to request confirmation of whether personal data concerning you is being processed and to receive information about this data, as well as further information and a copy of the data in accordance with Art. 15 GDPR.
6.2. You have the right, pursuant to Art. 16 GDPR, to request the completion of your personal data or the rectification of inaccurate personal data concerning you.
6.3. In accordance with Article 17 GDPR, you have the right to request the immediate deletion of relevant data, or alternatively, in accordance with Article 18 GDPR, to request a restriction on the processing of the data.
6.4. You have the right to request that the data concerning you, which you have provided to us, be received and transmitted to other controllers in accordance with Article 20 of the GDPR.
6.5. You also have the right, pursuant to Article 77 GDPR, to lodge a complaint with the competent supervisory authority.
You have the right to withdraw any consent you have given at any time, with effect for the future, in accordance with Article 7(3) of the GDPR.
You may object to the future processing of your personal data at any time in accordance with Art. 21 GDPR. The objection may be made in particular against processing for direct marketing purposes.
We use temporary and permanent cookies, which are small files stored on users' devices (for an explanation of the term and its function, see the last section of this privacy policy). Some cookies are for security or are necessary for the operation of our online services (e.g., for website display) or to save user decisions when confirming the cookie banner. In addition, we or our technology partners use cookies for reach measurement and marketing purposes, about which users will be informed in the course of this privacy policy.
A general objection to the use of cookies for online marketing purposes can be declared for a variety of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be prevented by disabling them in your browser settings. Please note that this may mean that not all functions of this online offer can be used.
10.1. The data we process will be deleted or its processing restricted in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no statutory retention obligations preventing deletion. If the data is not deleted because it is required for other legitimate purposes under the law, its processing will be restricted. This means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
10.2. Germany: In accordance with statutory provisions, records are kept for 6 years pursuant to Section 257(1) of the German Commercial Code (HGB) (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, booking vouchers, etc.) and for 10 years pursuant to Section 147(1) of the German Fiscal Code (AO) (books, records, management reports, booking vouchers, commercial and business letters, documents relevant for taxation, etc.).
11.1. We process inventory data (e.g., names and addresses, as well as contact details of users) and contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6(1)(b) GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.
11.2. We process usage data (e.g., the websites visited on our online service, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile, in order to show the user product suggestions based on their previously used services, for example.
11.3. Deletion will take place after the expiry of statutory warranty and comparable obligations, the necessity of data retention will be reviewed every three years; in the case of statutory archiving obligations, deletion will take place after their expiry (end of commercial (6 years) and tax (10 years) retention periods); details in the customer account will remain until it is deleted.
12.1. When you contact us (via contact form or email), your details will be processed to handle your enquiry and its execution in accordance with Art. 6(1)(b) of the GDPR.
12.2. Your details may be stored in our Customer Relationship Management system (“CRM System”) or a comparable inquiry organisation system.
13.1. When users leave comments or other posts, their IP addresses are stored based on our legitimate interests within the meaning of Art. 6(1)(f) GDPR for 7 days.
13.2. This is for our own security, in case someone leaves unlawful content in comments and posts (insults, forbidden political propaganda, etc.). In this case, we ourselves could be held liable for the comment or post and are therefore interested in the author's identity.
Our online offering uses the „Akismet“ service, provided by Automattic, Inc. 132 Hawthorne Street San Francisco, CA 94107, USA. This is done based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f) GDPR. This service is used to distinguish between comments from real people and spam comments. To do this, all comment data is sent to a server in the USA, where it is analysed and stored for comparison purposes for four days. If a comment is classified as spam, the data will be stored beyond this period. This data includes the entered name, email address, IP address, comment content, referrer, details about the browser and computer system used, and the time of entry.
Automattic is certified under the Privacy Shield Framework, thereby guaranteeing compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active).
Further information on Akismet's collection and use of data can be found in Automattic's Privacy Policy: https://automattic.com/privacy/.
Users are welcome to use pseudonyms, or to forgo entering their name or email address. You can prevent data transfer entirely by not using our comment system. That would be a shame, but unfortunately, we see no other equally effective alternatives.
15.1. We collect data about every access to the server on which this service is located, based on our legitimate interests within the meaning of Art. 6 (1) (f) GDPR (so-called server log files). Access data includes the name of the retrieved webpage, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address, and the requesting provider.
15.2. For security reasons (e.g. for investigating misuse or fraudulent activities), log file information is stored for a maximum of seven days and then deleted. Data whose further retention is required for evidence purposes is exempt from deletion until the respective incident has been finally clarified.
16.1. On the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR, we maintain online presences on social networks and platforms in order to communicate with active customers, interested parties, and users there, and to inform them about our services. When calling up the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.
16.2. Unless otherwise stated in our Privacy Policy, we process users' data if they communicate with us within social networks and platforms, for example by posting on our online presences or sending us messages.
17.1. Cookies are pieces of information that are transferred from our web server or third-party web servers to users' web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage.
We use „session cookies“, which are stored only for the duration of your current visit to our online presence (e.g., to enable the storage of your login status or the shopping cart function, and thus the use of our online offering). A session cookie stores a randomly generated unique identification number, known as a session ID. The cookie also contains information about its origin and expiry date. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online offering and, for example, log out or close your browser.
17.3. Users are informed about the use of cookies for pseudonymous reach measurement in this privacy policy.
17.4. If users do not wish for cookies to be saved on their computer, they are asked to deactivate the corresponding option in their browser's system settings. Saved cookies can be deleted in the browser's system settings. The exclusion of cookies may lead to functional limitations of this online service.
17.5. You can object to the use of cookies for reach measurement and advertising purposes via the Network Advertising Initiative's opt-out page (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
18.1. On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6(1)(f) GDPR) we use Google Analytics, a web analysis service provided by Google LLC („Google“). Google uses cookies. The information generated by the cookie regarding the user's use of the online offering is usually transferred to a Google server in the USA and stored there.
18.2. Google is certified under the Privacy Shield agreement, thereby providing a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
18.3. Google will use this information on our behalf to evaluate the use of our online services by users, to compile reports on activities within this online service, and to provide us with further services connected to the use of this online service and the internet. Pseudonymous user profiles can be created from the processed data.
18.4. We only use Google Analytics with IP anonymisation enabled. This means that users' IP addresses will be truncated by Google within EU member states or other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.
18.5. The IP address transmitted by the user's browser will not be merged with other Google data. Users can prevent the storage of cookies by adjusting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the online service by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
18.6. For further information on Google's use of data, and on settings and opt-out options, please visit Google's websites: https://www.google.com/intl/de/policies/privacy/partners („Google's use of data when you use websites or apps of our partners“), https://policies.google.com/technologies/ads („Use of data for advertising purposes“), https://adssettings.google.com/authenticated („Manage the information Google uses to show you ads“).
18.7. Furthermore, personal data will be anonymised or deleted after a period of 14 months.
19.1. We use Google Marketing Services (short „Google-Marketing-Services”) from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“) based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offering in accordance with Art. 6 (1) lit. f of the GDPR).
19.2. Google is certified under the Privacy Shield agreement, thereby guaranteeing compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
19.3 Google Marketing Services allow us to display adverts for and on our website in a more targeted manner in order to present users only with adverts that potentially match their interests. If, for example, a user is shown adverts for products that they have shown an interest in on other websites, this is referred to as „remarketing“. For these purposes, when our and other websites on which Google marketing services are active are accessed, a code from Google is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, what content they are interested in and which offers they have clicked on, as well as technical information about the browser and operating system, referring websites, time of visit and other information about the use of the online offer. The IP address of the user is also recorded, whereby we inform Google Analytics that the IP address is shortened within member states of the European Union or in other signatory states to the Agreement on the European Economic Area and only in exceptional cases is it transmitted in full to a Google server in the USA and shortened there. The IP address is not merged with the user's data within other Google services. Google may also combine the aforementioned information with such information from other sources. If the user subsequently visits other websites, they can be shown adverts tailored to their interests.
19.4. The users' data will be processed pseudonymously within the scope of Google Marketing Services. This means Google does not store and process users' names or email addresses, for example, but processes the relevant data on a cookie-basis within pseudonymised user profiles. This means that from Google's perspective, ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who this cookie owner is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymisation. The information collected by Google Marketing Services about users is transmitted to Google and stored on Google's servers in the USA.
19.5. The Google marketing services we use include the online advertising programme „Google AdWords“. In the case of Google AdWords, each AdWords customer receives a different „conversion cookie“. Therefore, cookies cannot be tracked across the websites of AdWords customers. The information obtained using the cookie serves to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers will be told the total number of users who have clicked on their ad and been redirected to a page with a conversion tracking tag. However, they will not receive any information that allows users to be personally identified.
19.6. We can also use the „Google Optimizer“ service. Google Optimizer allows us to understand, within the scope of so-called “A/B testing”, how different changes to a website affect it (e.g., changes to input fields, design, etc.). For these testing purposes, cookies are stored on users' devices. Only pseudonymous user data is processed.
19.7. Furthermore, we can use the “Google Tag Manager” to integrate and manage Google analytics and marketing services on our website.
19.8. For further information on how Google uses data for marketing purposes, please visit the overview page: https://policies.google.com/technologies/ads. Google's privacy policy can be found at https://policies.google.com/privacy.
19.9. If you wish to object to interest-based advertising by Google Marketing Services, you can use the settings and opt-out options provided by Google: https://adssettings.google.com/authenticated.
20.1. Within our online offering, the “Facebook Pixel” from the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used due to our legitimate interests in analysis, optimisation and the economic operation of our online offering, and for these purposes.
20.2. Facebook is certified under the Privacy Shield agreement, thereby guaranteeing compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
20.3 With the help of the Facebook pixel, it is possible for Facebook to determine the visitors of our online offer as a target group for the display of adverts (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called „custom audiences“). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and are not annoying. With the help of the Facebook pixel, we can also track the effectiveness of Facebook adverts for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook advert (so-called „conversion“).
20.4. Data processing by Facebook is carried out within the scope of Facebook's Data Usage Policy. Accordingly, general information on the presentation of Facebook Ads can be found in Facebook's Data Usage Policy: https://www.facebook.com/policy.php. Specific information and details about the Facebook pixel and how it works can be found in Facebook's Help Centre: https://www.facebook.com/business/help/651294705016616.
20.5. You can object to the collection by the Facebook pixel and the use of your data for the display of Facebook Ads. To adjust which types of advertisements are shown to you within Facebook, you can visit the page set up by Facebook and follow the instructions on setting up interest-based advertising: https://www.facebook.com/settings?tab=ads. The settings are applied across all platforms, meaning they will be adopted for all devices, such as desktop computers or mobile devices.
20.6. You can also object to the use of cookies for reach measurement and advertising purposes via the Network Advertising Initiative opt-out page (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
21.1. We use social plugins (“Plugins”) from the social network facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), on the basis of our legitimate interests (i.e., interest in the analysis, optimisation, and economic operation of our online offering within the meaning of Art. 6(1)(f) of the GDPR). The Plugins can display interactive elements or content (e.g., videos, graphics, or text contributions) and are recognisable by one of the Facebook logos (a white „f“ on a blue tile, the terms “Like”, “Gefällt mir” or a „thumbs up“ symbol) or are marked with the addition “Facebook Social Plugin”. The list and appearance of the Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
21.2. Facebook is certified under the Privacy Shield agreement, thereby guaranteeing compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
21.3. When a user accesses a function of this online offering that contains such a plugin, their device establishes a direct connection to Facebook's servers. The content of the plugin is transmitted directly from Facebook to the user's device and integrated into the online offering by the device. In doing so, user profiles can be created from the processed data. We therefore have no influence on the scope of the data that Facebook collects using this plugin and therefore inform users to the best of our knowledge.
21.4. By integrating the plugins, Facebook receives information that a user has visited the corresponding page of the online offer. If the user is logged into Facebook, Facebook can assign the visit to their Facebook account. If users interact with the plugins, for example by pressing the Like button or leaving a comment, the corresponding information is transmitted directly from your device to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out and store their IP address. According to Facebook, only an anonymised IP address is stored in Germany.
21.5. The purpose and scope of data collection and its further processing and use by Facebook, as well as the related rights and setting options for user privacy protection, can be found in Facebook's data protection information: https://www.facebook.com/about/privacy/.
21.6. If a user is a Facebook member and does not want Facebook to collect data about them via this online offering and link it to their member data stored with Facebook, they must log out of Facebook and delete their cookies before using our online offering. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
22.1. We use the Jetpack plugin (specifically the „Wordpress Stats“ sub-function) on the basis of our legitimate interests (i.e., interest in the analysis, optimisation, and economic operation of our online offer within the meaning of Art. 6(1)(f) GDPR), which integrates a tool for statistically analysing visitor access and is provided by Automattic, Inc. 132 Hawthorne Street San Francisco, CA 94107, USA. Jetpack uses so-called „cookies“, text files that are stored on your computer and allow your use of the website to be analysed.
22.2. Automattic is certified under the Privacy Shield agreement, thus providing a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active).
22.3. The information generated by the cookie about your use of this online service will be stored on a server in the USA. Usage profiles of users can be created from the processed data, whereby these are only used for analysis and not for advertising purposes. Further information can be found in Automattic's privacy policies: https://automattic.com/privacy/ and notes on Jetpack cookies: https://jetpack.com/support/cookies/.
23.1 On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), we use content or service offers from third-party providers within our online offer. GDPR) content or service offers from third-party providers in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This always presupposes that the third-party providers of this content recognise the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymised information may also be stored in cookies on the user's device and may contain technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offering, as well as being linked to such information from other sources.
23.2. The following overview lists third-party providers and their content, along with links to their privacy policies, which contain further information on data processing and, in some cases, opportunities to object (so-called opt-out):
