Privacy

We are delighted with your interest in our company. Data protection is of particular importance to the management of Heart Link Africa (an institution of Die Herzspezialisten DHS UG). The use of the Heart Link Africa website (an institution of Die Herzspezialisten DHS UG) is generally possible without providing any personal data. However, if an individual wishes to use special services provided by our company through our website, it may be necessary to process personal data. If the processing of personal data is required and there is no legal basis for such processing, we will generally seek the consent of the individual concerned.

The processing of personal data, such as the name, address, email address, or telephone number of an individual, always takes place in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to Heart Link Africa (an institution of Die Herzspezialisten DHS UG). Through this privacy policy, our company aims to inform the public about the type, scope, and purpose of the personal data we collect, use, and process. Furthermore, this privacy policy informs individuals about their rights.

Heart Link Africa (an institution of Die Herzspezialisten DHS UG) has implemented numerous technical and organizational measures as the data controller to ensure the most comprehensive protection of personal data processed through this website. However, internet-based data transmissions may still have security vulnerabilities, and absolute protection cannot be guaranteed. For this reason, it is up to each individual to transmit personal data to us through alternative means, such as by telephone.

 

 1 Definitions

The privacy policy of Heart Link Africa (an institution of Die Herzspezialisten DHS UG) is based on the terms used by the European legislator when adopting the General Data Protection Regulation (GDPR). Our privacy policy aims to be easily readable and understandable for the public, as well as our customers and business partners. To ensure this, we would like to explain the terms used in advance.


a) Personal data

Personal data refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

b) Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the data controller.


c) Processing

Processing means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.


d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting its processing in the future.


e) Profiling

Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.


f) Pseudonymization

Pseudonymization is the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.


g) Data controller

A data controller is a natural or legal person, authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data. If the purposes and means of this processing are determined by Union or Member State law, the data controller or the specific criteria for their nomination may be provided for by Union or Member State law.


h) Data processor

A data processor is a natural or legal person, authority, agency, or other body that processes personal data on behalf of the data controller.


i) Recipient

A recipient is a natural or legal person, authority, agency, or other body to whom personal data is disclosed, whether or not they are a third party. However, authorities that may receive personal data in the context of a specific inquiry under Union or Member State law shall not be considered recipients.


j) Third party

A third party is a natural or legal person, authority, agency, or other body other than the data subject, the data controller, the data processor, and the persons who, under the direct authority of the data controller or the data processor, are authorized to process personal data.


k) Consent

Consent is any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

 

 2 Name and address of the data controller

The data controller, as defined by the General Data Protection Regulation (GDPR) and other applicable data protection laws of the European Union member states and other provisions with a data protection character, is:

Heart Link Africa (a facility of Die Herzspezialisten DHS UG)

Tel.: 015901147630

Email: info@heartlinkafrica.com

Website: www.heartlinkafrica.com

 

 3 Collection of general data and information

The website of the Heart Link Africa (a facility of Die Herzspezialisten DHS UG) collects a range of general data and information with each visit by an individual or an automated system. These general data and information are stored in the server's log files. The following data can be collected: (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (referrer), (4) the subpages accessed on our website by an accessing system, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system, and (8) other similar data and information used for averting risks in the event of attacks on our information technology systems.

The Heart Link Africa (a facility of Die Herzspezialisten DHS UG) does not draw any conclusions about the individual based on the use of this general data and information. Instead, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website and its advertisements, (3) ensure the permanent functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the necessary information for prosecution in the event of a cyber attack. These anonymously collected data and information are analyzed statistically by the Heart Link Africa (a facility of Die Herzspezialisten DHS UG) to increase data protection and data security in our company, ultimately ensuring an optimal level of protection for the personal data we process. The anonymous server log file data is stored separately from any personal data provided by an individual.



 4 Subscription to our newsletter

On the website of Heart Link Africa (a facility of Die Herzspezialisten DHS UG), users are provided with the option to subscribe to our company's newsletter. The personal data transmitted to the data controller when subscribing to the newsletter is determined by the input mask used for this purpose.

Heart Link Africa (a facility of Die Herzspezialisten DHS UG) regularly informs its customers and business partners about the company's offers through newsletters. The newsletter of our company can only be received by the individual if (1) the individual has a valid email address and (2) the individual has registered for newsletter delivery. A confirmation email, in the form of a double opt-in procedure, is sent to the email address provided by the individual for newsletter delivery. This confirmation email serves to verify whether the owner of the email address, as the individual, has authorized the receipt of the newsletter.

When subscribing to the newsletter, we also store the IP address assigned by the internet service provider (ISP) of the individual's computer system at the time of subscription, as well as the date and time of the subscription. The collection of this data is necessary to trace any potential misuse of the individual's email address at a later time and serves the legal protection of the data controller.

The personal data collected as part of a newsletter subscription is used exclusively for sending our newsletter. Subscribers to the newsletter may also be notified by email if this is necessary for the operation of the newsletter service or for a related registration, such as in the case of changes to the newsletter offering or a modification of the technical circumstances. The personal data collected within the scope of the newsletter service is not passed on to third parties. The subscription to our newsletter can be canceled by the individual at any time. The consent to the storage of personal data, which the individual has provided us for the newsletter delivery, can be revoked at any time. For the purpose of revoking the consent, a corresponding link is included in each newsletter. Furthermore, there is the option to unsubscribe from the newsletter directly on the website of the data controller or to inform the data controller in any other way.

 

 5 Newsletter tracking

The newsletters of Heart Link Africa (a facility of Die Herzspezialisten DHS UG) contain tracking pixels. A tracking pixel is a miniature graphic embedded in such emails that are sent in HTML format to enable log file recording and analysis. This allows for a statistical evaluation of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, Heart Link Africa (a facility of Die Herzspezialisten DHS UG) can recognize if and when an email has been opened by an individual and which links contained in the email were clicked by the individual.

Such personal data collected via tracking pixels in the newsletters are stored and analyzed by the data controller to optimize newsletter delivery and better tailor the content of future newsletters to the interests of the individual. This personal data is not passed on to third parties. Individuals are entitled to revoke their separate consent given through the double opt-in procedure at any time. After revocation, this personal data is deleted by the data controller. Unsubscribing from receiving the newsletter will be automatically interpreted as a revocation by Heart Link Africa (a facility of Die Herzspezialisten DHS UG).



 6 Contact option via the website

The website of Heart Link Africa (a facility of Die Herzspezialisten DHS UG) contains information, as required by law, that enables quick electronic contact with our company and direct communication with us, including a general email address. If an individual contacts the data controller by email or through a contact form, the personal data transmitted by the individual is automatically stored. Such voluntarily provided personal data from an individual to the data controller is stored for the purpose of processing or contacting the individual. This personal data is not disclosed to third parties.



 7 Routine erasure and blocking of personal data

The data controller processes and stores personal data of the individual only for the period necessary to achieve the purpose of storage or as required by the European legislator or another applicable legislator in laws or regulations to which the data controller is subject.

Once the purpose of storage no longer applies or a storage period prescribed by the European legislator or another competent legislator expires, the personal data is routinely blocked or deleted in accordance with legal requirements.

 

 8 Rights of the individual

a) Right to confirmation

Every individual has the right, granted by the European legislator, to obtain confirmation from the data controller as to whether personal data concerning them is being processed. If an individual wishes to exercise this right to confirmation, they can contact an employee of the data controller at any time.


b) Right to information

Every individual affected by the processing of personal data has the right, granted by the European legislator, to obtain free information from the data controller at any time about the personal data stored about them and to receive a copy of this information. Furthermore, the European legislator has granted the individual the right to information about the following:

 • The purposes of the processing

 • The categories of personal data processed

 • The recipients or categories of recipients to whom the personal data has been or will be disclosed, particularly in the case of recipients in third countries or international organizations

 • If possible, the envisaged duration for which the personal data will be stored, or, if not possible, the criteria used to determine that duration

 • The existence of the right to rectification or erasure of personal data concerning them or to restriction of processing by the data controller, or the right to object to such processing

 • The right to lodge a complaint with a supervisory authority

 • If the personal data is not collected from the individual: all available information about the source of the data

 • The existence of automated decision-making, including profiling, according to Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the individual

Furthermore, the individual has the right to be informed whether personal data has been transferred to a third country or to an international organization. If this is the case, the individual also has the right to obtain information about the appropriate safeguards related to the transfer.

If an individual wishes to exercise this right to information, they can contact an employee of the data controller at any time.

 

c) Right to rectification

Every person affected by the processing of personal data has the right, granted by the European legislator, to request the immediate rectification of any inaccurate personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, taking into account the purposes of the processing, including through a supplementary statement.

If an affected person wishes to exercise this right to rectification, they can contact an employee of the data controller responsible for the processing at any time.

 

d) Right to erasure (Right to be forgotten)

Every person affected by the processing of personal data has the right, granted by the European legislator, to request the immediate deletion of personal data concerning them from the data controller, if one of the following reasons applies and the processing is not necessary:

 • The personal data was collected or processed for purposes that are no longer necessary.

 • The data subject withdraws consent on which the processing is based according to Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there is no other legal ground for the processing.

 • The data subject objects to the processing pursuant to Article 21(1) of the GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.

 • The personal data has been unlawfully processed.

 • The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the data controller is subject.

 • The personal data was collected in relation to information society services offered according to Article 8(1) of the GDPR.

If any of the above reasons apply, and an affected person wishes to request the deletion of personal data stored by Heart Link Africa (an institution of Die Herzspezialisten DHS UG), they can contact an employee of the data controller responsible for the processing. The employee of Heart Link Africa (an institution of Die Herzspezialisten DHS UG) will ensure that the deletion request is promptly fulfilled.

If the personal data has been disclosed by Heart Link Africa (an institution of Die Herzspezialisten DHS UG) and our company, as the data controller according to Article 17(1) of the GDPR, is obligated to delete the personal data, Heart Link Africa (an institution of Die Herzspezialisten DHS UG) will, taking into account available technology and implementation costs, take reasonable steps, including technical measures, to inform other data controllers processing the publicly disclosed personal data that the data subject has requested the deletion of all links to, or copies or replication of, such personal data, unless the processing is necessary. The employee of Heart Link Africa (an institution of Die Herzspezialisten DHS UG) will take the necessary actions on a case-by-case basis.

 

e) Right to restriction of processing

Every person affected by the processing of personal data has the right, granted by the European legislator, to request from the data controller the restriction of processing if one of the following conditions applies:

 • The accuracy of the personal data is contested by the data subject, for a period enabling the data controller to verify the accuracy of the personal data.

 • The processing is unlawful, and the data subject opposes the erasure of the personal data and requests instead the restriction of its use.

 • The data controller no longer needs the personal data for the purposes of processing, but the data subject requires it for the establishment, exercise, or defense of legal claims.

 • The data subject has objected to processing pursuant to Article 21(1) of the GDPR, pending the verification of whether the legitimate grounds of the data controller override those of the data subject.

If any of the above conditions apply, and an affected person wishes to request the restriction of personal data stored by Heart Link Africa (an institution of Die Herzspezialisten DHS UG), they can contact an employee of the data controller responsible for the processing. The employee of Heart Link Africa (an institution of Die Herzspezialisten DHS UG) will initiate the restriction of processing.

f) Right to data portability

Every person affected by the processing of personal data has the right, granted by the European legislator, to receive the personal data concerning them, which they have provided to a data controller, in a structured, commonly used, and machine-readable format. They also have the right to transmit those data to another data controller without hindrance, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, or on a contract pursuant to Article 6(1)(b) of the GDPR, and the processing is carried out by automated means, as long as it is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

Furthermore, in exercising their right to data portability under Article 20(1) of the GDPR, the data subject has the right to have personal data transmitted directly from one data controller to another, where technically feasible and provided that it does not adversely affect the rights and freedoms of others.

To exercise the right to data portability, the data subject can contact an employee of Heart Link Africa (an institution of Die Herzspezialisten DHS UG) at any time.

g) Right to ObjectHeart Link Africa

Any individual affected by the processing of personal data has the right, granted by the European legislator, to object at any time, for reasons arising from their particular situation, to the processing of personal data concerning them, which is based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions.

In the event of an objection, Heart Link Africa (an institution of Die Herzspezialisten DHS UG) will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the processing is necessary for the establishment, exercise, or defense of legal claims.

If Heart Link Africa (an institution of Die Herzspezialisten DHS UG) processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing. This also applies to profiling related to such direct marketing. If the data subject objects to the processing by Heart Link Africa (an institution of Die Herzspezialisten DHS UG) for direct marketing purposes, the personal data will no longer be processed for such purposes.

Furthermore, the data subject has the right, for reasons arising from their particular situation, to object to the processing of personal data concerning them, which is carried out by Heart Link Africa (an institution of Die Herzspezialisten DHS UG) for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.

To exercise the right to object, the data subject can directly contact any employee of Heart Link Africa (an institution of Die Herzspezialisten DHS UG) or another employee. The data subject is also free to exercise their right to object in relation to the use of information society services, notwithstanding Directive 2002/58/EC, by automated means using technical specifications.

h) Automated Individual Decision-making, including Profiling

Any individual affected by the processing of personal data has the right, granted by the European legislator, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, unless the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the data controller, or (2) is authorized by Union or Member State law to which the data controller is subject, and that law includes suitable measures to safeguard the data subject's rights, freedoms, and legitimate interests, or (3) is made with the explicit consent of the data subject.

If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the data controller, or (2) is made with the explicit consent of the data subject, Heart Link Africa (an institution of Die Herzspezialisten DHS UG) shall implement suitable measures to safeguard the data subject's rights, freedoms, and legitimate interests, which shall include, at least, the right to obtain human intervention on the part of the data controller, to express their point of view, and to contest the decision.

If the data subject wishes to exercise rights relating to automated individual decision-making, they can contact any employee of the data controller at any time.

 

i) Right to Withdraw Consent

Any individual affected by the processing of personal data has the right, granted by the European legislator, to withdraw their consent to the processing of personal data at any time.

If the data subject wishes to exercise their right to withdraw consent, they can contact any employee of the data controller at any time.

 9 Data Protection in Job Applications and during the Application Process

The data controller collects and processes the personal data of applicants for the purpose of managing the application process. The processing may also be done electronically. This is particularly the case when an applicant submits relevant application documents electronically, such as via email or through a web form on the website, to the data controller. If the data controller enters into an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no employment contract is concluded between the data controller and the applicant, the application documents will be automatically deleted two months after the notification of the rejection decision, unless there are other legitimate interests of the data controller that prevent deletion. Another legitimate interest in this sense, for example, is an obligation to provide evidence in a proceeding under the General Equal Treatment Act (AGG).



 10 Data Protection Provisions on the Use and Application of Facebook

The data controller has integrated components of the Facebook company into this website. Facebook is a social network. A social network is an online community and social meeting place operated on the internet, which typically allows users to communicate and interact with each other in a virtual space. A social network can serve as a platform for exchanging opinions and experiences or enable the internet community to provide personal or business-related information. Among other features, Facebook allows users of the social network to create private profiles, upload photos, and connect through friend requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the data controller responsible for processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Each time an individual page of this website, which is operated by the data controller and on which a Facebook component (Facebook plug-in) is integrated, is accessed, the internet browser on the data subject's information technology system is automatically prompted by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. An overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=en_US. As part of this technical process, Facebook becomes aware of which specific subpage of our website is visited by the data subject.

If the data subject is simultaneously logged in to Facebook, Facebook recognizes with each visit to our website by the data subject and for the entire duration of the respective stay on our website, which specific subpage of our website the data subject visits. This information is collected by the Facebook component and associated with the respective Facebook account of the data subject by Facebook. If the data subject clicks on one of the Facebook buttons integrated on our website, such as the "Like" button, or if the data subject submits a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.

Facebook receives information via the Facebook component whenever the data subject visits our website, regardless of whether the data subject clicks on the Facebook component or not, as long as the data subject is logged in to Facebook at the time of accessing our website. If the data subject does not want such information to be transmitted to Facebook, they can prevent this transmission by logging out of their Facebook account before accessing our website.

The data policy published by Facebook, which can be accessed at https://www.facebook.com/about/privacy/, provides information on the collection, processing, and use of personal data by Facebook. It also explains the privacy settings that Facebook offers to protect the privacy of the data subject. In addition, various applications are available that allow the suppression of data transmission to Facebook. Such applications can be used by the data subject to prevent data transmission to Facebook.



 11 Data Protection Provisions on the Use and Application of Google AdSense

The data controller has integrated Google AdSense into this website. Google AdSense is an online service that enables the placement of advertisements on third-party websites. Google AdSense is based on an algorithm that selects advertisements displayed on third-party websites based on the content of the respective third-party website. Google AdSense allows for interest-based targeting of internet users, which is implemented by generating individual user profiles.

The operating company of the Google AdSense component is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

The purpose of the Google AdSense component is to display advertisements on our website. Google AdSense places a cookie on the information technology system of the data subject. The use of cookies has been explained above. By setting the cookie, Alphabet Inc. is enabled to analyze the usage of our website. Each time an individual page of this website, which is operated by the data controller and on which a Google AdSense component is integrated, is accessed, the internet browser on the information technology system of the data subject is automatically prompted by the respective Google AdSense component to transmit data to Alphabet Inc. for the purpose of online advertising and commission settlement. As part of this technical process, Alphabet Inc. becomes aware of personal data, such as the IP address of the data subject, which serves, among other things, to trace the origin of visitors and clicks and subsequently enable commission settlements.

The data subject can prevent the setting of cookies through our website, as explained above, at any time by adjusting the settings of the internet browser used and thereby permanently object to the setting of cookies. Such a setting of the internet browser used would also prevent Alphabet Inc. from setting a cookie on the information technology system of the data subject. In addition, cookies already set by Alphabet Inc. can be deleted at any time via the internet browser or other software programs.

Google AdSense also uses so-called web beacons. A web beacon is a miniature graphic embedded in web pages to enable log file recording and log file analysis, thereby facilitating statistical evaluation. By means of the embedded web beacon, Alphabet Inc. can recognize whether and when a web page was opened by a data subject and which links were clicked on by the data subject. Web beacons are used, among other things, to analyze the visitor flow of a web page.

Through Google AdSense, personal data and information, including the IP address, which is necessary for the collection and billing of the displayed advertisements, may be transferred to Alphabet Inc. in the United States of America. This personal data is stored and processed in the United States of America. Alphabet Inc. may disclose this personal data collected through the technical process to third parties.

Google AdSense is further explained at this link: https://www.google.com/adsense/start/.



 12 Data Protection Provisions on the Use and Application of Google+

The data controller has integrated the Google+ button as a component on this website. Google+ is a social network. A social network is an online meeting place, a virtual community operated on the internet that generally allows users to communicate with each other and interact in the virtual space. A social network can serve as a platform for exchanging opinions and experiences or enable the internet community to provide personal or business-related information. Google+ allows users of the social network to create private profiles, upload photos, and connect through friend requests.

The operating company of Google+ is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

Each time one of the individual pages of this website, which is operated by the data controller and on which a Google+ button has been integrated, is accessed, the internet browser on the information technology system of the data subject is automatically prompted by the respective Google+ button to download a representation of the corresponding Google+ button from Google. As part of this technical process, Google becomes aware of which specific subpage of our website is visited by the data subject. More detailed information about Google+ can be found at https://developers.google.com/+/.

If the data subject is simultaneously logged into Google+ while accessing our website, Google recognizes with each visit by the data subject to our website and throughout the duration of the respective stay on our website, which specific subpage of our website is visited by the data subject. This information is collected by the Google+ button and associated with the respective Google+ account of the data subject by Google.

If the data subject clicks on one of the Google+ buttons integrated on our website and thus gives a Google+1 recommendation, Google assigns this information to the personal Google+ user account of the data subject and stores this personal data. Google stores the Google+1 recommendation of the data subject and makes it publicly available in accordance with the terms and conditions accepted by the data subject in this regard. A Google+1 recommendation made by the data subject on this website will subsequently be stored and processed together with other personal data, such as the name of the Google+1 account used by the data subject and the photo stored in it, in other Google services, such as the search engine results of the Google search engine, the Google account of the data subject, or at other locations, such as websites or in connection with advertisements. Furthermore, Google is able to link the visit to this website with other personal data stored by Google. Google also records this personal information for the purpose of improving or optimizing the various services provided by Google.

Google receives information via the Google+ button that the data subject has visited our website whenever the data subject is simultaneously logged into Google+ at the time of accessing our website, regardless of whether the data subject clicks on the Google+ button or not.

If the data subject does not want personal data to be transmitted to Google, they can prevent such transmission by logging out of their Google+ account before accessing our website.

Further information and the applicable privacy policy of Google can be found at https://www.google.com/policies/privacy/. Additional information from Google about the Google+1 button can be found at https://developers.google.com/+/web/buttons-policy.



 13 Data Protection Provisions on the Use and Application of Google AdWords

The data controller has integrated Google AdWords on this website. Google AdWords is an internet advertising service that allows advertisers to display ads in Google search engine results and the Google advertising network. Google AdWords enables an advertiser to predefine certain keywords, through which an ad is displayed in Google search engine results only when the user retrieves a keyword-relevant search result with the search engine. In the Google advertising network, ads are distributed on topic-relevant websites using an automated algorithm and considering the predefined keywords.

The operating company of Google AdWords services is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

The purpose of Google AdWords is to promote our website by displaying interest-based advertisements on third-party websites and in the search engine results of the Google search engine, as well as displaying third-party advertisements on our website.

If a data subject accesses our website via a Google ad, Google will place a so-called conversion cookie on the information technology system of the data subject. The nature of cookies has already been explained above. A conversion cookie loses its validity after thirty days and is not used to identify the data subject. Through the conversion cookie, it is possible to track whether certain subpages, such as the shopping cart of an online shop system, were accessed on our website. The conversion cookie allows us and Google to determine whether a data subject who accessed our website via an AdWords ad generated revenue, i.e., completed or canceled a purchase.

The data and information collected through the use of the conversion cookie are used by Google to create visit statistics for our website. We use these visit statistics to determine the total number of users who were referred to us through AdWords ads, i.e., to determine the success or failure of each AdWords ad and to optimize our AdWords ads for the future. Neither our company nor other advertisers using Google AdWords receive information from Google that could personally identify the data subject.

Personal information, such as the web pages visited by the data subject, is stored through the conversion cookie. Therefore, each time our web pages are accessed, personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. Google stores this personal data in the United States of America. Google may disclose this personal data collected through the technical process to third parties.

The data subject can prevent the setting of cookies through our website at any time, as stated above, by adjusting the settings of the internet browser being used and thereby permanently objecting to the setting of cookies. Such a setting of the internet browser used would also prevent Google from setting a conversion cookie on the information technology system of the data subject. Additionally, cookies already set by Google AdWords can be deleted at any time through the internet browser or other software programs.

Furthermore, the data subject has the option to opt-out of interest-based advertising by Google. To do this, the data subject must access the link www.google.com/settings/ads from each internet browser they use and adjust the desired settings there.

Further information and the applicable privacy policy of Google can be found at https://www.google.com/policies/privacy/.



 14 Data Protection Provisions on the Use and Application of Instagram

The data controller has integrated components of the Instagram service on this website. Instagram is a service that qualifies as an audiovisual platform and allows users to share photos and videos, as well as distribute such data in other social networks.

The operating company of the Instagram services is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

Each time one of the individual pages of this website, which is operated by the data controller and on which an Instagram component (Insta button) has been integrated, is accessed, the internet browser on the information technology system of the data subject is automatically prompted by the respective Instagram component to download a representation of the corresponding component from Instagram. As part of this technical process, Instagram becomes aware of which specific subpage of our website is visited by the data subject.

If the data subject is logged in to Instagram at the same time, Instagram recognizes with each visit to our website by the data subject and throughout the duration of their stay on our website, which specific subpage of our website the data subject visits. This information is collected by the Instagram component and associated with the respective Instagram account of the data subject by Instagram. If the data subject clicks on one of the Instagram buttons integrated on our website, the data and information transmitted with it are associated with and stored by Instagram in the personal Instagram user account of the data subject.

Instagram receives information through the Instagram component whenever the data subject visits our website, regardless of whether the data subject clicks on the Instagram component or not, if the data subject is logged in to Instagram at the time of accessing our website. If the data subject does not want such information to be transmitted to Instagram, they can prevent this by logging out of their Instagram account before accessing our website.

Further information and the applicable privacy policy of Instagram can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.



 15 Data Protection Provisions on the Use and Application of LinkedIn

The data controller has integrated components of LinkedIn Corporation on this website. LinkedIn is an internet-based social network that enables users to connect with existing business contacts and establish new business connections. With over 400 million registered users in more than 200 countries, LinkedIn is currently the largest platform for business contacts and one of the most visited websites in the world.

The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. For privacy matters outside the USA, LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

Each time an individual page of our website, which is equipped with a LinkedIn component (LinkedIn plug-in), is accessed, this component prompts the browser used by the data subject to download a corresponding representation of the LinkedIn component. Further information on the LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. As part of this technical process, LinkedIn becomes aware of which specific subpage of our website is visited by the data subject.

If the data subject is simultaneously logged in to LinkedIn, LinkedIn recognizes with each visit to our website by the data subject, and throughout the duration of their stay on our website, which specific subpage of our website the data subject visits. This information is collected by the LinkedIn component and associated with the respective LinkedIn account of the data subject by LinkedIn. If the data subject clicks on a LinkedIn button integrated on our website, LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores this personal data.

LinkedIn receives information via the LinkedIn component whenever the data subject visits our website, regardless of whether the data subject clicks on the LinkedIn component or not, if the data subject is logged in to LinkedIn at the time of accessing our website. If the data subject does not want such information to be transmitted to LinkedIn, they can prevent this by logging out of their LinkedIn account before accessing our website.

LinkedIn offers the possibility to unsubscribe from email messages, SMS messages, and targeted ads, as well as manage ad settings, at https://www.linkedin.com/psettings/guest-controls. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame, which may set cookies. Such cookies can be rejected at https://www.linkedin.com/legal/cookie-policy. The applicable privacy policy of LinkedIn can be accessed at https://www.linkedin.com/legal/privacy-policy. The cookie policy of LinkedIn can be accessed at https://www.linkedin.com/legal/cookie-policy.



 16 Data Protection Provisions on the Use and Application of Twitter

The data controller has integrated components of Twitter on this website. Twitter is a multilingual publicly accessible microblogging service where users can publish and disseminate short messages called tweets, limited to 280 characters. These tweets are available to everyone, including individuals who are not registered with Twitter. However, the tweets are also displayed to the followers of the respective user. Followers are other Twitter users who follow the tweets of a user. Furthermore, Twitter allows for reaching a broad audience through the use of hashtags, links, or retweets.

The operating company of Twitter is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

Each time an individual page of this website, which is operated by the data controller and contains a Twitter component (Twitter button), is accessed, the respective Twitter component prompts the internet browser on the data subject's information technology system to download a representation of the corresponding Twitter component from Twitter. Further information about the Twitter buttons can be found at https://about.twitter.com/en/resources/buttons. As part of this technical process, Twitter becomes aware of the specific subpage of our website visited by the data subject. The purpose of integrating the Twitter component is to enable our users to disseminate the content of this website, promote this website in the digital world, and increase our visitor numbers.

If the data subject is simultaneously logged in to Twitter, Twitter recognizes with each visit to our website by the data subject, and throughout the duration of their stay on our website, which specific subpage of our website the data subject visits. This information is collected by the Twitter component and associated with the respective Twitter account of the data subject by Twitter. If the data subject clicks on one of the Twitter buttons integrated on our website, the data and information transmitted with it are assigned to the personal Twitter user account of the data subject, and Twitter stores and processes this data.

Twitter receives information via the Twitter component whenever the data subject visits our website, regardless of whether the data subject clicks on the Twitter component or not, if the data subject is logged in to Twitter at the time of accessing our website. If the data subject does not want such information to be transmitted to Twitter, they can prevent this by logging out of their Twitter account before accessing our website.

The applicable privacy policy of Twitter can be accessed at https://twitter.com/en/privacy.



 17 Data Protection Provisions on the Use and Application of YouTube

The data controller has integrated components of YouTube on this website. YouTube is an internet video portal that allows video publishers to upload video clips for free and enables other users to view, rate, and comment on these videos, also free of charge. YouTube allows the publication of all types of videos, which is why complete films and television shows, as well as music videos, trailers, or user-generated videos, can be accessed through the internet portal.

The operating company of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

Each time an individual page of this website, which is operated by the data controller and contains a YouTube component (YouTube video), is accessed, the respective YouTube component prompts the internet browser on the data subject's information technology system to download a representation of the corresponding YouTube component from YouTube. Further information about YouTube can be found at https://www.youtube.com/yt/about/. As part of this technical process, YouTube and Google become aware of the specific subpage of our website visited by the data subject.

If the data subject is simultaneously logged in to YouTube, YouTube recognizes with the visit to a subpage containing a YouTube video, which specific subpage of our website the data subject visits. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.

YouTube and Google receive information via the YouTube component whenever the data subject visits our website, regardless of whether the data subject clicks on a YouTube video or not, if the data subject is logged in to YouTube at the time of accessing our website. If the data subject does not want such information to be transmitted to YouTube and Google, they can prevent this by logging out of their YouTube account before accessing our website.

The privacy policy published by YouTube, which can be accessed at https://www.google.com/policies/privacy/, provides information about the collection, processing, and use of personal data by YouTube and Google.



 18 Legal Basis for Processing

Article 6(1)(a) of the GDPR serves as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, such as processing operations required for the delivery of goods or the provision of services or consideration, the processing is based on Article 6(1)(b) of the GDPR. The same applies to processing operations that are necessary for carrying out pre-contractual measures, such as responding to inquiries about our products or services. If our company is subject to a legal obligation that requires the processing of personal data, such as fulfilling tax obligations, the processing is based on Article 6(1)(c) of the GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises were to be injured and his or her name, age, health insurance data, or other vital information had to be disclosed to a doctor, hospital, or other third party. In such a situation, the processing would be based on Article 6(1)(d) of the GDPR. Finally, processing operations could be based on Article 6(1)(f) of the GDPR. Processing operations based on this legal basis are permitted if none of the aforementioned legal bases apply, provided that the processing is necessary to protect the legitimate interests of our company or a third party, unless the interests, fundamental rights, and freedoms of the data subject override those interests. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. In this regard, the legislator considered that a legitimate interest could be assumed if the data subject is a customer of the data controller (Recital 47, sentence 2 of the GDPR).



 19 Legitimate Interests Pursued by the Controller or a Third Party

If the processing of personal data is based on Article 6(1)(f) of the GDPR, our legitimate interest is the conduct of our business activities for the benefit of the well-being of all our employees and shareholders.



 20 Duration for Which the Personal Data Will Be Stored

The criterion for the duration of the storage of personal data is the respective statutory retention period. After the expiration of the period, the corresponding data will be routinely deleted unless they are no longer necessary for the performance or initiation of a contract.

 

 21 Legal or Contractual Obligations to Provide Personal Data; Necessity for Contractual Conclusion; Obligation of the Data Subject to Provide Personal Data; Possible Consequences of Non-Provision

We would like to inform you that the provision of personal data may be required by law (e.g., tax regulations) or may result from contractual provisions (e.g., information about the contractual partner). It may occasionally be necessary for the data subject to provide us with personal data in order to conclude a contract with us, which would subsequently need to be processed by us. For example, the data subject may be obligated to provide us with personal data when our company enters into a contract with them. Failure to provide personal data would result in the contract with the data subject not being concluded. Before providing personal data, the data subject must contact one of our employees. Our employee will provide the data subject with case-specific information on whether the provision of personal data is legally or contractually required, whether there is an obligation to provide the personal data, and what consequences the non-provision of personal data would have.



 22 Existence of Automated Decision-Making

As a responsible company, we refrain from using automated decision-making or profiling.

This privacy policy has been created with help of DGD Deutsche Gesellschaft für Datenschutz GmbH,

which operates as an external data protection officer in Duisburg, in cooperation with the IT and data protection lawyer Christian Solmecke from Cologne.

HaemoperfusionImmune apheresisAutoantibodyEECP therapy