Privacy at BodyLab GmbH

Here, you will find everything about what we know about you, or rather, what we must know, such as when, where, and which data we collect from you, what we do with this data, how we process it, whom we must share it with, when we delete it, and what you can do about it. We, BodyLab GmbH, possibly along with affiliated companies or subsidiaries (hereinafter also referred to as "we" or "us"), take data protection very seriously. We strive to collect as little personal data as possible, only what can actually be used for providing our services and business activities, and to avoid anything unnecessary.

1. What is it about

We, BodyLab GmbH based in Zurich, Switzerland,

• respect the currently applicable legal provisions on data protection;

• collect and process personal data (also referred to as "data" below) in accordance with this Privacy Policy;

• generally adhere to the principle of necessity, according to which we collect and process only as many data as necessary for fulfilling the purpose.

In the course of our business activities, we acquire and process data, particularly personal data about individuals interested in our activities, our customers, related persons, website visitors, event participants, job applicants, possible recipients of newsletters or other publications, and other third parties (also referred to as "you" below).

Alongside this Privacy Policy, we may inform you separately about the processing of your data (e.g., in forms or contract terms).

If you disclose data about other people to us, we assume you are authorized to do so, that this data is accurate, and you have ensured that these persons are informed about this disclosure, as far as there is a legal obligation to inform them (e.g., by bringing this Privacy Policy to their attention in advance).

Please inform yourself directly with these providers about their offers, terms, and the handling of personal data from other services (such as external websites and social media) even if they are linked here.

2. Who is responsible

For the processing described in this Privacy Policy, the data protection responsibility lies with:

BodyLab GmbH
Alex Schück, Albulastrasse 50, CH-8048 Zurich

Email datenschutz@bodylab.ch  

3. Which law is applicable

Our data processing is subject to Swiss data protection law.

For visitors residing in the European Union (“EU”) and the European Economic Area (“EEA”): Switzerland and the EU, along with the EEA, mutually recognize their data protection laws as equivalent. In certain cross-border cases, the law of the EU, particularly the EU General Data Protection Regulation (“GDPR”), may also apply to specific data processing.

We do not assume that the GDPR generally applies to data processing by us. However, should the GDPR exceptionally apply to certain data processing, the following provisions apply solely for the purposes of the GDPR and the data processing subject to it:

3.1. Details on the applicability and application of the GDPR

When the GDPR is applicable, we particularly base the processing of your personal data on the following:

• Necessity for the acquisition, conclusion, fulfillment, management, and enforcement of contracts (Art. 6 para. 1 lit. b GDPR),

• Necessity to safeguard legitimate interests of us or third parties, e.g., for communication with you or third parties, to operate our websites, improve our electronic offerings and services, register for certain offers and services, security purposes, legal compliance, internal regulations, risk management, corporate governance, and other purposes like training, administration, evidence and quality assurance, organization, execution, and follow-up of events, and protection of further legitimate interests (Art. 6 para. 1 lit. f GDPR),

• Legal requirement or legal permission based on our assignment or position under EU, EEA, or a Member State’s law (Art. 6 para. 1 lit. c GDPR) or necessity to protect your vital interests or those of other natural persons (Art. 6 para. 1 lit. d GDPR);

• Your consent to processing, e.g., through a declaration on our websites (Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a GDPR).

You then have all the rights that the GDPR grants you in this regard (in addition to the virtually equivalent rights under Swiss data protection law): Regarding your personal data that we store and process, you can request the following actions from us:

• Information about it, according to Art. 15 GDPR;

• Correction, insofar as the data is incorrect, according to Art. 16 GDPR;

• Deletion, according to Art. 17 GDPR; or limitation if they cannot be deleted, according to Art. 18 GDPR (then they will be marked to limit future processing); both subject to overriding legitimate interests on our part or based on statutory provisions that still require and permit the retention and use of data;

• Right to object regarding the use of your data; subject to no compelling reasons against this objection or we need the data to safeguard our rights;

• Release of the data you provided to us based on your consent, according to Art. 20 GDPR.

The right mentioned above to object to the processing of your data particularly applies to data processing for direct marketing purposes.

If you do not agree with our handling of your rights or data protection, please let us know (see contact details above). If you are in the EEA, you also have the right to complain to your country's data protection supervisory authority. A list of authorities in the EEA can be found here: https://www.edpb.europa.eu/about-edpb/about-edpb/members_de#member-de. 

4. What data do we store

In the first place, we process personal data that we receive directly in the course of our contractual relationships with our customers and our activities with third parties, including you as users. Moreover, we may unavoidably receive, collect, or process data from business partners or other involved individuals. As permitted and necessary, we also obtain data from publicly accessible sources (such as public registers, media, internet) or receive it from our customers and their employees, authorities, and third parties (such as our customers' business and contract partners, medical institutions, doctors, healthcare professionals, health insurers, etc.).

Besides the data we receive from you directly, the categories of personal data we receive from third parties, but not limited to:

• Inventory data (e.g., names, addresses, roles, birthdates, organizational affiliation, etc.)

• Contact data (e.g., email address, phone number, etc.)

• Content data (e.g., text, image files, videos, etc.)

• Usage data (e.g., access data)

• Treatment-relevant health data (illnesses, accidents, insurance information, health insurance and insurance/claim numbers, biological sex, etc.)

• Meta/communication data (e.g., IP addresses)

• Information you provide based on our contractual relationships

• Information related to your professional roles and activities

• Information about you in correspondence and meetings between us or with third parties (e.g., via phone, email, or other communication methods)

• Information via configuration of your user settings, data access permissions, or other interaction with us

• Information from public registers (debt collection, commercial register, land registers)

• Registration for or participation in an event

• Information from media and the internet about you (if indicated in the specific case), and references in applications.

• Filling out questionnaires, support tickets, or other forms for information requests

If you do not provide us with certain personal data, it may result in the impossibility of providing the associated services or concluding a contract. We specify the personal data required.

Information about you that we receive from people in your environment (family, advisors, legal representatives, etc.) for us to conclude or execute contracts with or involving you (e.g., references, your delivery address, authorizations).

5. Where do we get the data from

Data from you

Many of the data we process are provided by you yourself (e.g., when using our website, in connection with our services for you, or communication with us). Sometimes, this data is also automatically transmitted to us by your device. You are only obliged to provide your data in exceptional cases. However, if you wish to enter contracts with us or use our services, you must provide certain data. Using our website is also impossible without a minimum level of data collection and processing.

Data from third parties

We can also obtain data from publicly accessible sources (e.g., media or the internet, including social media platforms, public registers, online searches, etc.) or receive it from your attending physician, responsible authorities, employer or customer, with whom we have a business relationship, or otherwise from third parties (e.g., associations, contractors, insurers, internet analysis services). This includes data we process in connection with patient care and treatment, correspondence, and further communication with third parties, as well as all other data categories according to section 4 "What data do we store".

Data in communication with you and for you

Besides in-person meetings, phone discussions, postal mail, and email, we use various other ways of communication with you. And, for you or the communication necessary for your treatment internally and with third parties, we use software and tools (SaaS) from third parties. Below are the main services we use: 

1. Management of patient records: Medionline

We use Ärztekasse Medionline's tool for entries related to patient visits. This concerns all administrative matters (appointments, schedules, time planning, patient visits, patient records, etc.) and generally for all purposes as practice software. All necessary documents are stored online, and notes are recorded.

Provider: Ärztekasse Genossenschaft, In der Luberzen 1, 8902 Urdorf

Privacy: https://www.medionline.ch

Legal basis: Legitimate interest

2. Video Calls

Service: Zoom

Provider: Zoom Video Communications, Inc., 55 Almaden Blvd, San Jose, CA 95113, USA

Privacy: https://www.zoom.com/en/trust/privacy/

Legal basis: Legitimate interest

Service: Microsoft Teams

Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

Privacy: https://www.microsoft.com/de-de/privacy/privacystatement

Legal basis: Legitimate interest

Service: Apple FaceTime

Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

Privacy: https://www.apple.com/chde/legal/privacy/

Legal basis: Legitimate interest

3. Microsoft Office365

Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

Privacy: https://www.microsoft.com/de-de/privacy/privacystatement

Legal basis: Legitimate interest

4. Cloud Data Services: Google Drive Services

Provider: Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Privacy: https://policies.google.com/privacy?hl=ch-DE

Legal basis: Legitimate interest

5. Cloud Data Services: Apple iCloud

Provider: Apple Inc., One Apple Park Way, Cupertino, CA, USA (Headquarters); Apple Distribution International Limited, Hollyhill Industrial Estate, Hollyhill, Cork, Republic of Ireland (European subsidiary)

Privacy: https://www.apple.com/chde/legal/privacy/

Legal basis: Legitimate interest

6. Newsletter: Brevo

Provider: Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, DE

Privacy: https://www.brevo.com/de/legal/privacypolicy/

Legal basis: Legitimate interest including your right to unsubscribe at any time 

7. Telephony: CTI-Client

Provider: WWCOM, Schöngrund 26, 6343 Rotkreuz

Privacy: https://wwcom.ch/home/disclaimer

Legal basis: Legitimate interest

8. Telephone system: Nexphone

Provider: Nexphone AG, Alpenstrasse 1, 8803 Rüschlikon

Privacy: https://www.nexphone.ch/datenschutzerklaerung.html

Legal basis: Legitimate interest 

6. How is the data processed and used

In the scope of our operations, we might process different categories of personal data for various purposes. Specifically, we process the personal data mentioned in section 4 from you for the following purposes:

Communication

We process personal data to communicate with you and third parties via email, phone, letter, or otherwise. This can also take the form of newsletters and other regular contact (e.g., electronically, via post, phone). You can always refuse this communication or refuse or revoke your consent for this communication. In communication, we particularly process the contents and context data of the communication as well as your contact data, including images and audio recordings from (video) calls. In the case of audio or video recording of communication, we will inform you separately at the beginning, and you can tell us if you do not wish for a recording, or end the communication or leave the call. If we need or want to establish your identity, we may collect additional data.

Activities related to contracts, services, treatments

Regarding the conclusion of a contract with you or your client or employer, we may process your name, contact data, consent declarations, information about third parties (e.g., contact persons, third parties, project participants, etc.), contract content, alongside any other data you provide to us or that we rightfully obtain from public sources or third parties.

Contract management and patient treatment

We process personal data to comply with our contractual obligations towards our contractual partners (e.g., suppliers, service providers, patients) and especially to provide and claim contractual services. This includes data processing for managing patient records and enforcing contracts, bookkeeping, and communication, both with our patients and third parties and publicly. For this, we process particularly the data we received or collected in the course of acquisition and contract conclusion, as well as data created in the course of our contractual services, or collected or received from public sources or other third parties. This data particularly includes conversation records, notes, internal and external correspondence, contract documents, patient records from third parties, messages from health institutions and doctors, documents created and received in connection with patient treatment, background information about you or other persons, image and audio recordings, and other patient-related information, documents, proof of performance, invoices, and financial and payment information. If necessary for treatment, we might collect and process especially sensitive personal data during these activities. Otherwise, we adhere to the recommendations of the Swiss associations of osteopaths and physiotherapists, particularly regarding recording patient master data. If these associations lack recommendations, we usually follow the recommendations of FMH, the Swiss Medical Association.

Security purposes, access control, video surveillance

We process personal data to ensure and continuously improve the adequate security of our IT and other infrastructure. This includes monitoring and control of electronic access to our IT systems and access to our premises, analyses and tests of our IT infrastructures, system and error checks, and the creation of backups.

For documentation and security purposes (preventive and for incident clarification), we use surveillance systems (“System”) in our premises for our own security. We point out these systems at locations through appropriate signage.

While we use a video surveillance system in generally accessible practice areas, no recordings are made in individual treatment rooms. Thus, no compromising recordings of our patients are generated. 

The personal data created in recordings of our premises by the System is processed to ensure the protection of people and property against potential attacks, theft, robbery, damage, vandalism, and similar crimes, and also serves the purpose of fire protection, workplace safety, and the protection of our legitimate interests by collecting evidence and for further organizational requirements.

The collected recordings are not used for controlling the activities of employees, except to detect illegal or fraudulent behavior punishable by law. We have configured the System to minimize data collection and processing as much as possible, thus reducing potential risks for affected persons. For example, we do not collect any statistical data from visitors, even in anonymized form, through the System.

The recordings are made during normal opening hours and after closing hours, and while the premises are empty, for the prior-mentioned reasons.

The data is accessed and processed electronically only by the management of BodyLab if needed. 

For video surveillance, we use software from the provider Ubiquiti Networks . The data is physically stored on internal servers of BodyLab, accessible only via VPN or app using two-factor authentication.

Recordings from video surveillance are stored for a maximum of 72 hours  and then deleted unless required for special requirements associated with investigative activities or other statutory prescribed or permissible activities like police or judiciary work. Personal data is not disclosed or shared with third parties except for the above-mentioned needs.

Risk management and corporate management

We process personal data in the context of risk management and corporate management. This includes, among other things, our business organization (e.g., resource planning, employee data) and corporate development.

Job application

If you apply for a position with us, we process the relevant data to assess and evaluate the application, conduct the application process, and prepare and conclude a corresponding contract if successful. In addition to your contact data and details from the relevant communication, this includes data contained in your application documents, possibly criminal record extracts, and data we can obtain additionally about you, e.g., from career-related social networks, the internet, media, and references (if you consent to obtaining references). Data processing associated with employment is regulated separately.

Operation of our websites

To securely and stably operate our website, we collect technical data such as IP address, details about the operating system and settings of your device, the region, time, and type of use. Additionally, we sometimes use cookies and similar technologies. Further information about this is available in the relevant section below.

Improvement of our electronic offerings

To continuously improve our website and electronic offerings (e.g., newsletters), we collect data about your behavior and preferences, analyzing, for instance, how you navigate through our websites and interact with our social media profiles and further electronic offerings (e.g., newsletters).

Registration

To use certain offers and services (e.g., newsletters), you need to register. For this, we process the data disclosed during the registration process. Furthermore, we may also collect personal data about you while using the offer or service. If necessary, we will provide you with further information about the processing of this data.

Further purposes

Other purposes include educational and training purposes as well as administrative purposes (e.g., bookkeeping). Additionally, we may process personal data for the organization, execution, and follow-up of events, especially participant lists and contents of lectures and discussions, but also image and audio recordings produced during these events. Protecting further legitimate interests is another purpose that cannot be exhaustively enumerated.

7. What data is collected and processed when visiting our website

General settings and internal guidelines

Type and depth of data, links to service providers

The terms of use and privacy policies of the services we use can change continuously, as can the nature and depth of data collected by the service provider. Therefore, we do not detail the data potentially collected by each service. However, we provide the link to each service's privacy policy where relevant. We check these links periodically and strive to keep them up to date. However, it can happen that some links are no longer current. If you come across such an outdated link, please let us know immediately.

Selection of service providers, server locations, Data Privacy Framework

We generally use service providers where data is stored in Swiss or EU data centers, if possible. Where data is stored in the USA, on CDN servers (thus globally), or other countries, we select providers from countries with an adequate level of data protection, like Switzerland (for US service providers, for example, those that fall under the privacy framework between Switzerland and the USA ["Swiss-U.S. Data Privacy Framework", "SDPF", https://www.dataprivacyframework.gov/]). Of the US service providers we use, we almost exclusively use those under the SDPF. Their compliance with the privacy framework or Swiss data protection can be viewed via a search mask at https://www.dataprivacyframework.gov/list and the specifics of the accessible entries checked anytime.

Processors, DPA, SCC, level of protection

Where necessary, we have concluded a data processing agreement, often based on EU Standard Contractual Clauses (Standard Contractual Clauses of the European Commission, "SCC"), or a Data Privacy Addendum ("DPA") with external data processors (where this is usually integrated into the third-party provider's general terms and conditions, "AGB", or Terms & Conditions as a legally valid part of the contract), to ensure adequate security. The provider generally guarantees to also process the personal data outside Switzerland and the EU according to the regulations and protection levels of Swiss and European data protection laws.

In our company, only selected employees have access to such data based on necessity. All employees accessing personal data must adhere to internal rules, processes, and possibly regulations regarding the processing of personal data to protect and ensure its confidentiality.

Security, encryption (external)

We have implemented appropriate technical and organizational security measures to protect your personal data collected by us during your visit to the website from unauthorized, accidental, or unlawful use.

‍To protect data transmission security, we use standard encryption (e.g., SSL) over HTTPS.

Administration

We administer our website ourselves. As the webmaster of our website on our behalf is CarigietSolutions, Männedorf (www.carigiet-solution.ch).

Cookies

Data is generated and stored in logs when using our websites (including newsletters) (mainly technical data). Furthermore, we might use cookies and similar techniques (e.g., pixel tags or fingerprints) to recognize website visitors, evaluate their behavior, and recognize preferences. A cookie is a small file transferred between your system and the server that allows recognition of a particular device or browser.

You can usually configure your browser to automatically reject, accept, or delete cookies. You can also disable or delete cookies individually or generally refuse to accept cookies on our website. How you manage cookies in your browser can be found in the help menu of your browser.

Neither the technical data we collect nor the cookies usually contain personal data. However, personal data stored by us or third-party providers on your behalf (e.g., if you have a user account with these providers or are still logged in to third-party services during your visit to our website) may be associated with the technical data or the information stored in and obtained from cookies, potentially linking them to you as a person.

Social Networks

Currently, we do not use social media plug-ins (small software components) that establish a connection between your visit to our websites and a third-party provider, but only link to content on social media platforms.

The social media plug-in informs the third-party provider that you visited our websites and can transmit cookies to the third-party provider that it previously placed on your browser. More information on how these third-party providers use your personal data collected via their social media plug-ins can be found in their respective privacy policies.

Besides, we use our tools and services of third-party providers (which may use cookies) on our websites, especially to enhance the functionality or content of our websites (e.g., integration of videos or maps), create statistics, and serve advertisements.

Personal data on our social network pages

We operate online presences on social networks and other platforms operated by third parties and, in this context, process data about you. We receive data from you in this process (e.g., when you communicate with us or comment on our content) and from the platforms (e.g., statistics). Platform providers can analyze your usage and process this data along with other data they hold about you. They also process this data for their own purposes (e.g., marketing and market research purposes and platform management), acting as their own data controllers. More information on processing by platform operators can be found in the privacy policies of the respective platforms.

Third-party services used when using our website

1. Hosting, CMS, Web-Design, Search function, Cookies

Provider: Framer B.V., Rozengracht, 1016 LZ Amsterdam, Netherlands (“Framer”)

Privacy: https://www.framer.com/legal/privacy-statement/

Legal basis: Legitimate interest; you can adjust your consent to various cookie categories before or during your visit to our website. Cookie Script is provided by the CMS Framer for the websites created with Framer.

2. Calendar functions, appointment entries, booking functions 

We use OneDoc as an integrated tool for finding and scheduling appointments. Data exchanged via OneDoc is encrypted both during transmission and storage and decrypted upon retrieval. The AGB of OneDoc apply to access rights, which we cannot influence. Our internally collected patient data is not transmitted to OneDoc. The data stored depends effectively on the therapists' input. For automated messages, typically, name and mobile number, along with email, are required.

Service: OneDoc

Provider: OneDoc SA, Chemin des Mines 15 bis, CH-1202 Geneva

Privacy: https://privacy.onedoc.ch/de/privacy-policy

Legal basis: Your consent, which you provide with booking use.

3. Google Services

Our website uses various services from subsidiaries of the U.S. company Alphabet Inc. (cf. table). These generally refer to the same privacy policy available at https://policies.google.com/privacy.

If the IP anonymization function is activated, your IP address will be truncated by Google before it is transmitted to the USA. The entire IP address is only transferred to a Google server in the USA and truncated there in exceptional cases. Google uses this information provided to evaluate your use, create analytics services about these activities, and provide further services for us, like map services.

Provider/headquarters: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (unless otherwise and separately mentioned)

General privacy information for Google services: https://policies.google.com/privacy 

(if further relevant privacy information for the specific service is provided, these are noted separately. Otherwise, Google's general privacy policy applies)

Service: Google Analytics

Privacy Notice: https://support.google.com/analytics/topic/2919631?hl=en&ref_topic=1008008&sjid=11159380926726341526-EU

Information for Google Accounts: https://policies.google.com/technologies/partner-sites?hl=de

Legal basis: Your consent, which you provide in advance and can also withdraw later. 

Service: Google Maps

Legal basis: Legitimate interest or your consent, which you provide in advance and can also withdraw later. 

Service: Google Looker Studio

Legal basis: Your consent, which you provide in advance and can also withdraw later. 

Service: Google Tag Manager

Legal basis: Your consent, which you provide in advance and can also withdraw later. 

Service: Google Ads 

Legal basis: Your consent, which you provide in advance and can also withdraw later. 

Service: Google Marketing Platform 

Legal basis: Your consent, which you provide in advance and can also withdraw later. 

Service: Google MyBusiness

Legal basis: Legitimate interest.. 

Service: YouTube

Provider: YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA

Legal basis: Legitimate interest

4. Social Network Links

We only enable access to linked entries in various social networks. Links to our own presences on social media platforms are designed in this form as well. These links are stored on our website and actively link to the respective platforms. However, we do not use active cookies from platform operators or, for example, the Facebook Pixel. We cannot guarantee that platform operators do not make certain inferences about you or your user/browsing behavior by clicking the link.

We are entitled but not obliged to review content before or after its publication on our online presences, delete content without notice, and, where appropriate, report it to the provider of the relevant platform.

Service: LinkedIn

Provider: LinkedIn Ireland Unlimited Company or LinkedIn Corporation

Privacy Notices: https://www.linkedin.com/legal/privacy-policy

Legal basis: Your consent, which you provide in advance and can also withdraw later.

Service: Facebook

Provider: Meta Inc., 1 Meta Way, Menlo Park, CA 94025, USA

Privacy Notices: https://www.facebook.com/privacy/policy

Legal basis: Your consent, which you provide in advance and can also withdraw later.

Service: Instagram

Provider: Meta Inc., Menlo Park, CA 94025, USA

Privacy Notices: https://privacycenter.instagram.com/policy

Legal basis: Your consent, which you provide in advance and can also withdraw later.

5. Fonts

Provider: Google Fonts, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Provided by: Framer (see section 1)

Privacy: https://developers.google.com/fonts/faq/privacy?hl=de

Legal basis: Legitimate interest

8. To whom are the data disclosed

In the scope of our business activities, we may disclose your personal data to third parties in accordance with the principle of necessity or your explicit consent, for the stated purposes and if appropriate, to third parties (such as affiliated companies, authorities, medical professionals, suppliers, auxiliaries, like particularly self-employed specialists and other business partners, as well as other persons) and to service providers processing data on our behalf (e.g., IT providers). We may also be obliged to disclose your personal data to fulfill legal or regulatory requirements. Recipients may be located in Switzerland, the EU, or any other country worldwide.

If we transfer data to a country with no adequate legal level of data protection, we ensure an appropriate level of protection, as legally required (particularly based on SCC or DPA), or rely on statutory exceptions of consent, contract processing, assertion, exercise, or enforcement of project-related claims, or overriding public interests. 

9. How and for how long do we store the data

Personal data we collect is only stored as long as necessary for processing the contractual relationship (from the initiation of the business relationship to the end of a contract or duration of treatment) or for the other underlying purposes of processing, or a statutory retention and documentation obligation or an overriding private or public interest exists or storage is technically required (e.g., in case of backups or document management systems). Once the personal data we collected is no longer required for the above purposes, it is deleted or anonymized according to our routine procedures and retention policies, along with applicable laws.

10. Where is the data stored

General information about data storage location

Depending on the extent of your interactions with our offerings, your personal data may be stored or accessed in several countries. Whenever we transfer personal data to other countries, we make every effort to ensure that data is transferred in compliance with this Privacy Policy and applicable data protection laws.

For visitors to our website

Your data is stored at the locations of our above-mentioned external data processors according to the deployed services and their configurations based on the principle of necessity.

For business partners, third parties

Your data is partially stored at the locations of our above-mentioned external data processors and especially internally. 

11. What personal rights do you have

Under Swiss law, you have the following rights:

• Right to Information
  Request information on whether we have stored any personal data about you and request copies of this personal data and information on how it is processed;

• Right to Rectification
  Right to correct inaccurate personal data about you;

• Right to Erasure
  Right to request the deletion of personal data about you that is no longer necessary for the purposes of the processing underlying it and that is processed based on a revoked consent or in violation of applicable legal provisions;

• Limitation of Processing
  Right to ask us to restrict processing of your personal data if processing is inappropriate and to object to the processing of personal data;

• Right to Transfer
  Right to request the transfer of personal data provided to us;

If you wish, you can contact the contact address communicated by us at any time. It may take up to 30 days for us to respond to your request.

If you consented to the processing of your personal data for a particular purpose, you can withdraw this consent at any time, and we will cease further processing of your data for that purpose.

Complaints and supervisory authority

If you believe that we have not adequately addressed your complaints or concerns, you have the right to lodge a complaint with a competent data protection authority.

12. Supplementary provisions

Reservation of amendment

This Privacy Policy is not a part of a contract with you. We may adjust this Privacy Policy at any time. The version published on this website is the current version.

Legal validity, applicable language

If we provide privacy policies in languages other than German, they are usually machine-translated; these non-German versions of the Privacy Policy are provided to our users solely for informational purposes and better understanding. The Privacy Policy in the German language is legally binding.