Data Protection at BodyLab GmbH
Here you will find everything about what we know about you, or what we need to know, i.e. when and where we register which of your data, what we do with this data, how we process it, to whom we must pass it on, when we delete it again, and what you can do about it. We, BodyLab GmbH, any affiliated companies, and any subsidiaries (hereinafter also referred to as "we" or "us") take data protection very seriously. We try to collect as little personal data as possible, meaning only what can actually be used to provide our services and conduct our business, and to avoid anything unnecessary.
1. What is this about
We, BodyLab GmbH, based in Zurich, Switzerland,
respect the applicable legal provisions on data protection;
collect and process personal data (hereinafter also "data") in accordance with this privacy policy;
fundamentally adhere to the principle of necessity, according to which we only collect and process as much data as is necessary for the fulfillment of the purpose.
In the course of our business activities, we obtain and process data, in particular personal data about people interested in our activities, our clients, connected individuals, visitors to our websites, event participants, job applicants, potential recipients of newsletters or other publications, and other third parties (hereinafter also "you").
In addition to this privacy policy, we may inform you separately about the processing of your data (e.g., in forms or contractual terms).
If you disclose data about other people to us, we assume that you are authorized to do so, that this data is correct, and that you have ensured that these individuals are informed about this disclosure, insofar as a legal obligation to inform applies (e.g., by presenting this privacy policy to those individuals beforehand).
For information on the offers, conditions, and handling of personal data of other offers and services (such as external websites and social media), even if they are linked here, please contact those providers directly.
2. Who is responsible
The entity responsible under data protection law for the processing operations described in this privacy policy is:
BodyLab GmbH
Alex Schück, Albulastrasse 50, CH-8048 Zurich
E-mail datenschutz@bodylab.ch
3. Which law is applicable
Our data processing is subject to Swiss data protection law.
For visitors residing in the European Union ("EU") and the European Economic Area ("EEA"), the following applies: Switzerland and the EU, including the EEA, mutually recognize their data protection legislation as equivalent. In certain cross-border cases, the law of the EU, in particular the EU General Data Protection Regulation ("GDPR"), may also apply additionally to a specific data processing operation.
We do not assume that the GDPR is generally applicable to our data processing. However, should the GDPR exceptionally apply to specific data processing operations, the following provisions apply additionally solely for the purposes of the GDPR and the data processing subject to it:
3.1. Details on the validity and applicability of the GDPR
Where the GDPR applies, we base the processing of your personal data in particular on the following requirements:
Necessity for the acquisition, conclusion, and execution of contracts and their management and enforcement (Art. 6 para. 1 lit. b GDPR),
Necessity to safeguard the legitimate interests of us or third parties, e.g. for communication with you or third parties, to operate our websites, to improve our electronic offers or services and for registration for certain offers and services, for security purposes, for compliance with the law and internal regulations, for our risk management and corporate governance, and for other purposes such as training and education, administration, proof and quality assurance, organizing, conducting, and following up on events, and for safeguarding other legitimate interests (Art. 6 para. 1 lit. f GDPR),
Legal provision or legal permission based on our mandate or our position under the law of the EU, the EEA, or an EU member state (Art. 6 para. 1 lit. c GDPR) or necessity to protect your vital interests or those of other natural persons (Art. 6 para. 1 lit. d GDPR);
Your consent to the processing, for example via a corresponding declaration on our websites (Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a GDPR).
Furthermore, you then have all the rights granted to you by the GDPR in this regard (in addition to the practically identical rights under Swiss data protection law): you can request the following actions from us regarding your personal data that we store and process:
Access to it, pursuant to Art. 15 GDPR;
Rectification, insofar as the data is incorrect, pursuant to Art. 16 GDPR;
Deletion, pursuant to Art. 17 GDPR; or its restriction, if it may not be deleted, pursuant to Art. 18 GDPR (it will then be marked to restrict future processing); both subject to overriding legitimate interests on our part or based on legal regulations to retain and use the data;
Right to object to the use of your data; provided that no compelling reasons speak against this objection or we need the data to safeguard our rights;
Data portability of the data you have provided to us based on your consent, pursuant to Art. 20 GDPR.
The right to object to the processing of your data stated above applies in particular to data processing for the purpose of direct marketing.
If you do not agree with our handling of your rights or data protection, please let us know (see contact details above). If you are located in the EEA, you also have the right to lodge a complaint with the data protection supervisory authority of your country. A list of authorities in the EEA can be found here: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en#member-en.
4. What data do we store
We primarily process personal data that we receive directly in the course of our contractual relationships with our clients and our activities with third parties, including you as users. In addition, we may receive, collect, or process data from business partners or other involved parties. As far as permitted and necessary, we also retrieve data from publicly accessible sources (such as public registers, media, the internet) or receive such data from our clients and their employees, from authorities, and other third parties (such as business and contractual partners of our clients, medical institutions, doctors, healthcare professionals, insurance companies, etc.).
In addition to the data that we receive from you directly, the categories of personal data that we receive from third parties include, but are not limited to:
Master data (e.g. name, address, role, date of birth, organizational affiliation, etc.)
Contact details (e.g. email address, telephone number, etc.)
Content data (e.g. text and image files, videos, etc.)
Usage data (e.g. access data)
Treatment-relevant health data (illnesses, accidents, insurance details, health insurance and insurance/claim numbers, biological sex, etc.)
Meta/communications data (e.g. IP addresses)
Information that you disclose to us yourselves as a result of the contractual relationships between us
Information related to your professional roles and activities
Information about you in correspondence and discussions between us or with third parties (e.g. via communication by phone, email, or other means)
Information via the configuration of your user settings, access permissions for data, or other interaction with us
Information from public registers (debt collection register, commercial register, land registers)
Registration for or participation in an event
Information from media and the internet about you personally (insofar as this is indicated in the specific case), as well as references for applications.
Completion of questionnaires, support tickets, or other forms for information requests
If you do not provide us with certain personal data, this may mean that the provision of the associated services or the conclusion of a contract is not possible. We always indicate which personal data is mandatory.
Information about you given to us by people close to you (family, advisors, legal representatives, etc.) so that we can conclude or process contracts with you or involving you (e.g., references, your address for deliveries, powers of attorney)
5. Where does the data come from
Data from you
Many of the data files we process are disclosed to us by you yourself (e.g., when using our website, in connection with our services for you, or when communicating with us). In some cases, this data is also transmitted to us automatically by your device. You are only obliged to disclose your data in exceptional cases. However, if you want to enter into contracts with us or use our services, for example, you must provide us with certain data. Using our website is also not possible without a minimum level of data collection and processing.
Data from third parties
We may also retrieve data from publicly accessible sources (e.g., media or the internet, including social media platforms, public registers, online searches, etc.) or receive it from your treating physician, the competent authorities, your employer or client who has a business relationship with us or is otherwise involved, as well as from other third parties (e.g., associations, contractual partners, health insurance companies, internet analysis services). This includes in particular the data we process in connection with patient treatment and care, as well as data from correspondence and other communication with third parties, but also all other data categories listed in section 4 "What data do we store".
Data when communicating with you and on your behalf
In addition to personal sessions, phone calls, letters, and emails, we use various other ways to communicate with you. We also use third-party software and tools (SaaS) for you and for the internal and external communication necessary for your treatment.
Use of AI Services
We may use AI-supported services, such as the Claude service provided by Anthropic, to support internal administrative, organizational, and professional processes. The services currently in use are listed below.
The use of AI-supported services is exclusively for supporting purposes, such as creating and revising texts, structuring content, general professional research without personal reference, and administrative support.
We do not input any personal data, specifically no health data or other particularly sensitive personal data of our patients, into the service.
If data is processed within the scope of using AI-supported services, it is limited to anonymized or abstracted content, general professional questions without clear personal reference, and technical inputs for using the service.
The use is carried out in compliance with the applicable data protection regulations as well as internal guidelines on data security and confidentiality. The content generated by the service is used solely as support and is reviewed by qualified professional staff before further use.
Further information on the handling of data by the provider can be found in the privacy policy of the AI-supported services used.
Below you will find the main services we use:
Managing Patient Files: Medionline
We use the tool from Ärztekasse Medionline for entries related to patient visits. This concerns all administrative matters (appointments, calendar, scheduling, patient visits themselves, patient records, etc.) and generally for all purposes as practice software. All necessary documents are stored online and notes are recorded.
Provider: Ärztekasse Genossenschaft, In der Luberzen 1, 8902 Urdorf
Privacy Policy: https://www.medionline.ch
Legal Basis: Legitimate interest
2. Video Calls
Service: Zoom
Provider: Zoom Video Communications, Inc., 55 Almaden Blvd, San Jose, CA 95113, USA
Privacy Policy: https://www.zoom.com/en/trust/privacy/
Legal Basis: Legitimate interest
Service: Microsoft Teams
Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Privacy Policy: https://www.microsoft.com/de-de/privacy/privacystatement
Legal Basis: Legitimate interest
Service: Apple FaceTime
Provider: Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA
Privacy Policy: https://www.apple.com/chde/legal/privacy/
Legal Basis: Legitimate interest
3. Microsoft Office365
Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Privacy Policy: https://www.microsoft.com/de-de/privacy/privacystatement
Legal Basis: Legitimate interest
4. Cloud Data Services: Google Drive Services
Provider: Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy Policy: https://policies.google.com/privacy?hl=en
Legal Basis: Legitimate interest
5. Cloud Data Services: Apple iCloud
Provider: Apple Inc., One Apple Park Way, Cupertino, CA, USA (Headquarters); Apple Distribution International Limited, Hollyhill Industrial Estate, Hollyhill, Cork, Republic of Ireland (European Branch, Subsidiary)
Privacy Policy: https://www.apple.com/chde/legal/privacy/
Legal Basis: Legitimate interest
6. Newsletter: Brevo
Provider: Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, DE
Privacy Policy: https://www.brevo.com/de/legal/privacypolicy/
Legal Basis: Legitimate interest, including your right to unsubscribe at any time
7. Telephony: CTI-Client
Provider: WWCOM, Schöngrund 26, 6343 Rotkreuz
Privacy Policy: https://wwcom.ch/home/disclaimer
Legal Basis: Legitimate interest
8. Telephone System: Nexphone
Provider: Nexphone AG, Alpenstrasse 1, 8803 Rüschlikon
Privacy Policy: https://www.nexphone.ch/datenschutzerklaerung.html
Legal Basis: Legitimate interest
9. Individual Training App for Patients: PhysiApp
Provider: Physitrack PLC, 140 Aldersgate Street, London, EC1A 4HY, United Kingdom
Privacy Policy: https://www.physitrack.com/de/legal/privacy
Data Protection and Handling for App Users: https://www.physitrack.com/de/legal/physiapp
Legal Basis: Legitimate interest, or your consent, which you can revoke at any time, but you will then no longer be able to use the PhysiApp.
Note: The extent of the data collected by Physitrack and the sub-processors commissioned by Physitrack when using the app cannot be influenced by BodyLab. More detailed information can be found directly on the Physitrack website at https://www.physitrack.com/de/legal/physiapp and https://www.physitrack.com/de/legal/data-processing-agreement as well as https://www.physitrack.com/de/legal/data-retention.
10. AI-powered Services: Claude
Provider: Anthropic, 548 Market Street, PMB 90375, San Francisco, CA 94104, USA
Privacy Policy: https://www.anthropic.com/privacy
Legal Basis: Legitimate interest in the efficient design of internal work processes and in the use of modern technologies to support administrative and professional activities.
Note: Claude is used in the Pro version and solely to support internal processes (e.g. text creation, structuring content, general research without personal reference). No personal data, especially no health data or other particularly sensitive personal data, is entered into Claude.
For the use of the AI service Claude, it is technically necessary for data to be transmitted to servers of the provider Anthropic. Anthropic is a company based in the United States. Data transmission to a third country without an adequate level of data protection can therefore not be excluded.
The extent of the data collected and processed by Anthropic and any commissioned sub-processors cannot be influenced by us. Data transmission to the United States cannot be ruled out and is highly probable. We ensure through appropriate internal guidelines that no sensitive or personal data is transmitted.
6. How is the data processed and used
As part of our operations, we may process various categories of personal data for different purposes. Specifically, we process your personal data mentioned in Section 4 for the following purposes:
Communication
We process personal data so that we can communicate with you and with third parties via email, telephone, letter, or otherwise. This may also take the form of newsletters and other regular contacts (e.g., electronically, by mail, by telephone). You can decline this communication at any time or refuse or revoke your consent to this communication. As part of communication, we process in particular the content and marginal data of the communication as well as your contact details, but also image and audio recordings of (video) phone calls. In the event of an audio or video recording of the communication, we will point this out to you separately at the beginning, and you are free to tell us if you do not want a recording, or to end the communication or leave the call. If we need or want to establish your identity, we may collect additional data.
Activities in connection with contracts, services, treatments
With a view to concluding a contract with you or your employer or client, we may process in particular your name, contact details, declarations of consent, information about third parties (e.g., contact persons, third parties, project participants, etc.), contract content, and all other data that you provide to us or that we legally collect from public sources or third parties.
Contract Management and Patient Treatment
We process personal data so that we can fulfill our contractual obligations to our contractual partners (e.g. suppliers, service providers, patients) and in particular provide and claim contractual services. This also includes database processing for managing patient files as well as data processing for enforcing contracts, bookkeeping, and communication, both with our patients, as well as third parties and publicly. For this purpose, we process in particular the data that we received or collected in the context of acquisition and contract conclusion, as well as data that we generate in the context of our contractual services or that we collect or receive from public sources or other third parties. This data includes, in particular, consultation minutes, notes, internal and external correspondence, contract documents, patient records from third parties, communications from healthcare institutions and doctors, documents we create and receive in connection with patient treatment, background information about you or other persons, image and sound recordings, and other patient-related information, documents, proofs of service, invoices, as well as financial and payment information. If necessary for treatment, we may also collect and process particularly sensitive personal data on these occasions. Otherwise, particularly with regard to the collection of patient master data, we adhere to the recommendation of the Swiss Associations of Osteopaths and Physiotherapists. Where recommendations from these associations are lacking, we usually align ourselves with the recommendations of the FMH Association of Swiss Doctors.
Security Purposes, Access Controls, Video Surveillance
We process personal data to ensure and continuously improve the appropriate security of our IT and other infrastructure. This includes, for example, monitoring and controlling electronic access to our IT systems as well as access to our premises, analysis and testing of our IT infrastructures, system and error checks, and creating backup copies.
For documentation and security purposes (preventive and to clarify incidents), we also use monitoring systems ("system") in our premises, primarily for our own safety. We point out monitoring systems to you at the relevant locations with appropriate signs.
While we use a video surveillance system in the generally accessible practice rooms, no recordings are made in the respective individual treatment rooms. This ensures no compromising footage of our patients is created.
The personal data created in the recordings of our premises by the system is processed to ensure the protection of persons and property against potential attacks, theft, robbery, damage, vandalism, and similar crimes, and also serves the purpose of fire protection, workplace safety, and pursuing our legitimate interests by collecting evidence and for other organizational requirements.
The collected recordings are not used for the purpose of controlling activities carried out by employees, except for the detection of illegal or fraudulent behavior penalized with criminal consequences. Generally, we have set up the system so that data collection and processing are minimized as much as possible, thereby ensuring potential risks for affected persons are kept to a minimum. For example, by using the system, we do not collect any statistical data from visitors, even in anonymized form.
The recordings are made both during normal business hours and after closing time and during the time the premises are empty, for the reasons mentioned above.
The data is viewed exclusively electronically by the management of BodyLab and processed if necessary.
For video surveillance, we use the software of the service provider Ubiquiti Networks. The data is physically stored on internal BodyLab servers, which are only accessible via VPN or app using two-factor authentication.
The video surveillance recordings are kept for a maximum of 7 days and are then deleted, unless they are needed for specific requirements in connection with investigation activities or other legally required or permissible activities, such as for the work of the police or justice system. Personal data is not disclosed or shared with third parties, except for the necessities mentioned above.
Risk Management and Corporate Governance
We process personal data within the framework of risk management and corporate governance. This includes, among other things, our operational organization (e.g., resource planning, employee data) and corporate development.
Job Application
If you apply for a job with us, we process the corresponding data for the purpose of reviewing and assessing your application, conducting the application process, and, in the case of successful applications, preparing and concluding a corresponding contract. In addition to your contact details and the information from the corresponding communication, we process in particular the data contained in your application documents, potentially also criminal record extracts, and the data we can additionally obtain about you, e.g., from professional social networks, the internet, the media, and from references (if you consent to the collection of references). Data processing in connection with the employment relationship is regulated separately.
Operation of our Websites
To operate our website securely and stably, we collect technical data, such as IP address, information about the operating system and settings of your device, the region, and the time and type of use. We also use cookies and similar technologies in some cases. Further information on this can be found below in the corresponding section.
Improvement of our Electronic Offers
To continuously improve our website and electronic offers (e.g. newsletter), we collect data about your behavior and preferences, for example by analyzing how you navigate through our websites and how you interact with our social media profiles and other electronic offers (e.g. newsletter).
Registration
To use certain offers and services (e.g., newsletters), you must register. For this purpose, we process the data disclosed in the course of the respective registration. Furthermore, we may also collect personal data about you during the use of the offer or service. If necessary, we will provide you with additional information on the processing of this data.
Data Backup
To protect your data from loss and to ensure data integrity, we create regular encrypted backup copies of all practice data. The backing up of data takes place in several stages:
Local backup on NAS within the practice premises.
All practice data is backed up regularly and in encrypted form on a Network Attached Storage (NAS) physically located in our practice premises. Access to this system is restricted to the management and IT.Mirroring to an external NAS of the management.
To ensure availability even in the event of a failure of the local infrastructure, the data backed up on the NAS within our practice is mirrored in encrypted form via a secure network connection (tunneling) to another, external NAS of the BodyLab management. This system is also exclusively accessible to the management and IT of BodyLab.Cloud backup on Synology C2.
In addition, a password-protected backup is made on an external Synology server within the Synology Cloud using the Synology C2 Backup solution (https://c2.synology.com/en-us). Synology C2 uses server-side encryption and enables client-side encryption using private keys. The Synology C2 datacenters are certified to ISO 27001 and SOC 2 Type II. A European datacenter (currently Germany) has been selected as the storage location. More detailed information on data security and data protection with Synology C2 can be found at https://c2.synology.com/support.
The mentioned backup measures serve solely the purpose of data security and business continuity. External third parties have no insight into the backups. The legal basis for data processing in the context of data backup is our legitimate interest in the availability, integrity, and recoverability of practice data in accordance with the requirements of Swiss data protection law (nFADP) as well as our legal retention obligations.
Other Purposes
Other purposes include, for example, training and education purposes as well as administrative purposes (e.g. accounting). In addition, we may process personal data for organizing, conducting, and following up on events, in particular participant lists and contents of presentations and discussions, but also image and audio recordings created during these events. Safeguarding other legitimate interests is also among the other purposes, which cannot be listed exhaustively.
7. What data is collected and processed when visiting our website
General Settings and Internal Regulations
Type and Scope of Data, Links to Service Providers
The terms of use and privacy policies of the services we use can change constantly, and with them the type and scope of data collected by the service provider. For this reason, we do not list the data that may be collected by the respective service in detail. However, we provide the corresponding link to its privacy policy for each referenced service. We periodically review the links to the respective services and their privacy policies and make every effort to keep the links up to date. Nevertheless, it may happen that individual links are no longer up to date. Should you come across such an outdated link, we kindly ask you to let us know immediately.
Selection of Service Providers, Server Locations, Data Privacy Framework
We basically use service providers where the data is stored in datacenters in Switzerland or the EU, if selectable. Where data is stored in the USA, on CDN servers (and thus globally), or in other countries, we select service providers from countries with an adequate level of data protection such as Switzerland (in the case of US service providers, for example, those that fall under the data privacy framework between Switzerland and the USA ["Swiss-U.S. Data Privacy Framework", "SDPF", https://www.dataprivacyframework.gov/]). For the US service providers we use, we almost exclusively use those that fall under the SDPF. Their compliance with the Privacy Framework or with Swiss data protection can be viewed via the search mask at https://www.dataprivacyframework.gov/list and the details can be checked at any time via the detailed entries accessible there.
Data Processors, DPA, SCC, Protection Level
If necessary, we have concluded a data processing agreement, mostly based on EU Standard Contractual Clauses ("SCC"), or a Data Privacy Addendum ("DPA") with the external data processors (or the latter is often already raised to a legally valid contractual component via the general terms and conditions or terms & conditions of the third-party provider) in order to adequately ensure security. As a rule, the provider guarantees therein to process the personal data even outside of Switzerland and the EU in accordance with the requirements and protection levels of Swiss and European data protection laws.
In our company, only selected employees have access to such data according to the principle of necessity. All employees who access personal data must comply with the internal rules and processes as well as any regulations regarding the processing of personal data to protect it and ensure its confidentiality.
Security, Encryption (External)
We have taken appropriate technical and organizational security measures to protect your personal data collected by us when visiting the website against unauthorized, accidental, or unlawful use.
To protect the security of data transmission, we use standard encryption (e.g. SSL) via HTTPS.
Administration
We manage our website ourselves. CarigietSolutions, Männedorf, is responsible as the webmaster of our website on our behalf (www.carigiet-solution.ch).
Cookies
When using our websites (including newsletters), data is generated that is stored in logs (especially technical data). We may also use cookies and similar techniques (e.g. pixel tags or fingerprints) to recognize website visitors, evaluate their behavior, and recognize preferences. A cookie is a small file transmitted between your system and the server that enables the recognition of a specific device or browser.
You can usually set your browser to reject, accept, or delete cookies automatically. You can also deactivate or delete cookies in individual cases or reject the setting of cookies for our website in general. You can find out how to manage cookies in your browser in your browser's help menu.
Neither the technical data collected by us nor the cookies usually contain personal data. However, personal data that we or third-party providers commissioned by us store from you (e.g., if you have a user account with these providers or are still logged into the third-party service while visiting our website) can be linked with the technical data or with the information stored in and obtained from cookies, and thus possibly with your person.
Social Networks
We do not currently use social media plug-ins (small software components) that establish a connection between your visit to our websites and a third-party provider, but merely link to content on social media platforms.
The social media plug-in informs the third-party provider that you have visited our websites and can transmit cookies to the third-party provider that the latter has previously placed on your web browser. Further information on how these third-party providers use your personal data collected via their social media plug-ins can be found in their respective privacy policies.
In addition, we use our own tools and third-party services (which in turn may use cookies) on our websites, in particular to improve the functionality or content of our websites (e.g. integration of videos or maps), to compile statistics, and to display advertising.
Personal Data on our Social Network Pages
We operate online presences on social networks and other platforms operated by third parties and process data about you in this connection. In doing so, we receive data from you (e.g., when you communicate with us or comment on our content) and from the platforms (e.g., statistics). The platform providers can analyze your usage and process this data together with other data they have about you. They also process this data for their own purposes (e.g., marketing and market research purposes and for managing their platforms), acting as separate controllers for this purpose. For further information on processing by the platform operators, please refer to the privacy policies of the respective platforms.
Third-Party Services Used When Using Our Website
1. Hosting, CMS, Web-Design, Search Function, Cookies
Provider: Framer B.V., Rozengracht, 1016 LZ Amsterdam, Netherlands ("Framer")
Privacy Policy: https://www.framer.com/legal/privacy-statement/
Legal Basis: Legitimate interest; you can adjust your consent to the various cookie categories before and during your visit to our website. Cookie Script is provided by the CMS Framer for the use of websites created with Framer.
2. Calendar Functions, Appointment Entries, Booking Functions
We use OneDoc as an integrated tool for scheduling and booking appointments. Data exchanged via OneDoc is encrypted both in transit and at rest and decrypted upon query. The terms and conditions of OneDoc, over which we have no influence, apply to the right of access. No data other than patient details, address, and the data entered by the therapist is stored; in particular, our internally collected patient data regarding highly sensitive personal data and medical history is not transmitted to OneDoc. For automatic messages from OneDoc to the patient, name, mobile number, and email are always stored, if known.
Service: OneDoc
Provider: OneDoc SA, Chemin des Mines 15 bis, CH-1202 Genève
Privacy Policy: https://privacy.onedoc.ch/de/privacy-policy
Legal Basis: Your consent, which you grant by using the booking function.
3. Google Services
Our website uses various services from subsidiaries of the US-based company Alphabet Inc. (see table). As a rule, these services all refer to the same privacy policy construct, which can be found under https://policies.google.com/privacy.
If the IP anonymization function is activated, your IP address will be shortened by Google before transmission to the USA. The complete IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases. Google uses this transmitted information to evaluate your use, to compile analytics reports on these activities, and to provide other services for us, such as map services.
Provider/Headquarters: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (unless otherwise and separately noted)
General privacy information for Google services: https://policies.google.com/privacy
(if there are additional relevant privacy notices provided for the specific service, these are noted separately. Otherwise, Google's general privacy policy applies)
Service: Google Analytics
Privacy Notice: https://support.google.com/analytics/topic/2919631?hl=en&ref_topic=1008008&sjid=11159380926726341526-EU
Information for Google accounts: https://policies.google.com/technologies/partner-sites?hl=en
Legal Basis: Your consent, which you grant in advance and can also revoke later.
Service: Google Maps