Data protection information on the LifeBonus website
With this data protection notice we inform you about our handling of your personal data and about your rights according to the European Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG). LifeBonus Gesundheitsmanagement GmbH (hereinafter referred to as "we" or "us") is responsible for data processing.
Content
1. Contact
2. Legal basis
3. Duration of storage
4. Categories of data recipients
5. Data transfer to third countries
6. Processing when exercising your rights
7. Your rights
8. Right to object
9. Data Protection Officer
II. Data processing on our website
1. Hosting by Wix.com Ltd.
2. Processing of server log files
3. Contact options and enquiries
4. Applications
5. Cookies
6. Consent management tool
7. Google Analytics
8. Meta Pixel
III. Data processing on our social media pages
1. Visiting our LinkedIn company page
2. Comments and Direct Messages
I. General information
1. Contact
If you have any questions or suggestions regarding this information, or if you would like to contact us about asserting your rights, please send your request to
LIFEBONUS Health Management GmbH
Flughafenstraße 1-3, Airport Plaza (Building C, Level 3), 22335 Hamburg
Phone: +49 40 5075 3733
Email: datenschutz@lifebonus.health
2. Legal basis
The term "personal data" as used in data protection law refers to all information that relates to an identified or identifiable individual. We process personal data in compliance with the relevant data protection regulations, in particular the DSGVO and the BDSG. Data processing by us only takes place on the basis of legal permission. We process personal data only with your consent (Section 25 (1) TTDSG or Art. 6 (1) a DSGVO), for the performance of a contract to which you are a party, or at your request for the performance of pre-contractual measures (Art. 6 (1) b DSGVO), for the performance of a legal obligation (Art. 6(1)(c) DSGVO) or where processing is necessary for the purposes of protecting our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data (Art. 6(1)(f) DSGVO).
If you apply for a vacant position in our company, we will also process your personal data for the purpose of deciding on the establishment of an employment relationship (Section 26 (1) sentence 1 BDSG).
3. Duration of storage
Unless otherwise stated in the following notes, we only store the data for as long as is necessary to achieve the processing purpose or to fulfil our contractual or legal obligations. Such legal retention obligations may arise in particular from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will retain such personal data contained in our accounting records for ten years and retain personal data contained in commercial letters and contracts for six years. In addition, we will retain data in connection with consents requiring proof, as well as with complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.
4. Categories of data recipients
We use processors as part of the processing of your data. Processing operations carried out by such processors include, for example, hosting, emailing, IT system maintenance and support, customer and order management, application management, accounting and billing, marketing activities or file and data carrier destruction. A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes, but carry out data processing exclusively for the data controller and are contractually obliged to guarantee appropriate technical and organisational measures for data protection. In addition, we may transfer your personal data to bodies such as your bank, tax advisor/auditor or the tax authorities.
Further recipients may result from the following information.
5. Data transfer to third countries
Visiting our website may involve the transfer of certain personal data to third countries, i.e. countries in which the GDPR is not applicable law. Such a transfer takes place in a permissible manner if the European Commission has determined that an adequate level of data protection is required in such a third country. If such an adequacy decision by the European Commission does not exist, a transfer of personal data to a third country will only take place if appropriate safeguards pursuant to Article 46 of the GDPR are in place or if one of the conditions of Article 49 of the GDPR is met.
Unless otherwise stated below, we use the EU standard data protection clauses as appropriate safeguards for the transfer of personal data to third countries. You have the possibility to obtain a copy of these EU standard data protection clauses or to inspect them. To do so, please contact us at the address given under Contact.
If you consent to the transfer of personal data to third countries, the transfer will take place on the legal basis of Art. 49 (1) a DSGVO.
6. Processing when exercising your rights
If you exercise your rights under Articles 15 to 22 of the GDPR, we will process the personal data transferred for the purpose of implementing those rights by us and to be able to provide evidence thereof. We will only process data stored for the purpose of providing information and preparing it for this purpose as well as for data protection control purposes and otherwise restrict processing in accordance with Art. 18 DSGVO.
These processing operations are based on the legal basis of Art. 6 para. 1 lit. c DSGVO in conjunction with. Articles 15 to 22 DSGVO and Section 34 (2) BDSG.
7. Your Rights
As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:
-
In accordance with Art. 15 DSGVO and Section 34 BDSG, you have the right to request information about whether and, if so, to what extent we are processing personal data relating to you or not.
-
You have the right to demand that we correct your data in accordance with Art. 16 DSGVO.
-
You have the right to demand that we delete your personal data in accordance with Art. 17 DSGVO and § 35 BDSG.
-
You have the right to have the processing of your personal data restricted in accordance with Art. 18 DSGVO.
-
You have the right, in accordance with Art. 20 DSGVO, to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another controller.
-
If you have given us separate consent to data processing, you may revoke this consent at any time in accordance with Art. 7 (3) DSGVO. Such a revocation does not affect the lawfulness of the processing that was carried out on the basis of the consent until the revocation.
-
If you are of the opinion that a processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.
8. Right of objection
In accordance with Art. 21 (1) DSGVO, you have the right to object to processing based on the legal basis of Art. 6 (1) (e) or (f) DSGVO on grounds relating to your particular situation. If we process personal data about you for the purpose of direct marketing, you may object to this processing pursuant to Article 21 (2) and (3) of the GDPR.
9. Data protection officer
You can reach our data protection officer at the following contact details:
Email: datenschutzbeauftragter@lifebonus.health
Herting Oberbeck Data Protection GmbH
Hallerstr. 76, 20146 Hamburg
https://www.datenschutzkanzlei.de
II. Data processing on our website
When you use the website, we collect information that you provide yourself. In addition, during your visit to the website, we automatically collect certain information about your use of the website. In data protection law, the IP address is also generally considered to be a personal data. An IP address is assigned to every device connected to the Internet by the Internet provider so that it can send and receive data.
1. Hosting by Wix.com Ltd.
For the presentation and hosting of our website, we use the website construction kit system of the provider Wix.com Ltd (Wix/Israel). Insofar as this involves the processing of personal data relating to the use of our website, Wix.com Ltd. is our processor. The processing of personal data takes place on servers operated by Wix.com Ltd.
The described service of Wix.com Ltd. may involve the transfer of certain personal data to Israel. For the transfer of data to Israel as a third country, i.e. a country in which the GDPR is not applicable law, the European Commission has determined in a so-called adequacy decision pursuant to Article 45 of the GDPR that an adequate level of data protection is required.
If, in the context of the provision of services by Wix.com Ltd., personal data is transferred to the US subsidiary Wix.com Inc. (USA) or to another third country in which, according to the European Commission, an adequate level of protection is not guaranteed, Wix.com Ltd. shall conclude suitable guarantees in the form of standard contractual clauses to ensure an adequate level of data protection. These standard contractual clauses are part of our agreement with Wix.com Ltd. and can be accessed at the following link: https://de.wix.com/about/privacy-dpa-users.
The privacy policy of Wix.com Ltd. can be accessed at https://de.wix.com/about/privacy.
2. Processing of server log files
During the purely informative use of our website, general information that your browser transmits to our server is initially stored automatically (i.e. not via registration). This includes by default: browser type/version, operating system used, page accessed, the previously visited page (referrer URL), IP address, date and time of the server request and HTTP status code. The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 (1) f DSGVO. This processing serves the technical administration and security of the website. The stored data is deleted after sixty days unless there is a justified suspicion of unlawful use based on concrete indications and further examination and processing of the information is necessary for this reason. We are not able to identify you as a data subject from the stored information. Articles 15 to 22 of the GDPR therefore do not apply pursuant to Article 11 (2) of the GDPR unless you provide additional information that enables you to be identified in order to exercise your rights set out in these articles.
3. Contact options and enquiries
Our website contains contact forms which you can use to send us messages. The transfer of your data is encrypted (recognisable by the "https" in the address line of the browser). All data fields marked as mandatory are required to process your request. Failure to provide this information will result in us not being able to process your request. The provision of further data is voluntary. Alternatively, you can send us a message via the contact e-mail. We process the data for the purpose of answering your enquiry. Insofar as your enquiry is directed towards the conclusion or performance of a contract with us, Art. 6 para. 1 letter b DSGVO is the legal basis for the data processing. Otherwise, we process the data on the basis of our legitimate interest in contacting enquirers. The legal basis for the data processing is then Art. 6 para. 1 lit. f DSGVO.
4. Applications
You have the option of applying via our website in the Jobs section. For this purpose, we collect personal data from you, including in particular your name, CV, letter of application and other content provided by you. For the selection of our applications, we use a service provider who, in accordance with the legal requirements for order processing, is solely bound by instructions to act on our behalf. Your personal application data will only be processed for purposes related to your interest in current or future employment with us and the processing of your application. Your online application will only be processed and noted by the relevant contact persons at our company. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. If we are unable to offer you employment, we will retain the data you have submitted for up to six months after the end of the application process for the purpose of answering questions relating to your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence or if you have expressly consented to longer storage.
The legal basis for the collection of data is Section 26 Paragraph 1 Sentence 1 BDSG. If we store your applicant data for longer than six months and you have expressly consented to this, we would like to point out that this consent can be freely revoked at any time in accordance with Art. 7 para. 3 DSGVO. Such a revocation does not affect the lawfulness of the processing that was carried out on the basis of the consent until the revocation.
5.Cookies
We use cookies and similar technologies ("cookies") on our website. Cookies are small data sets that are stored by your browser when you visit a website. This identifies the browser you are using and can be recognised by web servers. You have full control over the use of cookies through your browser. You can delete the cookies in the security settings of your browser at any time. You can object to the use of cookies through your browser settings in principle or for specific cases.
The use of cookies is partly technically necessary for the operation of our website and thus permissible without the user's consent. In addition, we may use cookies to offer special functions and content as well as for analysis and marketing purposes. These may also include cookies from third-party providers (so-called third party cookies). We only use such technically unnecessary cookies with your consent in accordance with Section 25 (1) TTDSG and, where applicable, Article 6 (1) a DSGVO. Information on the purposes, providers, technologies used, data stored and the storage period of individual cookies can be found in the cookie settings of our Consent Management Tool.
6. Consent Management Tool
This website uses a Consent Management Banner to control cookies. The consent banner enables the users of our website to give consent to certain data processing procedures or to revoke a given consent. By confirming the "I accept" button or by saving individual cookie settings, you consent to the use of the associated cookies. The legal basis under data protection law is your consent within the meaning of Art. 6 (1) a DSGVO.
In addition, the banner helps us to be able to provide evidence of the declaration of consent. For this purpose, we process information about the declaration of consent and further log data about this declaration. Cookies are also used to collect this data.
The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis results from our legal obligation to document your consent (Art. 6 para. 1 letter c in conjunction with Art. 7 para. 1 DSGVO).
7.Google Analytics
We use the Google Analytics service of the provider Google Ireland Limited (Google Ireland/EU) on our website.
Google Analytics is a web analytics service that allows us to collect and analyse data about the behaviour of visitors to our website. Google Analytics uses cookies for this purpose, which enable an analysis of the use of our website. This involves processing personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about interaction with our website.
Some of this data is information stored in the terminal device you are using. In addition, further information is also stored on your end device via the cookies used. Such storage of information by Google Analytics or access to information already stored in your terminal device will only take place with your consent.
Google Ireland will process the data thus collected on our behalf in order to evaluate the use of our website by users, to compile reports on the activities within our website and to provide us with further services related to the use of our website and the use of the Internet. In doing so, pseudonymous user profiles can be created from the processed data.
The setting of cookies and the further processing of personal data described here takes place with your consent. The legal basis for the data processing in connection with the Google Analytics service is therefore Art. 6 (1) a DSGVO. You can revoke this consent via our Consent Management Tool at any time with effect for the future.
The personal data processed on our behalf to provide Google Analytics may be transferred to any country in which Google Ireland or Google Ireland's sub-processors maintain facilities. The legal basis for this transfer is the standard contractual clauses for the transfer of personal data to third countries pursuant to Art. 46 para. 2 lit. c DSGVO.
We only use Google Analytics with IP anonymisation activated. This means that the IP address of the user is shortened by Google Ireland within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The IP address transmitted by the user's browser is not merged with other data.
You can permanently object to cross-device tracking by deactivating personalised advertising in your Google account; follow this link: https://www.google.com/settings/ads/onweb/
For further information on the use of data for advertising purposes, please see Google's privacy policy at: www.google.com/policies/technologies/ads/
8. Meta Pixel
We use the Meta Pixel, a meta business tool of Meta Platforms Ireland Limited (Meta Platforms Ireland Ltd./EU) on our website. Information on the contact details of Meta Platforms Ireland Ltd. and the contact details of the data protection officer of Meta Platforms Ireland Ltd. can be found in the data policy of Meta Platforms Ireland Ltd. at https://www.facebook.com/about/privacy.
The meta pixel is a JavaScript code snippet that allows us to track the activity of visitors to our website. This tracking is called conversion tracking. For this purpose, the meta pixel collects and processes the following information (so-called event data):
-
Information about the actions and activities of visitors to our website, such as searching for and viewing a product or purchasing a product;
-
Specific pixel information such as the pixel ID and the Facebook cookie;
-
Information about buttons clicked by visitors to the website;
-
Information present in the HTTP headers such as IP addresses, web browser information, page location and referrer;
-
Information about the status of disabling/restricting ad tracking.
Some of this event data is information stored in the device you are using. In addition, cookies are also used via the meta pixel, via which information is stored on your end device used. Such storage of information by the Facebook pixel or access to information that is already stored in your end device only takes place with your consent in accordance with § 25 para. 1 TTDSG.
The event data collected via the meta pixel is used for targeting our ads and improving ad delivery on meta products such as the social media platforms Facebook and Instagram, personalising features and content, and improving and securing meta products. For this purpose, the event data collected on our website by means of the meta pixel is transmitted to Meta Platforms Ireland Ltd. This collection and transmission of event data is carried out by us and Meta Platforms Ireland Ltd. as jointly responsible parties. We have entered into a joint controller processing agreement with Meta Platforms Ireland Ltd. which sets out the allocation of data protection obligations between us and Meta Platforms Ireland Ltd. In this agreement, we and Meta Platforms Ireland Ltd have agreed, among other things,
-
that we are responsible for providing you with all information pursuant to Art. 13, 14 DSGVO regarding the joint processing of personal data;
-
that Meta Platforms Ireland Ltd is responsible for enabling data subjects' rights under Art. 15 to 20 GDPR in respect of personal data held by Meta Platforms Ireland Ltd following joint processing.
You can access the agreement concluded between us and Meta Platforms Ireland Ltd. at https://www.facebook.com/legal/controller_addendum.
Meta Platforms Ireland Ltd. is the sole responsible party for the subsequent processing of the submitted Event Data. For more information about how Meta Platforms Ireland Ltd. processes personal data, including the legal basis on which Meta Platforms Ireland Ltd. relies and how you can exercise your rights against Meta Platforms Ireland Ltd. please see Meta Platforms Ireland Ltd.'s Data Policy at https://www.facebook.com/about/privacy.
Meta Platforms Ireland Ltd. is the sole data controller for the subsequent processing of the transferred event data. For more information on how Meta Platforms Ireland Ltd processes personal data, including the legal basis on which Meta Platforms Ireland Ltd relies and how you can exercise your rights against Meta Platforms Ireland Ltd, please see Meta Platforms Ireland Ltd's Data Policy at https://www.facebook.com/about/privacy.
We have also engaged Meta Platforms Ireland Ltd. to report on the impact of our advertising campaigns and other online content based on the event data collected through the Meta Pixel (Campaign Reports) and to provide analysis and insights about users and their use of our website, products and services (Analytics). We transfer personal data contained in the Event Data to Meta Platforms Ireland Ltd. The transferred personal data is processed by Meta Platforms Ireland Ltd. as our processor to provide us with the campaign reports and analytics.
The collection and transfer of personal data by us to Meta Platforms Ireland Ltd. and the processing of personal data by Meta Platforms Ireland Ltd. for the purpose of providing analytics and campaign reports will only take place if you have given your prior consent. The legal basis for the processing of personal data is therefore Art. 6 (1) a DSGVO.
The data processed on our behalf is transmitted by Meta Platforms Ireland Ltd. to Meta Platforms, Inc. in the USA. Meta Platforms Ireland Ltd. transfers the data to Meta Platforms, Inc. on the basis of processor-to-processor standard contractual clauses, but reserves the right to use an alternative transfer method recognised by the GDPR and other applicable data protection laws in the European Economic Area, the United Kingdom and Switzerland.
III. Data processing on our social media pages
We are represented on several social media platforms with a company page. Through this, we would like to offer further opportunities for information about our company and for exchange. Our company has company pages on the following social media platforms:
-
LinkedIn
-
Xing
-
Facebook
-
Instagram
When you visit or interact with a profile on a social media platform, personal data about you may be processed. Information associated with a social media profile used also regularly constitutes personal data. This also covers messages and statements made while using the profile. In addition, during your visit to a social media profile, certain information is often automatically collected about it, which may also constitute personal data.
1. Visit our LinkedIn company page
LinkedIn Ireland Unlimited Company (Ireland/EU - "LinkedIn") is the sole controller of personal data when you visit our LinkedIn page. For further information about the processing of personal data by LinkedIn, please visit https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
When you visit, follow or engage with our LinkedIn company page, LinkedIn processes personal data to provide us with anonymised statistics and insights. This provides us with insights into the types of actions that people take on our page (so-called page insights). For this purpose, LinkedIn processes in particular such data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, e.g. whether you are a follower of our LinkedIn company page. With Page Insights, LinkedIn does not provide us with any personal data about you. We only have access to the aggregated Page Insights. It is also not possible for us to draw conclusions about individual members using the information in the Page Insights. This processing of personal data in the context of Page Insights is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our LinkedIn company page and to improve our company page based on these insights. The legal basis for this processing is Article 6(1)(f) DSGVO. We have entered into a joint controller agreement with LinkedIn which sets out the allocation of data protection obligations between us and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. Accordingly, the following applies:
-
LinkedIn and we have agreed that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can contact LinkedIn online via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or contact LinkedIn via the contact details in the Privacy Policy. You can contact the Data Protection Officer at LinkedIn Ireland via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You may also contact us at our contact details provided about exercising your rights in relation to the processing of personal data in the context of Page Insights. In such a case, we will forward your request to LinkedIn.
-
LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see at www.dataprotection.ie) or any other supervisory authority.
Please note that under LinkedIn's privacy policy, personal data may also be processed by LinkedIn in the US or other third countries. LinkedIn only transfers personal data to countries for which an adequacy decision has been issued by the European Commission in accordance with Article 45 of the GDPR or on the basis of appropriate safeguards in accordance with Article 46 of the GDPR.
2.Comments and Direct Messages
We also process information that you have provided to us via our company page on the respective social media platform. Such information may be the username used, contact details or a message to us. These processing operations are carried out by us as the sole data controller. We process this data on the basis of our legitimate interest in contacting people who make enquiries. The legal basis for the data processing is Art. 6 para. 1 letter f DSGVO. Further data processing may take place if you have consented (Art. 6 para. 1 lit. a DSGVO) or if this is necessary for the fulfilment of a legal obligation (Art. 6 para. 1 lit. c DSGVO).
Status: January 2022