Data protection

The responsible person for the purpose of GDPR is:

TCM-Clinik Bad Kötzting,
First german clinic for traditional Chinese medicine GmbH
Anton Staudinger
Ludwigstr. 2
93444 Bad Kötzting
Tel.: +499941/609-100
E-Mail: klinik@tcm.info
Each affected person is allowed to ask and have suggestions for our data protection commissioner and can directly contact him with those.

1. General data processing
The security of your Data is of uttermost importance to us. We’ve put secure measures in, that your Data should be secured against Data loss, destruction, falsification, manipulation and unauthorized access. In the next few points we indicate what Data we gather and what we use it for.

1.1 Scope of processing of personal Data:
We gather and use personal Data of users only to allow a functioning homepage. We gather this information first after the consent of the users. An exception applies to cases in which prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

1.2 Legal basis for the processing of personal Data:
As long as we don’t obtain the consent of the data subject for processing of personal data, the legal basis based on Art. 6(1) lit. a GDPR for the processing of personal data will be applied.

To the extent that processing of personal data is required to fulfil a legal obligation that governs our business, the legal basis based on Art. 6(1) lit. c GDPR will be applied.

In the event that vital interests of the affected user are needed to process their personal data, the legal basis based on Art. 6(1) lit. d GDPR will be applied.

Processing Data could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing Data which are not covered by any of the above mentioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data subject which require protection of personal Data.

1.3 Deletion and storage time of Data:
The deletion of personal Data of an affected person will be deleted after its use of storage time ends. Storage of Data can be influenced by European or national laws, in which the responsible host is affected by. Deletion of Data is also applied if a storage period prescribed by the named standards expires, unless there is a need for a contract and its success.

2. Provision of the homepage and creation of log files
2.1 Scope and description of Data usage:
With each visit of our Website, our webservice will collect Data automatically from your computer system.

Following Data is gathered:

(1) Information which webbrowser is used by the user
(2) The operating system of the user
(3) The IP address of the user
(4) Date and time of the access
(5) Websites, from which the user system gets to our homepage
(6) Websites which the user visits on our homepage

These Data will also be saved in log files.

2.2 Legal basis for Data processing:
Legal basis for the temporarily storage of Data in log files is based on Article 6(1) lit. f GDPR.

2.3 Usage of the Data processing:
The storage of log files is needed for allowing a functionating homepage.
In addition the Data is used for optimizing and securing of our websites. The analysis of anonymous records remains reserved.

Also for this usage our interest lies in the legal basis based on Article 6(1) lit. f GDPR.

2.4 Duration of the storage:
Once we’ve no use anymore for the Data, it will be permamently deleted. In case for gathering Data for providing our homepage, that Data will be removed after the session is ended.

2.5 Objection and removal possibilities:
It is required for us to gather Data and store it in log files, to be able to provide our Homepage. There is no way for the user to object to this.

3. Usage of Cookies
3.1 Description and scope of the Data processing:
Our homepage is using Cookies. Cookies are used to store information on the users device. These can be retrieved from our system, once it will be asked to do so. With the Cookies the user can customize a website to his likings, like changing the language, font size or similar.

Our homepage stores following Data in Cookies:

(1) Date of creation of the Cookie
(2) If the data protection has been accepted

The creation of this Data will be encrypted for the user. This is to ensure that there is no way of assigning the Data to a visitor. It also doesn’t save any personal Data of the user.

Once our homepage is visited, there will be an info popup at the bottom that the user has to accept for the usage of Cookies and our data protection. Further down we also note the possibility of disabling those.

3.2 Legal basis for Data processing:
Legal basis for the Data processing is based on Article 6(1) lit. f GDPR.
Legal basis for the processing of personal Data with usage of Cookies to guarantee functionating websites, with the consent of the user, is based on Article 6(1) lit. a GDPR.

3.3 Usage of the Data processing:
The intent of usage of Cookies is, to make it easier for visitors of our homepage. Some functions might not be able to be recognized if we don’t use Cookies, for those it is important that the webbrowser is identified again after swapping websites.

Following application requires the usage of Cookies:

(1) Info popup for Cookie usage and data protection

3.4 Duration of the storage, objections and removal possibilities:
Cookies are transmitted from our server and are saved locally on the users device, which has full control of the usage of the Cookies. The user can at any time delete his Cookies or even automated it via his settings. It is also possible to completely disable the usage of Cookies in the users webbrowser settings, note though that the disabling of Cookies will have negative side effects of our website not working completely correct anymore.

4. Contact form and E-Mail contact
4.1 Description and scope of Data processing:
We offer a contact form on our homepage, which is used for an electronic contact oppurtinity. If the user decides to use this contact form, the Data that he entered in the form will be sent to us and stored. Following Data will be sent and stored by us:

(1) Full name of the user
(2) Address details of the user
(3) Telephone/Fax number of the user
(4) E-Mail address of the user

The consent will be gotten before sending the filled out form by ticking a checkbox, which also links to this data protection.

There is also the possibility of contacting us through E-Mail. In this case the transmitted personal Data over E-Mail will be stored by us.

We will not give the received Data to any third party. The Data is only used for the processing of the conversation.

4.2 Legal basis for Data processing:
Legal basis for the processing of Data, with the consent of the user, is based on Article 6(1) lit. a GDPR.

Legal basis for the processing of Data, for sending E-Mails, is based on Article 6(1) lit. f GDPR. If the E-Mail contact is needed for the finishing of a contract, the legal basis is based on Article 6(1) lit. b GDPR.

4.3 Purpose of Data processing:
The processing of personal Data that was sent to us through the form is only used for contact reasons. In case we were contacted by E-Mail, this also applies.
The rest of the processed personal Data that we receive is used against abuse and to help our security.

4.4 Duration of storage:
The Data will be ereased once its use is up. In case of the contact form and the personal Data we receive, will be deleted, once our conversation with the user is finished. The conversation is finished, once the questioned topic is completely worked out.

The rest of the processed personal Data that we receive will be deleted after maximum 7 days.

4.5 Objections and removal possibilities:
The user has always the oppurtinity to object the consent for processing of Data that is used in our conversations. If the user gets in contact with us per E-Mail to object the conversation we had so far and the storage of it, we won’t be able to finish our conversation with said user.

We will send the user a description of how the objection of the consent against the storing of Data possible is. In case of requesting of the deletion, the personal Data will be removed from our end.

5. Sharing personal Data to third party
5.1 Usage of Services/Webfonts:
Scope of processed personal Data:
Partly we use different services from Google. There will be a direct connection between the User and the service in the United States of America, which will contain information about the IP address and the visited site. Because of the direct connection, we do not have any influence which Data will be stored and can only inform the User about it.

We do not share any of your personal Data that we store with any other third party.

Usage of Google Analytics:
This website uses Google Analytics, a Webanalystic service from the company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (In short: “Google”). Google Analytics uses the already explained in 3.1 so called “Cookies”, which are saved on your device and allow an analysis of the usage of websites for Google. The information generated by the Cookies with the usage of the Website, are usually saved on a server from Google in the United States of America. Google shortens the IP address in Europe for anonymizing reasons and only in very rare cases will be the whole IP address transmitted and then shortened. On behalf of the host of this homepage, Google will use this information to analyse the usage of the website, get reports of the activity and to provide other services related to website and internet usage to the website host. The transmitted IP address from your webbrowser will not be added to other Data from Google.
The usage of Data processing is used for analying and gerating reports over the activity oft he webiste. Based on the use of the website and the Internet, other related services will be provided.
https://www.google.com/analytics/terms/us.html

Usage of Google Webfonts:
We use the service Google Fonts to display some fonts correctly. Google Fonts is provided by Google LLC (“Google”). The usage of this service is called by a connection to a server, most commonly a server from Google in the United States of America. There will be data transmitted, which website you visited, including the IP address of your device and will be stored by Google.
More information can be found here: https://policies.google.com/privacy?hl=en

Google Maps:
Our homepage uses Google Maps to display where our location is. Google Maps is a service from Google LLC (“Google”) in the USA. With the usage of our site you consent the usage of your Data that is typed into the service Google provides.

The terms of use for Google Maps can be found here: http://www.google.com/intl/en_en/help/terms_maps.html

Detailed information about Google’s data protection can be found here: http://www.google.de/intl/en/privacy or
http://www.google.de/intl/en/privacy/privacy-policy.html

5.2 Legal basis for Data processing:
Legal basis for the Data processing of web services is based on Article 6(1) lit. f GDPR.

5.3 Duration of storage:
We do not store any Data that is transmitted to the listed third party in 5.1
If the user wants his Data removed by the company listed in 5.1, he will have to contact the company that has the Data.

5.4 Objections and removal possibilities:
To object any Data collection or get the Data removed that is stored, please contact one of the third companies listed in 5.1

6. Rights of the affected user
If there is personal Data of you processed, you as the user are affected by accordance of GDPR and have the following rights towards the host of the homepage:

6.1 Right of information:
You can always demand information about if we currently process any Data that is regarding you. If there is Data being processed about you, you can demand following information:

(1) the usage of the Data processing;
(2) the category of personal Data that is being processed;
(3) the person who received it, or the category of receivers, who read the personal Data or will see the Data;
(4) the planned duration of storage; or if there is no concrete time range, criteria of the duration;
(5) the right of fixing errors or removal of personal Data that affects you, the right of limitation of the processing of the hosts or even object the processing completely;
(6) the right of appeal to a supervisory authority;
(7) all information of the source of the Data, if the personal Data is not created by the affected user;
(8) the existence of automated decision making including profiling according to Art. 22(1) and 4 from GDPR and – only in these cases - meaningful information about the logic involved, and the scope and intended impact of such processing of the affected person. You have the right to request information about whether your personal information relates to a third country or an international organization. In this connection, you can request the appropriate guarantees in accordance with. Art. 46 GDPR in connection with the transfer.

6.2 Right for correction:
You got the right for correction or fixing towards the host, in case the processed personal Data, which is affecting you as the user, are incorrect or not completely filled out. The host has to immediately fix the requests.

6.3 Right for restricting the processing of personal Data:
With the following requirements you can request a restriction of processing your personal Data:

(1) if you contest the accuracy of your personal information for a period of time that enables the host to verify the accuracy of your personal information;
(2) the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
(3) the host no longer requires personal data for the purposes of processing, but you need them to assert, execute or defend legal claims, or
(4) if you have objected to the processing based on Art. 21(1) GDPR and has not yet been determined, whether the legitimate reasons of the hoster outweigh your reasons.
If the processing of your personal data has been restricted, this data may be used – excluding from its storage - be processed only with your consent or to assert, execute or defend legal claims or protect the rights of another legal person or for reasons of major public interest of the Union or of a Member State. If the limitation of the processing after the listed above conditions are restricted, you will be informed by the person in charge before the restriction is lifted.

6.4 Right for deletion
6.4 a) Deletion obligations:
You can request from the host, that the personal Data needs to be immediately deleted and the host is required to immed iately delete them if one of the following reasons are met:

(1) Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent to the processing according to Art. 6(1) lit. a or Art. 9(2) lit. GDPR and there is no other legal basis for processing.
(3) In accordance with Art. 21(1) GDPR, you object to the processing and there are no prior justifiable reasons for the processing, or you submit an (According to. Art. 21(2) GDPR) opposition to the processing.
(4) Your personal data has been processed unlawfully.
(5) The deletion of personal data concerning you is required to fulfill a legal obligation under Union law or the law of the Member States to which the host is subject.
(6) The personal data concerning you were collected in relation to information society services, according to Art. 8(1) GDPR.

6.4 b) Information to third party:
If the host has made the personal data concerning you public (According to Article 17(1) of the GDPR), the host shall take appropriate measures, taking into account the available technology and the costs of implementation, also of a technical nature, to inform Data hosts who process the personal Data that you, as the affected user, have requested that you delete any links to such personal Data, copies or replications.

6.4 c) Exclusions:
The right of deletion does not happen, if one of the following points is required:

(1) to execute the right of freedom of expression and information;
(2) to fulfill a legal obligation required by the law of the Union or of the Member States to which the host is subject, or to carry out a task of public interest or in the execution of official authority conferred on the host;
(3) for reasons of public interest in the field of public health according to Art. 9(2) lit. h, Art. 9(2) lit. i and Art. 9(3) GDPR;
(4) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes according to Article 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
(5) to assert, execute or defend legal claims.

6.5 Right to informing:
Have you asserted the right of rectification, deletion or limitation of the processing to the host responsible, he is obliged to provide to all recipients to whom the personal data concerning you have been disclosed, to notify this rectification or deletion of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have a right to the host responsible to be informed about these recipients.

6.6 Right for Data portability:
You the affected user have the right, to receive the personal Data from the host in a structured, common and machine-readable format. Additionally you got the right that this Data can be transmitted to another third party person, as long as the following rules are met:

(1) the processing on a consent according to Art. 6(1) lit. a GDPR or Art. 9(2) lit. a GDPR or on a contract according to Art. 6(1) lit. b GDPR is based and
(2) the processing is done using automated procedures. In executing this right, you also have the right to obtain that your personal data relating to you are transmitted directly from one person to another, in so far as this is technically doable. Freedoms and rights of other persons may not be affected. The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the execution of official authority delegated to the host.
6.7 Right to objection:
You have the right at any time, for reasons arising out of your particular situation, to prevent the processing of personal data concerning you, which, according to Art. 6(1) lit. e or Art. 6(1) lit. f GDPR, takes an objection; this also applies to profiling based on these provisions. The host will no longer process the personal data concerning you the user unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, executing or defending legal claims. If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling in so far as it is associated with such direct advertising. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes. You have the opportunity in connection with the use of information society services – excluding Directive 2002/58/EG – to execute your right of opposition by means of automated procedures using technical specifications.

6.8 Right to revocation of the data protection consent declaration:
You the user have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

6.9 Automated decision on an individual basis including profiling:
You as the user have the right not to be subjected to a decision based solely on automated processing – including profiling – that will have legal effect or similarly affect you in a similar manner. This does not apply, if the following decision has been met:

(1) is required for the conclusion or performance of a contract between you and the host,
(2) is permissible on the basis of Union or Member State legislation to which the controller is subject, and that legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or
(3) with your express consent.
However, these decisions may not be based on particular categories of personal data under Art. 9(1) GDPR unless Art. 9(2) lit. a or Art. 9(2) lit. g and reasonable measures have been taken to protect the rights and freedoms and your legitimate interests. With regard to the cases referred to in (1) and (3), the host responsible shall take appropriate measures to uphold the rights and freedoms and their legitimate interests, including at least the right to obtain the intervention of a person by the host, to express his / her own position and heard on challenge of the decision

6.10 Right to complain to a supervisory authority:
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of its residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you the user is against the GDPR violates. The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy according to Article 78 of the GDPR.