Privacy Policy

I. Person responsible

Responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the:

HASOMED GmbH

Paul-Ecke-Strasse 1

39114 Magdeburg

Phone: 0049 391 62 30 112

Website: www.hasomed.de

II. Name and address of the data protection officer

Data Protection Officer:

Mr. Dipl.-Ing. Matthias Kunert

cubeoffice GmbH & Co KG

Fichtestrasse 29a

39112 Magdeburg

E-mail: datenschutz@hasomed.de

Website: www.hasomed.de/datenschutz

III. General information on data processing

Description and scope of data processing
Each time the website is accessed, data and information are automatically retrieved from the computer system of the accessing device.

The following data is collected:

Information about the browser type and version used
Operating system of the user
Internet service provider of the user
IP address of the user
UUID (Universal Unique Identifier)
Geo IP location
Date and time of access
Websites from which the user's system accesses the website
Internet pages that are accessed by the user's system via the website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. The data consists of:

Information about the page from which the website was accessed
Name of the file
Date and time of the call
Amount of data transferred
Access status (file not transferred / transferred)
Browser type
IP address of the requesting computer

Legal basis for data processing
The legal basis for the temporary storage of data and log files is Article 6(1)(e) GDPR.

Purpose of data processing
Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of the information technology systems.

Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest. Data is not stored beyond this period.

IV. Tools and services used

AnyDesk

The AnyDesk tool is used for technical support and remote maintenance.

Legal basis for the processing of personal data
Data processing is carried out on the basis of the user's consent in accordance with Art. 6 para. 1 lit. a GDPR. This is based on a contract for commissioned data processing (DPA contract) between the user and HASOMED GmbH. The DPA contract can be concluded under the following link: https://hasomed.de/datenschutz/

Purpose of data processing

Remote maintenance
Technical support

Possibility of objection and removal
Consent that has already been granted can be revoked at any time. An informal notification by e-mail is sufficient for the revocation. The legality of the data processing operations already carried out remains unaffected by the revocation.

Duration of storage
The data is stored until the end of the respective session.

AWS Cloudfront

We use the "Cloudfront" service. Provider Amazon Web Services Inc, 410 Terry Avenue North, Seattle, WA 98109-5210 (hereinafter referred to as "AWS Cloudfront").

AWS-Cloudfront offers a globally distributed content delivery network with DNS. Technically, the information transfer between your browser and our website is routed via the AWS-Cloudfront network. This enables AWS Cloudfront to analyze the traffic between your browser and our website and to act as a filter between our servers and potentially malicious traffic from the Internet. AWS Cloudfront may also use cookies or other technologies to recognize Internet users, but these are used solely for the purpose described here.

The use of AWS Cloudfront is based on our legitimate interest in providing our website as errorfree and secure as possible (Art. 6 para. 1 lit. f GDPR).

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/

Further information on security and data protection at AWS Cloudfront can be found here: https://aws.amazon.com/de/data-protection/

You can find the current privacy policy of Amazon Web Services at: https://aws.amazon.com/de/privacy/

Amazon is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data. You can find more information on this at https://www.dataprivacyframework.gov/s/participant-search

Bing Ads

This website uses Bing Ads. Bing Ads is an online advertising program of Microsoft Corporation, One Microsoft Way, Redmond WA 94043, USA ("Microsoft"). As part of Microsoft Bing Ads, we use what is known as conversion tracking. When you click on an ad placed by Bing, a cookie is set for conversion tracking. Cookies are small text files that the Internet browser stores on the user's computer. These cookies lose their validity after 30 days and are not used to personally identify the user. If the user visits certain pages of this website and the cookie has not yet expired, Microsoft and we can recognize that the user clicked on the ad and was redirected to this page. Each Microsoft Bing Ads customer receives a different cookie. The cookies cannot be tracked via the websites of Bing Ads customers. The information collected using the conversion cookie is used to generate conversion statistics for Bing Ads customers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in tracking, you can object to this use by easily deactivating the Bing Ads conversion tracking cookie via your Internet browser under user settings. You will then not be included in the conversion tracking statistics. "Conversion cookies" are stored on the basis of Article 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.

You can find more information about Microsoft Bing Ads in Microsoft's privacy policy: https://privacy.microsoft.com/de-de/privacystatement.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

Chatbot

Our chatbot platform ensures secure use through an encrypted Hypertext Transfer Protocol Secure (HTTPS) connection. We use comprehensive state-of-the-art technical and organizational security measures to protect personal data from unauthorized data access, such as access by unauthorized third parties.

Our chatbot uses OpenAI's GPT-4 model to respond to requests and communicate with users. https://openai.com/policies/data-processing-addendum

Scope of the processing of personal data

Text-based dialog system:
- Questions can be asked or concerns communicated here in natural language. The automatic response is based on text analysis and machine learning.
- The input and processing of personal data is not necessary and not required for the use of the chat bot.

Important notes on personal data:

Personal data, such as name, address or telephone number, is only collected and stored if you provide it to us voluntarily. This may be the case, for example, when using the contact options for HASOMED.

We attach great importance to the protection of your data and take all necessary measures to safeguard your privacy. If you have any questions about the processing of your personal data, please do not hesitate to contact us.

Provision of the chatbot and creation of log files

In order to enable the delivery of the chatbot to the user's computer and for the continuous optimization of our chatbot, data is automatically stored on the servers of our IT service provider during use.

The information stored includes

- Date and time of access
- Complete history of the interaction with the chatbot

No personal data is requested or required for the use of the chatbot. The recorded chat histories are used exclusively for the continuous improvement of the chatbot.

The legal basis for storing the log files is Article 6(1)(e) GDPR in conjunction with § SECTION 3 BDSG.

The collection and storage of data for the provision of the chatbot and the log files is absolutely necessary for its operation.

To object to the collection and storage of inadvertently or deliberately entered personal data or to delete it, you must contact us. When contacting us, please enter the relevant data in order to carry out a deletion. As the chatbot automatically processes user input and does not request any personal data, only the user can know whether and what data has been collected.

Use of cookies

Our chatbot uses cookies for technical operation. These small text files are stored on your computer and saved by your browser.

When the chatbot is called up, a session cookie is used to ensure that the visitor remains on the same server during their session. Session cookies remain in place for two hours after the last message and are then automatically deleted.

This cookie does not collect any personal data or IP addresses. Most browsers accept cookies automatically, but can be set to reject cookies or notify you when cookies are sent.

Deactivated cookies can lead to limited usability of the chatbot.

The legal basis for the temporary storage of data is Art. 6 para. 1 lit. e GDPR.

Cidaas account

When using our "cidaas account" service (e.g. via user registrations or account management), the minimum personal data required to provide the service is requested and stored. The underlying service - product name "cidaas" - is provided by our processor Widas ID GmbH, Maybachstraße 2, 71299 Wimsheim, Germany. You can find further information on this at https://www.cidaas.com/de/datenschutzhinweise/

Cloudflare

On our website we use a so-called Content Delivery Network ("CDN") of the technology service provider Cloudflare Inc, 101 Townsend St. San Francisco, CA 94107, USA ("Cloudflare"). A content delivery network is an online service that is used to deliver large media files (such as graphics, page content or scripts) through a network of regionally distributed servers connected via the Internet. The use of Cloudflare's content delivery network helps us to optimize the loading speed of our website. Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the secure and efficient provision and improvement of the stability and functionality of our website.

We have concluded an order processing agreement with Cloudfare (Data Processing Addendum, available at https://www.cloudflare.com/media/pdf/cloudflare-customer-dpa.pdf), which obliges Cloudfare to protect the data of our website visitors and not to pass it on to third parties.

User data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the EU-U.S. Data Privacy Framework (EU-US DPF). This provider has certified itself in accordance with the EU-US DPF and is therefore obliged to comply with European data protection principles. Details can be found here: https://www.dataprivacyframework.gov/s/participant-search

Further information can be found in Cloudflare's privacy policy at: https://www.cloudflare.com/privacypolicy/

Doubleclick

A web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: Doubleclick) is loaded on our website. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to Doubleclick. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. The legitimate interest lies in the error-free functioning of the website. The data is deleted as soon as the purpose of its collection has been fulfilled. Further information on the handling of the transferred data can be found in Doubleclick's privacy policy: https://policies.google.com/privacy

Your data may be transferred to the USA. There is an adequacy decision by the EU Commission for the USA, the EU-U.S. Data Privacy Framework (EU-US DPF). This provider has certified itself in accordance with the EU-US DPF and is therefore obliged to comply with European data protection principles. You can find details here: https://www.dataprivacyframework.gov/s/participant-search

You can prevent the collection and processing of your data by Doubleclick by deactivating the execution of script code in your browser or by installing a script blocker in your browser.

Duda Mobile Statistics

This website uses Duda Mobile Statistics to statistically analyze visitor access. The provider is Duda Mobile, 577 College Avenue, Palo Alto, CA 94306, USA. Duda Mobile Statistics uses cookies, which are stored on your computer and allow your use of the website to be analyzed. The information generated by the cookies about the use of our website is stored on servers in Europe and the USA. Your IP address is anonymized after processing and before storage. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of our website may be restricted. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Duda Mobile.

Further information on this can be found in Duda Mobile's privacy policy: https://www.dudamobile.com/legal/privacy.

Facebook

Description and scope of data processing
This website uses social plugins ("plugins") from the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The plugins can be recognized by one of the Facebook logos (white "f" on a blue tile, the terms "Like", "Gefällt mir" or a "thumbs up" sign) or are marked with the addition "Facebook Social Plugin". The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/. When a user accesses a website of this offer that contains such a plugin, their browser establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser, which integrates it into the website.

Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f GDPR.

with European data protection principles. You can find details here: https://www.dataprivacyframework.gov/s/participant-search

Purpose of data processing
HASOMED GmbH has no influence on the scope of the data that Facebook collects with the help of this plugin and therefore informs users according to the level of knowledge: By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the offer. If the user is logged in to Facebook, Facebook can assign the visit to their Facebook account. If users interact with the plugins, for example by clicking the Like button or leaving a comment, the corresponding information is transmitted directly from the browser to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to find out their IP address and store it. According to Facebook, only an anonymized IP address is stored in Germany. The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the relevant rights and setting options for protecting the privacy of users can be found in Facebook's data protection information: https://www.facebook.com/about/privacy/.

Duration of storage
HASOMED GmbH has no influence on the duration of storage by Facebook.

Possibility of objection and removal
If a user is a Facebook member and does not want Facebook to collect data about them via this website and link it to their membership data stored on Facebook, the user must log out of Facebook before visiting the website. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads.

Facebook Pixel

Description and scope of data processing
Furthermore, we use the so-called "Facebook pixel" of Facebook Inc ("Facebook") on our website. This allows users of our website to be shown interest-based advertisements ("Facebook ads") when they visit the Facebook social network or other websites that also use this process. Through the Facebook pixel, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our level of knowledge: By integrating the Facebook pixel, Facebook receives the information that you have clicked on an advertisement from us or called up the corresponding website of our Internet presence. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that the provider will find out and store your IP address and other identifying features. Information from the third-party provider: Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on- other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo.

Legal basis for the processing of personal data

The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f GDPR.

Purpose of data processing
By using the Facebook pixel, we pursue the purpose of displaying Facebook ads placed by us only to those Facebook users who have also shown an interest in our website. With the help of the Facebook pixel, we want to ensure that our Facebook ads correspond to the potential interest of users and are not annoying. We can also use the Facebook pixel to track the effectiveness of Facebook ads for statistical purposes by seeing whether users have been redirected to our website after clicking on a Facebook ad.

Duration of storage

HASOMED GmbH has no influence on the duration of storage by Facebook.

Possibility of objection and removal
You can object to the use of the Facebook pixel at any time by using the following opt-out option: Delete cookies manually.

Google Analytics

Description and scope of data processing
HASOMED uses functions of the Google Analytics Suite (e.g. Google Analytics), i.e. web analysis services of Google Inc ("Google"). These services are offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. A transfer of your data to the USA cannot be ruled out. Google uses cookies (see V. Use of cookies). The information collected by cookies about the use of the online offer by users is usually transmitted to a Google server in the USA and stored there. Google will use this information on behalf of HASOMED GmbH to evaluate the use of the HASOMED online offer by users, to compile reports on the activities within this online offer and to provide HASOMED GmbH with further services associated with the use of this online offer and the use of the Internet. Pseudonymous user profiles can be created from the processed data. HASOMED GmbH only uses the Google Analytics suite with activated IP anonymization. This means that the IP address of users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by the user's browser will not be merged with other Google data. Further information: https://www.google.com/intl/de/policies/privacy/

Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f GDPR.

Purpose of data processing
This information is used to automatically recognize users on their next visit to HASOMED GmbH websites and to make navigation easier for them. Cookies make it possible, for example, to adapt a website to the user's interests or to save their password - according to their preferred settings - so that they do not have to enter it again. Of course, users can also view our website without cookies. The processing of users' personal data enables an analysis of their surfing behavior. The evaluation of the data obtained enables HASOMED GmbH to compile information about the use of the individual components of the website. This helps to continuously improve the website and its user-friendliness. By pseudonymizing the IP address, the interest of users in the protection of their personal data is adequately taken into account.

Duration of storage

The data is deleted as soon as it is no longer required for recording purposes.

Possibility of objection and removal
Users can prevent the storage of cookies by selecting the appropriate settings in the browser software they are using. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the online offer and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. The deactivation of Google Analytics is available for the browser types Internet Explorer, Google Chrome, Mozilla Firefox Apple Safari and Opera. Users can prevent tracking (opt-out) by clicking on the link: https://developers.google.com/analytics/devguides/collection/gajs/#disable

Google My Business

Description and scope of data processing
The Google My Business button can be used to publish information worldwide. The Google My Business button allows you and other users to receive personalized content from Google and its partners. Google stores both the information given for Google My Business content and information about the page viewed when clicking on Google My Business. User contributions via Google My Business can be displayed as references together with the user's profile name and photo in Google services, for example in search results or in the user's Google profile, or in other places on websites and advertisements on the Internet. Google records information about Google My Business activities in order to improve Google services for you and others. In order to use the Google My Business button, a globally visible, public Google profile is required, which must contain at least the name chosen for the profile. This name is used in all Google services. In some cases, this name can also replace another name that the user has used when sharing content via their own Google account. The identity of a Google profile can be displayed to users who know the user's e-mail address or have other identifying information about this user.

Legal basis for the processing of personal data

The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f GDPR.

Purpose of data processing
In addition to the purposes described above, the information provided by the user is used in accordance with the applicable Google data protection provisions. Google may publish summarized statistics about the Google My Business activities of users or pass them on to users and partners, such as publishers, advertisers or associated websites.

Duration of storage

The data is stored until the user deletes their account with Google. Although the personal data is removed, the posts themselves remain unaffected.

Google Photos

We use the Google Photos image service for the integration of image galleries. By using this service, the user's IP address is not transmitted to Google, as we use a proxy that instead transmits the IP address of the server to the provider Google Inc (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Further information on the handling of user data can be found in Google's privacy policy: https://www.google.de/intl/de/policies/privacy/.

Google is an active participant in the EU-U.S. Privacy Shield Framework, which regulates the correct and secure transfer of personal data. You can find more information on this at https://www.dataprivacyframework.gov/s/participant-search

Google Tag Manager

We use Google Tag Manager from Google Inc (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) for our website. This service allows website tags to be managed via an interface. The Google Tag Manager itself does not set cookies but only tags and does not collect any personal data. The service triggers other tags, which in turn may collect data. However, Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data. You can find more information on this at https://www.dataprivacyframework.gov/s/participant-search

Google Webfonts

External fonts, Google Fonts, are used on this website. Google Fonts is a service provided by Google Inc ("Google"). These web fonts are integrated by a server call, usually a Google

server in the USA. This tells the server which of our web pages you have visited. The IP address of the browser of the end device of the visitor to this website is also stored by Google. You can find more information in Google's privacy policy, which you can access here: www.google.com/fonts#AboutPlace:about www.google.com/policies/privacy/

Gravatar

We use the Gravatar service of Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA, within our online offering.

Gravatar is a service where users can register and store profile pictures and their email addresses. If users leave posts or comments on other online presences (especially in blogs) with the respective e-mail address, their profile pictures can be displayed next to the posts or comments. For this purpose, the email address provided by users is transmitted to Gravatar in encrypted form for the purpose of checking whether a profile is stored for it. This is the sole purpose of transmitting the email address and it will not be used for any other purpose, but will be deleted afterwards.

By displaying the images, Gravatar learns the IP address of the user, as this is necessary for communication between a browser and an online service. Further information on the collection and use of data by Gravatar can be found in Automattic's privacy policy: https://automattic.com/privacy/.

If users do not want a user picture linked to their e-mail address at Gravatar to appear in the comments, they should use an e-mail address that is not stored at Gravatar to comment. We would also like to point out that it is also possible to use an anonymous e-mail address or no e-mail address at all if users do not wish their own e-mail address to be sent to Gravatar. Users can completely prevent the transfer of data by not using our comment system.

Automattic is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data. You can find more information about this at https://www.dataprivacyframework.gov/s/participant-search

IONOS SE MyWebsite

We use the mywebsite-editor.com service for the functionality of our website. This is a service provided by IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany, hereinafter referred to as "mywebsite-editor".

Due to the integration of mywebsite-editor, your Internet browser loads a mandatory Java script code from the mywebsite-editor server to display the content of our website. As a result, mywebsite-editor becomes aware that our website has been accessed via your IP address. At the same time, a so-called session cookie is stored on your end device via your Internet browser.

The legal basis for data processing is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the presentation of a uniform and appealing presentation of our website.

To prevent mywebsite-editor from executing the JavaScript code and thus the collection and processing of your data, you can install a so-called JavaScript blocker, such as noscript.net or ghostery.com. You can also deactivate the execution of the Java Script code in the settings of your Internet browser.

If you do not agree to the processing of cookies, you also have the option of preventing the storage of cookies by changing the settings in your Internet browser. You can find more information on this above under "Cookies".

IONOS Web Analytics

This website uses the analysis services of IONOS Webanalytics. The provider is IONOS SE, Elgendorfer Straße 57, D - 56410 Montabaur. As part of the analyses with IONOS, visitor numbers and behavior (e.g. number of page views, duration of a website visit, bounce rates), visitor sources (i.e. which page the visitor comes from), visitor locations and technical data (browser and operating system versions) can be analyzed.

For this purpose, IONOS stores the following data in particular:

Referrer (previously visited website)
requested website or
File Browser type and browser version
Operating system used
Device type used
Time of access
IP address in anonymized form (only used to determine the location of access)

According to IONOS, data collection is completely anonymized so that it cannot be traced back to individual persons. Cookies are not stored by IONOS Webanalytics. The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the statistical analysis of user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time. Further information on data collection and processing by IONOS-Webanalytics can be found at the following links: https://www.ionos.de/hilfe/datenschutz/datenverarbeitung-von-webseitenbesuchern-ih- res-11-ionos-produktes/webanalytics/

Description and scope of data processing
This website uses the buttons of the LinkedIn service. These buttons are provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. They can be recognized by terms such as "in", combined with a blue area with the white letters "in". With the help of the buttons, it is possible to share a post or page of this offer on LinkedIn. If users are logged in to LinkedIn, LinkedIn can directly assign the visit to the HASOMED website to the user's LinkedIn account. If users interact with the plugins, for example by clicking the "LinkedIn" button, the corresponding information is also transmitted directly to a LinkedIn server and stored there. See also https://www.linkedin.com/legal/privacy-policy

Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f GDPR.

Purpose of data processing
When a user accesses a page on this website that contains such a button, their browser establishes a direct connection with LinkedIn's servers. The content of the LinkedIn buttons is transmitted by LinkedIn directly to the user's browser. The provider therefore has no influence on the scope of the data that LinkedIn collects with the help of this plugin and informs users according to its level of knowledge. According to this, only the IP address of the user and the URL of the respective website are transmitted when the button is accessed, but are not used for purposes other than displaying the button.

Duration of storage
HASOMED has no influence on the duration of storage by LinkedIn.

Possibility of objection and removal
If users do not want LinkedIn to assign the data collected via the HASOMED GmbH website directly to their LinkedIn account, they must log out of LinkedIn before visiting the HASOMED website.

Matomo

We use the web analysis tool "Matomo" for the needs-based design of our websites. Matomo creates user profiles on the basis of pseudonyms. For this purpose, permanent cookies are stored on your end device and read by us. In this way, we are able to recognize and count returning visitors. We also use the Heatmap & Session Recording modules. Matomo's heatmap service shows us the areas of our website where the mouse is moved most frequently or which are clicked on most often. The session recording service records individual user sessions. We can play back recorded sessions and thus analyze the use of our website. Data entered in forms is not recorded and is not visible at any time.

Data processing is based on your consent in accordance with Section 25 (1) TTDSG, Art. 6 (1) (a) GDPR, provided that you have given your consent via our banner. You can with- draw your consent at any time. Please make the appropriate settings via our banner.

Further information on Matomo's terms of use and data protection regulations can be found at: https://matomo.org/privacy/

Microsoft 365

Microsoft 365 is a cloud-based platform that offers various services such as email, calendar, file storage, collaboration tools and much more. Below you will find information on data protection when using Microsoft 365.

Person responsible for data processing
The controller for the processing of your personal data in connection with the use of Microsoft 365 is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Processing purposes and legal bases
Microsoft processes personal data to enable you to use Microsoft 365, to provide, improve and personalize the services, to ensure security and to comply with legal obligations. Processing is based on your consent and/or on a contract with Microsoft.

Data categories and recipients
Microsoft processes personal data such as name, e-mail address, contact details, location data, device data, usage data and content that you create and share. Microsoft shares personal data with trusted third parties to provide the services, provide support and comply with legal requirements.

Data transfer to third countries
Microsoft transfers personal data to third countries such as the USA. Microsoft ensures that data is transferred to third countries in compliance with data protection laws.

Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the EU-U.S. Data Privacy Framework (EU-US DPF). This provider has certified itself in accordance with the EU-US DPF and is therefore obliged to comply with European data protection principles. You can find details here: https://www.dataprivacyframework.gov/s/participant-search

Storage duration
Microsoft stores personal data for as long as necessary to provide the services and fulfill legal obligations. If you delete your Microsoft 365 account, your personal data will be deleted or anonymized by Microsoft.

Rights of data subjects
You have the right to information, correction, deletion and restriction of the processing of your personal data as well as the right to data portability. You have the right to withdraw your consent to the processing of personal data at any time. You also have the right to lodge a complaint with the competent supervisory authority.

Further information
Further information on data protection at Microsoft can be found at the following link: https://privacy.microsoft.com/de-de/privacystatement

Microsoft Bookings

Microsoft Bookings is an online scheduling tool that is part of Microsoft 365. It allows users to book appointments for services or meetings online to save time and resources.

Data processing
Microsoft Bookings processes personal data provided by users and their customers. This data may include name, e-mail address, telephone number, address and other information provided to the user. Microsoft Bookings uses the personal data to manage and carry out online scheduling for users. The personal data is only processed for this purpose and in accordance with the applicable data protection laws and Microsoft's terms of use.

Data transfer
Microsoft only passes on the personal data of Bookings users and their customers to third parties if this is necessary to fulfill the contractual obligations to the user or if this is required by law. Microsoft does not pass on any personal data of users or their customers to third parties for marketing purposes.

Data access and control
Bookings users have the option of viewing, editing or deleting their personal data in their schedules. Microsoft Bookings also offers security functions such as the option to protect bookings with passwords to prevent unauthorized access.

Further information
For more information on the processing of personal data by Microsoft Bookings and Microsoft 365 in general, please refer to Microsoft's privacy policy: https://privacy.microsoft.com/de-de/privacystatement.

Microsoft Clarity

We use Microsoft Clarity. "Microsoft Clarity" refers to a Microsoft process that enables user analysis on the basis of a pseudonymous user ID and thus on the basis of pseudonymous data, such as the evaluation of data on mouse movements or performance data on certain Internet presentations.

In particular, we process usage data (e.g. Internet presentations visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), location data (information on the geographical position of a device or person), movement data (mouse movements, scrolling movements) in pseudonymized form. We have made the corresponding settings in such a way that the data collection to and by Microsoft alone is pseudonymized, in particular in the form of IP masking (pseudonymization of the IP address).

All users of our website who have consented to the corresponding use via our cookie consent service are affected by this data processing. The data processing is therefore carried out solely on the basis of your consent in accordance with Art. 6 para. 1 a) GDPR.

The purpose of the processing

Is tracking (e.g. interest/behavioral profiling, use of cookies), remarketing, conversion measurement (measurement of the effectiveness of marketing measures), interest-based and behavioral marketing, reach measurement (e.g. access statistics, recognition of returning users).

Further information on the data protection provisions of Microsoft Clarity can be found at https://clarity.microsoft.com/terms

Microsoft Forms

Microsoft Forms is an online form and survey tool that is part of Microsoft 365. It allows users to create forms and surveys that can be filled out by other users.

Data processing
Microsoft Forms processes personal data provided by users and participants in surveys and forms. This data may include name, e-mail address, telephone number, address and other information provided to the user. Microsoft Forms uses the personal data to administer and carry out the online forms and surveys for the users. The personal data is only processed for this purpose and in accordance with the applicable data protection laws and Microsoft's terms of use.

Data transfer
Microsoft only shares the personal data of Forms users and participants with third parties if this is necessary to fulfill contractual obligations to the user or if this is required by law. Microsoft does not pass on any personal data of Forms users or participants to third parties for marketing purposes.

Data access and control
Users of Forms have the option of viewing, editing or deleting their personal data in the forms and surveys created. Microsoft Forms also offers security functions such as the option to protect forms and surveys with passwords to prevent unauthorized access.

Further information
For more information on the processing of personal data by Microsoft Forms and Microsoft 365 in general, please refer to Microsoft's privacy policy: https://privacy.microsoft.com/de-de/privacystatement.

Microsoft Teams

Teams is a web-based collaboration software that is part of Microsoft 365. It enables users to communicate and collaborate in real time via text, voice and video calls as well as sharing files and applications.

Data processing
Microsoft Teams processes personal data provided by users in order to manage and run the collaboration software for users. This personal data may include name, e-mail address, telephone number, address, login information and other information provided to the user. Microsoft Teams uses the personal data only for this purpose and in accordance with the applicable data protection laws and Microsoft's terms of use.

Data transfer
Microsoft only shares the personal data of Teams users with third parties if this is necessary to fulfill contractual obligations to the user or if this is required by law. Microsoft does not share personal data of Teams users with third parties for marketing purposes.

Data access and control
Teams users have the option to view, edit or delete their personal data. Teams also offers functions for managing access rights to ensure that only authorized persons can access certain content.

Further information
For more information on the processing of personal data by Teams and Microsoft 365 in general, please refer to Microsoft's privacy policy: https://privacy.microsoft.com/de-de/privacystatement.

OpenStreetMaps

We use the open source map service "OpenStreetMaps" (also known as "OSM") from the OpenStreetMap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom. OSM is used to provide an interactive map on our website that shows you how to find and reach us. This service enables us to display our website in an appealing way by loading map material from an external server. The following data is transmitted to the OSM server during the display: The pages of our website that you have visited and the IP address of your device. The legal basis for the processing of your data in relation to the "OSM" service is Art. 6 para. 1 sentence 1 letter f) GDPR (legitimate interest in data processing). The legitimate interest arises from our need for an appealing presentation of our online offer and the easy findability of the places indicated on our homepage.

You can find more information on the handling of user data in OSM's privacy policy: https://wiki.osmfoundation.org/wiki/Privacy_Policy

rapidmail

Description and scope of data processing
HASOMED GmbH uses rapidmail, among others, to send newsletters. The provider is rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg im Breisgau. This service is used to organize and analyse the sending of newsletters. Data entered by users to receive the newsletter - such as an e-mail address - is stored on rapidmail's servers. The provider's servers are located in Germany and Ireland.

Legal basis for the processing of personal data
Data processing is carried out on the basis of consent in accordance with Art. 6 para. 1 lit. a GDPR.

Purpose of data processing
Sending newsletters with rapidmail makes it possible to analyze the behavior of newsletter recipients. The analysis shows, among other things, how many recipients have opened a newsletter and how often they have interacted with links in the newsletter. rapidmail supports conversion tracking in order to analyze whether a previously defined action, such as a product purchase, has taken place after clicking on a link.

Possibility of objection and removal
Consent that has already been given can be revoked at any time. An informal notification by e-mail or by using the unsubscribe function in the newsletter is sufficient for the revocation. The legality of the data processing operations already carried out remains unaffected by the revocation. If users do not wish to be analyzed by rapidmail, they must unsubscribe from the newsletter. To unsubscribe, an informal notification by email or by using the unsubscribe function in the newsletter is sufficient. The legality of the data processing operations already carried out remains unaffected by the revocation.

Duration of storage
Data entered to set up the newsletter subscription will be deleted from the HASOMED servers and the rapidmail servers if you unsubscribe. If data has been transmitted to HASOMED GmbH for other purposes and elsewhere, it will remain within the company. Details on the data protection provisions of rapidmail: https://www.rapidmail.de/datenschutz.

Real Cookie Banner

We use the "Real Cookie Banner" consent tool to manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents. Details on how "Real Cookie Banner" works can be found at https://devowl.io/de/wissensdatenbank/real-cookie-banner-datenverarbeitung/

The legal basis for the processing of personal data in this context is Art. 6 para. 1 lit. c GDPR and Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.

The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. Users are not obliged to provide personal data. If users do not provide the personal data, we cannot manage any consents.

Teamviewer

Teamviewer is used for technical support and remote maintenance.

Purpose of data processing

Remote maintenance
Technical support

Duration of storage
The data is stored until the end of the respective session.

Trackboxx

Description and scope of data processing
We use the web analysis service Trackboxx on our website. We use it to statistically evaluate visitor access and analyze the use of our website. The data is stored anonymously on a server in Germany for this purpose and is subject to the provisions of the GDPR. We do not use any cookies or store any personal data. Instead, the user IP address is used to generate a code that is then assigned to an anonymous user ID for as long as the user is on the HASOMED website. This data cannot be assigned to a specific person and is encrypted with a code that changes daily. It is therefore not possible to "recognize" users when they visit the HASOMED website again. There is no cross-site tracking, linking of the data with other sources or forwarding of the information to third parties.

Legal basis for the processing of personal data
The legal basis for the processing is Art. 6, para. 1, lit. f, GDPR.

Purpose of data processing
Our legitimate interest lies in the needs-based design and optimization of our website.

Duration of storage
HASOMED has no influence on the duration of storage by Trackboxx.

Possibility of objection and removal
If you do not wish to help improve our site, you can control this at any time using the "Do-Not-Track" function in your browser.

Twitter

Description and scope of data processing
This website uses the buttons of the Twitter service. These buttons are offered by Twitter Inc, 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. They are recognizable by terms such as "Twitter" or "Follow", combined with a stylized blue bird. With the help of the buttons, it is possible to share a post or page of this offer on Twitter or to follow the provider on Twitter. If users are logged in to Twitter, Twitter can directly assign the visit to our website to their Twitter account. If users interact with the plugins, for example by clicking the "Tweet" button, the corresponding information is also transmitted directly to a Twitter server and stored there. The information is also published on your Twitter account and displayed there to your contacts.

Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f GDPR.

Purpose of data processing
When a user accesses a web page on this website that contains such a button, their browser establishes a direct connection with the Twitter servers. The content of the Twitter buttons is transmitted by Twitter directly to the user's browser. The provider therefore has no influence on the scope of the data that Twitter collects with the help of this plugin and informs users according to its level of knowledge. As a result, only the IP address of the user and the URL of the respective website are transmitted when the button is accessed, but are not used for purposes other than displaying the button. Further information on this can be found in Twitter's privacy policy at https://twitter.com/privacy?lang=de

Duration of storage
We have no influence on the duration of storage by Twitter.

Possibility of objection and removal
If users do not want Twitter to assign the data collected via our website directly to their Twitter accounts, they must log out of Twitter before visiting our website.

YouTube

Description and scope of data processing
This website uses the YouTube buttons. YouTube is operated by YouTube LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. with registered office at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (see XII b.). Users who visit a website of our online offering equipped with a YouTube button will be connected to the YouTube servers. The YouTube server is informed which specific page of our website was visited by the user. If the user is logged into their YouTube account, YouTube can assign the surfing behavior directly to their personal profile. The user can prevent this by logging out beforehand. Further information on collection and use can be found at www.youtube.com.

Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f GDPR.

Purpose of data processing
When a user accesses a page on this website that contains a YouTube button, their browser establishes a direct connection with YouTube's servers. The content of the YouTube buttons is transmitted by YouTube directly to the user's browser. The provider therefore has no influence on the scope of the data that YouTube collects with the help of this plugin and informs users according to its level of knowledge.

Duration of storage
The duration of storage is not known to us.

Possibility of objection and removal
If users do not want YouTube to assign the data collected via our website directly to their YouTube account, they must log out of YouTube before visiting our website.

V. Newsletter

Cleverreach

Description and scope of data processing
HASOMED GmbH uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co KG, Mühlenstr. 43, 26180 Rastede. This service is used to organize and analyze the sending of newsletters. Data entered by users to receive the newsletter - such as an email address - is stored on CleverReach's servers. The provider's servers are located in Germany and Ireland.

Legal basis for the processing of personal data
Data processing is carried out on the basis of consent in accordance with Art. 6 para. 1 lit. a GDPR.

Purpose of data processing
Sending newsletters with CleverReach makes it possible to analyze the behavior of newsletter recipients. The analysis shows, among other things, how many recipients have opened a newsletter and how often they have interacted with links in the newsletter. CleverReach supports conversion tracking in order to analyze whether a previously defined action, such as a product purchase, has taken place after clicking on a link. Details on data analysis by CleverReach: https://www.cleverreach.com/de-de/newsletter-tool/newsletter- reporting/

Possibility of objection and removal
Consent that has already been given can be revoked at any time. An informal notification by e-mail or by using the unsubscribe function in the newsletter is sufficient for the revocation. The legality of the data processing operations that have already taken place remains unaffected by the revocation. If users do not wish to be analyzed by CleverReach, they must unsubscribe from the newsletter. To unsubscribe, an informal notification by email or by using the unsubscribe function in the newsletter is sufficient. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

Duration of storage
Data entered to set up the newsletter subscription will be deleted from the HASOMED servers and the CleverReach servers if you unsubscribe. If data has been transmitted to HASOMED GmbH for other purposes and elsewhere, it will remain with the company. Details on the data protection provisions of CleverReach: https://www.cleverreach.com/de/datenschutz/.

We offer you quick and clear access to the most important information about our Elefant® practice software. We use this channel to keep you up to date on all aspects relating to Elefant® - including any malfunctions or disruptions that may occur.

The operator of this service is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("WhatsApp"), a subsidiary of Facebook.

Your data will also be forwarded by WhatsApp to Facebook servers in the USA and processed by WhatsApp and Facebook in accordance with the WhatsApp Privacy Policy, which also includes processing for their own purposes, such as improving the WhatsApp service.

We would like to point out that WhatsApp also accesses the address book of the device used and the contact data stored therein. For more information on the purpose and scope of data collection and the further processing of this data by WhatsApp and Facebook, as well as your rights in this regard and settings options for protecting your privacy, please refer to WhatsApp's privacy policy at: https://www.whatsapp.com/legal/#privacy-policy.

Revocation
If you no longer wish to receive news and information about the Elefanten® practice software, you can unsubscribe here free of charge.

VI. Forum (registration)

Description and scope of data processing
The forum offered by HASOMED GmbH is the Asgaros forum plugin for WordPress. Forum posts are public and linked to the user.

Legal basis for the processing of personal data
The data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a, b or f GDPR) through your registration and use.

Purpose of data processing
The data used when registering for the forum is used to recognize authorized users and to publish and/or comment on posts.

Possibility of objection and removal
Consent to use the forum can be revoked by deleting the forum account.

Duration of storage
The login data is stored until the user deletes their data. If the user is deleted, the personal data will be removed. The content (forum posts/comments) is retained.

VII. Elefant® PT

Description and scope of data processing
HASOMED GmbH collects personal data via the "Elefant®" software distributed by the company. In addition to general process data (e.g. RAM; processor; Windows or Mac version; hard disk memory; whether a battery or antivirus is installed), the data processing process also collects personal data: RAM; processor; Windows or Mac version; hard disk space, whether a battery or antivirus program is present and the network identifier without recording the physical address), also includes the local IP address and the license file already known to the company. The data is transmitted via a TLS 1.2 secure connection.

The data is stored exclusively on the servers of the company "firstcolo". The servers are located in Germany.

Note on data transfer to third countries
Data is not transferred to third parties or third countries.

Legal basis for the processing of personal data
Data processing is carried out on the basis of the legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

Purpose of data processing
The processing of your personal data serves to ensure the stability and functionality as well as the continuous optimization of the software. Sources of errors can be identified more easily using the data collected and can therefore be rectified more easily. The data can also be used to further reduce the susceptibility to errors in future versions and thus provide an even more secure and stable product.

Rights of data subjects; possibility of objection and removal
Consent that has already been granted can be revoked at any time. An informal notification by e-mail is sufficient for the revocation. The legality of the data processing operations already carried out remains unaffected by the revocation. We also refer to the subsection "Rights of data subjects" in our privacy policy.

Duration of storage
Your personal data will only be processed for the period of time required for the respective processing purpose. Your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies. Personal data will not be deleted if the storage is required by law (e.g. § 257 HGB, 147 AO) or if we have to comply with statutory limitation periods (usually 3 years; in individual cases, however, up to 10 years or longer), provided that this is necessary for the assertion, exercise or defense of legal claims.

Elefant® Knowledge Blog (comment function)

Description and scope of data processing
HASOMED uses the WordPress comment function for the Elefant® Wissen blog. Legal basis for the processing of personal data Data processing is based on your consent (Art. 6 para. 1 lit. a, b or f GDPR).

Purpose of data processing
Collected data - e.g. the user name - is used to exclude spam and bots and to publish comments on a blog post.

Possibility of objection and removal
The use of the comment function can be revoked by deleting the account for the comment function.

Duration of storage
The login data is stored until the user deletes their data. If a user is deleted, the personal data is removed. The content (forum posts / comments) is retained.

VIII. Contact forms / e-mails via website

Description and scope of data processing
HASOMED GmbH offers contact forms for making contact or users of the website have the option of contacting the operator of the website by e-mail. The data entered, such as your e-mail address, will be temporarily stored for the purpose of processing the contact. It will not be passed on to third parties. There is also no comparison with other data collected via the website.

Legal basis for the processing of personal data
Data processing takes place on the basis of consent in accordance with Art. 6 para. 1 lit. a, b or f GDPR.

Duration of storage
The data is stored for as long as it is required for the original purpose and in accordance with the retention and documentation obligations under the German Commercial Code (HGB) and Fiscal Code (AO). The storage period can be between 2 and 10 years according to HGB and AO and is assessed according to the statutory limitation periods (according to §§ 195 ff BGB this can be up to 30 years, the regular limitation period is 3 years). The deletion of certain data takes place after the purpose has been fulfilled (e.g. inquiries without a contractual background). If storage is no longer necessary and there are no longer any statutory retention periods, the data will be deleted.

IX. Job advertisements

Data protection information for applicants (Kenjo)

In accordance with the provisions of Art. 13; 14 i.V.m. Art. 21 of the General Data Protection Regulation (GDPR), we hereby inform you about the processing of the personal data transmitted by you as part of the application process and any personal data collected by us and your rights in this regard. To ensure that you are fully informed about the processing of your personal data as part of the application process, please take note of the following information.

1. applicant management

We use the applicant management system of the company KENJO, provided by Kenjo GmbH, Urbanstraße 71, 10967 Berlin, for the processing of your personal data transmitted to us through your application. We have carefully selected this service provider and the program and concluded a corresponding order processing contract so that we can guarantee the proper processing of your data. Further information on data protection at KENJO can be found on Kenjo's privacy policy and the general terms and conditions on Kenjo's terms and conditions. For further information, please refer to our general privacy policy, which you can view here.

2. purpose and legal basis of the processing of personal data

We process your personal data insofar as this is necessary for the decision on the establishment of an employment relationship with us. The legal basis for this is Art. 88 para. 1 GDPR in conjunction with. § Section 26 BDSG and, if applicable, Art. 6 para. 1 lit. a or lit. b GDPR. Furthermore, we may process your personal data if this is necessary to fulfill legal obligations within the meaning of Art. 6 para. 1 lit. c GDPR or if this is necessary to defend against legal claims asserted against us in the application process. The legal basis for this is Art. 6 para. 1 lit. f GDPR. The legitimate interest is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG). If there is an employment relationship between you and us, we can, in accordance with Art. 88 GDPR in conjunction with § Section 26 (1) BDSG, we may further process the personal data already received from you for the purposes of the employment relationship if this is necessary for the performance or termination of the employment relationship.

3. categories of personal data

We only process data that is related to your application. This may be general personal data (such as name, address and contact details), details of your professional qualifications and schooling or details of further professional training or other information that you provide to us in connection with your application.

4. recipient of the personal data

Your personal data will only be transmitted within our company to those areas and persons who need this data to fulfill contractual and legal obligations or to implement our legitimate interest. We may also transfer your personal data to companies affiliated with us, insofar as this is permitted within the scope of the purposes and legal bases set out in the previous section. In addition, personal data is processed on our behalf on the basis of contracts in accordance with Art. 28 GDPR, in particular by host providers or providers of applicant management systems. Otherwise, data will only be transferred to recipients outside the company if this is permitted or required by law, if the transfer is necessary to fulfill legal obligations or if we have your consent. A transfer to a third country is not intended.

5. storage period of the personal data

We store your personal data for as long as this is necessary for the decision on your application. If an employment relationship is not established between you and us, we may also continue to store data if this is necessary to defend against possible legal claims. The application documents will be deleted six months after notification of the rejection decision, unless longer storage is required due to legal disputes.

After contacting some applicants, we offer them the opportunity to be included in our talent pool. If the applicant agrees to their personal data being stored for a longer period, we will store it for a period of two years. This is solely for the purpose of being able to contact an applicant again as soon as a suitable position arises. At the end of the two-year period, the personal data will be automatically deleted. Applicants can ask us to delete their data at any time and we will implement their request immediately.

Further information can be found at: https://hasomed.de/wp-content/uplo- ads/2022/07/Kenjo-Datenschutzhinweise-f%C3%BCr-Bewerber.pdf

X. Competitions, surveys and promotions

Description and scope of data processing
HASOMED offers competitions, surveys and promotions at irregular intervals. The use of these offers is voluntary. Contact details such as name, e-mail address and telephone number may be collected.

Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. a, b GDPR.

Purpose of data processing
The information collected is used to notify the winner(s) or participants or to evaluate surveys and campaigns. Disclosure to third parties takes place exclusively in connection with the provision of prizes from competitions (specifically: to the providing partners).

Duration of storage
The data is stored for as long as it is required for the original purpose and in accordance with the retention and documentation obligations under HGB and AO. The storage period can be 2 to 10 years according to HGB and AO and is assessed according to statutory limitation periods (according to §§ 195 ff BGB this can be up to 30 years, the regular limitation period is 3 years. The deletion of certain data takes place after the purpose has been fulfilled (e.g. inquiries without a contractual background). If storage is no longer required and there are no longer any statutory retention periods, the data will be deleted).

Possibility of objection and removal
Consent that has already been granted can be revoked at any time. An informal notification by e-mail is sufficient for revocation.

For the purpose of performing the contract, HASOMED GmbH processes your personal data in accordance with Art. 6 para. 1 lit. b GDPR.

In connection with the internet platform ti-pauschale.de and related TI flat rates from July 1, 2023, HASOMED GmbH also reserves the right to inform you about these and similar own and other offers or products by e-mail. In this case, data processing is carried out on the basis of the legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. The legitimate interest consists in advertising as such.

You have the option to object to the use of your data for this advertising approach at any time. You will not incur any costs other than the transmission costs according to the basic rates. An objection must be sent in text form to marketing@hasomed.de.

XI. Cookies

HASOMED uses the following cookies on the website for various purposes:

a) rc::c Provider: Google. Purpose: These cookies are used to distinguish between humans and bots. Expiry: Session. Type: Necessary

b) CookieConsent provider: Cookiebot. Purpose: Saves the user's consent status for cookies on the current domain. Expiration: 1 year. Type: Necessary

c) wordpress_test_cookie Provider: hasomed.de. Purpose: Used to check whether the user's browser supports cookies. Expiration: Session. Type: Necessary

d) wp-wpml_current_language Provider: hasomed.de. Purpose: Saves the language setting currently used in the user's browser in order to be able to display website content in the selected language. HASOMED offers website content in multiple languages. Expiry: 1 day. Type: Necessary

e) asgarosforum_unique_id Provider: hasomed.de. Purpose: Used to mark forum topics as "read" and to display the "Who is online" function. No personal information (e.g. IP addresses) is stored. Expiry: 18 years. Type: Preferences

f) asgarosforum_unread_cleared Provider: hasomed.de. Purpose: Used to display forum posts as "new" or "already read". Expiry: 18 years. Type: Preferences g) wp-api- schema-model Provider: hasomed.de. Purpose: Enables the provision of JSON-LD/SEO markup for content. Process: Session. Type: Preferences

h) _ga Provider: hasomed.de. Purpose: Registers a unique ID that is used to generate statistical data on how the visitor uses the website. Expiry: 2 years. Type: Statistics

i) _gat Provider: hasomed.de. Purpose: Used by Google Analytics to limit the request rate. Expiration: 1 day. Type: Statistics

j) _gid Provider: hasomed.de. Purpose: Registers a unique ID that is used to generate statistical data on how the visitor uses the website. Expiry: 1 day. Type: Statistics

k) History.store Provider: hasomed.de. Purpose: Contains a visitor ID - This is used to track the navigation and interaction of visitors on the website in order to optimize the website internally. Process: Session. Type: Statistics

l) yt-remote-cast-installed provider: YouTube. Purpose: Saves the user settings when accessing a YouTube video integrated on other websites. Process: Session. Type: Marketing

m) yt-remote-connected-devices Provider: YouTube. Purpose: Saves the user settings when accessing a YouTube video integrated on other websites. Process: Persistent. Type: Marketing

n) Name yt-remote-device-id Provider: YouTube. Purpose: Saves the user settings when accessing a YouTube video integrated on other websites. Process: Persistent. Type: Marketing. Type: HTML

o) yt-remote-fast-check-period Provider: YouTube. Purpose: Saves the user settings when accessing a YouTube video integrated on other websites. Process: Session. Type: Marketing

p) yt-remote-session-app Provider: YouTube. Purpose: Saves the user settings when accessing a YouTube video integrated on other websites. Process: Session. Type: Marketing

q) yt-remote-session-name Provider: YouTube. Purpose: Saves the user settings when accessing a YouTube video integrated on other websites. Process: Session. Type: Marketing

r) ads/ga-audiences provider: Google. Purpose: Used by Google AdWords to re-engage visitors who are likely to become customers based on the visitor's online behavior on various websites. Process: Session. Type: Marketing There are two types of cookies:

1. First-party cookies (required, session, tracking) - legal basis is Art. 6 para. 1 lit. f) GDPR; appropriate use of the website by users, cannot be evaluated on a personal basis

2. Third-party cookies (performance, functional, targeting/marketing) - legal basis Art. 6 para. 1 lit. a) GDPR

Session cookies are stored for the duration of the visit to the website, persistent cookies remain in the browser until a specified expiration date or until they are deleted manually. Users can configure their browser so that it informs them about the placement of cookies or prevents their use; in the latter case, it may no longer be possible to use the website in full.

XII. Rights of data subjects

If personal data is processed, the data subjects have the following rights vis-à-vis the controller within the meaning of the GDPR:

1. right to information You have the right to information from the controller in accordance with Art. 15 GDPR and § 34 BDSG.

2. right to rectification You have a right to rectification and/or completion vis-à-vis the controller in accordance with Art. 16 GDPR.

3. right to restriction of processing You may request that the processing of personal data concerning you be restricted in accordance with Art. 18 GDPR.

4. right to erasure You have the right to obtain from the controller the erasure of personal data concerning you in accordance with Art. 17 GDPR. If the controller has forwarded this data to third parties, it must inform them of your request for erasure in accordance with Art. 19 GDPR.

5. right to be informed If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right vis-à-vis the controller to be informed about these recipients.

6. right to data portability You have the right to data portability in accordance with Art. 20 GDPR.

7 Right to object You have the right to object to the processing of personal data concerning you in accordance with Art. 21 GDPR.

8. right to revoke the declaration of consent under data protection law You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. automated decision in individual cases including profiling You have the right not to be subject to a decision based solely on automated processing - including profiling - in accordance with Art. 22 GDPR.

10. right to lodge a complaint with a supervisory authority Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

XIII. Other

1. legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision
We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). Sometimes it may be necessary for a contract to be concluded for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.

2. automated decision making

There is no automated decision-making or profiling.

XIV. Participation in the HASOMED® User Panel

1. purpose and scope of data processing
We use the registration form to enquire about your willingness to participate in the HASOMED® user panel and to contact you about future user panel measures using the data collected. The data collected will be used for a targeted invitation to these measures (e.g. telephone and video interviews): Conducting telephone and video interviews, prototype tests, group interviews). Automated decision-making (profiling) within the meaning of Art. 22 GDPR is not used.

2. category of data processed
When using the contact form "Registration in the HASOMED® user panel", the following data is processed:

Personal data:

First and last name
Phone number
E-mail address
Age group

Professional profile data:

Current activity (role)
Working model (practice form)
Aspiring or acquired qualifications in psychotherapy
Aspiring or acquired certificate of competence in therapy
Details of additional activities in the occupational field

Data on the practice (if applicable)

Other activities of the practice
Business premises number (BSNR)
Zip code of the practice
Responsible Association of Statutory Health Insurance Physicians
Information on whether other employees work in the practice and in what role

Training data (if applicable)

Name of the training institute
Target year of graduation

Data for the panel control

Specification of preference topics

Metadata (transmitted by the form provider)

Response ID
Start and end time of form processing

3. legal basis for dissemination

The legal basis for the processing of users' personal data is your consent in accordance with Art. 6 para. 1 lit. f GDPR. You can revoke your consent in whole or in part at any time with effect for the future. Please use the contact details of our data protection officer for your revocation.

4. recipient / forwarding of the data

If, based on the data, you are generally suitable for participation in user panel activities, we will forward your data internally to the relevant departments in order to contact you to coordinate further measures. We use the Office365 applications of Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA) to process the data from the registration form. Your data provided via the registration form is generally stored on servers within the European Union. However, the transfer of data to a third country cannot be ruled out (e.g. to the USA for support access). To ensure an appropriate level of data protection, we have concluded the standard contractual clauses of the EU Commission with Microsoft. Microsoft provides further information on data protection on its website: https://privacy.microsoft.com/de-DE/.

5. deletion of the data

We generally delete personal data if you have withdrawn your consent to the processing of your personal data or if there is no requirement for further processing. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and guarantee claims. In the case of statutory retention obligations, deletion will only be considered after the respective retention obligation has expired.

Home

Login

Cart

Support

I. Person responsible

II. Name and address of the data protection officer

III. General information on data processing

IV. Tools and services used

AnyDesk

AWS Cloudfront

Bing Ads

Chatbot

Cidaas account

Cloudflare

Doubleclick

Duda Mobile Statistics

Facebook

Facebook Pixel

Google Analytics

Google My Business

Google Photos

Google Tag Manager

Google Webfonts

Gravatar

IONOS SE MyWebsite

IONOS Web Analytics

LinkedIn

Matomo

Microsoft 365

Microsoft Bookings

Microsoft Clarity

Microsoft Forms

Microsoft Teams

OpenStreetMaps

rapidmail

Real Cookie Banner

Teamviewer

Trackboxx

Twitter

YouTube

V. Newsletter

Cleverreach

WhatsApp

VI. Forum (registration)

VII. Elefant® PT

Elefant® Knowledge Blog (comment function)

VIII. Contact forms / e-mails via website

IX. Job advertisements

X. Competitions, surveys and promotions

XI. Cookies

XII. Rights of data subjects

XIII. Other

XIV. Participation in the HASOMED® User Panel

Dates

FAQ

Partner

About HASOMED

Social Media