By using our websites and/or providing personal data via different means of communication to us (e.g. e-mail), you agree to the processing of the data collected from you in the manner and for the purposes described below.
1. Scope of processing of personal data / intended use / legal basis
(1) Personal data is all data that can be personally related to you, e.g. name, address, e-mail addresses, telephone number, bank details where applicable, user behaviour.
(2) When you contact us, we store and use the data you provide (your name, address and telephone number, e-mail address, as applicable) solely in order to process your request or to fulfil our contractual obligations. We will erase any data arising in this context, unless this is contrary to storage and security requirements.
(3) We do not implement any kind of automated decision-making / profiling (as per Art. 22 GDPR).
(4) Collection of personal data from visits to our websites
The following data, which your browser transmits to our server, is temporarily recorded by our web server in a log file and stored until it is automatically erased. (Legal basis provided by the first sentence of point (f) of Art. 6(1) GDPR):
• IP address of the requesting computer;
• Date and time of the request;
• Time zone difference in relation to Greenwich Mean Time (GMT);
• Content of the request (specific page);
• Access status/HTTP status code;
• Quantity of data transferred in each case;
• Website from which the request has come;
• Operating system and its user interface;
• Language and version of the browser software.
This information does not personally identify you as a user. This data is processed for the purpose of enabling use of the websites (connection establishment), system security, technical administration of the network infrastructure, and optimisation of the internet offering. The IP address is only scrutinised in the event of attacks on the network infrastructure.
(5) Legal basis
Insofar as we obtain the consent of the data subject for the processing of personal data, point (a) of Art. 6(1) GDPR serves as the legal basis. If you have transmitted your personal data to us in written or electronic form for the purpose of contacting us and for networking intentions, we assume that you have given us your consent to the processing and storage of that data.
In the processing of personal data required for the performance of a contract to which the data subject is a party, point (b) of Art. 6(1) GDPR serves as the legal basis. This also applies to processing operations that are necessary to implement pre-contractual measures.
Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, point (c) of Art. 6(1) GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, point (f) of Art. 6(1) GDPR serves as the legal basis for such processing. Our legitimate interest is to conduct our business for the benefit and wellbeing of all our employees and our shareholder.
(6) Transfer of data to third parties
Your data will only be passed on by us if there is a legal basis for this. When such cases arise, we make use of service providers whom we employ as contract processors (Art. 28 GDPR) or whom we have contractually obligated to non-disclosure. They are carefully selected and commissioned by us, are bound by our instructions and are regularly checked. The following institutions, bodies, offices and agencies may receive your data:
IT service providers, affiliated companies within the scope of Recital 48 of the GDPR, public bodies and institutions in the event of a legal and official obligation (point (c) of Art. 6(1) GDPR, e.g. tax office, banks, auditors).
Data may be transferred to countries outside the European Economic Area (so-called third countries) in individual cases where such action is required by law to perform the service owed to you (e.g. tax reporting obligations), it is necessary to assert, exercise and defend legal claims, such action derives from a register which is intended to inform the public in accordance with EU or Member State law, you have given your consent after having been informed of possible risks, or where this is permissible within affiliated companies in line with the balance of interests principle and after taking into account Recital 48 of the GDPR.
Transfer is permissible according to Art. 44 et seq. GDPR to third countries outside the EU for which the EU Commission has decided there is an adequate level of data protection pursuant to Art. 45 GDPR or where appropriate guarantees have been contractually agreed with the data recipient, enforceable rights and effective remedies are available, or where you have given your express consent pursuant to Art. 49 GDPR.
Beyond this, we do not transfer any personal data to bodies in third countries or international organisations.
(7) External links
2. Data security
We implement technical and organisational measures in accordance with the requirements of Art. 32 GDPR for the protection of users' personal data. All our employees involved in the processing of personal data are subject to an obligation of professional secrecy.
3. Your rights
(1) Provided that the relevant legal requirements are met, you have the following rights with regard to your personal data:
• Right of access to and information about your personal data held by us (Art. 15 GDPR);
• Right to rectification and complementation (Art. 16 GDPR);
• Right to erasure of your data or, where there are statutory retention requirements, a right to restriction of processing (Art. 17, Art. 18 GDPR);
• Right to data portability (Art. 20 GDPR);
• Right to object to processing of personal data (Art. 21 GDPR).
The rights of access and to erasure are subject to the restrictions pursuant to Section 34 and Section 35 of the Federal Data Protection Act (BDSG).
(2) You also have the right to lodge a complaint about the processing of your personal data with a competent data protection supervisory authority (Art. 77 GDPR). The address of supervisory authority responsible is: Der Hessische Beauftragte für Datenschutz und Informationsfreiheit, Postfach 3163, 65021 Wiesbaden, Germany. [Hesse State Officer for Data Protection and Freedom of Information]
4. Contact details / Controller responsible as per Art. 4(7) of the EU General Data Protection Regulation (GDPR)
DELTON Health AG
Günther-Quandt-Haus Seedammweg 55 61352 Bad Homburg vor der Höhe / Germany
Please send requests for data access, rectification or erasure, objections or revocations of consent, the assertion of the right to restriction of processing or the right to data portability to this postal address or by e-mail to
datenschutz[at]delton.de. Revocation does not affect the legality of data processing up to the time of revocation. In this case, the data will be erased unless the data need to be processed for the performance of pre-contractual measures or due to the existence of a contractual/legal relationship (legal basis: point (b) of Art. 6(1) GDPR).
Issue date: January 2019