Protection des données
Thank you for your interest in our company. Data protection is very important to us at HomeBraceGermany. It is possible in principle to use the HomeBrace Germany website without providing personal data. However, if you as the data subject wish to use our website for some of the services provided by our company, processing of personal data may be required. If processing of personal data is required and there is no legal basis for any such processing, we will always ask for the data subject's consent.
Any processing of personal details such as the data subject's name, address, email address or phone number is always in compliance with the General Data Protection Regulation and with the country-specific data protection regulations that apply to HomeBraceGermany. Our company would like to use this privacy policy to inform the public about the nature, scope and purpose of the personal data we collect, use and process. This privacy policy also explains your rights as a data subject.
As the data controller (the entity responsible for processing), HomeBraceGermany has implemented a number of technical and organizational measures to ensure the fullest possible protection of the personal data processed through this website. However, web-based data transfer may be vulnerable to security loopholes and absolute protection cannot be guaranteed. For that reason, every data subject is free to send us their personal details by an alternative route, for example by phoning us.
1. Terms and definitions
HomeBrace Germany's privacy policy is based on the terminology used by the legislative institutions of the European Union when enacting the General Data Protection Regulation (GDPR). To ensure that our privacy policy is readable and easily understandable for the general public as well as our clients and business partners, we would first like to explain the terminology we use in this document.
The terms we use in this privacy policy include the following:
- a) Personal data
"Personal data” means any information relating to an identified or identifiable natural person (hereinafter called “data subject”). An identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific characteristics that are the expression of that physical, physiological, economic, genetic, psychological or social identity.
- b) Data subject
"Data subject” is any identified or identifiable natural person whose personal data are processed by the controller.
- c) Processing
"Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
-
d) Restriction of processing
"Restriction of processing" means the marking of stored personal data with the aim of limiting their processing in the future.
-
e) Profiling
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
-
f) Pseudonymization
“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
-
g) Controller or processing controller
“Controller or processing controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
-
h) Processor
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
-
i) Recipient
“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
-
j) Third party
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
-
k) Consent
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and address of the controller
"Controller" in accordance with the General Data Protection Regulation, with other data protection laws valid in the Member States of the European Union and with other data privacy provisions, is:
HomeBraceGermany GmbH
Birkenweg 12
73660 Urbach
info@homebrace.com
3. Name and address of data protection officer
The controller's data protection officer is:
Thorsten Makowski
Email: datenschutz@homebrace.com
Any data subject is welcome to contact our data protection officer directly at any time with questions or suggestions regarding data privacy.
4. Cookies
The HomeBraceGermany website uses cookies. Cookies are text files which are stored on a computer system via a web browser.
Many websites and servers use cookies. Most cookies contain a unique identifier called a cookie ID, a string of characters that websites and servers associate with the browser on which the cookie is stored. This allows visited websites and servers to distinguish the browser from other browsers that store different cookies, and to recognize each browser by its unique cookie ID.
Using cookies gives people using HomeBraceGermany's services on this website a more user-friendly experience than would be possible without setting cookies.
Setting a cookie allows us to improve our website information and offerings to meet the needs of the particular user. As already indicated, cookies enable us to recognize our users when they return to our site. This is to make it easier for people to use our website. Visitors to a website that uses cookies do not have to enter their access data every time they revisit the website, because the website and the cookie stored on the user's computer system do this automatically. Another example is the shopping cart cookie when you shop online. A cookie allows the web store to remember which items a person has added to their virtual shopping cart.
Data subjects can stop our website from setting cookies any time by changing their internet browser settings to prevent cookies from being placed on their computer. You can also choose to delete existing cookies any time using your internet browser or other software programs. All the usual internet browsers have this option. Data subjects who disable cookies in their browser may not be able to make full use of all the features of our website.
5. Collection of general data and information
The HomeBraceGermany website collects a series of general data and information each time the website is accessed by a data subject or by an automated system. This general data and information is stored in the log files of the server. The following general data and information may be recorded: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (known as the referrer), (4) the sub-websites which are reached via an accessing system on our website, (5) the date and time of access to the website, (6) the internet protocol address (IP address), (7) the internet service provider of the accessing system, and (8) other similar data and information used for security purposes in the event of attacks targeting our IT systems.
HomeBraceGermany cannot use this general data and information to identify data subjects. Rather, we need this information (1) to correctly deliver the contents of our website, (2) to optimize the contents of our website as well as the advertisements shown on them, (3) to ensure the permanent functionality of our IT systems and of the technology of our website, and (4) to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack. HomeBraceGermany evaluates this anonymously collected data and information firstly for statistical purposes and secondly to increase data protection and data security in our company, the ultimate aim being to safeguard the best possible level of protection for the personal data we process. We store the anonymous data on the server log files separately from any and all personal data provided by a data subject.
6. Contact options via the website
As required by law, the HomeBraceGermany website contains information (including an email address) that enables you to contact our company quickly and communicate with us directly by electronic means. When a data subject contacts the controller by email or using a contact form, the personal data provided by the data subject is automatically stored. Such personal data voluntarily provided to the controller by a data subject will be stored for the purpose of processing the data subject's request and/or contacting the data subject. This personal data will not be shared with third parties.
7. Routine erasure and blocking of personal data
The controller processes and stores the data subject's personal data only for the period required to achieve the purpose of such storage, or if so provided by the legislative institutions of the European Union or other legislators in laws or regulations to which the controller is subject.
If the storage purpose ceases to apply, or a compulsory retention period specified by the legislative institutions of the European Union or other applicable legislator expires, the personal data is routinely blocked or deleted in line with statutory provisions.
8. Rights of the data subject
-
a) Right to confirmation
Under European Union law, every data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. Data subjects wishing to exercise the right to confirmation may contact the controller's staff at any time.
-
b) Right to information
Under European Union law, every data subject has the right at any time to obtain information free of charge about the stored personal data concerning him or her and to receive a copy of this information. Under European Union law, the data subject also has the right to access the following information:
- the purposes of the processing
- the categories of personal data processed
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
- the existence of the right to lodge a complaint with a supervisory authority
- where the personal data are not collected from the data subject, any available information as to their source
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
- Where personal data are transferred to a third country or to an international organization, the data subject has right to be informed of such transfer and of the appropriate safeguards relating to the transfer.
- Data subjects wishing to exercise the right to access this information may contact the controller's staff at any time.
-
c) Right to rectification
Under European Union law, every data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject also has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Data subjects wishing to exercise the right to confirmation may contact the controller's staff at any time.
-
d) Right to erasure (right to be forgotten)
Under European Union law, every data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies, and provided such processing is not required:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and where there is no other legal basis for the processing.
- The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
- The personal data have been unlawfully processed.
- The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
- The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
If any of the above reasons applies and a data subject wishes to request the deletion of personal data stored by HomeBraceGermany, he or she can contact the controller's staff at any time. HomeBraceGermany staff will arrange for the deletion request to be met without undue delay.
Where HomeBraceGermany has made the personal data public and our company is obliged as controller pursuant to Article 17(1) GDPR to erase the personal data, HomeBraceGermany, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform other controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data, provided such processing is not required. HomeBraceGermany staff will make the necessary arrangements in the individual case.
-
e) Right to restriction of processing
Under European Union law, every data subject has the right to obtain from the controller restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
- The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims.
- The data subject has objected to processing pursuant to Article 21(1) GDPR and it has not yet been established whether the legitimate grounds of the controller override those of the data subject.
- If any of the above reasons applies and a data subject wishes to restrict the processing of personal data which are stored by HomeBraceGermany, the data subject can contact the controller's staff at any time. The HomeBraceGermany staff member will arrange for processing to be restricted.
-
f) Right to data portability
Under European Union law, every data subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
In exercising his or her right to data portability pursuant to Article 20(1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that right does not adversely affect the rights and freedoms of others.
To exercise the right to data portability, the data subject can contact HomeBraceGermany staff at any time.
-
g) Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
HomeBraceGermany will no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Where HomeBraceGermany processes personal data for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. If the data subject informs HomeBraceGermany that he or she objects to processing for direct marketing purposes, HomeBraceGermany will no longer process the personal data for such purposes
Where personal data are processed by HomeBraceGermany for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, the data subject, on grounds relating to his or her particular situation, also has the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To exercise the right to object, the data subject can directly contact any member of staff of HomeBraceGermany or another staff member. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
-
h) Automated individual decision-making, including profiling
Under European Union law, every data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. This right does not apply if (1) the decision is necessary for entering into, or performance of, a contract between the data subject and a data controller; or (2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or (3) is based on the data subject’s explicit consent.
If (1) the decision is necessary for entering into, or performance of, a contract between the data subject and a data controller; or (2) is based on the data subject's explicit consent, HomeBraceGermany will implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
If the data subject wishes to exercise rights in relation to automated individual decision-making, he or she can contact the controller's staff at any time.
-
i) Right to withdraw consent to the processing of personal data
Under European Union law, every data subject has the right to withdraw at any time his or her consent to the processing of personal data.
If the data subject wishes to exercise his or her right to withdraw consent, he or she can contact a member of the controller's staff at any time.
9. Privacy policy for the use of Matomo
This website uses Matomo, an open source web analytics service. Matomo uses cookies, that is, text files that are stored on your computer that can be used to analyze your website usage. The information generated by the cookies about your website usage is stored on our server. The IP address is anonymized before it is stored.
The website usage information generated by the cookie is not shared with others. You can change your browser settings to prevent cookies from being stored; however, if you do so, please be aware that you may not be able to make full use of all the features of this website.
If you do not agree to the storage and use of your data, you can disable storage and use of your data here. If you do so, an opt-out cookie will be placed in your browser that stops Matomo from storage usage data. If you delete your cookies, the Matomo opt-out cookie will be deleted as well. To reactivate the opt-out cookie, you need to revisit our website.
10. YouTube with expanded data protection integration
Our website embeds videos of the website YouTube. The website operator is Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in the expanded data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. Nevertheless, this does not necessarily mean that the sharing of data with YouTube partners can be ruled out as a result of the expanded data protection mode. For instance, regardless of whether you are watching a video, YouTube will always establish a connection with the Google DoubleClick network.
As soon as you start to play a YouTube video on this website, a connection to YouTube’s servers will be established. As a result, the YouTube server will be notified, which of our pages you have visited. If you are logged into your YouTube account while you visit our site, you enable YouTube to directly allocate your browsing patterns to your personal profile. You have the option to prevent this by logging out of your YouTube account.
Furthermore, after you have started to play a video, YouTube will be able to place various cookies on your device. With the assistance of these cookies, YouTube will be able to obtain information about our website's visitors. Among other things, this information will be used to generate video statistics with the aim of improving the user friendliness of the site and to prevent attempts to commit fraud. These cookies will stay on your device until you delete them.
Under certain circumstances, additional data processing transactions may be triggered after you have started to play a YouTube video, which are beyond our control.
The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6 Sect. 1 lit. f GDPR, this is a legitimate interest. If a corresponding agreement has been requested (e.g. an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time.
For more information on how YouTube handles user data, please consult the YouTube Data Privacy Policy under: https://policies.google.com/privacy?hl=en.
11. Newsletter
If you wish to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you agree to the owner of the e-mail address provided and to receive the newsletter.
We use the so-called double opt-in procedure to ensure that the newsletter is sent out in an agreed manner. In the course of this, the potential recipient can be included in a distribution list. The user then receives a confirmation e-mail to confirm the registration in a legally secure manner. The address is only actively included in the distribution list if confirmation is received. We use these data exclusively for the dispatch of the requested information and offers.
Newsletter2Go is used as newsletter software. Your data will be transmitted to Newsletter2Go GmbH. Newsletter2Go is forbidden to sell your data and to use it for other purposes than the dispatch of newsletters. Newsletter2Go is a German, certified provider, which was selected after the requirements of the data security basic regulation and the Federal Law for Data Protection. Further information can be found here: https://www.newsletter2go.de/informationen-newsletter-empfaenger/
You can revoke your consent to the storage of data, e-mail address and their use to send the newsletter at any time, for example via the “Unsubscribe"-link in the newsletter. For this reason, we ask you to inform yourself about our data protection measures at regular intervals by inspecting our data protection declaration.
12. Legal basis of processing
Art. 6 I lit. a GDPR serves as legal basis for our company for processing transactions during which we obtain consent for a certain processing purpose. Where processing personal data is used to fulfill contractual duties with the contractual party being the data subject, as is the case during processing transactions, for example, which are required for the delivery of goods or the provision of any other service or return service, such processing is based on Art. 6 I lit. b GDPR. This also applies in the case of processing transactions required for the performance of pre-contractual measures, for example in the context of inquiries about our products or services. Where our company is subject to a legal obligation which requires processing of personal data, such as for compliance with tax obligations, such processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may be required in order to protect the vital interests of the data subjects or any other natural persons. This would be the case, for example, if a visitor were to be injured on the premises of our company and his or her name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or any other third party. In such a case, the processing would be based on Art. 6 I lit. d GDPR. Finally, processing transactions may be based on Art. 6 I lit. f GDPR. Processing transactions based on this legal base are those not included in any other previously mentioned legal bases or if the processing is required to maintain a legitimate interest of our company or of a third party as long as the interests, basic rights and freedoms of the data subject do not outweigh such interests. We are allowed to perform such processing transactions mainly because they are given special mention by the European legislature, which is of the opinion that interests can be considered as legitimate if the data subject is a customer of the controller (Recital 47 Clause 2 GDPR).
13. Legitimate interests of the controller or a third party in the processing of personal data
If the processing of personal data is based on Art. 6 I lit. f GDPR, our legitimate interest is the performance of our business activities to the benefit of the well-being of all of our employees and our shareholders.
14. Retention period for personal data
The storage period for personal data is the relevant statutory period of retention. When that period expires, the respective data are routinely deleted unless required for contract performance or initiation.
15. Legal or contractual regulations for the provision of personal data; necessity for contract conclusion; obligation of the data subject to provide the personal data; possible consequences of non-provision
Please be aware that the provision of personal data may be required in part for legal reasons (to comply with tax regulations, for example) or may result from contractual regulations (the contractual partner's details, for example). In order to conclude a contract, it may sometimes be necessary for a data subject to provide personal data which we then process. The data subject is obligated to provide personal details if our company concludes a contract with him or her, for instance. Failure to provide the personal data would result in the contract not being concluded with the data subject. Before the data subject provides personal data, the data subject must contact our staff. Our staff will inform the data subject whether the provision of personal data is required on statutory or contractual grounds or for conclusion of a contract, whether an obligation exists to provide the personal data and what the consequences of non-provision of personal data would be.
16. Existence of automated decision-making
Being a responsible company, we do not conduct automated decision-making or profiling.