Privacy Policy

We would like to inform you about the processing of your personal data by our company and about your rights as a data subject under the General Data Protection Regulation (GDPR).

Name and address of the data controller and the data protection officer

Data Controller:

ConnectedCare GmbH
Orkotten 65
D-48291 Telgte
T: +49 25 04 73 37-0
info[@]connectedcare[.]net

If you have any questions regarding the processing of your data, please contact our data protection officer at the following address:

Herrn Heiner Niehüser
DSB Münster GmbH
Martin-Luther-King-Weg 42-44
48155 Münster
datenschutz[@]dsb-ms[.]de

1. Purposes and legal basis

Our data processing is only carried out for specific, predetermined and legitimate purposes. As a matter of principle, we only process personal data of our website users to the extent that this is necessary for the provision of a functional website as well as our content and services. The processing of personal data of our website users is regularly only carried out after their consent. An exception applies in cases where the processing of data is permitted by legal regulations.

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6(1)(a) GDPR serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures that are carried out at the request of the data subject.

Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6(1)(c) GDPR serves as the legal basis. If vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6(1)(d) GDPR serves as the legal basis. Processing is also lawful under Art. 6(1)(e) GDPR if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Art. 6(1)(f) GDPR serves as the legal basis if the processing is necessary for the purposes of the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

2. Duration of storage

As soon as we achieve the intended purpose of the data processing, we delete your personal data. Beyond that, we only store data if legal exceptions exist, for example, according to Art. 17(3) GDPR. This becomes particularly important in connection with the fulfillment of legal retention obligations (Art. 17(3)(b) GDPR) and with the assertion, exercise or defense of legal claims (Art. 17(3)(e) GDPR).

The following retention periods are therefore relevant and must be complied with: 6 years for contracts, commercial letters and correspondence in the context of the initiation and execution of contracts pursuant to Section 257(1) No. 2-3, (4) of the German Commercial Code (HGB), 10 years for accounting documents pursuant to Section 257 (1) No. 4 of the German Commercial Code (HGB) and 3 years for data that may lead to mutual claims and are subject to the regular limitation period pursuant to Section 195 of the German Civil Code (BGB).

3. Categories of recipients

A transfer of data only takes place if there is a legal basis according to Art. 6(1) GDPR and/or in the context of a so-called "data processing agreement" according to Art. 4 No. 8, 28 GDPR. This includes, in particular, service providers that we commission in the course of carrying out data processing, for example IT and software service providers that carry out data processing on the website for us (e.g. the web host of our website).

4. Transfer and processing of data in third countries

We - or in the case of a data processing agreement, our service providers - generally only process personal data in countries within the EU or the European Economic Area that are subject to the scope of the GDPR. Exceptionally, personal data is transferred to other countries (so-called "third countries") if an adequate level of data protection is guaranteed in accordance with Art. 44 GDPR, for example

• if a so-called "adequacy decision" of the European Commission exists,

• by using the "EU standard contractual clauses" or

• through other appropriate safeguards to ensure an adequate level of data protection pursuant to Art. 46 GDPR.

In addition, a transfer to a third country pursuant to Art. 49(1)(a) GDPR may take place if you have expressly consented to the data transfer after you have been informed about the potential risks to you of such data transfers without the existence of an adequacy decision and without appropriate safeguards.

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is processed: Information about the browser type and version used, the user's operating system, the user's internet service provider, the user's IP address, the date and time of access, websites from which the user's system accesses our website and websites that are accessed by the user's system via our website. The data is also stored in the log files of our system.

By processing this data, we pursue the purpose of optimising and adapting our offers and contents on the website to meet the needs of you and other visitors. This is legitimised in accordance with the legal basis pursuant to Art. 6 (1)(b) GDPR and Art. 6 (1)(f) GDPR, as we have a legitimate interest in demandoriented and adapted (in particular visual) optimisation. In addition, we aim to administratively maintain the website in terms of connection establishment and system security and stability. We also  have a legitimate interest in this according to Art. 6(1)(f) GDPR. Please note that you may have the right to object. Generally, we will be able to prove compelling reasons for the processing (system security and stability), so that a right of objection is excluded.

The data is deleted when the purpose is achieved. This is generally the case after seven days. Beyond this period, storage or other processing only takes place in such a way that the IP addresses of the users are deleted after the expiry of the aforementioned storage period or are changed in such a way (e.g. by anonymisation or pseudonymisation) that an allocation of the log data to an IP address and thus to the user is no longer possible.

We use cookies on our website. These are small text files that your browser automatically creates and stores on your terminal device when you visit our website. By setting cookies, it is generally possible to establish a personal reference to the user. The use of cookies serves to enable the provision of our website and the full use of our offer and to make it more pleasant for you.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you and also to analyse the surfing behaviour of users on our website. These cookies are automatically deleted after a defined period of time.

The legal basis for the use of our cookies with regard to the provision of our website and the full use of our offer is Art. 6(1)(b) GDPR, as the use is necessary in terms of contract fulfilment or for the implementation of pre-contractual measures. Insofar as you have given your consent, we rely on Art. 6(1)(a) GDPR and otherwise on Art. 6(1)(f) GDPR, as the use is also for the protection of our legitimate interests for the purpose of providing our online offers. Insofar as we carry out statistical evaluations or analyses using cookies, the legal basis for the processing of personal data is Art. 6(1)(a) GDPR. You can withdraw your consent at any time.

By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

If you would like to register for our newsletter, you thereby give us express consent to collect your email address. When you register for the newsletter, the data from the input mask is transmitted to us. In addition, the following data is collected during registration: IP address of the calling computer and date and time of registration.

To verify your identity, we use the so-called "double opt-in" procedure, i.e. after receiving your email address, we send an automated e-mail to the specified e-mail address containing a confirmation link. The registration process is only completed once your e-mail address has been confirmed. You can withdraw your consent at any time. There is a corresponding link in every newsletter for this purpose.

The purpose of the data processing is the sending of the newsletter you requested. The legal basis for this is Art. 6(1)(a) GDPR and Art. 6(1)(b) GDPR. If you unsubscribe from the newsletter, we will delete your registered data subject to any obligations and rights. The other personal data collected during the registration process will generally be deleted after a period of seven days.

If you contact us via the contact form on the website, the data entered in the input mask will be transmitted to us and stored. At the time the message is sent, the user's IP address and the date and time of registration are also stored. For the processing of the data, your consent is obtained during the sending process and reference is made to this data protection declaration. Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored.

The legal basis for the processing of the data is Art. 6(1)(a) GDPR if you have given your consent. You have the option to withdraw your consent at any time. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6(1)(f) GDPR. In this case, you can object to the processing at any time. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6(1)(b) GDPR.

The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

We are pleased that you are interested in us and are applying or have applied for a position in our company. In the following, we would like to provide you with information on the processing of your personal data in connection with the application.

1. Who is responsible for data processing?

ConnectedCare GmbH
Orkotten 65
D-48291 Telgte
T: +49 25 04 73 37-0
info[@]connectedcare[.]net

2. Data Protection Officer

We have appointed Mr. Heiner Niehüser as our company's data protection officer:

Herr Heiner Niehüser
DSB Münster GmbH
Martin-Luther-King Weg 42-44
48155 Münster
datenschutz[@]dsb-ms[.]de

3. Which of your data do we process? And for what purposes?

We process the data you have sent us in connection with your application in order to assess your suitability for the job (or other open positions in our companies, if applicable) and to carry out the application process.

4. What is the legal basis for this?

As part of the application process, we process the personal data you provide to us for the purpose of initiating an employment relationship on the basis of Art. 88 DSGVO in conjunction with Section 26 (1) BDSG in the version applicable from 25.05.2018. Should the data be required for legal prosecution after completion of the application process, data processing may be carried out on the basis of the requirements of Art. 6 DSGVO, in particular to safeguard legitimate interests pursuant to Art. 6 para. 1 lit. f) DSGVO. Our interest then consists in the assertion or defence of claims.

5. How long is the data stored?

We process and store your personal data as long as it is necessary for the fulfilment of the purposes of the processing or of contractual, legal or statutory obligations. After that, the data is deleted or its processing is restricted. In the event that no employment relationship is established after completion of the application process, we delete your data after 6 months. If you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted after two years. In the event that you have been awarded a position during the application process, the data will be transferred to the personnel file.

6. To which recipients is the data passed on?

Your applicant data will be viewed by the HR department after receipt of your application. Suitable applications are then forwarded internally to the department heads for the respective open position. The further procedure is then coordinated. In principle, only those persons in the company have access to your data who need it for the proper conduct of our application procedure. The transfer of data to third parties is not planned and will not be carried out.

7. Your rights as a "data subject“

You have the right to information about the personal data we process about you. In the case of a request for information that is not made in writing, we ask for your understanding that we may then require evidence from you to prove that you are the person you claim to be. Furthermore, you have a right to correction or deletion or to restriction of processing, insofar as you are entitled to this by law. Furthermore, you have a right to object to processing within the scope of the law. The same applies to a right to data portability. The restrictions according to §§ 34 and 35 BDSG apply to the right to information and the right to deletion. 8.

8. Right of complaint

In addition, there is a right of appeal to a competent data protection supervisory authority (Art. 77 DSGVO in conjunction with § 19 BDSG).

We use the provider YouTube for the integration of videos. YouTube is operated by YouTube LLC with headquarters at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

The plug-in displays videos stored on YouTube in an iFrame on the website. We have activated the "Extended data protection mode" option. This ensures that YouTube does not store any data about users of our website as long as no videos are viewed. The setting of cookies by YouTube therefore only takes place with your consent. You can withdraw this consent at any time.

The plug-in of the provider YouTube is only activated when you watch a video. In this case, information about it is transmitted to YouTube and processed/saved there. If you are logged in as a YouTube member, YouTube assigns this information to your personal user account. When using the plug-in, such as clicking on the start button of a video, this information is also assigned to your user account.

You can prevent this assignment by logging out of your YouTube user account as well as other user accounts of the companies YouTube LLC and Google Inc. and deleting the corresponding cookies of the companies before using our website.

For the purpose and scope of the data collection and the further processing and use of the data by YouTube, as well as your rights in this regard and setting options for protecting your privacy, please refer to YouTube's data protection information: www.google.de/intl/de/policies/privacy.

As the data subject you have the following rights:

1. You have the right to request information about whether and, if so, to what extent we process or do not process your personal data.

2. You have the right to request that your data be corrected.

3. You have the right to request the deletion of your personal data.

4. You have the right to request the restriction of the processing of your data.

5. You have the right to object at any time, on grounds relating to your particular situation, to
   the processing of personal data relating to you which is carried out on the basis of Art. 6(1)(e) or (f) GDPR. If personal data is processed for the purpose of direct marketing, you may also object to the processing.

6. You have the right to receive the personal data concerning you that you have provided in a structured, common and machine-readable format and to transfer this data to another controller.

7. You have the right to withdraw your declaration of consent under data protection law at any time if the processing is based on Art. 6(1)(a) GDPR or Art. 9(2) GDPR. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

8. You have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you violates the GDPR.