In the following we inform you about the collection of personal data when using our website www.hystudio.de. Personal data is all data that can be related to you personally, eg name, address, e-mail address, user behavior.

Responsible acc. Art. 4 para. 7 EU General Data Protection Regulation (GDPR) is Linus Willems.

You can reach our data protection officer, RA Johannes Kalläne, at datenschutz@hystudio.de

This data protection declaration is currently valid and has the status of February 2021.

Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on the website at https://hystudio.de/datenschutz/.

I. Data processing

We process your personal data exclusively within the framework of the current and applicable data protection regulations.

1. Processing of data when accessing and using our website

In principle, you can use our website without disclosing your personal data. When you visit our website, data is stored on the servers we use for security purposes, such as the name of your internet service provider, the website from which you are visiting us, the website that you are visiting and your anonymized IP address. This data would possibly allow identification, but no personal use takes place in this regard. They can be evaluated for statistical purposes, although the individual user remains anonymous.

In addition to the aforementioned data, cookies are stored on your computer when you use the website. Cookies are small text files that are stored on your hard drive in the browser you are using and through which certain information flows to the place that sets the cookie. Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall. (See Section III). Our website is operated by an external service provider

Amazon Web Services, Inc.
POBox 81226
Seattle, WA 98108-1226

Amazon Web Services EMEA SARL
5 rue Plaetis
L-2338
Luxembourg

hosted. A secure transmission of personal data to Amazon Web Services is given due to the EU/US Privacy Shield.

If you do not agree to this, we ask that you do not use our website or the services we offer. When you use our website, the data processing of your personal data described in this paragraph takes place. If you do not agree to this, we ask that you do not use our website or the services we offer.

2. Processing of personal (health) data in the event of advice, examination or other contact with us; processing purposes

Personal data is individual information about personal or factual circumstances of a specific or identifiable natural person. They can therefore be used to find out the identity of a person. The correct name, address and telephone number and in particular any health data, eg your medication history or other information about your state of health, are therefore considered personal data.

Information that is not directly associated with the real identity (such as a user’s preferred websites or the number of users of a website) is not included.

If you provide us with personal (health) data as part of an examination, e.g. telephone number or e-mail, this will be stored on our server, the personal data that arise as part of the appointment arrangement will be stored on the servers of the

Claysen GmbH
Disc Street 121
48153 Munster

stored and processed personally for the following purposes:

(1) for contacting and subsequently arranging an appointment as well as for canceling and changing appointments, as well as for appointment reminders.

(2) to bill you for the services you use;

(3) for internal business purposes including statistical analysis;

(4) to optimize the website so that we have a better understanding of who is using the website and how, and in this way better understand the needs and interests of visitors and users of the website.

(5) to be contacted for follow-up treatment.

The information you provide may include, for example, your name, e-mail address, telephone number and/or other health-related information that is necessary for the examination you have requested and is therefore requested in advance. We would like to point out that this is regularly particularly sensitive health data, which may allow conclusions to be drawn about your or your state of health.

For data processing for the purpose stated in Section (1), we use the services of the above Claysen GmbH. For data processing for the purposes specified in Sections (2) to (4), we also use the services of IONIQ GmbH, Rosa-Luxemburg-Strasse 2, 10178 Berlin, and Heartbeat Labs, Rosa-Luxemburg-Strasse 2, 10178 Berlin Claim. They only have access to your personal data, not to your personal health data.

If it is possible to enter personal data on our website, we draw your attention to the fact that only the specially marked mandatory fields are required for processing inquiries and contract processing. All other data is voluntary and will be processed by us to optimize our offer and, if necessary, for the purposes mentioned above.

Your personal data will not be made available to third parties in any form by us or persons commissioned by us, unless this is done as part of the contract processing or you have given your consent to this or an official order exists.

3. Processing and disclosure of personal data

We will only use the personal (health) data you provide to us for the purposes listed under I.2. process the stated purposes. Your personal data will be passed on to Claysen GmbH to book an appointment. Billing is done via IONIQ GmbH. In both cases, only your personal data, without your personal health data, will be passed on for contact and billing purposes.

Various payment methods are available for billing your treatment.

Your health data will not be passed on to other third parties.

4. consent

If you make use of examination services and submit a declaration of consent with regard to this data protection declaration, you declare your consent to the clauses I.2. and I.3. consent to the processing of your personal data as described.

5. Newsletter

(1) With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.

(2) We use the so-called double opt-in procedure to register for our newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not register within[24 Stunden] confirm, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to be able to clarify any possible misuse of your personal data.

(3) The only mandatory information for sending the newsletter is your e-mail address. [The provision of further, separately marked data is voluntary and is used to be able to address you personally.] After your confirmation, we will save your e-mail address for the purpose of sending the newsletter. The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR.

(4) You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail or by sending an e-mail to hy@hystudio.de or by sending a message to the contact details given in the imprint.

(5) We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which represent one-pixel image files that are stored on our website. For the evaluations, we link the data mentioned in No. 1 and the web beacons with your e-mail address and an individual ID. Links received in the newsletter also contain this ID. With the data obtained in this way, we create a user profile in order to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletter, which links you click on in them and deduce your personal interests from this. We link this data to actions taken by you on our website.

You can object to this tracking at any time by clicking on the separate link provided in every e-mail or by informing us via another contact method. The information is stored as long as you have subscribed to the newsletter. After you unsubscribe, we store the data purely statistically and anonymously.

We use the manufacturer’s SendinBlue software to send the newsletter:

SendinBlue, 55 rue d’Amsterdam
75008Paris
France

6. Your rights
7. a) Data protection declaration for the use of Praxismanager (Claysen GmbH)

You have the following rights towards us with regard to your personal data:

• free information about the data stored about you, about its origin, about the recipient and about the purpose of storage.
• Right to correction or deletion, provided the legal requirements are met
• Right to restriction of processing
• Right to object to processing
• Right to data portability

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

6. Objection or revocation against the processing of your data

If you have given your consent to the processing of your data, you can revoke this at any time. Such a revocation affects the admissibility of the processing of your personal data after you have given it to us.

If we base the processing of your personal data on the balancing of interests, you can object to the processing. This is the case if the processing is not necessary in particular to fulfill a contract with you, which is shown by us in the following description of the functions. If you exercise such an objection, we ask that you explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and will either stop or adjust the data processing or show you our compelling legitimate reasons for continuing the processing.

You can inform us of your objection using the following contact details: HY Studio, Rosa-Luxemburgstraße 2, 10178 Berlin; Email: hy@hystudio.de

Of course, you can object to the processing of your personal data for advertising and data processing purposes at any time. You can inform us about your objection to advertising using the following contact details:

You can inform us about your objection to advertising using the following contact details: HY Studio, Rosa-Luxemburgstraße 2, 10178 Berlin; Email: hy@hystudio.de

III. Online consultation about Patientus

We offer online counseling for our customers via Patientus. Patientus is a subsidiary of jameda GmbH, St.-Cajetan-Str. 41, 81669 Munich. As a certified video service provider in accordance with Annex 31b of the Federal Shell Contract for Doctors, Patientus offers online consultation hours that are encrypted using TSL, which corresponds to the highest possible security standards. The conversation is also not recorded; so there is no later retrievable data on servers. The patient cannot see or overhear the conversation because a direct peer-to-peer connection is established between doctor and patient without a third-party server. If you send data beyond the conversation, it is encrypted multiple times. The certificate is below https://ips.datenschutz-cert.de/patientus .

Further information about data processing in detail can be found in Patientus’ data protection declaration:

https://security.patientus.de/legal/data-security?pk_vid=a1f630b5ddc2961f1584530505956a4c

1. Cookies, web analysis and other tools
   On our website, data is collected and used for marketing and optimization purposes using web analysis technologies. For this purpose, cookies (ie small text files stored on your computer) can be used to enable your internet browser to be recognized. From this data, user profiles are created under a pseudonym. Unless you have given your consent to this separately, this data will not be used to identify you personally and will not be combined with personal data about the bearer of the pseudonym. In this process, IP addresses are only used in an anonymous form. We use this data to optimize our offer and to tailor it to the needs of our customers.

Most browsers are set to automatically accept cookies. However, you can deactivate the permanent storage of cookies or set your browser so that it notifies you as soon as cookies are sent. We would like to point out that if cookies are completely deactivated, not all functions of this website and also of any other websites that you use will no longer be available.

1. Data protection declaration for the use of Praxismanager (Claysen GmbH)
   If you arrange a treatment appointment with us via the online booking option, the data you enter (name, surname, email address and the booked treatment date) will be stored on the server of Claysen GmbH, Scheibenstraße 121, 48153 Münster, Germany (“Claysen”). ) processed. A written agreement on the order data agreement was concluded with Claysen for these purposes. Information on the treatment status and previous treatments are processed in pseudonymised form on the Claysen GmbH server. The Claysen GmbH servers are located in Germany.

Claysen GmbH processes personal data (inventory data and usage data) only to the extent necessary. Personal data will only be transmitted to third parties if it is necessary to process the appointment booking or if you have expressly consented to the transmission.

Claysen GmbH itself uses cookies and collects and stores log files in a form in which the data cannot be assigned to a specific person.

You can find more information at: https://www.claysen.com/datenschutz/

2. Data protection declaration for the use of Amazon Web Services
   For data processing, we use the services of Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States (“AWS”) and store our data on the AWS server in Frankfurt. If you contact us and/or book a treatment appointment with us, AWS also has access to the data you have made available to us (name, surname, email address and the booked treatment date). We have concluded a written agreement on order data processing with AWS, according to which AWS is not permitted to use or process your data in any other way, apart from merely storing it.

You can find more information at: https://aws.amazon.com/de/privacy/

3. Google Analytics
   This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. If IP anonymization is activated on this website, however, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly; we would like to point out to you however that in this case you will if applicable not be able to use all functions of this website in full. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: http://tools.google.com/dlpage/gaoptout?hl=de.

You can find more information at https://support.google.com/analytics/answer/6004245?hl=de

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

4. Google Tag Manager

This website uses the Google Tag Manager. This service allows website tags to be managed via an interface. The Google Tool Manager only implements tags. This means: No cookies are used and no personal data is recorded. The Google Tool Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been carried out at the domain or cookie level, it will remain in place for all tracking tags if they are implemented with the Google Tag Manager.

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

5. Google AdWords

This website uses the remarketing function of Google Inc. (“Google”). This function is used to present interest-based advertisements to visitors to the website as part of the Google advertising network. The website visitor’s browser stores so-called “cookies”, text files that are stored on your computer and that make it possible to recognize the visitor when they visit websites that belong to the Google advertising network. On these pages, the visitor can then be presented with advertisements that refer to content that the visitor has previously accessed on websites that use Google’s remarketing function. According to its own statements, Google does not collect any personal data during this process. If you still do not wish to use Google’s remarketing function, you can always deactivate it by making the appropriate settings at http://www.google.com/settings/ads. Alternatively, you can disable the use of cookies for interest-based advertising through the Ad Network Initiative by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp. Further information on Google Remarketing and Google’s data protection declaration can be found at: http://www.google.com/privacy/ads/.

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

6.Facebook
This website uses the remarketing function “Custom Audiences” (pixel variant) from Facebook Inc. (“Facebook”). This function is used to present interest-based advertisements (“Facebook Ads”) to visitors to this website when they visit the social network Facebook. With the pixel, Facebook can see which pages the users were on when they are logged in. For this purpose, the Facebook remarketing tag was implemented on this website. This tag is used to establish a direct connection to the Facebook servers when you visit the website. It is transmitted to the Facebook server that you have visited this website and Facebook assigns this information to your personal Facebook user account. You can find more information about the collection and use of data by Facebook and about your rights in this regard and options for protecting your privacy in Facebook’s data protection information at https://www.facebook.com/about/privacy/. Alternatively, you can deactivate the “Custom Audiences” remarketing function at https://www.facebook.com/settings/?tab=ads#_=_. You must be logged in to Facebook for this.
It is also possible to send messages to us.

Facebook Leads Ads

Facebook Leads Ads is an advertising tool from Facebook to generate prospects (“leads”). A contact form is implemented directly in advertisements, which interested parties can use to leave their contact details. This data is stored by Facebook and made available to us. We then collect and store this data. If you have provided your telephone number, you agree that we may process it and contact you via this number. Before we contact interested parties by email, they receive an email from us in which they confirm their data (double opt-in). After this confirmation, we will contact the interested party to provide the information they require, to arrange an appointment, etc. We will not pass on the data to third parties. The Facebook data protection declaration on the subject of Leads Ads can be accessed via the following link: https://www.facebook.com/policy.php

7. DoubleClick by Google
   This website continues to use the online marketing tool DoubleClick by Google. DoubleClick uses cookies to serve ads relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads multiple times. Google uses a cookie ID to record which ads are placed in which browser and can thus prevent them from being displayed more than once. In addition, DoubleClick can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later uses the same browser to go to the advertiser’s website and buy something there. According to Google, DoubleClick cookies do not contain any personally identifiable information.

Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and are therefore informing you according to our state of knowledge: Through the integration of DoubleClick, Google receives the information that you have accessed the corresponding part of our website or clicked on one of our advertisements. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out and store your IP address.

You can prevent participation in this tracking process in a number of ways:

1. a) by setting your browser software accordingly, in particular the suppression of third-party cookies means that you will not receive any advertisements from third-party providers;
2. b) by deactivating the cookies for conversion tracking by setting your browser so that cookies from the domain “www.googleadservices.com” are blocked, https://www.google.de/settings/ads, whereby this setting deleted when you delete your cookies;
3. c) by deactivating the interest-based ads of the providers who are part of the self-regulatory campaign “About Ads” via the link http://www.aboutads.info/choices, whereby this setting will be deleted if you delete your cookies;
4. d) by permanent deactivation in your browsers Firefox, Internet Explorer or Google Chrome under the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all the functions of this offer to their full extent.

The legal basis for the processing of your data is Art. 6 Para. 1 S. 1 lit. a GDPR. Further information on DoubleClick by Google is available at https://www.google.de/doubleclick and http://support.google.com/adsense/answer/2839090, as well as on data protection at Google in general: https://www. google. de/intl/de/policies/privacy. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org. We have concluded the EU standard contractual clauses for data transfer to a third country with Google.

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

8. Data protection declaration for the use of Instagram

On our website we use functions of Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. You can use your Instagram account to link the content of our website to the content of your account by clicking on the Instagram button. It is also possible to send messages to us. What data is transmitted to Instagram and how Instagram uses the data is beyond our knowledge and is not our responsibility. The legal basis is your consent to data processing for marketing purposes, Art. 6 Para. 1 Sentence 1 a) GDPR.

For more information, see Instagram’s privacy policy:

https://instagram.com/about/legal/privacy/

9. Use of social media plug-ins

(1) We currently use the following social media plug-ins: [Facebook, Instagram]. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can identify the provider of the plug-in by the marking on the box above its initials or the logo. We give you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it will the plug-in provider be informed that you have accessed the corresponding website of our online offer. In addition, the data mentioned under No. 1 of this declaration will be transmitted. In the case of Facebook, according to the respective provider in Germany, the IP address is anonymized immediately after collection. By activating the plug-in, your personal data is therefore transmitted to the respective plug-in provider and stored there (in the case of US providers in the USA). Since the plug-in provider collects data in particular via cookies, we recommend that you delete all cookies via the security settings of your browser before clicking on the grayed-out box.

(2) We have no influence on the collected data and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.

(3) The plug-in provider saves the data collected about you as usage profiles and uses them for advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. With the plug-ins we offer you the opportunity to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for using the plug-ins is Art. 6 para. 1 p. 1 lit. a GDPR.

(4) The data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected from us will be assigned directly to your existing account with the plug-in provider. If you press the activated button and e.g. B. link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this way you can avoid being assigned to your profile with the plug-in provider.

(5) Further information on the purpose and scope of the data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers communicated below. There you will also receive further information on your rights in this regard and setting options to protect your privacy.

(6) Addresses of the respective plug-in providers and URL with their data protection notices:

[Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; Further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook .com/about/privacy/your-info#everyoneinfo.

[Instagram: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

https://help.instagram.com/519522125107875

10. Using Microsoft Bing Ads

Our website uses the remarketing technology “Bing Ads” from Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft stores a cookie on your computer (“conversion cookie”) if you have accessed our website via a Microsoft Bing ad. Microsoft and “Bing Ads” customers can thus recognize that the ad was clicked and that a redirection to our website took place. In this way, you can be addressed again through targeted product recommendations and interest-based advertising on the pages of Microsoft and other “Bing Ads” customers. The information obtained using the conversion cookie is also used to generate conversion statistics. We learn the total number of users who clicked on a Microsoft Bing ad and were thus redirected to our website. In addition, other anonymous data (e.g. the number of page views and the time spent on the website) are collected. We do not receive any information with which users can be personally identified. If you do not want to participate in the tracking process, you can also refuse the setting of a cookie required for this – for example by deactivating the saving of cookies in your browser settings. You can opt out of receiving interest-based advertising from Microsoft by visiting Microsoft’s opt-out page: https://account.microsoft.com/privacy/ad-settings

Further information on data protection at Microsoft and on the cookies used by Microsoft can be found in Microsoft’s data protection declaration: https://privacy.microsoft.com/de-de/privacystatement .

The evaluation of user behavior for marketing purposes is based on your consent in accordance with Art. 6 Para. 1 lit. a) GDPR.

11. Using Outbrain Pixel

This website uses the Outbrain UK Ltd. pixel. (“Outbrain”). This function is used to present interest-based advertisements (“ads”) to visitors to this website when they visit other websites that have integrated the Outbrain services. The legal basis for using Outbrain is your consent in accordance with Art. 6 para. 1 p. 1 lit. a DS-GVO. Through cookies, Outbrain can recognize which pages the users were on. It is transmitted to the Outbrain server that you have visited this website and Outbrain assigns this information to your IP. To anonymize the IP address, the last octet of the IP address is removed to ensure full anonymization. You can find more information about the collection and use of data by Outbrain and your rights in this regard and options for protecting your privacy in Outbrain’s data protection information.

You can object to Outbrain tracking to display interest-based recommendations at any time at https://my.outbrain.com/recommendations-settings/ .

12. Pinterest

On our site we use social plugins from the Pinterest social network operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”). If you call up a page that contains such a plugin, your browser establishes a direct connection to the Pinterest servers. The plugin transmits log data to the Pinterest server in the USA. This log data may include your IP address, the address of the websites visited that also contain Pinterest functions, the type and settings of the browser, the date and time of the request, how you use Pinterest and cookies. The legal basis is your consent to data processing for marketing purposes, Art. 6 Para. 1 S.1 a) GDPR.

Further information on the purpose, scope and further processing and use of the data by Pinterest as well as your rights in this regard and options for protecting your privacy can be found in Pinterest’s data protection information: https://about.pinterest.com/de/privacy-policy .

13. TikTok Pixel

On this website we use the so-called “TikTok pixel” from the provider TikTok (for EU: TikTok Information Technologies UK Limited, Aviation House, 125 Kingsway Holborn, London, WC2B 6NH.). This is a code that we have implemented on our site. This code is used to connect to the TikTok servers when you visit our website in order to track your behavior on our website. Personal data such as the IP address and other information such as device ID, device type and operating system can also be transmitted to TikTok. TikTok uses email or other login or device information to identify users of our website and to associate their actions with a TikTok user account.

TikTok uses this data to display targeted and personalized advertising to its users and to create interest-based user profiles. The data collected is anonymous and cannot be viewed by us and can only be used by us to measure the effectiveness of advertisements placed.

The legal basis is your consent to data processing for marketing purposes, Art. 6 para. 1 S.1 a) GDPR.

You can find TikTok’s privacy policy here: https://www.tiktok.com/legal/new-privacy-policy?lang=de-DE