In the following we inform you about the collection of personal data when using our website www.hystudio.de. Personal data is all data that can be related to you personally, eg name, address, e-mail address, user behavior.
Responsible acc. Art. 4 para. 7 EU General Data Protection Regulation (GDPR) is Linus Willems.
You can reach our data protection officer, RA Johannes Kalläne, at firstname.lastname@example.org
This data protection declaration is currently valid and has the status of February 2021.
Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on the website at https://hystudio.de/datenschutz/.
I. Data processing
We process your personal data exclusively within the framework of the current and applicable data protection regulations.
In principle, you can use our website without disclosing your personal data. When you visit our website, data is stored on the servers we use for security purposes, such as the name of your internet service provider, the website from which you are visiting us, the website that you are visiting and your anonymized IP address. This data would possibly allow identification, but no personal use takes place in this regard. They can be evaluated for statistical purposes, although the individual user remains anonymous.
In addition to the aforementioned data, cookies are stored on your computer when you use the website. Cookies are small text files that are stored on your hard drive in the browser you are using and through which certain information flows to the place that sets the cookie. Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall. (See Section III). Our website is operated by an external service provider
Amazon Web Services, Inc.
Seattle, WA 98108-1226
Amazon Web Services EMEA SARL
5 rue Plaetis
hosted. A secure transmission of personal data to Amazon Web Services is given due to the EU/US Privacy Shield.
If you do not agree to this, we ask that you do not use our website or the services we offer. When you use our website, the data processing of your personal data described in this paragraph takes place. If you do not agree to this, we ask that you do not use our website or the services we offer.
Personal data is individual information about personal or factual circumstances of a specific or identifiable natural person. They can therefore be used to find out the identity of a person. The correct name, address and telephone number and in particular any health data, eg your medication history or other information about your state of health, are therefore considered personal data.
Information that is not directly associated with the real identity (such as a user’s preferred websites or the number of users of a website) is not included.
If you provide us with personal (health) data as part of an examination, e.g. telephone number or e-mail, this will be stored on our server, the personal data that arise as part of the appointment arrangement will be stored on the servers of the
Disc Street 121
stored and processed personally for the following purposes:
(1) for contacting and subsequently arranging an appointment as well as for canceling and changing appointments, as well as for appointment reminders.
(2) to bill you for the services you use;
(3) for internal business purposes including statistical analysis;
(4) to optimize the website so that we have a better understanding of who is using the website and how, and in this way better understand the needs and interests of visitors and users of the website.
(5) to be contacted for follow-up treatment.
The information you provide may include, for example, your name, e-mail address, telephone number and/or other health-related information that is necessary for the examination you have requested and is therefore requested in advance. We would like to point out that this is regularly particularly sensitive health data, which may allow conclusions to be drawn about your or your state of health.
For data processing for the purpose stated in Section (1), we use the services of the above Claysen GmbH. For data processing for the purposes specified in Sections (2) to (4), we also use the services of IONIQ GmbH, Rosa-Luxemburg-Strasse 2, 10178 Berlin, and Heartbeat Labs, Rosa-Luxemburg-Strasse 2, 10178 Berlin Claim. They only have access to your personal data, not to your personal health data.
If it is possible to enter personal data on our website, we draw your attention to the fact that only the specially marked mandatory fields are required for processing inquiries and contract processing. All other data is voluntary and will be processed by us to optimize our offer and, if necessary, for the purposes mentioned above.
Your personal data will not be made available to third parties in any form by us or persons commissioned by us, unless this is done as part of the contract processing or you have given your consent to this or an official order exists.
We will only use the personal (health) data you provide to us for the purposes listed under I.2. process the stated purposes. Your personal data will be passed on to Claysen GmbH to book an appointment. Billing is done via IONIQ GmbH. In both cases, only your personal data, without your personal health data, will be passed on for contact and billing purposes.
Various payment methods are available for billing your treatment.
Your health data will not be passed on to other third parties.
If you make use of examination services and submit a declaration of consent with regard to this data protection declaration, you declare your consent to the clauses I.2. and I.3. consent to the processing of your personal data as described.
(1) With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.
(2) We use the so-called double opt-in procedure to register for our newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not register within[24 Stunden] confirm, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to be able to clarify any possible misuse of your personal data.
(3) The only mandatory information for sending the newsletter is your e-mail address. [The provision of further, separately marked data is voluntary and is used to be able to address you personally.] After your confirmation, we will save your e-mail address for the purpose of sending the newsletter. The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR.
(4) You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail or by sending an e-mail to email@example.com or by sending a message to the contact details given in the imprint.
(5) We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which represent one-pixel image files that are stored on our website. For the evaluations, we link the data mentioned in No. 1 and the web beacons with your e-mail address and an individual ID. Links received in the newsletter also contain this ID. With the data obtained in this way, we create a user profile in order to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletter, which links you click on in them and deduce your personal interests from this. We link this data to actions taken by you on our website.
You can object to this tracking at any time by clicking on the separate link provided in every e-mail or by informing us via another contact method. The information is stored as long as you have subscribed to the newsletter. After you unsubscribe, we store the data purely statistically and anonymously.
We use the manufacturer’s SendinBlue software to send the newsletter:
SendinBlue, 55 rue d’Amsterdam
You have the following rights towards us with regard to your personal data:
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
If you have given your consent to the processing of your data, you can revoke this at any time. Such a revocation affects the admissibility of the processing of your personal data after you have given it to us.
If we base the processing of your personal data on the balancing of interests, you can object to the processing. This is the case if the processing is not necessary in particular to fulfill a contract with you, which is shown by us in the following description of the functions. If you exercise such an objection, we ask that you explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and will either stop or adjust the data processing or show you our compelling legitimate reasons for continuing the processing.
You can inform us of your objection using the following contact details: HY Studio, Rosa-Luxemburgstraße 2, 10178 Berlin; Email: firstname.lastname@example.org
Of course, you can object to the processing of your personal data for advertising and data processing purposes at any time. You can inform us about your objection to advertising using the following contact details:
You can inform us about your objection to advertising using the following contact details: HY Studio, Rosa-Luxemburgstraße 2, 10178 Berlin; Email: email@example.com
III. Online consultation about Patientus
We offer online counseling for our customers via Patientus. Patientus is a subsidiary of jameda GmbH, St.-Cajetan-Str. 41, 81669 Munich. As a certified video service provider in accordance with Annex 31b of the Federal Shell Contract for Doctors, Patientus offers online consultation hours that are encrypted using TSL, which corresponds to the highest possible security standards. The conversation is also not recorded; so there is no later retrievable data on servers. The patient cannot see or overhear the conversation because a direct peer-to-peer connection is established between doctor and patient without a third-party server. If you send data beyond the conversation, it is encrypted multiple times. The certificate is below https://ips.datenschutz-cert.de/patientus .
Further information about data processing in detail can be found in Patientus’ data protection declaration:
Most browsers are set to automatically accept cookies. However, you can deactivate the permanent storage of cookies or set your browser so that it notifies you as soon as cookies are sent. We would like to point out that if cookies are completely deactivated, not all functions of this website and also of any other websites that you use will no longer be available.
Claysen GmbH processes personal data (inventory data and usage data) only to the extent necessary. Personal data will only be transmitted to third parties if it is necessary to process the appointment booking or if you have expressly consented to the transmission.
You can find more information at: https://www.claysen.com/datenschutz/
You can find more information at: https://aws.amazon.com/de/privacy/
You can find more information at https://support.google.com/analytics/answer/6004245?hl=de
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
This website uses the Google Tag Manager. This service allows website tags to be managed via an interface. The Google Tool Manager only implements tags. This means: No cookies are used and no personal data is recorded. The Google Tool Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been carried out at the domain or cookie level, it will remain in place for all tracking tags if they are implemented with the Google Tag Manager.
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
This website uses the remarketing function “Custom Audiences” (pixel variant) from Facebook Inc. (“Facebook”). This function is used to present interest-based advertisements (“Facebook Ads”) to visitors to this website when they visit the social network Facebook. With the pixel, Facebook can see which pages the users were on when they are logged in. For this purpose, the Facebook remarketing tag was implemented on this website. This tag is used to establish a direct connection to the Facebook servers when you visit the website. It is transmitted to the Facebook server that you have visited this website and Facebook assigns this information to your personal Facebook user account. You can find more information about the collection and use of data by Facebook and about your rights in this regard and options for protecting your privacy in Facebook’s data protection information at https://www.facebook.com/about/privacy/. Alternatively, you can deactivate the “Custom Audiences” remarketing function at https://www.facebook.com/settings/?tab=ads#_=_. You must be logged in to Facebook for this.
It is also possible to send messages to us.
Facebook Leads Ads
Facebook Leads Ads is an advertising tool from Facebook to generate prospects (“leads”). A contact form is implemented directly in advertisements, which interested parties can use to leave their contact details. This data is stored by Facebook and made available to us. We then collect and store this data. If you have provided your telephone number, you agree that we may process it and contact you via this number. Before we contact interested parties by email, they receive an email from us in which they confirm their data (double opt-in). After this confirmation, we will contact the interested party to provide the information they require, to arrange an appointment, etc. We will not pass on the data to third parties. The Facebook data protection declaration on the subject of Leads Ads can be accessed via the following link: https://www.facebook.com/policy.php
Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and are therefore informing you according to our state of knowledge: Through the integration of DoubleClick, Google receives the information that you have accessed the corresponding part of our website or clicked on one of our advertisements. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out and store your IP address.
You can prevent participation in this tracking process in a number of ways:
The legal basis for the processing of your data is Art. 6 Para. 1 S. 1 lit. a GDPR. Further information on DoubleClick by Google is available at https://www.google.de/doubleclick and http://support.google.com/adsense/answer/2839090, as well as on data protection at Google in general: https://www. google. de/intl/de/policies/privacy. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org. We have concluded the EU standard contractual clauses for data transfer to a third country with Google.
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
On our website we use functions of Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. You can use your Instagram account to link the content of our website to the content of your account by clicking on the Instagram button. It is also possible to send messages to us. What data is transmitted to Instagram and how Instagram uses the data is beyond our knowledge and is not our responsibility. The legal basis is your consent to data processing for marketing purposes, Art. 6 Para. 1 Sentence 1 a) GDPR.
(1) We currently use the following social media plug-ins: [Facebook, Instagram]. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can identify the provider of the plug-in by the marking on the box above its initials or the logo. We give you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it will the plug-in provider be informed that you have accessed the corresponding website of our online offer. In addition, the data mentioned under No. 1 of this declaration will be transmitted. In the case of Facebook, according to the respective provider in Germany, the IP address is anonymized immediately after collection. By activating the plug-in, your personal data is therefore transmitted to the respective plug-in provider and stored there (in the case of US providers in the USA). Since the plug-in provider collects data in particular via cookies, we recommend that you delete all cookies via the security settings of your browser before clicking on the grayed-out box.
(2) We have no influence on the collected data and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.
(3) The plug-in provider saves the data collected about you as usage profiles and uses them for advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. With the plug-ins we offer you the opportunity to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for using the plug-ins is Art. 6 para. 1 p. 1 lit. a GDPR.
(4) The data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected from us will be assigned directly to your existing account with the plug-in provider. If you press the activated button and e.g. B. link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this way you can avoid being assigned to your profile with the plug-in provider.
(5) Further information on the purpose and scope of the data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers communicated below. There you will also receive further information on your rights in this regard and setting options to protect your privacy.
(6) Addresses of the respective plug-in providers and URL with their data protection notices:
[Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; Further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook .com/about/privacy/your-info#everyoneinfo.
[Instagram: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Our website uses the remarketing technology “Bing Ads” from Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft stores a cookie on your computer (“conversion cookie”) if you have accessed our website via a Microsoft Bing ad. Microsoft and “Bing Ads” customers can thus recognize that the ad was clicked and that a redirection to our website took place. In this way, you can be addressed again through targeted product recommendations and interest-based advertising on the pages of Microsoft and other “Bing Ads” customers. The information obtained using the conversion cookie is also used to generate conversion statistics. We learn the total number of users who clicked on a Microsoft Bing ad and were thus redirected to our website. In addition, other anonymous data (e.g. the number of page views and the time spent on the website) are collected. We do not receive any information with which users can be personally identified. If you do not want to participate in the tracking process, you can also refuse the setting of a cookie required for this – for example by deactivating the saving of cookies in your browser settings. You can opt out of receiving interest-based advertising from Microsoft by visiting Microsoft’s opt-out page: https://account.microsoft.com/privacy/ad-settings
Further information on data protection at Microsoft and on the cookies used by Microsoft can be found in Microsoft’s data protection declaration: https://privacy.microsoft.com/de-de/privacystatement .
The evaluation of user behavior for marketing purposes is based on your consent in accordance with Art. 6 Para. 1 lit. a) GDPR.
This website uses the Outbrain UK Ltd. pixel. (“Outbrain”). This function is used to present interest-based advertisements (“ads”) to visitors to this website when they visit other websites that have integrated the Outbrain services. The legal basis for using Outbrain is your consent in accordance with Art. 6 para. 1 p. 1 lit. a DS-GVO. Through cookies, Outbrain can recognize which pages the users were on. It is transmitted to the Outbrain server that you have visited this website and Outbrain assigns this information to your IP. To anonymize the IP address, the last octet of the IP address is removed to ensure full anonymization. You can find more information about the collection and use of data by Outbrain and your rights in this regard and options for protecting your privacy in Outbrain’s data protection information.
You can object to Outbrain tracking to display interest-based recommendations at any time at https://my.outbrain.com/recommendations-settings/ .
On our site we use social plugins from the Pinterest social network operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”). If you call up a page that contains such a plugin, your browser establishes a direct connection to the Pinterest servers. The plugin transmits log data to the Pinterest server in the USA. This log data may include your IP address, the address of the websites visited that also contain Pinterest functions, the type and settings of the browser, the date and time of the request, how you use Pinterest and cookies. The legal basis is your consent to data processing for marketing purposes, Art. 6 Para. 1 S.1 a) GDPR.
Further information on the purpose, scope and further processing and use of the data by Pinterest as well as your rights in this regard and options for protecting your privacy can be found in Pinterest’s data protection information: https://about.pinterest.com/de/privacy-policy .
On this website we use the so-called “TikTok pixel” from the provider TikTok (for EU: TikTok Information Technologies UK Limited, Aviation House, 125 Kingsway Holborn, London, WC2B 6NH.). This is a code that we have implemented on our site. This code is used to connect to the TikTok servers when you visit our website in order to track your behavior on our website. Personal data such as the IP address and other information such as device ID, device type and operating system can also be transmitted to TikTok. TikTok uses email or other login or device information to identify users of our website and to associate their actions with a TikTok user account.
TikTok uses this data to display targeted and personalized advertising to its users and to create interest-based user profiles. The data collected is anonymous and cannot be viewed by us and can only be used by us to measure the effectiveness of advertisements placed.
The legal basis is your consent to data processing for marketing purposes, Art. 6 para. 1 S.1 a) GDPR.
HY STUDIO Ltd
10178 Berlin, Germany
Telephone: +49 (0) 30 921 24 822
District Court of Charlottenburg
HRB 188292 B VAT ID: DE31292633