Datenschutzhinweise für Kund*innen & Interessenten

Controller

BEO MedConsulting Berlin GmbH

Dipl.-Ing. Michael Vent (CEO)
Dipl.-Ing., MBA Karsten Nieter-Kubin (COO)

Helmholtzstrasse 2-9
10587 Berlin

Tel. +49 (0)30 318 045 30
Fax +49 (0)30 318 045 40
info@beoberlin.de

Data protection officer (external)

Dirk Trettin, Attorney at Law
datenschutz@beoberlin.de

We process personal data solely within the legal framework of the relevant legislation and, where appropriate, with your consent.

• IP address of the requesting device;
• Method (e.g. GET, POST), date and time of the request;
• Address of the accessed website and path of the requested file;
• The previously accessed or requesting website/file (HTTP referrer);
• Information about the browser used and the operating system;
• HTTP protocol version, HTTP status code, size of the delivered file;
• Request information such as language, type of content, coding of content, character sets.

Personal data means any information relating to an identified or identifiable natural person. When you visit our website, we store certain data about the browser and operating system you are using, the date and time of your visit, the access status (for instance error messages), your use of the website’s features, any search terms you may have entered, the frequency with which you access individual web pages, the description of files that are accessed, the data volume that is transmitted, the website from which you accessed our website and the website you access from our website.

For security reasons, especially to prevent and identify attacks on our website or fraud attempts, we also store your IP address and the name of your Internet service provider.

We only store other personal data if you provide us with such data for registering or logging in or on a contact form, or for performing a contract.

We use qualified service providers (for instance IT service providers or marketing agencies) for operating, optimising and securing our website. We will only transmit your personal data to them if this is necessary for providing and using the web pages and their features, for pursuing our legitimate interests or if you have given your consent. Your personal data will not be transmitted to third parties for any purposes other than those stated in this privacy policy.

• Sie Ihre nach Art. 6 Abs. 1 lit. a DSGVO Ihre ausdrückliche Einwilligung dazu erteilt haben,
• dies gesetzlich zulässig und nach 6 Abs. 1 lit. b DSGVO für die Abwicklung von Vertragsverhältnissen mit Ihnen oder für die Durchführung vorvertraglicher Maßnahmen erforderlich ist, die auf Ihre Anfrage hin erfolgen.
• wir nach Art. 6 Abs. 1 lit. c DSGVO zur Weitergabe gesetzlich verpflichtet sind oder
• die Weitergabe nach 6 Abs. 1 lit. f DSGVO zur Geltendmachung, Ausübung oder Verteidigung von Rechtsansprüchen erforderlich ist und kein Grund zur Annahme besteht, dass Sie ein überwiegendes schutzwürdiges Interesse am Unterbleiben der Weitergabe Ihrer Daten haben.

Eine Weitergabe kann in Zusammenhang mit behördlichen Anfragen, Gerichtsbeschlüssen und Rechtsverfahren erfolgen, wenn es für die Rechtsverfolgung oder -durchsetzung erforderlich ist.

Ein Teil der Datenverarbeitung kann durch unsere Dienstleister erfolgen. Für Betrieb, Optimierung und Absicherung unserer Webseite setzen wir qualifizierte Dienstleister ein (z.B. IT-Dienstleister, Marketing-Agenturen). Personenbezogene Daten geben wir an diese nur weiter, soweit dies erforderlich ist für die Bereitstellung und Nutzung der Webseiten und deren Funktionalitäten, zur Verfolgung berechtigter Interessen oder soweit Sie darin eingewilligt haben. Eine Übermittlung Ihrer personenbezogenen Daten an Dritte zu anderen als den in diesen Datenschutzhinweisen aufgeführten Zwecken findet nicht statt.

We are only justified in processing your personal data on the basis of your consent (legal basis). Here is a list of the most important legal bases.

• Art. 6 (1) (a) GDPR

If you have given us your consent to the processing of your personal data.

• Art. 6 (1) (b) GDPR

f the processing of your personal data is necessary for the performance of a contract with you or in order to take steps prior to entering into a contract with you.

• Art. 6 (1) (c) GDPR

If the processing of your personal data is necessary for compliance with our legal obligations (for instance for the safekeeping of data).

• Art. 6 (1) (f) GDPR

If the processing of your personal data is necessary for the purposes of pursuing our legitimate interests and the legitimate interests of third parties (for instance maintaining the functionality of our IT systems, marketing our services and the documentation of business contacts as required by law).

We use cookies on our website. Cookies are small text files containing certain data that are stored on your end device (laptop, tablet, Smartphone, etc.). Cookies are necessary for ensuring that we are able to provide certain features on our web pages, such as retaining the language selected by you as the user for displaying our website. Cookies also enable us to identify when our website has already been accessed from a certain end device. This makes it possible to identify returning visitors (or at least their end devices) and gain information about their use behaviour and probable interests. If you do not wish cookies to be installed on your device, you should deactivate the installation of cookies in the settings of your browser. There are four categories of cookies, depending on their function and the purpose for which they are used.

Strictly necessary cookies

These cookies are essential for you to navigate our website and use its features, for instance for setting your data privacy preferences, for logging in or for filling in forms. Without these cookies we are unable to provide properly the services you request via the website. Under applicable laws, we do not need your consent as a user for strictly necessary cookies. The legal basis for the processing of personal data using strictly necessary cookies lies in our legitimate interest in operating our website (Art. 6 (1) (f) GDPR).

Performance cookies

Performance cookies collect data about the use of our website, for instance which pages are most frequently visited and how visitors move about on the website. They are intended to help us improve the user-friendliness of the website and your experience as a user. The data collected from the use of performance cookies are aggregated and cannot as a rule be allocated to any specific natural person. If in individual cases data processed using performance cookies allow you to be identified as a specific natural person, your consent as a user is the legal basis for the processing of your personal data (Art. 6 (1) (a) GDPR).

Functional cookies

Functional cookies enable a website to store an input or selection made by you, such as your user name, language preference or the geographical region in which you are located; and to offer you as a user improved and more personal features. They are also used to enable requested features such as the playing of videos. If in individual cases data processed using functional cookies allow you to be identified as a specific natural person, your consent as a user is the legal basis for the processing of your personal data (Art. 6 (1) (a) GDPR).

Marketing cookies

Marketing cookies are used to enable the display of tips advertising third party websites that may be more relevant to you and your interests. They are also used to limit the frequency with which an advertisement is displayed and to measure and steer the effectiveness of advertising campaigns. The legal basis for the processing of any data that may be related to you as an identifiable natural person using marketing cookies is your consent as a user (Art. 6 (1) (a) GDPR).

We erase your IP address and the name of your Internet service provider, which we store purely for security reasons, after seven days. Otherwise. we erase your personal data once they are no longer required for the purpose for which we collected and processed them. Your personal data will only be stored beyond this period if this is required under the laws, regulations and other legislation to which we are subject (for instance a statutory period of safekeeping).

Zu Beweiszwecken müssen wir Vertragsdaten noch drei Jahre ab Ende des Jahres, in dem die Geschäftsbeziehungen mit Ihnen enden, aufbewahren. Etwaige Ansprüche verjähren nach der gesetzlichen Regelverjährungsfrist frühestens zu diesem Zeitpunkt.

Auch danach müssen wir Ihre Daten teilweise noch aus buchhalterischen Gründen speichern. Wir sind dazu wegen gesetzlicher Dokumentationspflichten verpflichtet. Die dort vorgegebenen Fristen zur Aufbewahrung von Unterlagen betragen zwei bis zehn Jahre.

Ihre IP-Adresse und den Namen Ihres Internet Service Providers, die wir nur aus Sicherheitsgründen speichern, löschen wir nach sieben Tagen.

Google reCAPTCHA

We use the reCAPTCHA feature by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (Google) on our website. This feature is mainly used to distinguish whether an input is being made by a natural person or fraudulently by machine or automated processing. This service includes the transmission to Google of the IP address and any other data needed by Google for the reCAPTCHA feature, and under Art. 6 (1) (f) GDPR is on the basis of our legitimate interest in establishing that individuals are acting in their own responsibility on the Internet and in preventing misuse, fraud and spam. The use of Google reCAPTCHA may also involve the transmission of personal data to the servers of Google LLC. in the USA. For further information about Google reCAPTCHA and Google’s privacy policy, please go to https://www.google.com/intl/de/policies/privacy/

Web analysis

Our website uses Matomo, a web analysis service by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. Matomo installs cookies on your end device to enable us to analyse your use of our website. The information collected in this way is stored solely on our server (in-house-hosting). This prevents any transmission of your data to third parties.

For this purpose, a cookie is installed on the user’s end device, enabling us to keep track of activities and, for instance, identify return visits. Your IP address is automatically abbreviated (IP masking) so that you are no longer individually identifiable. The information that is analysed includes your approximate geographical location, your end device, your monitor resolution, your browser and the sites you have visited including how long you spent there. We use Matomo to analyse the use of our website and its individual features and offerings and to enable us constantly to improve your user experience. The statistical analysis of user behaviour enables us to make constant improvements in the features and services we offer. If we obtain your consent as a user, your personal data are processed on the legal basis of Art. 6 (1) (a) GDPR. You may withdraw the consent you have given at any time with future effect. To withdraw your consent, all you need to do is deactivate this service in the Cookie Consent Tool that is provided on the website. Otherwise, it is based on Art. 6 (1) (f) GDPR. Our legitimate interest is in the optimisation of our website, the improvement of the services and features we offer and online marketing.

You may prevent this analysis by deleting existing cookies and deactivating the placing of cookies in your browser’s settings.

Insofar as we obtain the user's consent, the processing of data takes place on the legal basis of Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future. To exercise your revocation, deactivate this service in the ‘Cookie Consent Tool’ provided on the website. Otherwise, it is based on Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the optimisation of our website, the improvement of our offers and online marketing.

You can find more information on data privacy in Matumo’s privacy policy at https://matomo.org/privacy-policy/.

YouTube

Our website embeds videos from the YouTube website. The operator of the site is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland, with headquarters in the USA. To ensure data protection on this website, we only use YouTube together with a so-called ‘before click’ solution or consent banner setting. A plugin prevents data from being transferred to YouTube when you first enter the site. Activating the video via the button provided constitutes consent within the meaning of Art. 6 para. 1 lit. a GDPR. We also use YouTube in extended data protection mode. This mode means that only minimal data is sent to YouTube to establish a connection when you start the video. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account beforehand.

Further information about data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=en.

The legal basis for the integration is your consent, which you may have given for data processing in accordance with Art. 6 para. 1 lit. a GDPR and for data transmission in accordance with Art. 49 para. 1 lit. a GDPR in the consent banner or by starting the video. You can revoke this consent at any time with effect for the future. Please refer to the section ‘Data transfer to third countries’ for the risks associated with data transfer to third countries. No connection to the YouTube servers will be established without your consent. You can revoke your consent or change your selection at any time. Access to and storage of information in the end device takes place on the basis of Section 25 (1) TTDSG.

We are responsible together with the operators of the social media platforms with regard to the processing of personal data (e.g. name, email addresses and IP addresses etc.) initiated by your visit to these pages, as they also carry out data processing for their own purposes. The individual data processing operations and their scope on the respective social media platform are not necessarily transparent to us. Details on the collection and storage of your personal data as well as the type, scope and purpose of its use can be found in the privacy policies of the respective providers. We only have a very limited influence on the individual data processing operations and therefore work towards data protection-compliant handling within the scope of the possibilities available to us. Responsibility for data protection-compliant operation must be guaranteed by the respective provider.

We use social media platforms for our public relations, marketing and communication. Our goals are:

• direct contact with our social media visitors with the aim of customer acquisition and retention and the associated offer of contemporary communication channels,
• References to our contributions and offers,
• Increase our level of awareness,
• statistical analyses for our own market research purposes.

The data you enter on our social media channels, such as comments, videos, photos, likes, public messages, etc., are provided by the respective social media platform. We can neither influence nor switch off the statistics that the operators of the social media platforms create and make available to us in anonymised form. The data collected is stored until the purpose or statutory retention obligations no longer apply.

The legal basis for the use of social media platforms is Art. 6 para. 1 lit. f GDPR. In the case of integration into our website, it may be necessary to give your consent via the consent banner before you can use the functions. This is then done on the legal basis of Art. 6 para. 1 lit. a GDPR. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR.

LinkedIn

Our website uses the Share feature of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. If you are logged into your LinkedIn user account and click on the LinkedIn Share button, you will be transferred in a separate browser window to your user account. A direct link is created between your browser and the LinkedIn server via the plug-in. This informs LinkedIn that you have visited our website using your IP address. This also enables LinkedIn to attribute your visit to our website to you and to your user account. We wish to point out that we have no knowledge of the content of the transmitted (personal) data or of how LinkedIn uses them. If you need further information, please refer to the LinkedIn privacy policy at https://www.linkedin.com/legal/privacy-policy.

If you subscribe to our newsletter, we need you to provide us with your email address. Other data may be provided voluntarily. Unless you consent to your data being used for purposes beyond this, the data you provide will be used solely for sending you our newsletter. To send you our newsletter we use the service provider CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany. The legal basis for the processing of your personal data is your consent, which you give us by subscribing to the newsletter (Art. 6 (1) (a) GDPR). You may unsubscribe the newsletter at any time using the unsubscribe link provided in the newsletter.

Personal data are collected when you contact us, for instance using a contact form or by email. The data collected when using a contact form can be seen in the form itself. These data are stored and used solely for the purpose of responding to your message or for contacting you and for the associated technical management. The legal basis for the processing of these data is our legitimate interest in accordance with Art. 6 (1) (f) GDPR in responding to your message. If you contact us with a view to entering into a contract with us, the additional legal basis for processing your data is Art. 6 (1) (b) GDPR. Your data will be erased once the processing of your enquiry has been completed. This is deemed to be the case if it is clear from the relevant circumstances that the matter in question has been fully dealt with and if erasure of your data is not prevented by statutory safe-keeping obligations.

We fundamentally work with service providers based within the EU. If in exceptional cases personal data are transmitted to recipients outside the EU and processed there, we fundamentally ensure by means of appropriate measures that an appropriate level of data protection is achieved that is as comparable as possible with European data protection legislation.

Wir setzen Dienste ein, deren Anbieter teilweise in sogenannten Drittländern (wie den USA) sitzen, also Ländern, deren Datenschutzniveau nicht dem der Europäischen Union entspricht. Soweit dies der Fall ist und die Europäische Kommission für diese Länder keinen Angemessenheitsbeschluss (Art. 45 DSGVO) erlassen hat, haben wir entsprechende Vorkehrungen getroffen, um ein angemessenes Datenschutzniveau für etwaige Datenübertragungen zu gewährleisten. Hierzu zählen u.a. die Standardvertragsklauseln der Europäischen Union oder verbindliche interne Datenschutzvorschriften. Wo dies nicht möglich ist, stützen wir die Datenübermittlung auf Ausnahmen des Art. 49 DSGVO, insbesondere Ihre ausdrückliche Einwilligung oder die Erforderlichkeit der Übermittlung zur Vertragserfüllung. Sofern eine Drittstaatenübermittlung vorgesehen ist und kein Angemessenheitsbeschluss oder geeignete Garantien vorliegen, ist es möglich und besteht das Risiko, dass Behörden im jeweiligen Drittland (z.B. Geheimdienste) Zugriff auf die übermittelten Daten erlangen können, um diese zu erfassen und zu analysieren, und dass eine Durchsetzbarkeit Ihrer Betroffenenrechte nicht gewährleistet werden kann.

Wir nutzen für die Durchführung von Telefon- und Videokonferenzen, Online-Meetings oder Online-Seminare (nachfolgend: „Online-Meetings“) Tools der nachstehenden Anbieter.

Teams

Teams ist ein Service der Microsoft Ireland Operations Limited, South County Business Park, Leopardstown, Dublin 18, Irland.

Zoom

Zoom ist ein Service der Zoom Video Communications, Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA.

Während eines Meetings können unter Umständen folgende Daten verarbeitet werden:

• Angaben zum Teilnehmenden: ggf. Anzeigename, Vorname, Nachname, Telefon, E-Mail-Adresse, Passwort (verschlüsselt zur Authentifizierung), Profilbild;
• Metadaten: Thema und Beschreibung des Meetings, IP-Adresse, Telefonnummer des Teilnehmers, Art des Geräts/der Software (Windows/Mac/Linux/Web/iOS/Android Phone/Windows Phone), Zeitpunkt der letzten Aktivität des Teilnehmers auf Teams, Anzahl der Chat- und Kanalnachrichten, Anzahl der teilgenommenen Besprechungen, Dauer der Zeit für Audio-, Video- und Bildschirmfreigabe;
• Bei Chat-, oder Kanalnachrichtennutzung: Textdaten zur Anzeige und ggf. Protokollierung;
• Bei Audionutzung: Aufnahmedaten des Mikrofons;
• Bei Videonutzung: Aufnahmedaten der Videokamera;
• Bei Aufzeichnungen: Audio-, Video- und Bildschirmfreigaben zur Speicherung in der Cloud / Microsoft Stream;
• Bei Telefonnutzung: eingehende und ausgehende Rufnummern, Ländername, Start- und Endzeit, ggf. weitere Verbindungsdaten, wie die IP-Adresse des Geräts.

Vor einem Meeting erfolgt eine Anmeldung durch Sie über unsere Webseite bzw. per E-Mail. Dabei werden Ihre Anmeldedaten durch uns verarbeitet. Vor dem Meeting erhalten Sie eine Bestätigungsmail mit einem Einladungslink oder einem Kalendertermin. Zur Teilnahme an einem Meeting müssen zumindest Angaben zu Ihrem Namen und – im Falle einer Telefonnutzung – zu Ihrer Telefonnummer gemacht werden. Die Übertragung über Mikrofon und Kamera können Sie jederzeit über die entsprechenden Einstellungen deaktivieren. Nur mit Ihrer Einwilligung und vorheriger Mitteilung zeichnen wir Meetings auf oder protokollieren wir Textdaten. Der jeweilige Anbieter speichert und verwendet die Metadaten, um uns eine Analyse und Berichterstellung über die Nutzung zu ermöglichen.

Der jeweilige Anbieter erhält im Rahmen der Auftragsverarbeitung möglicherweise Kenntnis von den oben genannten Daten, um diese zu verarbeiten.

Teams

Bei der Nutzung von Teams erfolgt der gesamte Datenverkehr verschlüsselt (MTLS, TLS oder SRTP) und die verschlüsselte Datenspeicherung findet bei der Nutzung von Teams grundsätzlich auf Servern im Europäischen Wirtschaftsraum (EWR) statt. Soweit möglich, aktivieren wir zudem eine Ende-zu-Ende-Verschlüsselung. Für den Fall, dass Daten dennoch in den USA verarbeitet werden, haben Microsoft Ireland Operations Limited und Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, die EU-Standardvertragsklauseln (Durchführungsbeschluss (EU) 2021/914, Modul 3) gemäß Art. 46 Abs. 2 lit. c DSGVO abgeschlossen sowie zusätzliche Maßnahmen ergriffen. Mehr hierzu entnehmen Sie bitte dem Punkt „Datenübermittlung in Drittländer“.

Nähere Informationen erhalten Sie in den Datenschutzbestimmungen von Microsoft https://privacy.microsoft.com/de-de/privacystatement

Bei der Nutzung von Zoom können personenbezogene Daten auch außerhalb des EWR, insbesondere USA, weitergeleitet und dort verarbeitet werden. Eine Verarbeitung der personenbezogenen Daten findet damit auch in einem Drittland statt. Wir haben mit dem Anbieter von „Zoom“ einen Auftragsverarbeitungsvertrag geschlossen, der den Anforderungen von Art. 28 DSGVO entspricht. Ein angemessenes Datenschutzniveau ist zum einen durch den Abschluss der sog. EU- Standardvertragsklauseln garantiert. Als ergänzende Schutzmaßnahmen haben wir ferner unsere Zoom-Konfiguration so vorgenommen, dass für die Durchführung von Online-Meetings nur Rechenzentren in der EU, dem EWR bzw. sicheren Drittstaaten wie z.B. Kanada oder Japan genutzt werden.

Nähere Informationen erhalten Sie in den Datenschutzbestimmungen von Zoom https://explore.zoom.us/de/privacy/

Rechtsgrundlage für die Datenverarbeitung zur Durchführung von Meetings über die Anbieter ist unser berechtigtes Interesse an der effektiven und einfachen Durchführung von Online-Meetings und Präsentationen nach Art. 6 Abs. 1 lit. f DSGVO. Soweit die Online-Meetings im Rahmen bestehender Vertragsbeziehungen mit Ihnen durchgeführt werden, ist die Rechtsgrundlage Art. 6 Abs. 1 lit. b DSGVO. Für die weitergehende Datenverarbeitung auf der Produktwebseite des jeweiligen Anbieters, wo die Desktop-Software heruntergeladen und die Web-App verwendet werden kann, sind wir nicht verantwortlich.

We collect and process applicants’ personal data for the purpose of processing their applications. The data may also be processed electronically. If we sign an employment contract with an applicant, the data that have been transmitted for the purpose of processing the application will be stored, subject to statutory provisions. The legal basis for this is Art. 6 (1) (b) GDPR in conjunction with Section 26 (1) BDSG. If the controller responsible for processing does not sign an employment contract with the applicant, the application documents are erased six months after the announcement of the rejection decision, unless the controller responsible for processing has other legitimate interests preventing erasure. These other legitimate interests might for example include a duty to provide evidence in proceedings under the German General Equal Treatment Act (AGG).

During your visit to our website we use the widespread SSL (Secure Socket Layer) process for encryption. Otherwise, we use appropriate technical and organisational security measures to protect data against chance or intentional manipulation, loss, destruction and unauthorised third party access. Our security measures are constantly updated and improved as the technology develops.

As a subject of data processing (data subject), you have the right to information (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (“the right to be forgotten“) (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), data portability (Art. 20 GDPR), to object (Art. 21 GDPR) and the right to withdraw any consent you have given under data privacy law for the processing of your data.

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6 (1) GDPR. If you lodge an objection, we as the controller will no longer process the personal data concerning you, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Right to withdraw consent

You have the right to withdraw at any time any consent you have given under data privacy law for the processing of your data with effect for the future. Withdrawal of consent will not affect the lawfulness of processing up to the time you withdraw your consent. Nor will any continued processing on a different legal basis be affected, for instance for the fulfilment of legal obligations.

Please if possible address any claims and declarations to the following contact address: info@beoberlin.de. If you believe that the processing of your personal data breaches statutory provisions, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR).