The controller takes the protection of your personal data seriously and therefore complies with the applicable data protection laws. With this privacy policy, the controller fulfills its information obligations under Art. 12 et seq. of the General Data Protection Regulation (hereinafter referred to as “GDPR”) and informs you about the details of the processing of your data and your legal rights in this regard.
This privacy policy applies to the use of the controller’s website, which can be accessed at gam-medical.de and any associated sub-domains.
The controller reserves the right to adapt this privacy policy with effect for the future, in particular in order to react to changes in the law or changes in jurisdiction as well as technical developments.
According to Art. 4 No. 7 GDPR, the “controller” is the person who decides on the purposes and means of processing personal data. In particular, they determine what, how and for what purpose the data is processed. He is responsible for the processing and must ensure that the data protection regulations are complied with.
Pursuant to Art. 4 No. 8 GDPR, a “processor” is a person who works for the controller and processes personal data on the controller’s behalf.
According to Art. 4 No. 1 GDPR, “personal data” is all information that can be attributed to a directly or indirectly identifiable natural person (data subject).
According to Art. 4 No. 2 GDPR, “processing” means all possible types of data processing. This includes, in particular, the collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, transmission, dissemination, linking, restriction, erasure or destruction of personal data.
“Data subject” is the natural person to whom the data processed by the controller can be directly or indirectly assigned in accordance with Art. 4 No. 1 GDPR.
According to Art. 4 No. 9 GDPR, “recipient” is the person to whom personal data is disclosed, regardless of whether it is a third party or not.
According to Art. 4 No. 10 GDPR, a “third party” is anyone other than the data subject, the controller, the processor and the persons who are authorized to process the personal data under the direct responsibility of the controller or the processor.
“Special categories of personal data” are, according to Art. 9 para. 1 GDPR, in particular also health data of the data subject. These data have a higher need for protection.
According to Art. 4 No. 15 GDPR, “health data” are personal data that relate to the physical or mental health of the data subject and from which information about the data subject’s state of health can be derived.
According to Art. 4 No. 11 GDPR, “consent” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action (e.g. by checking a box provided for that purpose), signifies agreement to the processing of personal data relating to him or her.
Responsible for data processing within the scope of the range of services within the meaning of Art. 4 No. 7 GDPR as the provider of the range of services is
GAM Medical DACH UG (hereinafter “GAM” / “the controller”)
Werderstraße 20
86551 Aichach
Germany
Telephone number: +49 1579 2605390
E-mail: kontakt@gam-medical.de
Tax office Aichach, No. HRB39830
VAT ID: DE367613500
represented by the management: Paul Gramlich, Justus von Hodenberg.
If you have any questions about data protection, you can contact the controller at any time using the contact details above.
Please note that in the event of an assertion of data subject rights (e.g. requests for information), the controller must first ensure your identity by means of a suitable procedure.
The data protection officer appointed by the controller is:
Chino.io
In order to ensure the best possible protection of your personal data, secure socket layer encryption (SSL) or transport layer security encryption (TLS) is used for data transmission. This encryption ensures that the data you transmit via the website cannot be read, redirected or changed by unauthorized third parties during transmission.
Insofar as your data is stored by the controller, this storage takes place exclusively in appropriately security-certified data centers within the European Union (EU) within the scope of the GDPR. The controller expressly reserves the right to involve external service providers (so-called processors) for the storage and processing of your data, but they will only act on behalf of and in accordance with the instructions of the controller. The processors used by the controller are contractually obliged to take such technical and organizational measures (TOMs) that are suitable according to the current state of the art to ensure data protection and data security-compliant processing of your data.
Under no circumstances will the controller or a processor appointed by the controller pass on or sell your data to third parties without a legal basis.
The controller may use service providers as processors that have their registered office in a third country or are part of an international organization that has its registered office in a third country. In the context of the GDPR, a third country is a country that is not a member of the European Union (EU) or the European Economic Area (EEA) and therefore does not fall under the regulatory influence of the GDPR. What these third countries have in common is that they sometimes have their own data protection law, the content of which may, however, be below the level of protection provided by the GDPR. Against this background, Art. 44 GDPR stipulates that the transfer of data to third countries is only permitted under certain legal conditions.
As a rule, the permissibility of data transfer to third countries is based on an adequacy decision between the EU Commission and the third country concerned in accordance with Art. 45 GDPR. The existence of an adequacy decision indicates that the data protection law applicable in the third country in question provides a level of protection for your personal data that is comparable to the GDPR. If no such adequacy decision exists, data transfer is alternatively based on the conclusion of a contract between the controller and the relevant service provider on the basis of the standard contractual clauses issued by the EU Commission in accordance with Art. 46 (2) (c) GDPR.
These contractual clauses provide a sufficient guarantee on the part of the respective service provider also with regard to the enforceability of the data subject rights provided for by the GDPR.
You will be expressly informed by us in the context of this privacy policy if a service provider has such a third country reference. In this case, by giving your consent, you agree to your personal data being transferred to such a company.
You have the right to obtain information from the controller as to whether the controller is processing your personal data and, if so, what data this is and for what purpose.
Right to information (Article 15 GDPR): You have the right to obtain information from the controller as to whether the controller processes personal data concerning you and, if so, what data this is and for what purpose the processing is carried out.
Right to rectification (Article 16 GDPR): You have the right to have incorrect or incomplete personal data that the controller has stored about you corrected.
Right to erasure (Article 17 GDPR): Under certain circumstances, you have the right to request the controller to erase your personal data. This right exists, for example, if the data is no longer required for the purposes for which it was collected or if you have withdrawn your consent.
Right to restriction of processing (Article 18 GDPR): Under certain circumstances, you have the right to restrict the further processing of your personal data. This right exists, for example, if you dispute the accuracy of the data or the processing is unlawful.
Right to data portability (Article 20 GDPR): You have the right to receive a copy of your personal data from the controller in a structured, commonly used and machine-readable format. You can also have this data transmitted to another controller if this is technically feasible.
Right to object (Article 21 GDPR): You have the right to object to the processing of your personal data on grounds relating to your particular situation. The controller will then no longer process your data unless there are compelling legitimate grounds for the processing.
Right to withdraw consent (Article 7 (3) GDPR): If the controller processes your personal data on the basis of your consent, you can withdraw this consent at any time. This does not affect the lawfulness of the processing up to the point of withdrawal.
Right to lodge a complaint with a supervisory authority (Article 77 GDPR): You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates data protection regulations.
You can assert your rights as a data subject by notifying the controller using the contact details provided above. The controller reserves the right to verify your identity by means of a suitable procedure before responding to your request.
As soon as you access the controller’s website, the end device you use automatically transmits access data (so-called log files) to the website’s hosting provider. These log files contain, among other things, personal data.
Processed data:
– Name of the website accessed
– file
– Date and time of access
– amount of data transferred
– Message about successful retrieval
– Browser type and version
– Operating system of the user
– Referrer URL (the previously visited page)
– IP address
– requesting provider
Purpose of the processing
The data is collected to optimize the use and presentation of the website, to identify technical problems and to ensure the security of the server in order to prevent possible misuse or fraud.
Lawfulness of the processing
The lawfulness of this data processing is based on Article 6(1)(f) GDPR. The “legitimate interest” required for this follows from the desire to offer you a secure and trouble-free user experience of the website.
Recipient of the data
The recipient of your personal data pursuant to Art. 4 No. 9 GDPR is the hosting provider of the website IONOS SE. This provider acts as a processor on behalf of the controller in accordance with Art. 4 No. 8 GDPR and has been contractually obliged to implement appropriate technical and organizational measures (TOMs) to protect your data.
Storage duration
The log file information is stored for a maximum of 7 days for security reasons, such as to investigate misuse or fraud, and then deleted. Data that is required to preserve evidence is excluded from deletion until the incident has been conclusively clarified.
Note on your rights as a data subject
You have the right to object to this processing at any time in accordance with Art. 21 GDPR on grounds relating to your particular situation. Insofar as the controller cannot demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms as a data subject or the processing serves the establishment, exercise or defense of legal claims, the controller shall cease the processing.
In addition to the aforementioned access data (log files), cookies may also be used on the website.
Cookies are small text files that are automatically saved by your browser and stored on your end device. They do not contain any harmful software.
It is important to note that the use of certain cookies may be necessary for technical reasons, for example to ensure that the website is displayed correctly on your device. These cookies, known as “technically necessary cookies”, must be distinguished from cookies that serve other purposes, such as analyzing user behavior, and are considered “technically non-essential cookies”.
In the following, only the processing in the context of the use of technically necessary cookies will be discussed. If the controller also uses technically non-essential cookies for the purposes of usage analysis, you will be informed of this in separate sections of this privacy policy. If no corresponding information is available, this means that no corresponding services and therefore no technically non-essential cookies are used.
Processed data:
– Form data (e.g. log-in information)
– Language settings
– History data (e.g. search terms entered)
Purpose of the processing: The purpose of the processing is to use cookies to recognize whether you have already visited certain areas or pages of the website. As a result, certain entries and settings that you have already made are saved so that you do not have to enter them again.
Lawfulness of processing: The lawfulness of this data processing is based on Art. 6(1)(a) GDPR. Your consent is obtained via a cookie banner that is displayed when you first visit the website.
Recipient of the data: The recipient of your personal data pursuant to Art. 4 No. 9 GDPR is the hosting provider of the website IONOS SE. This provider acts as a processor on behalf of the controller in accordance with Art. 4 No. 8 GDPR and has been contractually obliged to implement appropriate technical and organizational measures (TOMs) to protect your data.
Note on your rights as a data subject: You can revoke your consent once given to the controller at any time with effect for the future in accordance with Art. 7 para. 3 GDPR. The withdrawal of consent does not affect the lawfulness of data processing based on consent before its withdrawal.
You have the option of preventing the use of cookies by switching off or restricting the automatic setting of cookies in your browser settings. You can also manually remove cookies stored on your device. Please note, however, that deactivating cookies may result in the website no longer functioning fully or at all.
You can contact the controller at any time via the website using the contact form, email or telephone, or via social media, and submit inquiries. In order to process your inquiry(s), it is necessary for the controller to gain knowledge of your personal data that you transmit to the controller as part of your inquiry.
Data processed:
– First name, surname
– Email address
– Telephone number
– Current home country
– Appointment request
– Insurance information (self-payer/insurance)
– Profile information in social media
– Date and time of the request
– Content of the request
Purposes of processing: The data you provide to the controller when contacting the controller will be processed by the controller solely for the purpose of recording, processing and responding to your inquiry. Please note that product-related complaints may be used by the controller as part of market monitoring in order to assess the quality and safety of the services offered (feedback management).
Legal basis for processing: The controller bases the lawfulness of this data processing on Article 6(1)(f) GDPR or Article 6(1)(b) GDPR if you contact us in the context of the initiation or performance of a contract between you and the controller (e.g. user contract for the use of the services). The legitimate interest arises from the desire to answer your inquiries in a comprehensive and targeted manner and to resolve any problems with the services offered by the controller as quickly as possible. If you submit your request via a contact form offered on the controller’s platform, the controller bases the lawfulness of the data processing on Art. 6 (1) (a) GDPR. You give your consent by agreeing to the processing of your data in accordance with this privacy policy by ticking the checkbox provided for this purpose before sending your request via the contact form.
Recipient of the data: To manage your requests, the controller uses the customer service software (ticketing system) of Intercom (Intercom R&D Unlimited Company, 3rd Floor, Stephens Court, 18-21 Saint Stephen’s Green, Dublin 2). Intercom is therefore the recipient of your personal data within the meaning of Art. 4 No. 9 GDPR. In this context, the provider of the customer service software used by the controller acts as a processor for the controller and has been obliged by the controller to establish and maintain appropriate technical and organizational measures (TOMs) to protect your data on the basis of a data processing agreement.
For the contact form, the controller uses the service of Jotform (Jotform Inc., 4 Embarcadero Center, Suite 780, San Francisco, CA 94111, USA). Jotform is therefore also a recipient of your personal data within the meaning of Art. 4 No. 9 GDPR. In this context, the provider of the contact form solution used by the controller also acts as a processor for the controller and has been obliged by the controller to set up and maintain appropriate technical and organizational measures (TOMs) to protect your data on the basis of a data processing agreement.
Please note in this context that Jotform Inc. has its registered office in the USA. Data transfer to the USA is generally not intended, but cannot be conclusively ruled out. In this respect, the information in the section “Data transfer to third countries” applies.
Storage period: The processed data will only be stored by the controller for as long as is necessary to process and respond to your request. The data will then be deleted by the controller, provided that there are no legal obligations to retain the data.
Information on your rights as a data subject: You have the right to object to this processing at any time in accordance with Art. 21 GDPR on grounds relating to your particular situation. Unless the controller can demonstrate compelling legitimate grounds for the processing of your data which override your interests, rights and freedoms as a data subject or the processing serves the establishment, exercise or defense of legal claims, the controller shall cease processing. However, this only applies in the event that your data is processed on the legal basis of Art. 6 (1) (f) GDPR (legitimate interest).
The GAM web platform gives you the opportunity to take an online ADHD test. As part of this test, you will be asked to answer a series of questions related to specific ADHD behaviors. Based on your answers and the resulting data, an initial assessment of ADHD can be made in order to derive findings and measures.
Processed data:
– Answers to the questions asked (health data)
– Contact details (first and last name, e-mail address)
Only at the end of the questionnaire will you be given the opportunity to enter your contact information if you are interested in the results of the test and/or would like to receive information from the controller in the future. The questionnaire is only personalized if you enter your contact details.
Purposes of processing: The processing of the information you provide in the survey (answers to the questions asked and health data) is necessary so that the controller can analyze the specific health issues and gain insights and derive measures from them. Your contact details will be used to send you information about the result and your further options.
Legal basis for processing: The lawfulness of this data processing is based on Art. 9 (2) (a) GDPR. You give your express consent as part of the online test by actively ticking the checkbox provided for this purpose.
Recipient of the data: The recipient of your personal data within the meaning of Art. 4 No. 9 GDPR is the service provider of the questionnaire service Jotform (Jotform Inc., 4 Embarcadero Center, Suite 780, San Francisco, CA 94111, USA). Jotform is therefore the recipient of your personal data within the meaning of Art. 4 No. 9 GDPR. In this context, the provider of the questionnaire solution used by the controller acts as a processor for the controller and has been obliged by the controller to set up and maintain appropriate technical and organizational measures (TOMs) to protect your data on the basis of a data processing agreement.
Please note in this context that Jotform Inc. has its registered office in the USA. Data transfer to the USA is generally not intended, but cannot be conclusively ruled out. In this respect, the information in the section “Data transfer to third countries” applies.
Storage period: If you have consented to the processing of your personal data in order to receive information on the screening results, your data will be stored until the purpose for which your data was collected ceases to apply, but for no longer than 90 days after the screening results have been sent. If you have also consented to the processing of your personal data for the purpose of receiving promotional information, your data will be stored until you withdraw your consent at the latest.
You have the option of voluntarily requesting telemedical advice from a doctor via the website. Virtual individual and group therapies are also offered as part of the range of services provided by the person responsible. Contact is made by means of virtual meetings (video call).
In order to process your request, it is also necessary for the data controller to process the personal data you provide in the context of the request.
Data processed:
– Name and contact details of the patient
– Image
– Voice
– Medical diagnoses and treatment information
– Medical reports and findings
– Name and contact details of the patient
– Insurance information
Purposes of processing: The processing of your personal data serves the sole purpose of medical consultation, diagnosis and treatment by the cooperating telemedicine specialists and the provision of a comprehensive health service.
Legal basis: The lawfulness of this data processing is based on your express consent in accordance with Article 9(2)(a) of the GDPR. You give your consent by ticking a checkbox provided for this purpose after you have completed the questionnaire on the website. Personal data in the questionnaire will only be collected and processed if you actively consent to the further processing of your personal data.
Recipients of the data: The controller reserves the right to forward your data to qualified doctors in order to ensure effective advice and support. This data transfer is carried out in accordance with data protection regulations and only to the extent necessary for the stated purpose. The legal basis for this transfer is based on your voluntary consent in accordance with Article 9(2)(a) of the GDPR. There is expressly no data transfer from the doctor to the controller. In this respect, the data transfer is unilateral.
The controller uses the service Whereby (Whereby AS, Gate 1 no. 107, 6700 Måløy, Norway) to carry out the video consultation hours. This company acts as a processor on behalf of the controller in accordance with Art. 4 No. 8 GDPR and has been contractually obliged to implement suitable technical and organizational measures (TOMs) to protect your data.
The controller uses the digital practice management solution Crossuite (Crossuite, 390, Internal Postal Box 4, 2600 Antwerp, Netherlands) to manage your treatment history and to ensure optimal treatment. Crossuite acts as a processor on behalf of the controller in accordance with Art. 4 No. 8 GDPR and is contractually obliged to implement appropriate technical and organizational measures (TOMs) to protect your data.
Storage period: The personal data will be stored by the controller for the period necessary to fulfill the stated purpose. This includes the storage of information on medical appointments in order to enable appropriate follow-up and contact. The data will then be deleted by the controller, provided that there are no legal obligations to retain the data.
Invoicing for the services of the person responsible shall be made exclusively by bank transfer to the account of the person responsible.
Processed data:
– Invoice data
– Account data
– First name, surname
– E-mail address
– Address data
– Insurance data (private payer / private health insurance), if applicable
Purposes of processing: The processing of the aforementioned data is necessary to enable the processing of the payment process.
Legal basis: The lawfulness of this data processing is based on Art. 6 (1) (b) GDPR, as it results from a contractual obligation in the context of the contract with you.
Recipient of the data: The recipient of your personal data within the meaning of Art. 4 No. 9 GDPR is the provider of the financial tool Qonto (OLINDA SAS, 18 rue de Navarin, 75009 Paris, France). In this context, data is transferred to Qonto as a transfer of functions in accordance with Section 28 BDSG.
Storage period: The data will be stored until the end of the contract period at the latest, provided that there are no statutory retention obligations to prevent deletion.
As part of the consultation services offered, it is possible for your doctor to contact you via WhatsApp Business to provide you with medical advice. You also have the option of asking questions directly via the chat function on the GAM web platform. The use of WhatsApp Business for communication between doctor and patient is at the discretion of the doctor and is voluntary.
Please note that WhatsApp Business is an external service and is not under the direct control of the controller. Therefore, the controller cannot guarantee complete security of the information transmitted via WhatsApp Business. It is possible that WhatsApp Business collects personal data and uses it for its own purposes.
The controller would like to point out that the use of WhatsApp Business for the transmission of sensitive health data may be associated with risks, as WhatsApp’s data protection standards may not meet the requirements of the healthcare sector.
The use of WhatsApp Business is subject to WhatsApp’s privacy policy and terms of use, over which the controller has no control. The controller therefore recommends that you inform yourself about the WhatsApp Business privacy policy and be aware that you may disclose personal data when using WhatsApp Business.
If you have concerns about using WhatsApp Business to communicate with your doctor or prefer an alternative method of communication, there are other contact options available for you to communicate with your doctor.
Processed data:
– Contact data (telephone number, WhatsApp profile information)
– Health data (medical queries, symptoms, diagnoses, treatment information)
– Communication content (messages, images, videos, voice messages)
– Device information (device IDs, operating systems, device information)
– Location data (location information may be collected if this is enabled in the device settings)
Purpose of the processing:
The purpose of the processing is to enable communication between you and your doctor via WhatsApp in order to provide medical advice and support.
This includes, but is not limited to:
– providing medical advice and information;
– answering questions about health conditions, symptoms and treatments;
– coordinating appointments and examinations;
– communicating medical findings and results;
– assisting with the management of health conditions and treatment plans;
Lawfulness of processing:
The lawfulness of this data processing is based on your express consent (see Art. 9 (2) (a) GDPR). You give your consent by additionally ticking the checkbox provided for this purpose as part of the registration process after completing the questionnaire. By using WhatsApp Business to communicate with your doctor, you consent to the processing of your health data.
Recipient of the data:
The data exchanged via WhatsApp is intended between the doctor and the patient. In addition, WhatsApp, as an external service provider, also receives access to the transmitted data.
The provider of WhatsApp Business is Intercom. Intercom (Intercom R&D Unlimited Company, 3rd Floor, Stephens Court, 18-21 Saint Stephen’s Green, Dublin 2) is an official WhatsApp Solution Provider (BSP) and enables its clients to use the WhatsApp Business API. GAM only uses Intercom if the client wishes to send WhatsApp messages.
Storage period:
The storage period for the health data exchanged via WhatsApp depends on the applicable legal requirements and the requirements of medical documentation. As a rule, the data is stored for as long as is necessary to fulfill the purpose of the consultation and to comply with statutory retention periods. Once the consultation has been completed and provided there are no legal obligations to retain the data for longer, the data will be deleted or anonymized in order to protect your privacy.
As part of the services offered, the controller offers you the opportunity to register for the newsletter. To create, send and evaluate the newsletter, it is necessary for your personal data to be processed.
Processed data:
– First name, last name
– Email address
– Anonymized usage data (e.g. opening and click rate)
– Registration and confirmation time
– IP address
– Log data
Purposes of the processing:
The processing of the aforementioned data is necessary so that the controller can send you personalized newsletters and information and measure an anonymized evaluation of the success of the newsletter in terms of the click and open rate.
Legal basis for processing:
The lawfulness of this data processing is based on Article 6(1)(a) GDPR. You can give your consent to receive the newsletter and information either during the registration process for the newsletter after completing the questionnaire or via a separate input field on the website by additionally ticking the checkbox provided for this purpose.
Registration for the newsletter takes place in a so-called double opt-in procedure. This means that after registering, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with a third-party e-mail address. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements.
Recipient of the data:
The recipient of your personal data within the meaning of Art. 4 No. 9 GDPR is the service beehiiv (beehiiv Inc., 228 Park Avenue # 2329976 New York, New York 10003). In this context, the provider of beehiiv acts as a processor for the controller and has been obliged by the controller to establish and maintain appropriate technical and organizational measures (TOMs) to protect your data on the basis of a data processing agreement.
Please note that beehiiv is backed by a US company. In this respect, the controller would like to point out as a precaution that by agreeing to this privacy policy, you also consent to a potential transfer of your personal data to third countries (primarily the USA), as the controller cannot conclusively rule out such a transfer of data. The provider of beehiiv has undertaken to ensure a high level of protection for your personal data in accordance with the California Consumer Privacy Act (CCPA).
Storage period:
The data processed by the controller in this context will be stored by the controller until you withdraw your consent to receive the newsletter and information from the controller at the latest. You can revoke your consent to receive the newsletter and information at any time in the footer of the newsletter and information that you receive from the controller or by e-mail to the contact details given above.
Information on your rights as a data subject:
You can revoke your consent once given to the controller at any time with effect for the future in accordance with Art. 7 para. 3 GDPR. The withdrawal of consent does not affect the lawfulness of data processing based on consent before its withdrawal.
The controller uses the remarketing function “Google Ads” (Google Ireland Ltd., Google Building, Gordon House, 4 Barrow St., Grand Canal Dock, Dublin 4, D04 V4X7, Ireland) to analyze usage behavior and adapt marketing activities on the website. As part of the usage analysis, anonymous usage data is collected, stored and evaluated, which is collected via one or more technically non-essential cookies if you have been redirected to the website via a Google ad.
In this respect, the controller can only recognize that someone has clicked on an ad in Google Search, has been redirected to the website and has reached a previously determined target page of the website (conversion page). The controller only learns the total number of users who have clicked on the advertisement. However, no personal data about you is processed.
You can prevent the usage analysis described above by not clicking on any ads that have been placed by the controller in Google Search or by deactivating or gradually restricting the automatic setting of cookies in the settings of the browser you are using. Cookies already stored on the device you are using can also be deleted manually by you in this context. Please note, however, that the partial or complete deactivation of cookies in the settings of your browser may mean that you can no longer use the website or can no longer use it to its full extent.
Please note in this context that Google Ireland Ltd. is a subsidiary of Google Inc. which has its registered office in the USA. Data transfer to the USA is not planned in principle, but cannot be conclusively ruled out. In this respect, the information in the section “Data transfer to third countries” applies.
The lawfulness of this data processing is based on Art. 6(1)(a) GDPR. You give your consent by agreeing to the use of technically non-essential cookies in connection with Google Ads in the cookie banner when you first access the website (or at a later point in time).
The controller uses the Instagram Ads service (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) to analyze usage behavior and adapt marketing activities within the Instagram social network. As part of the usage analysis, anonymous usage data is collected, stored and evaluated, which is collected via one or more technically non-essential cookies (“meta pixels”) if you have been redirected to the web platform via an ad in Meta’s social media (e.g. Instagram).
In this respect, the controller can only recognize that someone has clicked on an ad in the Meta social network, has been redirected to the web platform and has reached a previously determined target page of the web platform (conversion page). The controller only learns the total number of users who have clicked on the ad. However, no personal data about you is processed.
You can prevent the usage analysis described above by not clicking on any ads that have been placed by the controller on the Meta social network or by deactivating or gradually restricting the automatic setting of cookies in the settings of the browser you are using. Cookies already stored on the end device you are using can also be deleted manually by you in this context. Please note, however, that the partial or complete deactivation of cookies in the settings of your browser may mean that you can no longer use the web platform or can no longer use it to its full extent.
In this context, please note that Meta Platforms Ireland Ltd. is a subsidiary of Meta Platform Inc. which has its registered office in the USA. Data transfer to the USA is generally not intended, but cannot be conclusively ruled out. In this respect, the information in the section “Data transfer to third countries” applies.
The lawfulness of this data processing is based on Article 6(1)(a) GDPR. You give your consent by agreeing to the use of technically non-essential cookies in connection with meta pixels in the cookie banner when you first access the web platform (or at a later point in time).
The controller uses the remarketing function “TikTok Ads” (TikTok Technology Ltd., 10 Earlsfort Terrace, Dublin, D02 T380, Ireland) to analyze usage behavior and adapt the marketing activities of the social network TikTol. As part of the usage analysis, anonymous usage data is collected, stored and evaluated, which is collected via one or more technically non-essential cookies if you have been redirected to the web platform via a TikTok ad.
In this respect, the controller can only recognize that someone has clicked on an ad on TikTok, has been redirected to the web platform and has reached a previously determined target page of the web platform (conversion page). The controller only learns the total number of users who have clicked on the advertisement. However, no personal data about you is processed.
You can prevent the usage analysis described above by not clicking on any ads that have been placed by the controller in TikTok or by deactivating or gradually restricting the automatic setting of cookies in the settings of the browser you are using. Cookies already stored on the device you are using can also be deleted manually by you in this context. Please note, however, that the partial or complete deactivation of cookies in the settings of your browser may mean that you can no longer use the web platform or can no longer use it to its full extent.
Please note in this context that TikTok Technology Ltd. is a subsidiary of Beijing Bytedance Technology Ltd., which has its registered office in China. Data transfer to China is generally not intended, but cannot be conclusively ruled out. In this respect, the information in the section “Data transfer to third countries” applies.
The lawfulness of this data processing is based on Article 6(1)(a) GDPR. You give your consent by agreeing to the use of technically non-essential cookies in connection with TikTok Ads in the cookie banner when you first access the web platform (or at a later point in time).
The controller uses the Meta-Pixel service (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) to analyze usage behavior and adapt marketing activities within the GAM web platform. As part of the usage analysis, anonymous usage data is collected, stored and evaluated, which is collected via one or more technically non-essential cookies (“meta pixels”) if you have been redirected to the web platform via an ad in Meta’s social media (e.g. Instagram).
In this respect, the controller can only recognize that someone has clicked on an ad in the Meta social network, has been redirected to the web platform and has reached a previously determined target page of the web platform (conversion page). The controller only learns the total number of users who have clicked on the ad. However, no personal data about you is processed.
You can prevent the usage analysis described above by not clicking on any ads that have been placed by the controller on the Meta social network or by deactivating or gradually restricting the automatic setting of cookies in the settings of the browser you are using. Cookies already stored on the end device you are using can also be deleted manually by you in this context. Please note, however, that the partial or complete deactivation of cookies in the settings of your browser may mean that you can no longer use the web platform or can no longer use it to its full extent.
In this context, please note that Meta Platforms Ireland Ltd. is a subsidiary of Meta Platform Inc. which has its registered office in the USA. Data transfer to the USA is generally not intended, but cannot be conclusively ruled out. In this respect, the information in the section “Data transfer to third countries” applies.
The lawfulness of this data processing is based on Article 6(1)(a) GDPR. You give your consent by agreeing to the use of technically non-essential cookies in connection with meta pixels in the cookie banner when you first access the web platform (or at a later point in time).
The controller uses the Google Analytics service (Google Ireland Ltd., Google Building, Gordon House, 4 Barrow St., Grand Canal Dock, Dublin 4, D04 V4X7, Ireland) to analyze user behavior on the website. As part of the usage analysis, anonymized usage data is collected, stored and evaluated, which is collected via one or more technically unnecessary cookies.
Processed data:
– Anonymized IP address
– Browser type/version
– Operating system of the end device
– Website from which the request comes (so-called referrer URL)
– Content of the request (specific page of the platform)
– Date and time of the request
– Time zone
– Access status/http status code
– Amount of data transferred
– Usage data (e.g. time spent on pages, click rate, scrolling behavior)
Due to the shortening of your IP address by Google Analytics, your data is anonymized before the evaluation is carried out and can therefore no longer be assigned to you after collection.
Purpose of processing: The processing of the aforementioned data enables the controller to evaluate the use of the website and thus determine where there is still a need for improvement within the website. This follows not least from the controller’s desire to adapt the website and the range of services offered to the needs of users in the best possible way.
Lawfulness of processing: The lawfulness of this data processing is based on Art. 6(1)(a) GDPR. You give your consent by agreeing to the use of technically non-essential cookies in connection with Google Analytics in the cookie banner when you first access the website (or at a later point in time).
Recipient of the data: The recipient of your personal data within the meaning of Art. 4 No. 9 GDPR is the Google Analytics service (Google Ireland Ltd, Google Building, Gordon House, 4 Barrow St., Grand Canal Dock, Dublin 4, D04 V4X7, Ireland). In this context, the provider of Google Analytics acts as a processor for the controller and has been obliged by the controller to set up and maintain appropriate technical and organizational measures (TOMs) to protect your data on the basis of a data processing agreement.
Please note in this context that Google Ireland Ltd. is a subsidiary of Google LLC, which has its registered office in the USA. Data transfer to the USA is generally not intended, but cannot be conclusively ruled out. In this respect, the information in the section “Data transfer to third countries” applies.
Storage period: Although your personal data is processed exclusively in anonymized form after collection and it is therefore no longer possible to subsequently assign this data to you personally, the controller has nevertheless decided to limit the storage period of this data to 14 months. After 14 months, the usage data stored by Google Analytics is automatically deleted. You can adjust the settings you have made with regard to the use of technically unnecessary cookies in connection with Google Analytics at any time later in the cookie banner on the website.
You can also prevent the use of cookies that are not technically necessary by deactivating or gradually restricting the automatic setting of cookies in the settings of the browser you are using. Cookies already stored on the device you are using can also be deleted manually by you in this context. Please note, however, that the partial or complete deactivation of cookies in the settings of your browser may mean that you can no longer use the website or can no longer use it to its full extent.
The controller uses Google Tag Manager (Google Ireland Ltd., Google Building, Gordon House, 4 Barrow St., Grand Canal Dock, Dublin 4, D04 V4X7, Ireland) to integrate Google’s tracking and analysis tools into the website.
Processed data:
– IP address
Purposes of processing: The processing of the aforementioned data is necessary so that the controller can use Google Tag Manager to integrate Google’s tracking and analysis tools.
Lawfulness of processing: The lawfulness of this data processing is based on Art. 6(1)(a) GDPR. You give your consent by agreeing to the use of technically non-essential cookies in connection with the Google Tag Manager in the cookie banner when you first access the website (or at a later point in time).
Recipient of the data: The recipient of your personal data within the meaning of Art. 4 No. 9 GDPR is the Google Analytics service (Google Ireland Ltd, Google Building, Gordon House, 4 Barrow St., Grand Canal Dock, Dublin 4, D04 V4X7, Ireland). In this context, the provider of Google Analytics acts as a processor for the controller and has been obliged by the controller to set up and maintain appropriate technical and organizational measures (TOMs) to protect your data on the basis of a data processing agreement.
In this context, please note that Google Ireland Ltd. is a subsidiary of Google LLC, which has its registered office in the USA. Data transfer to the USA is generally not intended, but cannot be conclusively ruled out. In this respect, the information in the section “Data transfer to third countries” applies.
Storage period: The data processed in the context of this processing activity will be stored by the controller until you withdraw your consent to the use of technically non-essential cookies in connection with Google Tag Manager. You can adjust the settings you have made with regard to the use of technically non-essential cookies in connection with Google Tag Manager at any time in the cookie banner on the website.
You can also prevent the use of cookies that are not technically necessary by deactivating or gradually restricting the automatic setting of cookies in the settings of the browser you are using. Cookies already stored on the device you are using can also be deleted manually by you in this context. Please note, however, that the partial or complete deactivation of cookies in the settings of your browser may mean that you can no longer use the website or can no longer use it to its full extent.
Integration of third-party content: Third-party content, such as videos or graphics, may also be integrated into the application. The integration of this content requires that the providers of this content (third-party providers) are aware of your IP address, as otherwise the content cannot be displayed within the application.
The controller endeavors to only use content from third-party providers who use your IP address solely for the purpose of delivering the content. However, the controller has no influence on whether third-party providers process your IP address for other purposes, such as statistical analysis. If the controller becomes aware of such a procedure, you will be informed as part of this privacy policy.
To improve the display of the GAM web platform, the controller uses locally hosted web fonts (fonts) from Google (Google Web Fonts). To display these fonts, it is necessary for the browser you are using to send your data to the hosting provider on whose servers the GAM web platform is hosted. This also includes personal data.
Processed data:
– IP address
– browser type/version
– operating system of the end device
– website from which the request originates (so-called referrer URL)
– content of the request (specific page of the platform)
– date and time of the request
– time zone
– access status/http status code
– amount of data transferred
Purposes of processing: The processing of the aforementioned data, in conjunction with the use of locally hosted Google web fonts, enables the controller to display the content of the web platform uniformly in different browsers and on different end devices.
Legal basis for processing: The controller bases the lawfulness of this data processing on Article 6(1)(f) GDPR. The controller bases the “legitimate interest” required for this on the desire to offer you a secure and trouble-free user experience of the GAM web platform. Otherwise, it would not be possible for you to use the platform.
Recipient of the data: The recipient of your personal data within the meaning of Art. 4 No. 9 GDPR is the hosting provider of the GAM web platform on whose servers it is operated, IONOS SE. This acts as a processor pursuant to Art. 4 No. 8 GDPR on behalf of the controller and has been contractually obliged to implement appropriate technical and organizational measures (TOMs) to protect your data.
Storage period: The stored data will be deleted immediately after you have ended your visit to the GAM web platform.
Note on your rights as a data subject: You have the right to object to this processing at any time in accordance with Art. 21 GDPR on grounds relating to your particular situation. Unless the controller can demonstrate compelling legitimate grounds for the processing of your data which override your interests, rights and freedoms as a data subject or the processing serves the establishment, exercise or defense of legal claims, the controller shall cease processing.
– TikTok Ads (online marketing), TikTok Technology Ltd, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland) – Beehiiv (newsletter), beehiiv Inc, 228 Park Avenue # 2329976 New York, New York 10003, USA – Crossuite (practice management), 390, Internal Postal Box 4, 2600 Antwerp, Netherlands – Google Ads (online marketing), Google Ireland Ltd, Google Building, Gordon House, 4 Barrow St., Grand Canal Dock, Dublin 4, D04 V4X7, Ireland – Google Analytics (usage analysis), Google Ireland Ltd, Google Building, Gordon House, 4 Barrow St., Grand Canal Dock, Dublin 4, D04 V4X7, Ireland – Google Tag Manager (usage analysis), Google Ireland Ltd, Google Building, Gordon House, 4 Barrow St., Grand Canal Dock, Dublin 4, D04 V4X7, Ireland – Instagram Ads (online marketing), Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland – Intercom R&D Unlimited Company (Customer Service Software/ Ticketing System, WhatsApp Business) 3rd Floor, Stephens Court, 18-21 Saint Stephen’s Green, Dublin 2, Ireland – IONOS SE (Hosting Operator), Elgendorfer Str. 57, 56410 Montabaur, Germany – Jotform Inc. (contact form), 4 Embarcadero Center, Suite 780, San Francisco, CA 94111, USA – Meta-Pixel (usage analysis), Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland – Qonto (payment processing), OLINDA SAS, 18 rue de Navarin, 75009 Paris, France – Whereby AS (video telephony), Gate 1 no. 107, 6700 Måløy, Norway
