Data Protection
Data protection declaration
1. Data protection at a glance
General information
The following information gives a simple overview of what happens with your personal data when you visit our website. Personal data is all data that enable you to be personally identified. Detailed information on data protection can be found in our data protection declaration set out below this text.
Data recording on our website
Who is responsible for data recording on this website?
Data processing on this website is performed by the website operator. The operator's contact details can be found in the “Imprint” section of this website.
How do we record your data?
Some of your data are gathered when you submit them to us. This can be data that you enter in a contact form, for example.
Other data are recorded automatically by our IT systems when you visit our website. These are primarily technical data (e.g. web browser, operating system or time of the page view). These data are recorded automatically as soon as you access our website.
What do we use your data for?
Some of the data are gathered in order to ensure fault-free provision of the website. Other data can be used to analyse your user behaviour.
What rights do you have regarding your data?
You have the right to receive information on the origin, recipients and purpose of your stored personal data at any time. You also have a right to request correction, blocking or erasure of these data. If you have any questions about this or any other aspect of data protection, you are welcome to contact us at any time at the address stated in the “Imprint” section.
Furthermore, you are entitled to complain to the relevant supervisory authority.
Analysis tools and tools of third-party providers
When you visit our website, your surfing behaviour can be statistically evaluated. This is primarily carried out via cookies and analysis programs. Your surfing behaviour is usually analysed anonymously; it cannot be traced to you.
You can object to this analysis or prevent it by not using specific tools. Detailed information on this can be found in the data protection declaration below.
2. General details and mandatory information
Data protection
The operators of these pages take protection of your personal data very seriously. We handle your personal data in strict confidence and in line with the statutory data protection regulations as well as this data protection declaration.
If you use this website, various items of personal data are gathered. Personal data are data that enable you to be personally identified. This data protection declaration explains what data we gather and what we use them for. It also explains how and for what purpose this is done.
Please note that data transfer on the internet (e.g. in the event of communication by e-mail) may involve security vulnerabilities. It is not possible to fully protect the data against access by third parties.
SSL and TLS encryption
For security reasons and to protect the transferring of confidential content such as enquiries that you send to us as the site operator, this site uses SSL and TLS encryption.
An encrypted connection can be identified by a change in the address line of your browser from “http://” to “https://” and the padlock symbol in your browser line.
If SSL or TLS encryption is activated, the data you send to us cannot be read by third parties.
Details of the controller
The controller for data processing on this website is:
Dr Weigert UK Ltd
Unit 122853
PO Box 6945
London
W1A 6US
Phone: 01543 471222
E-mail: enquiry(at)drweigert.com
The controller is the natural or legal person that, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses etc.).
If any of your personal data are processed, you are the data subject as per the GDPR, and you are entitled to the following rights in relation to the controller:
Right of access
You can ask the controller to confirm whether we process personal data relating to you.
If processing of this nature is carried out, you can ask the controller for the following information:
- the purposes for which the personal data are processed;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom your personal data have been or will be disclosed;
- the envisaged period for which your personal data will be stored, or, if specific details cannot be provided, the criteria used to determine the storage period;
- the existence of the right to request from the controller rectification or erasure of your personal data, a right to restriction of processing by the controller the data subject or a right to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- all information on the origin of the data if the personal data have not been obtained from the data subject;
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information on whether your personal data are transferred to a third country or an international organisation. In connection with this, you can ask to be informed of the appropriate guarantees as per Article 46 GDPR in connection with the transfer.
Right to rectification
You have a right to obtain rectification and/or completion from the controller if the processed personal data concerning you is inaccurate or incomplete. The controller must perform rectification immediately.
Right to restriction of processing
Subject to the following conditions, you can request restriction of processing of your personal data:
- if you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of use of the personal data instead;
- the controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise or defence of legal claims, or
- if you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override yours.
Where processing of your personal data has been restricted, these data may, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If processing has been restricted under the above conditions, you will be informed by the controller before the restriction is lifted.
Right to erasure
a) Erasure obligation
You can obtain from the controller the erasure of your personal data without undue delay and the controller shall have the obligation to erase these data without undue delay where one of the following grounds applies:
- your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdraw consent on which the processing is based according to point (a) of Article 6(1) or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing;
- you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR;
- your personal data have been unlawfully processed;
- your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- your personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
a) Notification of third parties
Where the controller has made your personal data public and is obliged pursuant to Article 17(1) GDPR to erase it, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
b) Exceptions
There is no right to erasure if processing is required for the establishment, exercise or defence of legal claims.
Right to information
If you have established the right to rectification, erasure or restriction of processing in relation to the controller, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing unless this proves impossible or would involve a disproportionate effort.
You have the right to be informed of these recipients by the controller.
Right to data portability
You have the right to receive your personal data, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where
- the processing is based on a consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) and;
- the processing is carried out by automated means.
In exercising this right, you also have the right to have the relevant personal data transmitted directly from one controller to another, where technically feasible. Freedoms and rights of other people may not impaired as a result of this.
The right to data portability shall not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to object
You shall have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or where it serves the purpose of establishment, exercise or defence of legal claims.
Where your personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
Right to withdrawal of the declaration of consent under data protection legislation
You shall have the right to withdraw your declaration of consent under data protection legislation at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Automated individual decision-making, including profiling
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:
- is necessary for entering into, or performance of, a contract between you and the controller;
- is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
- is based on your explicit consent.
However, these decisions may not be based on special categories of personal data referred to in Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
With regard to the cases referred to in points (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.
The competent supervisory authority on matters relating to data protection is the state data protection officer of the federal state in which our company has its head office. A list of the data protection officers and their contact details can be accessed via the link below:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Objection to advertising e-mails
Objection is hereby stated to the use of the contact details published in the mandatory imprint to send advertising and information materials that are not expressly requested. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, for instance through spam e-mails.
3. Data protection officer
Legally prescribed data protection officer
We have appointed a data protection officer for our company:
Volker Mennemann DPRT Business Services GmbH
Heidlohstraße 2b
D-22459 Hamburg
Tel.: ++49 40/7 89 60-0
datenschutz(at)drweigert.de
4. Data recording on our website
Cookies
a) Description and extent of data processing
Our website uses cookies. Cookies are text files that are stored in the web browser and computer system of the user. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a distinctive string of characters that enables clear identification of the browser when the website is next accessed.
We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to be identifiable even after a page change.
The following data are stored and transmitted in the cookies:
- Saving of language settings
- Login information
On our website, we also use cookies that enable analysis of users' surfing behaviour.
The following data can be transmitted in this way:
- Entered search terms
- Frequency of page views
- Utilisation of website functions
The user data gathered are pseudonymised by means of technical measures. This means that it is no longer possible to associate the data with the accessing user. The data are not stored together with other personal data of users.
On accessing our website, users see an information banner that notifies them of the use of cookies for analysis purposes and refers to this data protection declaration. In connection with this, there is also an indication of how storage of cookies can be suppressed in the browser settings.
b) Legal basis for data processing
The legal basis for processing of personal data with the use of technically essential cookies is point f) of Article 6(1) DSGVO.
The legal basis for processing of personal data for analysis purposes, subject to the user's consent to this, is point a) of Article 6(1) DSGVO.
c) Purpose of data processing
The purpose of the use of technically essential cookies is to make websites easier to use. Some functions of our website cannot be offered without the use of cookies. To this end, it is essential for the browser to be recognised again after a page change.
We need cookies for the following applications:
- Saving of language settings
- Login information
The user data gathered by means of technically essential cookies are not used to create user profiles.
The analysis cookies are used for the purpose of improving the quality and content of our website. From the analysis cookies, we learn how the website is used, enabling us to constantly optimise our offering.
These purposes also account for our legitimate interest in processing personal data as per point f) of Article 6(1) DSGVO.
e) Duration of storage, possibility of objection and rectification
Cookies are stored on the user's computer and transmitted from the computer to our site. Therefore, as the user, you have full control over the use of cookies. By changing the settings in your web browser, you can deactivate or restrict the transferring of cookies. Cookies that have already been stored can be erased at any time. This can also be performed automatically. If cookies are deactivated for our website, it is possible that some functions of the website will no longer be fully usable.
5. Provision of the website and creation of log files
Description and extent of data processing
Each time our website is accessed, our system automatically records data and information from the computer system of the accessing computer.
The following data are gathered here:
- Information on the browser type and the version used
- The user's operating system
- The HTTP response code
- The number of bytes transferred
- The user's IP address
- The data and time of access
- Websites from which the user's system reaches our website
- Websites that are accessed by the user's system via our website
Legal basis for data processing
The legal basis for temporary storage of the data and log files is point f) of Article 6(1) DSGVO.
Purpose of data processing
Temporary storage of the IP address by the system is necessary in order to enable delivery of the website to the user's computer. To this end, the user's IP address must be stored for the duration of the session.
Storage in log files is carried out in order to ensure that the website works properly. In addition, we use the data to help us optimise the website and to ensure the security of our IT systems. No evaluation of the data for marketing purposes is performed in connection with this.
These purposes also account for our legitimate interest in data processing as per point f) of Article 6(1) DSGVO.
Duration of storage
The data are erased as soon as they are no longer needed to fulfil the purpose for which they were gathered. In the event of data recording for provision of the website, this is the case when the respective session is ended. In the event of data storage in log files, this is the case after no more than fourteen days. Storage beyond this is possible. In this case, the users' IP addresses are erased or distorted so that it is no longer possible to associate the accessing client.
Possibility of objection and rectification
Data recording to provide the website and storage of data in log files are absolutely essential to operation of the website. Consequently, there is no possibility of objection on the part of the user.
6. Contact form
1. Description and extent of data processing
A contact form that can be used to make contact electronically is available on our website. If a user makes use of this option, the data entered in the input screen are sent to us and stored. These data are:
- Forename
- Surname
- Company
- Position
- Street
- Postcode/place
- Tel.
- Your message
Your consent to data processing is obtained in the context of the sending process and this data protection declaration is referred to.
No forwarding of the data to third parties is carried out in connection with this. The data are used solely for processing of the conversation.
2. Legal basis for data processing
The legal basis for processing of the data, subject to the user's consent, is point a) of Article 6(1) DSGVO.
The legal basis for processing of the data transmitted when sending an e-mail is point f) of Article 6(1) DSGVO. If the e-mail contact is intended to conclude a contract, an additional legal basis for processing is point b) of Article 6(1) DSGVO.
3. Purpose of data processing
We process the personal data from the input screen solely for the purpose of facilitating contact. In the event of contact by e-mail, the essential legitimate interest in processing the data also relates to this.
The other personal data processed during the sending process serves to prevent misuse of the contact form and ensure security of our IT systems.
4. Duration of storage
The data are erased as soon as they are no longer needed to fulfil the purpose for which they were gathered. For the personal data from the input screen of the contact form and the personal data sent by e-mail, this is the case when the respective conversation with the user is ended. The conversation is ended when it is apparent from the context that the matter concerned has been definitively resolved.
The personal data additionally gathered during the sending process are erased after a period of seven days at the latest.
5. Possibility of objection and rectification
Users are able at any time to withdraw their consent to the processing of their personal data. If users contact us by e-mail at info@drweigert.de, they can object at any time to storage of their personal data. In any such case, the conversation cannot be continued.
All personal data stored in the context of contact are erased in this case.
7. Registration
1. Description and extent of data processing
On our website, we give users the opportunity to register, submitting personal data. The data are entered in an input screen, sent to us and stored. No forwarding of the personal data to third parties is performed.
The following data are gathered in the registration process:
- Form of address
- Title
- Forename
- Surname
- Company
- Department
- Street
- Postcode/place
- Tel.
The user's consent to processing of these data is obtained in the registration process.
2. Legal basis for data processing
The legal basis for processing of the data, subject to the user's consent, is point a) of Article 6(1) DSGVO.
If the purpose of registration is to fulfil a contract to which the data subject is party or to take steps prior to entering into a contract.
If the purpose of registration is to fulfil a contract to which the user is party or take steps prior to entering into a contract, an additional legal basis for processing of the data is point b) of Article 6(1) DSGVO.
3. Purpose of data processing
The purpose of registration is not to conclude a contract with the user. Rather, user registration is necessary for enrolment for our events and organisation of the events.
4. Duration of storage
The data are erased as soon as they are no longer needed to fulfil the purpose for which they were gathered.
5. Possibility of objection and rectification
As a user, you have the right to cancel your registration at any time. You can request modification of the data stored about you at any time.
8. Analysis tools and advertising
Matomo (formerly Piwik)
1. Extent of processing of personal data
On our website, we use the open-source software tool Matomo (formerly PIWIK) to analyse our users' surfing behaviour. The software deposits a cookie on the user's computer (see above for details of cookies). If individual pages of our website are accessed, the following data are stored:
- Two bytes of the IP address of the user's accessing system
- The accessed website
- The website from which the user reached the accessed website (referrer)
- The subpages accessed from the accessed website
- The time spent on the website
- The frequency of access to the website
The software only runs on the servers of our website. The users' personal data are only stored there. No forwarding of the personal data to third parties is performed.
The software is configured in such a way that the IP addresses are not fully stored; instead, 2 bytes of the IP address are concealed (e.g.: 192.168.xxx.xxx). In this way, it is no longer possible to associate the abbreviated IP address with the accessing computer.
2. Legal basis for processing of personal data
The legal basis for processing of the users' personal data is point f) of Article 6(1) DSGVO.
3. Purpose of data processing
Processing of the users' personal data enables us to analyse our users' surfing behaviour. Evaluating the extracted data allows us to compile information on the use of individual components of our website. This helps us to constantly improve our website and make it more user-friendly. These purposes also account for our legitimate interest in processing the data as per point f) of Article 6(1) DSGVO. The users' interest in protection of their personal data is sufficiently taken into account through anonymisation of the IP address.
4. Duration of storage
The data are erased as soon as they are no longer needed for our record-keeping purposes.
5. Possibility of objection and rectification
Cookies are stored on the user's computer and transmitted from the computer to our site. Therefore, as the user, you have full control over the use of cookies. By changing the settings in your web browser, you can deactivate or restrict the transferring of cookies. Cookies that have already been stored can be erased at any time. This can also be performed automatically. If cookies are deactivated for our website, it is possible that some functions of the website will no longer be fully usable.
On our website, we give our users the opportunity to opt out of the analysis process.
Further information on the privacy settings of the Matomo software can be found via the following link: https://matomo.org/docs/privacy/.
9. Plugins and tools
YouTube with extended data protection
This website integrates videos from YouTube. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in the extended data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. This is how YouTube connects to the Google DoubleClick network regardless of whether you are watching a video.
A connection to the YouTube servers is established as soon as you start a YouTube video on this website. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you will enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account. Furthermore, YouTube can save various cookies on your device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can receive information about visitors to this website. This information is used, among other things, to collect video statistics, improve user-friendliness and prevent attempted fraud.
If necessary, further data processing operations can be triggered after the start of a YouTube video, over which we have no influence. YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. If corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a GDPR; the consent can be withdrawn at any time.
Web fonts provided by Google ensure that fonts are displayed uniformly when YouTube is used.
When you visit a site, your browser loads the necessary web fonts in your browser cache so that texts and fonts are displayed correctly.
For this to work, your browser has to establish contact with Google’s servers, thereby informing Google that your IP address is accessing our website.
Further information on Google web fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de
When using YouTube, personal data may be transmitted to the United States of America. We would like to point out that there may be a lower level of protection for personal data in the United States in relation to the European Union. When using YouTube, the protection of personal data during transmission to the United States is guaranteed in accordance with the European Standard Contractual Clauses: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc
Google Maps
On this website we use the map function Google Maps from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4. This enables us to show you interactive maps directly on the website and enables you to conveniently use the map function, which is our legitimate interest in the sense of the legal basis of Art. 6 Paragraph 1 lit. f GDPR. Insofar as we obtain your consent for the processing of your personal data in advance, the legal basis is exclusively Art. 6 Para. 1 lit. a GDPR.
When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website.
This happens regardless of whether Google provides a user account that you are logged in to or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be assigned to your profile on Google, you must log out before activating the button. Google saves your data as a usage profile and uses it for advertising, market research and / or needs-based design of its website. Such an evaluation takes place in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, although you must contact Google to exercise this right.
You can find the terms of use of Google Maps under "Terms of use of Google Maps": http://www.google.com/intl/de_de/help/terms_maps.html.
Web fonts provided by Google ensure that fonts are displayed uniformly when Google Maps used.
When you visit a site, your browser loads the necessary web fonts in your browser cache so that texts and fonts are displayed correctly.
For this to work, your browser has to establish contact with Google’s servers, thereby informing Google that your IP address is accessing our website.
Further information on Google web fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de
Any transfer of personal data to the United States when using Google Maps is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
10. Newsletter
Newsletter data
If you would like to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the email address provided – and that you agree to receive the newsletter. Further data is not collected, or will only be collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties. The data entered in the newsletter registration form will be processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data and the email address, as well as the use of the latter for sending the newsletter, at any time – for example, by clicking on the “unsubscribe” link in the newsletter. The legality of the data processing operations which have already been carried out shall not be affected by the revocation. The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter. The data will be deleted from the newsletter distribution list after the newsletter subscription has been canceled. Data that has been stored by us for other purposes remains unaffected. After you have been removed from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose; it will not be merged with other data. This serves both your and our interest in compliance with the legal requirements related to sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist has no time limit. You can object to the storage if your interests outweigh our justifiable interest.
CleverReach
This website uses CleverReach for sending newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. CleverReach is a service with which newsletter mailouts can be organized and analyzed. The data you enter to subscribe to the newsletter (e.g. your email address) are stored on the CleverReach servers in Germany and Ireland. Our newsletters sent with CleverReach allow us to analyze the behavior of newsletter recipients. Among other things, it is possible to analyze how many recipients have opened the newsletter message and how often the respective links in the newsletter have been clicked on. Further information about the CleverReach newsletter is available at: https://www.cleverreach.com/en/features/reporting-tracking/.
Conclusion of a contract for order processing
We have concluded an order processing contract with CleverReach and fully implement the strict requirements of German data protection authorities when using CleverReach.