Data Privacy Website
1. General Information
If you have any questions or suggestions regarding this information or would like to contact us to exercise your rights, please direct your request to:
Invalidenstraße 117, 10115 Berlin, Germany
The responsible supervisory authority is the Berlin Commissioner for Data Protection and Freedom of Information, which can be reached via email: firstname.lastname@example.org .
This data protection statement describes how we process personal data for the provision of our Mon Coach santé Angel services. It relates in particular to data processing on our websites (moncoachsanteangel.fr).
The data protection statement for end users and the Mon Coach santé Angel app (Android and iOS) can be found here: https://www.moncoachsanteangel.fr/en/data-privacy-app/
We have designed the data protection statement to be as clear, transparent, and simple as possible. Even without legal and technical knowledge, you should be able to understand the content easily. If, contrary to expectations, you do not understand this statement, you can contact us email@example.com.
1.3 Legal Basis
The data protection term “personal data” refers to any information that relates to a specific or identifiable person. We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. Data processing by us is based on legal permission only. We only process personal data with your consent (§ 25 para. 1 TTDSG oder Art. 6 para. 1 letter a GDPR), for the performance of a contract with you or for carrying out pre-contractual measures at your request (Art. 6 para. 1 letter b GDPR), for compliance with a legal obligation (Art. 6 para. 1 letter c GDPR), or if the processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, except where your interests or fundamental rights and freedoms that require the protection of personal data outweigh those interests (Art. 6 para. 1 letter f GDPR).
If you apply for an open position in our company, we will also process your personal data to decide whether to establish an employment relationship (§ 26 para. 1 S. 1 BDSG).
1.4 Duration of storage
Unless otherwise stated in the following information, we will only store the data for as long as it is necessary to achieve the processing purpose or to fulfill our contractual or legal obligations. Such legal retention obligations may arise in particular from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will keep such personal data that is contained in our accounting data for ten years and keep personal data contained in business letters and contracts for six years. In other cases, we will keep data related to proof of consent and claims for the duration of the statutory limitation periods. We will delete data that we process on the basis of your consent if you object to the processing for this purpose.
1.5 Categories of data recipients
In the context of processing your data, we use processors. Processing operations carried out by such processors include, for example, hosting, email dispatch, maintenance and support of IT systems, customer and order management, order processing, accounting and billing, marketing measures, or file and data destruction. A processor is a natural or legal person, authority, agency, or other body that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes but carry out the data processing exclusively for us as the data controller and are contractually obliged to ensure appropriate technical and organizational measures for data protection. In addition, we may transmit your personal data to entities such as postal and delivery services, banks, tax consulting/auditing companies, or the tax authorities. Further recipients may result from the following information.
1.6 Data transfer to third countries
Our data processing may involve the transfer of certain personal data to third countries, i.e., countries where the GDPR is not applicable law. Such transfer is permissible if the European Commission has determined that an adequate level of data protection is provided in such a third country. If such an adequacy decision by the European Commission is not available, transfer of personal data to a third country will only take place if appropriate safeguards are provided in accordance with Art. 46 GDPR or if one of the conditions of Art. 49 GDPR is met. An adequacy decision applies to the following countries: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en. For data transfers to the U.S., the adequacy decision applies to companies certified under the Privacy Framework and listed on this list (https://www.dataprivacyframework.gov/s/participant-search). Unless otherwise indicated below, we use the EU Standard Contractual Clauses as appropriate guarantees for the transfer of personal data to third countries. You have the option of obtaining or viewing copies of these EU Standard Contractual Clauses. Please contact the address provided under Contact.
If you consent to the transfer of personal data to third countries, the transfer will be based on the legal basis of Art. 49 para. 1 letter a GDPR.
1.7 Processing in the exercise of your rights
When you exercise your rights under Art. 15 bis 22 GDPR, we process the personal data transmitted for the purpose of implementing these rights by us and to be able to provide evidence thereof. Data stored for the purpose of providing information and its preparation will only be processed for this purpose and for the purposes of data protection control, and otherwise processing will be restricted in accordance with Art. 18 GDPR.
These processing activities are based on the legal basis of Art. 6 para. 1 letter c GDPR i.V.m. Art. 15 bis 22 GDPR and § 34 para. 2 BDSG.
1.8 Your rights
As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:
- You have the right, in accordance with Art. 15 GDPR and § 34 BDSG, to request information as to whether and to what extent we process personal data about you.
- You have the right, in accordance with Art. 16 GDPR, to request us to rectify your data.
- You have the right, in accordance with Art. 17 GDPR and § 35 BDSG, to request us to delete your personal data.
- You have the right, in accordance with Art. 18 GDPR, to request us to restrict the processing of your personal data.
- You have the right, in accordance with Art. 20 GDPR, to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and to transmit this data to another controller.
- If you have given us separate consent to process your data, you can revoke this consent at any time in accordance with Art. 7 para. 3 GDPR. Such revocation does not affect the lawfulness of the processing that has taken place prior to the revocation based on the consent.
- If you believe that the processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.
1.9 Right to object
According to Art. 21 para. 1 GDPR, you have the right to object to processing based on the legal basis of Art. 6 para. 1 letter e or f GDPR, for reasons arising from your particular situation. If we process your personal data for the purpose of direct marketing, you can object to this processing in accordance with Art. 21 para. 2 and para. 3 GDPR.
1.10 Data protection officer
You can reach our data protection officer with the following contact details:
Herting Oberbeck Datenschutz GmbH
Hallerstr. 76, 20146 Hamburg
2. Data processing on our website
When using the website, we collect information that you provide to us yourself. In addition, certain information about your use of the website is automatically collected by us during your visit to the website. In data protection law, the IP address is generally considered to be personal data. An IP address is assigned to each device connected to the internet by the internet provider so that it can send and receive data.
2.1 Processing of server log files
When you use our website in an informative manner (i.e. not by registering), general information that your browser transmits to our server is first stored automatically. This includes, as standard: browser type/version, operating system used, page accessed, the previously visited page (referrer URL), IP address, date and time of the server request, and HTTP status code.
The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 para. 1 letter f GDPR. This processing serves the technical administration and security of the website. The stored data will be deleted after seven days, unless there is a justified suspicion of unlawful use based on concrete evidence and further examination and processing of the information is necessary for this reason. We are not able to identify you as the data subject based on the stored information. Therefore, Art. 15 bis 22 GDPR do not apply in accordance with Art. 11 para. 2 GDPR, unless you provide additional information to exercise your rights laid down in these articles, which enables us to identify you.
As of: [1.1, 03.08.2023]