Data Privacy

1. Information on data protection

General information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified. For detailed information on the subject of data protection, please refer to our data protection declaration listed below this text.

Data collection on this website

Firstly, your data is collected by you providing it to us. This can be, for example, data that you enter into a contact form.

Other data is collected automatically or after your consent by out IT systems when visiting the website. This is mainly technical data (e.g. Internet browser, operating systems, or time of page view). The collection takes place automatically as soon as you enter this website.

What do we use your data for?

Part of the data is collected to ensure error-free operation of the website. Other data may be used to analyze your user behavior. This is done primarily with so-called analysis programs. You can find more detailed information about analysis tools and other third-party tools in the following privacy policy.

2. Responsible Party

The party responsible for the processing of your personal data on our website is

C4 health GmbH
Wildstr. 20
89522 Heidenheim a. d. Brenz
Germany

Phone: +49 7321 757 8170
Fax: + 49 7321 757 8171
Email: info@c4health.com
Web: www.c4health.com

HRB Ulm 735245, St.Nr. 64002/24399, Ust. ID. DE312589905
Managing Directors: Tanja Reischl-Stenske, Christian Stenske

3. General notes and obligatory information

Data protection

We take the protection of your personal data very seriously. Therefore, we treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data by which you can be personally identified. This privacy policy explains which data we collect, what we use it for, and for what purpose.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible.

Storage duration

Unless a specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies.

If you assert a legitimate request for deletion or if you revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law). If such reasons exist, the deletion will take place after they cease to exist.

General information on the legal basis for data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR, if special categories of data are processed according to Art. 9 (1) GDPR. In the case of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 (1) lit. a. GDPR. If you have consented to the storage of cookies or to the access to information in your terminal (e.g. via device fingerprinting), the data processing is additionally carried out on the basis of Section 25 (1) TTDSG. The consent can be revoked at any time.

If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 (1) lit. b GDPR.

In addition, we process your data, insofar as this is necessary for the fulfillment of a legal obligation, on the basis of Art. 6 (1) lit. c GDPR.

Furthermore, data processing may be based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. We inform you about the relevant legal basis in each individual case in the following paragraphs of this privacy policy.

Recipients of personal data

In the course of our business activities, we cooperate with various external parties. In some cases, this also requires the transmission of personal data to these external parties.

We only disclose personal data to external parties if this is necessary for the performance of a contract, if we are legally obliged to do so (e.g. disclosure of data to tax authorities), if we have a legitimate interest in disclosure according to Art. 6 (1) lit. f GDPR, or if another legal basis permits the disclosure of data.

When using third-party processors, we disclose personal data of our customers only on the basis of a valid contract on commissioned processing. In the event of joint processing, a joint processing agreement will be concluded.

Note on data transfer to the USA

Some of the tools we use are offered by companies based in the USA. If these tools are activated, your personal data may be transferred to the USA and processed there.

All of the companies we are using tools from are participating in the EU-U.S. Data Privacy Framework (DPF) and, as such, are self-certified at the US Department of Commerce. A full list of all participating organizations can be found here: https://www.dataprivacyframework.gov/s/participant-search.

Thus, these organizations fall within the scope of the European Commission's adequacy decision regarding the DPF, meaning a transfer of personal data to these organizations is regarded as safe by EU-GDPR standards.

If we should decide to introduce further tools by US-based companies or other third countries that are unsafe according to the GDPR, we will include them in this privacy statement. We would like to point out that in such cases, no level of data protection comparable to the one in the EU can be guaranteed.

Withdrawal of your consent to data processing

Many data processing operations are only possible with your explicit consent. You can withdraw an already given consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

4. Technical implementation

Hosting

The web server for the operation of our website is operated technically by Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany ("Strato"). When you visit our website, Strato collects various log files including your IP address. All Strato products are hosted exclusively at Strato data centres in Germany (https://www.strato.de/sicherheit/).

For more information, please refer to Strato's privacy policy: https://www.strato.de/datenschutz

The use of Strato is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in the most reliable presentation of our website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

We have concluded a data processing agreement with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as the hosting of the website or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol on your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

5. Data collection and use

Visit to this website

You can visit our website without giving any details about your person. When you visit our web pages, you transmit data via your Internet browser to the Strato AG web server for technical reasons. This data includes:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Web browser and operating system used
  • IP address of the requesting computer
  • Transferred data volume

This data is only used to provide the online service.

Cookies

This website uses cookies. Cookies make websites more user-friendly and efficient for the user. A cookie is a small text file that is used to store information.

When visiting a website, the website may place a cookie on the website visitor's terminal, which is stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal.

If the user visits a website again later, the website can read the data from previously stored permanent cookies and thus determine, for example, whether the user has visited the website before and which areas of the website the user was particularly interested in. Permanent cookies remain stored on your terminal until you delete them yourself or until they are automatically deleted by your web browser.

More information about cookies can be found on Wikipedia.

In some cases, cookies from third-party companies may also be stored on your terminal when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the display of videos). Other cookies are used to evaluate user behavior or display advertising.

Cookies that are necessary to carry out the electronic communication process, to provide certain functions requested by you, or to optimize the website are stored on the basis of Art. 6 (1) lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimal availability of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG). The consent can be revoked at any time.

Cookies on our website

Our website uses the following providers:

  • C4 health GmbH: Cookie Consent – This is used to store the consent to the use of cookies.
  • WordPress.com: Our website is compiled with WordPress.com. WordPress uses cookies for various purposes. You can find out more here: https://automattic.com/cookies/
  • Insofar as further cookies from third-party providers or for analysis purposes are used, we will inform you separately within the scope of this data protection declaration and, if necessary, request your consent.

Changing cookie settings

How the web browser handles cookies, which cookies are allowed or rejected, can be defined by the user in the web browser settings. Where exactly these settings are located depends on the respective web browser. Detailed information on this can be accessed via the help function of the respective web browser.

If the use of cookies is restricted, not all functions of this website may be fully functional.

Links to other websites

If we refer to or link to the websites of third parties through our website, we cannot assume any responsibility or liability for the accuracy or completeness of the contents and the data security of these sites. Since we have no influence on the compliance of third parties with data protection regulations, you should check the privacy policies of each site separately.

6. Communication

Request by email, fax, or phone

If you contact us by email, fax, or telephone, we will collect, process, and use your personal data solely for the purpose of processing your inquiry. We will not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 (1) lit. f GDPR) or on your consent (para. 6 (1) lit. a GDPR), if this has been requested. This consent can be revoked at any time.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after your request has been processed). Legal provisions, in particular statutory retention periods, remain unaffected.

Communication via Microsoft Teams

We use Microsoft Teams, a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("MS Teams"), for internal and external communication. This includes the integrated chat program, telephony and video conferencing, online training and file sharing.

In the process, data, including personal data, is processed and stored by MS Teams. Depending on the settings, this can be:

  • User details, e.g. display name, email address, phone number, profile picture, department.
  • Company details, e.g. company name, address
  • Presence/absence status
  • Audio and video data, provided that the devices (microphone and camera) are enabled
  • Meeting metadata, e.g. participants, IP addresses, device/hardware information, title and description, call duration
  • For recordings: MP4 file of all video, audio, and presentation recordings, M4A file of all audio recordings, text file of the chat.
  • If the screen is shared: all content of the corresponding shared screen or application
  • When dialing in by phone: additional information about the line, e.g. information about the phone number, country name, further connection data if necessary
  • When using additional functions: e.g. shared files and content, answers to surveys, calendar entries, status of tasks, technical usage data for providing the functionalities

The type and amount of personal data processed also depends on your own entries and settings. In the case of guest access, these are the personal details you provide prior to participation; in the case of accounts and in particular company accounts, the data depend both on your personal settings and on your administrator-controlled tenant settings.

The legal basis for the processing of personal data in this case is Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR. Recordings of an online meeting are only made with the consent of all participants and thus on the basis of Art. 6 (1) a) GDPR. For employees, Section 26 BDSG applies additionally as the basis for processing.

Personal data that is processed when using MS Teams is generally not passed on to third parties by us, unless it is explicitly designated or approved for passing on. In addition, Microsoft as the provider processes the aforementioned personal data insofar as this is necessary for the supply of the service and/or the associated support.

In principle, data collected via our MS Teams account is stored by Microsoft within the European Union. Since Microsoft also operates sites in the USA (Microsoft Corporation, One Microsoft Way. Redmond, Washington 98052-6399, USA), personal data (in particular diagnostic data) may also be transferred there. Microsoft is part of the EU-U.S. Data Privacy Framework (DPF), meaning that they’re self-certified at the US Department of Commerce (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000KzNaAAK&status=Active).

Thus, Microsoft falls within the scope of the European Commission's adequacy decision regarding the DPF, meaning a transfer of personal data to these organizations is regarded as safe by EU-GDPR standards.

For more details on privacy, please see the MS Teams privacy policy: https://learn.microsoft.com/microsoftteams/teams-privacy

7. Plugins and Tools

Google Fonts (local hosting)

This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. Google Fonts are installed locally. A connection to Google servers does not take place.

For more information about Google Fonts, see https://developers.google.com/fonts/faq?hl=en and the Google privacy policy: https://policies.google.com/privacy?hl=en.

Font Awesome (local hosting)

This site uses Font Awesome, provided by Font Awesome Team, for the uniform display of fonts and symbols. Font Awesome is installed locally. There is no connection to the servers of Fonticons, Inc

For more information about Font Awesome, please see the Font Awesome Privacy Policy at: https://fontawesome.com/privacy .

8. Social Media Profiles

Our online presence on LinkedIn and XING

Our presence on social networks and platforms serves to improve active communication with our customers and interested parties. We provide information about our company and our products there.

When visiting our online presences on social media, your data may be automatically collected and stored for market research and advertising purposes. So-called usage profiles are created from this data using pseudonyms.

These can be used, for example, to display advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used on your terminal for this purpose. In these cookies, the visitor behavior and the interests of the users are stored. This serves according to Art. 6 (1) lit. f. GDPR to protect our legitimate interests in an optimized presentation of our offer and effective communication with customers and interested parties, which prevail in the context of a balancing of interests. If you are asked by the respective social media platform operators for consent (agreement) to the data processing, e.g. by means of a checkbox, the legal basis for the data processing is Art. 6 (1) lit. a GDPR.

For detailed information on the processing and use of data by the providers on their sites, as well as a contact option and your rights and setting options in this regard to protect your privacy, in particular objection options (opt-out), please refer to the privacy notices of the providers linked below. If you still need help in this regard, you can contact us.

The data processing is carried out on the basis of an agreement between jointly responsible parties pursuant to Art. 26 GDPR.

9. Your rights

We take the protection of your personal data very seriously. We treat the personal data that we store for order processing confidentially and in accordance with the statutory data protection regulations and this privacy policy.

Right to revoke your consent to data processing

Many data processing operations are only possible with your explicit consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to the collection of data in special cases and in the case of direct marketing (Art. 21 GDPR)

If the data processing is not based on your consent, but on Art. 6 (1) lit. e or f GDPR, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation. This also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy.

If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection under Art. 21 (1) GDPR).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing. This also applies to profiling, insofar as it is associated with such direct advertising. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) GDPR).

Right to information, deletion, and correction

Within the scope of the applicable legal provisions, you have the right to information, correction, and deletion of the processing of your stored personal data at any time. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time. If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person, or for reasons of an important public interest of the European Union or a member state.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

Right of appeal to the competent supervisory authority

You also have the right of appeal to a competent supervisory authority. The authority responsible for us is the "Landesbeauftragte für Datenschutz und Informationsfreiheit Baden-Württemberg", available at https://www.baden-wuerttemberg.datenschutz.de/

This privacy policy was created with the assistance of https://www.e-recht24.de.

As of: 2023-07-28