DATA PROTECTION policy
With the following information we would like to give you as the “data subject” an overview of the processing of your personal data by us and your rights under data protection laws. The following declaration extends to the website https://cp.pro-implant.org and all sub-pages. Our website can generally be used without entering personal data.
However, if you would like to make use of special services from our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no other legal basis for such processing, we will generally obtain your consent.
The processing of personal data, such as your name, address or email address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to PRO-IMPLANT Infection Consulting GmbH (PRO IMPLANT). With this data protection declaration we would like to inform you about the scope and purpose of the personal data we collect, use and process.
As the controller, we have implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed via this website. Nevertheless, internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us in alternative ways, for example by telephone or post.
The data controller according to the GDPR is:
PRO-IMPLANT Infection Consulting GmbH ,
Chausseestraße 121, 10115 Berlin,
+49 30 549084571, [email protected]
Representative: Dr. Andrej Trampuz
You can contact us on the subject of data protection at any time with any questions or suggestions relating to the topic. You can reach our data protection and privacy contact person by email via:
The data protection declaration is based on the terms used by the European legislator for directives and regulations when the General Data Protection Regulation (GDPR) was adopted. Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.
4.1. Personal data
Personal data is all information that relates to an identified or identifiable natural person. A natural person is regarded as identifiable who, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person can be identified.
4.2. Data subject
Data subject is any identified or identifiable natural person whose personal data is processed by the data controller (our company).
Processing is any process carried out with or without the help of automated processes or any such series of processes in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation or change, reading, querying, use, disclosure through transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction.
4.4. Restriction of processing
Restriction of processing is a process of flagging or marking stored personal data with the aim of restricting their future processing.
Profiling is any type of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, analyze or predict personal preferences, interests, reliability, behavior, whereabouts or relocation of this natural person.
Pseudonymization is the processing of personal data in a way in which the personal data can no longer be assigned to a specific data subject without the use of additional information, if this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data is not assigned to an identified or identifiable natural person.
Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the data controller.
Recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data as part of a specific investigation according to European union law or the law of the member states are not considered recipients.
4.9. Third party
A third party is a natural or legal person, public authority, agency or body other than the data subject, the person responsible, the processor and the persons who are authorized to process the personal data under the direct responsibility of the person responsible or the processor.
Consent is any declaration of intent voluntarily given by the person concerned in an informed manner and unequivocally in the form of a declaration or other unequivocal affirmative action with which the person concerned indicates that they consent to the processing of their personal data.
Art. 6 para. 1 lit. a GDPR (in conjunction with § 15 para. 3 TMG) serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary to fulfill a contract to which you are a party, as is the case, for example, with processing operations that are necessary for the provision of our services or consideration, the processing is based on Art. 6 Para. 1 lit. b GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services.
If our company is subject to a legal obligation which requires the processing of personal data, for example to fulfill tax obligations, the processing is based on Article 6 (1) (c) GDPR.
In rare cases, it may be necessary to process personal data in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company were injured and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. The processing would then be based on Article 6 (1) (d) GDPR.
Ultimately, processing operations could be based on Article 6 (1) (f) GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to fulfill a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the person concerned do not prevail. We are particularly permitted to carry out such processing operations because they have been specifically mentioned by the European legislator. In this respect, the legislator took the view that a legitimate interest could be assumed if you are a customer of our company (EWG 47 sentence 2 GDPR).
A transfer of your personal data to third parties for purposes other than those listed in this declaration does not take place. We only pass on your personal data to third parties if:
7.1 SSL / TLS encryption
This site ensures the security of data processing and protection of the transmission of confidential content, such as login data or contact requests that you send to us as the operator via an SSL or TLS encryption. You can recognize an encrypted connection by the fact that in the address line of the browser there is an “https: //” instead of “http://” and by the lock symbol in your browser line. We use this technology to protect your transmitted data.
7.2 Data collection when visiting the website
If you only use our website for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (in so-called “server log files”). Our website collects a range of general data and information each time you or an automated system access a page. The following data and information are typically stored in the server’s log files:
When using this general data and information, we do not draw any conclusions about your person. Rather, this information is needed to
This collected data and information is therefore evaluated by us with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data in the server log files are stored separately from all personal data provided by a data subject.
The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above.
8.1 Registration as a user
You have the option of registering on our website by providing personal data. This is particularly necessary if you want to use our consultation portal or take part in training courses. Which personal data are transmitted to us can be seen from the respective input mask that is used for registration. The personal data you enter is collected and stored exclusively for our internal use and for our own purposes. We can arrange for the data to be passed on to one or more processors, for example a hosting provider, who will also use the personal data exclusively for internal use attributable to us.
We regularly collect the following data during registration:
By registering on our website, the IP address assigned by your Internet service provider (ISP), the date and time of registration are also saved. This data is stored because it is the only way to prevent misuse of our services and, if necessary, to enable criminal offenses to be investigated. In this respect, the storage of this data is necessary to ensure security. This represents a legitimate interest within the meaning of Article 6 Para 1 lit. f GDPR. This data is not passed on to third parties unless there is a legal obligation to pass it on or it is used for criminal prosecution.
Furthermore, this data is used to give you access to information that is only available to registered users, e.g. the download of studies and pocket guides. The use of such guides is usually directly related to our portal and therefore only useful for registered users. The control of information with regard to our target group represents a measure to structure and simplify our content. This represents a legitimate interest regarding Art. 6 Para. 1 lit. f GDPR.
8.2 Use of our consultation portal
In accordance with Article 6 Para 1 lit b GDPR, personal data are collected and processed if you provide them to us for a consultation. Which data is collected can be seen from the respective input forms. A deletion of your customer account is possible at any time and can be done by sending a message to the above address of the contact person. We save and use the data you have provided to process the contract, e.g. the implementation of a training course or a consultation.
After deleting your customer account, your data will be blocked with due regard to tax and commercial retention periods and deleted after these periods have expired. Upon request, we will provide you with information about which personal data is stored about you at any time. Furthermore, we correct or delete personal data at your request, provided that there are no legal storage obligations to the contrary.
If you use our service within the framework of the consultation portal, we collect patient information provided by you, which is necessary for the execution of the contract. These are in particular:
In the event of a consultation via our portal, we generally do not collect any patient data with direct personal reference, such as the name and address. An input mask is used in particular to enter health data in the form of patient findings, which are designated as special categories of personal data in accordance with Art. 9 GDPR. In principle, patient names are not mentioned. Further treatment is carried out using a pseudonymous code number. Any attachments, such as findings, are always anonymized. In this case, the legal basis for such processing of special categories of personal data from patients is Art. 9 Paragraph 2 lit h GDPR in conjunction with Section 22 Paragraph 1 No. 1 lit b BDSG-neu, namely medical care and diagnostics. In the event that you as a third party provide us with this information, e.g. in your role as a doctor, the patients should be informed about the subsequent data collection in accordance with Article 14 GDPR.
8.3 Processing of Payments
The personal data collected by us will continue to be processed in the context of contract processing, in particular the preparation of invoices. We will pass on your payment data to the commissioned credit institution as part of the payment processing, if this is necessary. If payment service providers are used, we will explicitly inform you about this below. The legal basis for the transfer of the data is Article 6 Para 1 lit. b GDPR.
8.4 Registration for our newsletter
We offer you to subscribe to a newsletter in which you will be informed about current events and offers. If you would like to subscribe to the newsletter, you must provide a valid email address. If you subscribe to the newsletter, you agree to receive the newsletter and the procedures explained. We process your data on the basis of your consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke your consent to receive the newsletter at any time and thus cancel the newsletter subscription. After your termination, your personal data will be deleted. Your consent to the sending of the newsletter expires at the same time. At the end of each newsletter you will find the link to cancel.
9.1 Google Analytics
We use Google Analytics, a web analysis service provided by Google Ireland Limited (https://www.google.de/intl/de/about/) (Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter “Google”) on our website. In this context, pseudonymized usage profiles are created and cookies (see section “Cookies”) are used. The information generated by the cookie about your use of this website such as browser type / version, operating system used, referrer URL (the previously visited page), host name of the accessing computer (IP address), time of the server request are sent to a server operated by Google in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and internet usage for the purposes of market research and needs-based design of this website. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of us. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (IP masking).
You can prevent the installation of cookies by setting the browser software accordingly; however, we would like to point out that in this case not all functions of this website can be used to their full extent.
These processing operations are only carried out if express consent has been given in accordance with Article 6 Para 1 lit. a GDPR.
You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https: //tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on the following link: Deactivate Google Analytics. An opt-out cookie will be set which prevents the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will have to set the opt-out cookie again.
Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).
9.2 Google Fonts
This page uses so-called web fonts, which are provided by the company Google, for the uniform display of fonts, to reduce the server load and thus lead to a lower loading time. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to the Google servers. In this way, Google is technically able to get the information that our website has been accessed via your IP address.
According to official information from Google, the use of Google Fonts is not monitored or logged. Requests to the Google Fonts API are sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. These do not process any confidential information and are transmitted separately from other information that you transmit to Google when you use services such as Gmail. (Further information on this: https://developers.google.com/fonts/faq) You can also find information on Google Web Fonts in Google’s data protection declaration: https://www.google.com/policies/privacy/.
The legal basis for the processing of personal data described here is Article 6 Para 1 lit. f GDPR. Our legitimate interest required for this lies in the great benefit that the integration of Google Hosted Libraries brings. With the possibility of integrating the libraries via Google, we reduce our maintenance effort and the traffic load.
9.3 Google Tag Manager
This website uses Google Tag Manager, a cookie-free domain that does not collect any personal data. With this tool, “website tags” (i.e. keywords or scripts that are integrated into HTML elements) can be implemented and managed via an interface. By using the Google Tag Manager, we can automatically track which button, link or which personalized image you have actively clicked and can then record which content on our website is particularly interesting for you. The tool also triggers tags which may collect data. Google Tag Manager does not access this data. If you have deactivated it at the domain or cookie level, it will remain in effect for all tracking tags that are implemented with Google Tag Manager.
These processing operations are only carried out if the express consent has been given in accordance with Article 6 Para 1 lit a GDPR.
This website uses the service of Heatmap.com. A connection to the server of heatmap.com is established by a Java Script Code placed on our site. Heatmap.com records mouse and touch activity (but not keyboard activity), device screen size, geographic location (country only), pages visited, date and time of access to the web pages. By using Heatmap.com, we can automatically track which button, link or which personalized image you have actively clicked and can then record which content on our website is particularly interesting for you. Neither we nor heatmap.com can draw conclusions about your person at any time. Heatmap.com also uses extensive technical and organizational measures to secure your data. You can find more information on this at https://heatmap.com/privacy.
These processing operations are only carried out if express consent has been given in accordance with Article 6 Para 1 lit a GDPR.
We have integrated components from YouTube on this website. YouTube is an Internet video portal that enables video publishers to post video clips free of charge and other users to view, rate and comment on them free of charge. YouTube allows the publication of all types of videos, which is why complete film and television programs, as well as music videos, trailers or videos made by users themselves can be accessed via the Internet portal. YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Each time you visit one of the individual pages of this website that is operated by us and on which a YouTube component (YouTube video) has been integrated, the Internet browser on your IT system is automatically prompted by the respective YouTube component to display the corresponding content component from YouTube. Further information on YouTube can be found at https://www.youtube.com/yt/about/de/. As part of this technical process, YouTube and Google gain knowledge of which specific subpage of our website you are visiting.
If the data subject is logged in to YouTube at the same time, YouTube recognizes which specific subpage of our website you are visiting by calling up a subpage that contains a YouTube video. This information is collected by YouTube and Google and assigned to your YouTube account. YouTube and Google always receive information via the YouTube component that you have visited our website if you are logged into YouTube at the same time as you access our website; this takes place regardless of whether you click on a YouTube video or not. If you do not want this information to be transmitted to YouTube and Google, you can prevent the transmission by logging out of your YouTube account before visiting our website.
These processing operations are only carried out if the express consent has been given in accordance with Article 6 Para 1 lit a GDPR.
The data protection regulations published by YouTube, which are available at https://www.google.de/intl/de/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.
On our website we offer, among other things, payment via Stripe for a selection of different payment methods. Stripe’s business address is Stripe Payments Europe Ltd, Block 4, Harcourt Center, Harcourt Road, Dublin. If you choose a payment method via Stripe, the payment details you have entered will be transmitted to Stripe.
Your data is transmitted to Stripe on the basis of Art. 6 Paragraph 1 lit. a GDPR (consent) and Art. 6 Paragraph 1 lit. b GDPR (processing to fulfill a contract).
You have the option of withdrawing your consent to data processing at any time with effect for the future. Information on Stripe’s data protection is available here: https://stripe.com/de/privacy.
10.1 Right to confirmation
You have the right to request confirmation from us as to whether personal data relating to you is being processed.
10.2 Right to information Art. 15 GDPR
You have the right to receive free information from us about the personal data stored about you as well as a copy of this data in accordance with the statutory provisions.
10.3 Right to correction Art. 16 GDPR
You have the right to request the correction of incorrect personal data concerning you. You also have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data.
10.4 Deletion of Art. 17 GDPR
You have the right to ask us to delete the personal data relating to you immediately, if one of the reasons provided by law applies and as far as the processing or storage is not necessary.
10.5 Restriction of processing Art. 18 GDPR
You have the right to demand that we restrict processing if one of the legal requirements is met.
10.6 Data portability Art. 20 GDPR
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to another person responsible without hindrance from us, to whom the personal data was provided, provided that the processing is based on the consent in accordance with Art. 6 Para. 1 lit. a GDPR or Art. 9 Para 2 lit. a GDPR or on a contract in accordance with Art. 6 Para. 1 lit. b GDPR and the processing is carried out using automated procedures, unless the processing is necessary for the performance of a task that is in the public interest lies or takes place in the exercise of public authority which has been assigned to us.
Furthermore, when exercising your right to data portability in accordance with Art. 20 Para 1 GDPR, you have the right to have the personal data transmitted directly from one person responsible to another, insofar as this is technically feasible and if not the rights and freedoms of other persons are impaired.
10.7 Objection to Art. 21 GDPR
You have the right, for reasons that arise from your particular situation, to object at any time to the processing of personal data relating to you, which is based on Art. 6 Para. 1 lit. e (data processing in the public interest) or f (data processing based on a Weighing of interests) DS-GVO takes place, to lodge an objection.
This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
In individual cases we process personal data in order to operate direct mail. You can object to the processing of personal data for the purpose of such advertising at any time. This also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, we will no longer process the personal data for these purposes.
In addition, you have the right, for reasons that arise from your particular situation, to object to the processing of personal data relating to you, which we use for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para 1 GDPR unless such processing is necessary to fulfill a task in the public interest.
In connection with the use of information society services, regardless of Directive 2002/58/EC, you are free to exercise your right of objection by means of automated procedures in which technical specifications are used.
10.8 Revocation of data protection consent
You have the right to revoke your consent to the processing of personal data at any time with effect for the future.
10.9 Complaint to a supervisory authority
You have the right to complain to a data protection supervisory authority about our processing of personal data.
We process and store your personal data only for the period necessary to achieve the storage purpose or if this has been provided for by the legal provisions to which our company is subject. If the storage purpose no longer applies or if a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the period has expired, the relevant data is routinely deleted, provided that it is no longer required for contract fulfillment or contract initiation.