Data Protection Policy

Information about data processing on this website in accordance with Article 13 of the EU General Data Protection Regulation (GDPR) when collecting personal data of data subjects.

The security of your data and compliance with data protection law are of great importance to us. The processing of personal data is subject to applicable EU and national laws.

We will therefore inform you hereafter about how we treat your personal data. For readability, gender-specific distinctions will not be used. All terms apply equally to all genders.

 

1. Name and Contact Details of the Controller and Data Protection Officer

Controller:

 

A & O Gesundheit Medien- und Verlagsgesellschaft mbH

Managing Director: Dr. Natalie Koster

Mörsenbroicher Weg 200

40470 Düsseldorf
Germany

Email: info@a-o-gesundheit.de

Tel. +49 (0) 211 58 33 57 300

 

Data Protection Officer

You may contact our data protection officer at the email address: datenschutzbeauftragter@a-o-gesundheit.de.

 

2. Data Processing

a) Collection, Storage, Categories and Purposes of Use of Personal Data

We only collect and use personal data of our users to the extent necessary to provide a functional website and our content and services. We only collect and use personal data of our users with their consent. Exceptions only apply if consent cannot be obtained in advance for objective reasons and processing is permitted by law. Data processed on this website includes:

  • Usage data (e.g., the last-visited page of our website)
  • Content data (e.g., entries on online forms)
  • Contract data (e.g., for sponsorship collaborations)

 

b) Legal Basis for Processing Personal Data

If we obtain the data subject’s consent for the processing of personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) will serve as the legal basis.

If we process personal data necessary for the performance of a contract to which the data subject is party, Article 6(1)(b) of the GDPR will serve as the legal basis. This also applies to processing necessary for steps prior to entering into a contract.

If personal data must be processed for compliance with a legal obligation to which our company is subject, Article 6(1)(c) of the GDPR will serve as the legal basis.

If personal data must be processed to protect vital interests of the data subject or of another natural person, Article 6(1)(d) of the GDPR will serve as the legal basis.

The legal basis for processing data is Article 6(1)(f) of the GDPR. Our legitimate interest follows from the data collection purposes stated above. In no case will we use collected data to identify you personally.

 

c) Data Erasure and Storage Period

Personal data of the data subject will be erased or blocked when the purpose for the collection of this data no longer applies. Furthermore, personal data may be stored if required by EU, national or other regulations or laws to which the controller is subject. Data may also be blocked or erased after a storage period under such regulations or laws expires unless the data must continue to be stored for the conclusion or performance of a contract.

 

3. Providing Our Website

a) When Visiting Our Website

When visiting our website, vitamindoctor.com, information will be automatically transmitted to our server by your browser. This information will be temporarily stored in a so-called logfile. The following information will be collected without your involvement and stored until its automatic erasure:

  • Time and date of access
  • IP address of the requesting computer
  • Name and URL of the retrieved file
  • Accessing website (referrer URL)
  • Transmitted volume of data
  • Access status
  • Type of browser and, if applicable, operating system of your computer and the name of your access provider.

We will process the above-stated data for the following purposes:

  • Guaranteeing seamless connections to our website
  • Guaranteeing comfortable use of our website
  • Assessing system security and stability
  • Other administrative purposes

The legal basis for processing data is Article 6(1)(f) of the GDPR. Our legitimate interest follows from the data collection purposes stated above. In no case will we use collected data to identify you personally.

Furthermore, when you visit our website, we may use cookies and analysis services. For more information, please see Section 4 or Sections 4 and 5 of this Privacy Policy.

 

b) Contacting Us by Email

You may contact us at the provided email address. When contacting us by email, the personal data transmitted with the email will be stored and may be transferred to be processed by an external service provider. This data will only be used to process the conversation.

The legal basis for processing data transmitted as part of an email is Article 6(1)(f) of the GDPR. If we are contacted by email to conclude a contract, Article 6(1)(b) of the GDPR will serve as an additional legal basis for processing this data.

If we are contacted by email, this will also represent our necessary legitimate interest in processing this data. The data will be erased when it is no longer necessary for the purpose for which it was collected.

 

c) Live Webinar Newsletter Subscriptions

If you subscribe to our live webinar newsletter, we will send you regular emails with dates, calendar entries and registration links for our webinars. Personal data will be collected for this. Subscriptions require your title, last name, group and email address. Additional data may be entered voluntarily and will be used to address you personally.

Subscriptions to our email newsletter use a so-called double opt-in procedure. This means that we will only send you the above-stated emails after you explicitly consent to them. We will send you a confirmation email asking you to confirm that you would like to receive our newsletter by clicking on a provided link.

By activating the confirmation link, you consent to us using your personal data in accordance with Article 6(1)(a) of the GDPR. When you subscribe to our newsletter, we will store the IP address transmitted by your Internet service provider (ISP) and the time and date of your subscription to investigate any future misuse of your email address.

You may unsubscribe from our live webinar newsletter at any time via the link in the newsletter or by emailing us at info(at)a-o-gesundheit.de. After unsubscribing, your email address will be deleted from our contact list and assigned to a file of blocked email addresses to ensure that you will no longer receive our newsletter.

 

d.) Sending Webinar Emails via CleverReach

Our live webinar newsletter is sent via the technical service provider CleverReach GmbH & Co. KG, Mühlenstraße 43, 26180 Rastede, Germany, (“CleverReach”) to whom the data you entered when subscribing will be transferred. Such transfers are performed in accordance with Article 6(1)(f) of the GDPR and serve our legitimate interest in using an informative, secure and user-friendly email service. The data you entered (e.g., your email address) will be stored on CleverReach’s servers in Germany and/or Ireland.

CleverReach will use this information to send and statistically assess the newsletter on our behalf. For such assessments, our newsletter emails include so-called web beacons or tracking pixels, i.e., 1-pixel image files stored on our website. This enables us to determine whether a newsletter email was opened and which links were activated.

By using so-called conversion tracking, we may also determine whether a pre-defined action was performed after activating a link in an email. Technical information (e.g., the time of retrieval or your IP address, browser type and operating system) will also be collected. This data will only be collected anonymously and will not be linked to your other personal data. Direct personal identification is therefore not possible. This data is only used for statistical analyses of our live webinars. The results of these analyses may be used to better adjust future webinar emails to your interests.

To object to data analyses for statistical purposes, you must unsubscribe from our live webinar newsletter.

We concluded a processing agreement with CleverReach which requires CleverReach to protect and not provide to third parties the data of our customers.

For more information about CleverReach’s data analyses, please see: https://www.cleverreach.com/en/features/reporting-tracking/.

CleverReach’s Privacy Policy is available at https://www.cleverreach.com/en/privacy-policy/.

 

4. Transferring Data

Your personal data will not be transferred to third parties for purposes other than the following. We will only transfer your personal data to third parties if:

  • You explicitly consent in accordance with Article 6(1)(a) of the GDPR.
  • Transferring your data is necessary under Article 6(1)(f) of the GDPR for the establishment, exercise or defense of legal claims and there are no overriding legitimate grounds for not transferring your data.
  • There is a legal obligation under Article 6(1)(c) of the GDPR to transfer your data.
  • Transferring your data is permitted by law and necessary under Article 6(1)(b) of the GDPR for the performance of a contract.

If we use external service providers to provide our services, we will take appropriate legal precautions and implement technical and organizational measures to ensure the protection of your personal data as required by law.

 

Data Transmissions to Third Countries

Third countries are countries in which the GDPR does not apply. This includes all countries outside of the EU and/or European Economic Area.

We do not transfer data to third countries without a legal basis.

 

5. Data Collection, Third-Party Modules and Analysis Modules

a) Cookies

A&O’s websites use cookies. Cookies are small text files placed on the user’s data carrier and that communicate certain settings and data to A&O’s systems via the user’s browser. Cookies normally include the name of the domain from which the cookie data was sent, information about the age of the cookie and an alphanumeric identifier. Cookies enable A&O to design our website in a way that is appealing and easy to use for the user, e.g., by saving certain entries that the user then does not have to re-enter.

The information stored on cookies will not be used by A&O to identify the user and will not be merged with other personal data A&O may have stored about the user.

We use cookies to personalize content and ads, offer social media functions and analyze access of our website. We also transfer information about your use to our partners for social media, advertisement and analysis purposes. Our partners may merge this information with other data you provided or they collected as part of your use of these services. For more information, please see our Privacy Policy.

b) Cookiebot

This website uses the cookie consent tool of Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark, (“Cookiebot”) which places technically-necessary cookies to save your cookie preferences. This data is processed in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in providing a cookie consent management service to visitors of our website. For more information about data protection, please see Cookiebot’s Privacy Policy at https://www.cookiebot.com/en/privacy-policy/.

                           

c) Matomo Analytics

Our website uses Matomo, an open-source software for statistical assessments of visitor access and user behavior.

Matomo is provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand.

Matomo is disabled when you visit our website. Your user behavior will only be documented with your active consent and anonymously.

 

Matomo uses cookies placed on your computer that enable your user behavior to be analyzed anonymously for our website.

 

Personal identification is not possible because your IP address is anonymized immediately after it is processed and before it is saved.

This allows you to remain anonymous as a user. The information generated by the cookie on your user behavior will not be transferred to third parties.

You may disable cookies through your browser settings.

However, please note that this may prevent you from using every function of our website.

For more information about Matomo’s privacy settings, please see the following link: https://matomo.org/docs/privacy/.

Your data will be erased when it is no longer necessary for the purposes for which it was collected. In our case, your data will be automatically erased after 6 months.

The legal basis for processing personal data when using cookies is Article 6(1)(f) of the GDPR.

There are 3 ways to object to Matomo processing your personal data: First, you may disable cookies on your browser. However, this may prevent you from using certain functions of our website that require identification.

You may also active your browser’s “Do Not Track” setting to instruct websites not to track your user activity. Matomo accepts and respects this setting.

Finally, you may object to Matomo’s storage and assessment of data. Simply click on Cookie Settings and move the “Statistics” switch to the left on the Cookie menu. Then click on “Accept Selection.”

If the user does not want cookies (including Matomo’s cookies) to be used, the user may configure his browser not to accept cookies. However, when doing so, use of A&O’s website may be partially or fully restricted. If a user only wants to accept cookies from A&O, but not from A&O’s service providers and partners, the user may configure his browser to “Block Third-Party Cookies” (or similar).

 

d) DocCheck

DocCheck uses so-called “cookies”—text files saved on the user’s browser to make services easier to use. The information generated by these cookies will merely be transmitted to a DocCheck server and will not be shared with the website operator or other third parties. Data will not be transmitted to states outside of the EU. For more information, please see DocCheck’s privacy policy (in German) at http://www.doccheck.ag/de/datenschutzerklaerung/.

Protocol Data

As part of DocCheck’s password protection, DocCheck collects so-called protocol data (your IP address, time and date of access, referrer URL, information about your hardware and software, e.g., browser characteristics, and device information, such as your resolution) based on the website of the information provider who embeds the login page via “embed” or iFrame on his website. 
This data will not be used for personal identification, but merely to ensure proper displays of page or iFrame content and/or the security of DocCheck services.

e) Google AdSense

This website uses Google AdSense, a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for embedding advertisement. We thereby pursue the interest of displaying ads that may be of interest to you to make our website more interesting for you. For this, statistical information will be collected about you and processed by our advertising partners. These ads may be recognized by the “Google Ads” disclaimer.

When you visit our website, Google will be informed that you accessed our website. For this, Google uses a web beacon to place a cookie on your computer. We have no influence over and do not know the full extent of the collected data or storage period. Your data will be transferred to and assessed in the US. If you logged in via your Google account, your data may be assigned directly to your account. If you do not want your data to be assigned to your Google account, you must log out. Partners of Google may transfer your data to third parties and authorities. The legal basis for processing your data is Article 6(1)(f) of the GDPR.

You may prevent Google AdSense from placing cookies by:

1.) Configuring your browser not to display third-party ads, especially by disabling third-party cookies.

2.) Disabling interest-based ads on Google via the link https://adssettings.google.com/authenticated. This setting will be lost if you delete your cookies.

3.) Permanently disabling cookies on your Firefox, Internet Explorer or Google Chrome browser at the link https://support.google.com/ads/answer/7395996.

Please note that this may prevent you from fully using every function of our website.

Which data Google collects and for what this data is used is explained at https://policies.google.com/privacy.

Further information about the purpose and extent of the collection and processing of data and your corresponding rights and privacy settings may be obtained from Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA.

Google’s Advertising policy: https://policies.google.com/technologies/ads.

Google subjected itself to the EU-U.S. Privacy Shield Framework: www.privacyshield.gov/EU-US-Framework.

 

6. What Rights Do You Have?

You have the right:

  • Under Article 15 of the GDPR, of access to your personal data that is processed by us.

You especially have the right to information about the purposes of the processing, categories personal data concerned, the categories of recipients to whom your data will be or was disclosed, the envisaged period for which your data will be stored, the existence of your right to rectification, erasure, restriction of processing or to object, the existence of your right to lodge a complaint with a competent data protection supervisory authority and about the source of your data if not collected by us and the existence of automated decision-making, including profiling, and meaningful information about the logic involved.

  • Under Article 16 of the GDPR, to obtain from us without undue delay rectification of inaccurate and completion of incomplete personal data stored by us.
  • Under Article 17 of the GDPR, to obtain erasure of your personal data stored by us if necessary for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims. If legal storage periods apply, we will block your data if requested by you. We may also erase your personal data without your request if permitted by law.
  • Under Article 18 of the GDPR, to obtain restriction of processing of your personal data if you contest the accuracy of the data or its processing is unlawful, but you oppose its erasure or we no longer need the data for the purposes for which it was collected, but you require the data for the establishment, exercise or defense of legal claims or you object to its processing under Article 21 of the GDPR.
  • Under Article 20 of the GDPR, to receive in a structured, commonly used and machine-readable format or transmit to another controller the personal data you provided to us.
  • Under Article 7(3) of the GDPR, to withdraw your consent at any time. If you withdraw your consent, we may no longer process data based on this consent.
  • Under Article 77 of the GDPR, to lodge a complaint with a supervisory authority, particularly of your habitual residence or place of work or of our headquarters.

 

North Rhine-Westphalian State Commissioner for Data Protection and Freedom of Information
[Der Landesbeauftragte für Datenschutz und Informationsfreiheit in Nordrhein-Westfalen]

P.O. Box 20 04 44

40102 Düsseldorf
Germany

Tel: +49 (0) 211/3824-0

Fax: +49 (0) 211/3824-999

Email: poststelle(at)ldi.nrw.de

 

Right to Object

If your personal data is processed on the basis of our legitimate interests under Article 6(1)(f) of the GDPR, you have the right under Article 21 of the GDPR to object to the processing of your personal data on grounds related to your particular situation or to object to direct marketing. In the latter case, you have a general right to object that may be exercised without specifying your particular situation.

 

To exercise your data subject rights, simply send a letter to the above address or an email to datenschutzbeauftragter@a-o-gesundheit.de.

 

7. Data Security

We apply contractual, technical and organizational security measures to protect your data against random or intentional manipulation, partial or complete loss or destruction and unauthorized access and to comply with data protection laws. Our security measures are regularly improved in accordance with technological advances.

Your data is protected as follows (excerpts):

  • Confidentiality

To safeguard the confidentiality of your personal data that is stored by us, we implemented various entrance, access and retrieval control measures.

  • Integrity

To safeguard the integrity of your personal data that is stored by us, we implemented various transfer and input control measures.

  • Availability

To safeguard the availability of your personal data that is stored by us, we implemented various order and availability control measures.

 

Due to the nature of the Internet, we cannot guarantee the security of your data transfers to our website, despite our precautions. Any data transfers to our website will therefore be performed at your own risk.

 

8. Privacy Policy Validity and Updates

This Privacy Policy is currently valid as of February 2022.

Due to developments of our website and related offers or following changes to laws or official requirements, we may have to update our Privacy Policy. The current version of our Privacy Policy may be found on and printed from our website.