Challenges
Our Solutions
About Us
Privacy information for the website and external pages of Insight Health GmbH (www.insight-health.de)
I. General
1. responsible party
We, Insight Health GmbH, take the protection of your personal data and the legal obligations serving this protection very seriously. The legal requirements demand comprehensive transparency regarding the processing of personal data. Only if you are sufficiently informed about the purpose, nature and scope of the processing, the processing is comprehensible for you as a data subject.
Our data protection information therefore explains to you in detail what personal data is processed by us when you use our website (www.insight-health.de), all other websites that refer to it and in the other cases explained here where applicable.
The responsible party within the meaning of the General Data Protection Regulation (DSGVO), the Federal Data Protection Act (BDSG) and other data protection regulations is the
Insight Health GmbH
Auf der Lind 10 a/3
65529 Waldems-Esch
Tel.: +49 6126 955-0
E-Mail: info@insight-health.de
Hereinafter referred to as the "responsible party" or "we".
You can reach the data protection officer at:
Sascha Kremer
Datenschutz@insight-health.de
Please note that links on our website may take you to other websites that are not operated by us but by third parties. Such links are either clearly marked by us or are recognizable by a change in the address line of your browser. We are not responsible for compliance with data protection regulations and secure handling of your personal data on these websites operated by third parties.
2. definitions
From the DSGVO
This privacy policy uses the terms of the legal text of the DSGVO. You can view the definitions (Art. 4 DSGVO), for example, at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016R0679. For the definition of health data, please refer to Art. 4 No. 15 DSGVO. If other special categories of personal data are processed, you will find the explanations in Art. 4, 9 (1) DSGVO. If the processed data is personal data about criminal convictions and criminal offenses, you will find the information on this in Art. 10 DSGVO.
Additional definitions:
Cookies and similar technologies
Cookies are text files that are placed on or read from your terminal device by a website. They contain combinations of letters and numbers in order, for example, to recognize the user and his or her settings when reconnecting to the cookie-setting website, to enable the user to remain logged in to a customer account or to statistically analyze specific usage behavior.
The WebStorage technology makes it possible to store variables and values locally in the user's browser cache. The technique includes both so-called "sessionStorage", which remains stored until the browser tab is closed, and "localStorage", which is stored in the browser cache until the cache is cleared by the user. The localStorage technique makes it possible, among other things, to recognize the user and his or her settings when our website is called up.
Data categories
When we specify the categories of data processed, we are referring in particular to the following data: master data (e.g., names, addresses, dates of birth), contact data (e.g., e-mail addresses, telephone numbers, messenger services), content data (e.g., text entries, photographs, videos, contents of documents/files), contract data (e.g., subject matter of contract, terms, customer category), payment data (e.g. bank details, payment history, use of other payment service providers), usage data (e.g. history on our website, use of certain content, access times, contact or order history), connection data (e.g. device information, IP addresses, URL referrers), location data (e.g. GPS data, IP geolocation, access points), diagnostic data (e.g. crash logs, performance data of the website/app, other technical data for the analysis of faults and errors).
3. information on data processing
We process personal data only to the extent permitted by law. Personal data is only shared in the cases described below. Personal data is protected by appropriate technical and organizational measures (e.g. pseudonymization, encryption).
Unless we are required by law to store or disclose personal data to third parties (in particular law enforcement agencies), the decision as to which personal data we process and for how long, and the extent to which we disclose it, depends on which functions of the website you use in each individual case.
4. storage period
The personal data will be deleted as soon as the purpose of the processing no longer applies or a prescribed storage period expires, unless there is a need for further storage of the personal data for the conclusion or fulfillment of a contract.
Personal data that we process as part of an application (see below) will be stored for a period of six months after completion of the application process.
5. automated decisions in individual cases including profiling
Automated decisions in individual cases including profiling do not take place.
6. rights of data subjects
As a data subject, you have the right to information under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR and the right to data portability under Article 20 of the GDPR. With regard to the right to information and the right to erasure, the restrictions from §§ 34, 35 BDSG apply.
You have the right to complain to a data protection supervisory authority (Art. 77 DSGVO in conjunction with § 19 BDSG).
The data protection supervisory authority responsible for us is:
The Hessian Commissioner for Data Protection and Freedom of Information.
Gustav-Stresemann-Ring 1
65189 Wiesbaden
However, you are free to complain to another data protection supervisory authority. You can find a list of supervisory authorities at: https://www.bfdi.bund.de/ (under Infothek/Addresses and Links).
7. notification obligations of the data controller
We will notify all recipients to whom your personal data has been disclosed of any rectification or erasure of your personal data or restriction of processing pursuant to Art. 16, Art. 17(1) and Art. 18 of the GDPR, unless such notification is impossible or involves a disproportionate effort. We will inform you of the recipients if you request this.
8. obligation to provide
Unless otherwise explained below in the information on the legal basis, you are not obliged to provide personal data. However, in the cases of Art. 6 (1) (b) DSGVO, the personal data is necessary for the performance of a contract or for the conclusion of a contract. If you do not provide the personal data concerned, the performance or conclusion of the contract is not possible. If you do not provide the data in the cases of Art. 6 para. 1 lit. a, f DSGVO, the use of the affected parts of our website is not possible.
9. right of objection and revocation of consent
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(f) DSGVO. If personal data are processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing.
In accordance with Art. 7 (3) p. 1 DSGVO, you have the right to revoke your consent at any time with effect for the future informally by mail or e-mail. The lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by this. Upon your revocation, we will delete the personal data processed on the basis of the consent if there is no other legal basis for its processing.
Objection and revocation can be made form-free and should be directed to the contact details above.
II. Data processing in connection with the use of our website.
The use of the website and its functions regularly requires the processing of personal data.
Provision of the website
Purpose of processing: functionality and optimization of the website, integration of content as well as ensuring the security of our information technology systems for purely informational use of our website.
Legal basis: Art. 6 para. 1 letter f DSGVO.
Data categories: Connection data
Recipients of the data: Data is only passed on to third parties if this is necessary for the operation of our website. For this purpose, personal data is transferred to the following recipients: IT service provider.
Intended third country transfer: Yes, on the basis of the standard data protection clauses of the EU Commission, Art. 46 para. 2 lit. c DSGVO) and in individual cases and on the basis of adequacy decisions (Art. 45 DSGVO).
Do we store or read out personal data on your end device based on your consent? No
Application (application portal)
Purpose of processing: processing of your application and implementation of the application procedure; consideration of your application in future application procedures with us or with affiliated companies, provided that express consent has been given.
Legal basis: Art. 88 para. 1 DSGVO in conjunction with. § Section 26 (1) p. 1 BDSG; for storage for future application procedures with us and with affiliated companies, Art. 6 (1) a DSGVO in conjunction with Art. 7 DSGVO, Section 26 (2) BDSG.
Data categories: Master data, contact data, content data, contract data, if applicable connection data, if applicable usage data and, if applicable, special categories of personal data as defined in Art. 9 (1) DSGVO (depending on the specific job advertisement; only the data relating to your application that you provide to us and that we are permitted to process in the context of job applications will be stored).
Recipient of the data: Personio GmbH, Rundfunkplatz 4, 80335 Munich, companies affiliated with your consent.
Intended third country transfer: None
Do we store or read out personal data on your end device based on your consent? No
Contact
Purpose of processing: processing your contact request and, if applicable, your call-back request.
Legal basis: Art. 6 para. 1 letter f DSGVO.
Data categories: Depending on the nature of the request. As a rule, contact data and master data are processed here.
Recipients of the data: None
Intended transfer to third countries: None
Do we store or read out personal data on your end device based on your consent? No
Google Fonts
Purpose of processing: to personalize our website by using fonts loaded from Google servers.
Legal basis: Art. 6 para. 1 letter f DSGVO.
Data categories: Connection data
Recipients of the data: Google Ireland Ltd, Gordon House, Barrow Street Dublin 4 Ireland.
Intended third country transfer: In individual cases, USA.
Do we store or read out personal data on your end device based on your consent? No
Google Maps
Purpose of processing: integration of interactive maps and map function of Google Maps.
Legal basis: Art. 6 para. 1 letter f DSGVO.
Data categories: Usage data, connection data, location data (depending on the type of use).
Recipients of the data: Google Ireland Ltd, Gordon House, Barrow Street Dublin 4 Ireland.
Intended third country transfer: None
Do we store or read out personal data on your end device based on your consent? No
Video player
Purpose of processing: integration of videos.
Legal basis: Art. 6 para. 1 letter f DSGVO.
Data categories: Connection data
Recipients of the data: IT service provider
Intended third country transfer: None
Do we store or read personal data on your end device based on your consent? No
III. references to external sites
LinkedIn (profile)
Purpose of processing: We have set up a page about our company on the "LinkedIn" platform at the address https://www.linkedin.com/company/insight-health-gmbh-&-co-kg/?originalSubdomain=de. When you access this page, LinkedIn processes personal data about you. We receive statistics on the use of this page derived from this data.
Legal basis: Art. 6 para. 1 letter f DSGVO.
Data categories: Master data, contact data, content data, usage data, connection data, location data if applicable.
Recipients of the data: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (as joint data controller pursuant to Art. 26 DSGVO - the essence of the agreement can be found at https://legal.linkedin.com/pages-joint-controller-addendum)
Intended third country transfer: Yes, on a case-by-case basis based on the EU Commission's standard data protection clauses, Art. 46(2)(c) DSGVO and, where applicable, on the basis of adequacy decisions (Art. 45 DSGVO).
Do we store or read out personal data on your end device based on your consent? No
Data subject rights: LinkedIn is responsible for implementing your data subject rights. LinkedIn will inform you about your data subject rights at https://www.linkedin.com/legal/privacy-policy. You can also assert your rights against us, we will then forward your request to LinkedIn immediately.
XING (profile)
Purpose of processing: We have set up a page about our company on the "XING" platform of New Work SE, Dammtorstraße 30, 20354 Hamburg ("New Work") under the address https://www.xing.com/pages/insighthealth/news. When you access this page, New Work processes personal data from you.
Legal basis: Art. 6 para. 1 letter f DSGVO.
Data categories: Master data, contact data, content data, usage data, connection data, location data if applicable.
Recipient of the data: New Work SE, Dammtorstraße 30, 20354 Hamburg ("XING").
Intended third country transfer: Yes, in individual cases on the basis of the EU Commission's standard data protection clauses, Art. 46 (2) (c) DSGVO and, if applicable, on the basis of adequacy decisions (Art. 45 DSGVO).
Do we store or read out personal data on your end device based on your consent? No
Purpose of processing: We have set up a profile on the "Twitter" platform at the address https://twitter.com/insighthealth. When you access this page, Twitter processes personal data about you. We receive statistics about the use of this page derived from this data.
Legal basis: Art. 6 para. 1 letter f DSGVO.
Data categories: Master data, contact data, content data, usage data, connection data, location data if applicable.
Recipients of the data: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland ("Twitter").
Intended third country transfer: Yes, on a case-by-case basis based on the EU Commission's standard data protection clauses, Art. 46(2)(c) DSGVO and, where applicable, on the basis of adequacy decisions (Art. 45 DSGVO).
Do we store or read out personal data on your end device based on your consent? No
IV. Data processing in connection with the use of Pharmacy Cube.
Purpose of processing: provision of the "Pharmacy Cube" product with regional, socio-demographic and pharmacy-specific features relating to pharmacies; functionality and optimization of "Pharmacy Cube"; ensuring the information and data security of Pharmacy Cube.
Legal basis: Art. 6 para. 1 letter f DSGVO.
Data categories: Master data, contact data, content data, contract data, payment data, usage data, connection data, location data, diagnostic data.
Recipients of the data: IT service providers (as processors); users of Pharmacy Cube.
Intended third country transfer: No
Do we store or read out personal data on your end device based on your consent? No
V. Data processing in connection with the use of our online services and portals.
Purpose of processing: provision of the online services and portals with analyses and reports from our applications; functionality and optimization of the online services and portals; ensuring information and data security of the online services and portals.
Legal basis: Art. 6 (1) (b), (f) GDPR
Data categories: master data, contact data, content data, usage data and connection data.
Data recipients: IT service providers (as processors)
Intended transfer to third countries: in individual cases, based on the standard data protection clauses of the European Commission, Art. 46 (2) point (c) GDPR and, if applicable, on the basis of adequacy decisions, Art. 45 GDPR.
Do we store personal data on your terminal based on your consent or do we read such data? No