Data Protection Policy

1. General information and principles of data processing

We are pleased that you are visiting our website. The protection of your privacy and the protection of your personal data, the so-called personal data, is an important concern to us.

In accordance with Article 4(1) GDPR, personal data means any information relating to an identified or identifiable natural person. For example, this includes information such as your first and last name, your address, your telephone number, your e-mail address, but also your IP-address.

Data that cannot be linked to your person, for example through anonymisation, is not personal data. Processing (e.g. collection, storage, readout, retrieval, use, transmission, deletion or destruction) according to Article 4(2) GDPR always requires a legal basis or your consent. Processed personal data must be deleted as soon as the purpose of their processing has been achieved, and there are no longer any legally prescribed retention obligations.

Here you will find information on the handling of your personal data upon visiting our website. In order to provide the functions and services of our website, it is necessary for us to collect your personal data.

Furthermore, we will explain to you the type and extent of the respective data processing, the purpose and the corresponding legal basis as well as the respective storage period. 

This data protection policy only applies to this particular website. It does not apply for other websites which are merely referenced via hyperlink. We cannot assume responsibility for the confidential handling of your personal data on these third-party websites, since we do not have any influence in the data protection compliance by these companies. Please inform yourself on the handling of personal data by these companies directly on their websites.

2. Controller

Responsible for the processing of personal data on this website (see imprint) is:

DOCTOPIA GmbH
Gleimstraße 43
10437 Berlin
Germany
Telefon: +49-30-89208850

E-Mail: info@ecgbuddy.com

3. Provision and use of the website/ server log files

a) Type and extent of data processing

With each access of a user to an internet page of our web offer and each retrieval of a file, data about this procedure will automatically be recorded in a log file and will then be processed. Specifically, on every access/ retrieval the following data will be recorded:

If you use this website without otherwise (e.g. through registration or when using the contact form) transmitting data to us, we will collect technically necessary data over server log files, which will automatically be transmitted to our server:

  • information about the browser type and version used
  • operating system of the user
  • IP-address of the user
  • date and time of the request
  • accessed page/ name of the retrieved file
  • transferred data volume
  • notification, whether the access/ retrieval was successful
  • internet address, from which the site respectively the file or the desired function was initiated (referrer URL)

b) Purpose of data processing

The legitimate interest for the collection and processing of the mentioned data including the IP-address is based on the fact, that this data is necessary in order to provide the use of our web offer, for instance to display the accessed website. In addition, the legitimate interest in the storage of the IP-address is based on the requirement to guarantee IT security, in particular the protection of our IT systems against misuse and to ward off attacks.

c) Legal basis

Legal basis for the collection and processing of the data is Article 6(1)(f) GDPR.

d) Storage period

The aforementioned data will be recorded for the duration of the communication process. To guarantee IT security, the IP-address will be saved for an additional short period of time of no more than seven calendar days. Subsequently, this data shall be deleted.

d) Right of objection

If your personal data is processed in accordance with Article 6(1)(f) GDPR you have a right of objection in accordance with Article 21 GDPR. However, in the case of the specific data processing operation, we have compelling legitimate grounds for the processing the data that are necessary for the protection of these data, because without the processing of these  data we cannot provide and operate our website.

4. Use of cookies

We use cookies. Cookies are small files that are placed on your computer and stored by your browser. Some functions of our website cannot be offered without the use of technically necessary cookies, whereas other cookies allow us to perform various analyses. For example, some cookies can recognize the browser you are using when returning to our website and transmit various information to us. We use cookies in order to facilitate and improve the use of our website. For instance, through cookies we can create a more user-friendly and effective web offer for you, for example by retracing your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, this information will be directly collected via your browser. Cookies do not cause any damage to your terminal device. They can neither run programs nor contain viruses. Various types of cookies are used on our website, their type and function are explained in the following:

a) Temporary cookies/ session cookies

Our website uses so-called temporary cookies or session cookies, which are automatically deleted when you close your browser. Through this type of cookies, it is possible to record your session ID. This allows various requests from your browser to be assigned to a common session and makes it possible to recognize your terminal device during subsequent visits to the website. These session cookies expire at the end of the session.

b) Persistent cookies

Our website uses so-called persistent cookies. Persistent cookies are cookies that are stored in your browser over a longer period of time and can transmit information. The respective storage period varies depending on the cookie. Permanent cookies may be deleted independently via your browser settings.

c) Configuration of browser settings

Most web browsers are pre-set to accept cookies automatically. However, you can configure your browser to only accept only certain or reject all cookies. Having said this, we would like to point out that you may then no longer be able to use all of our website’s functions.

Additionally, you can use your browser settings to delete cookies already stored in your browser. Furthermore, it is possible to set up your browser in such a way that you are informed before cookies are stored. Since the different browsers may vary in their respective functions, we ask you to use the help menu of your browser for the corresponding configuration options.

Disabling the use of cookies may require the storage of a permanent cookie on your computer.
If you subsequently delete this cookie, you will have to set it again for it to remain effective.

d) Categories of cookies

We use the following categories of cookies:

Required cookies

Required cookies ensure functions that are essential to use our website as intended. These absolutely necessary cookies are used, for example, to ensure that registered users remain logged in when accessing various subpages. These are so-called first party cookies are only used by us. The legal basis for the processing of your personal data is Article 6(1)(f) GDPR, as we have a legitimate interest in maintaining the functionality of our website. You have a right of objection according to Article 21 GDPR. In the case of technically necessary cookies, however, we have compelling reasons worthy of protection for processing the data, because without processing this data we cannot properly provide our website or the respective functionality of the website.

As soon as the cookies are no longer required for the purposes described, they are deleted.

Statistics cookies

Statistics cookies collect information on how you use a website in order to improve its attractiveness, content and functionality. For instance, the following data is collected:

The number of visits to a website or sub-pages, the time spent on the website, the order of the pages visited, which search terms have led you to us, the country, region, city from which access was made, as well as the proportion of mobile devices that access our websites. We also analyse which parts of the website are of interest to you.

The legal basis for the processing of this personal data is your consent in accordance with Article 6(1)(a) GDPR. As soon as the cookies are no longer required for the purposes described, the storage period ends or you withdraw your consent, these cookies are deleted.

Marketing cookies

Marketing cookies are used to display interest-based advertisements to website visitors. Besides they are also used to limit the frequency of display and measure the effectiveness of advertisement campaigns. The information obtained with third parties such as advertisers. Cookies to improve targeting and advertising are often linked to third party site functionalities.

The legal basis for the processing of this personal data is your consent in accordance with Article 6(1)(a) GDPR. As soon as the cookies are no longer required for the purposes described, the storage period ends or you withdraw your consent, these cookies are deleted.

Cookies by external services/ other cookieless data transmissions to external services

External content of video- or social media platforms are blocked by default. If you consent in using a cookie and / or the disclosure of your data to external services, we will display this external content and transmit your data to these external services.

The legal basis for the processing of this personal data is your consent in accordance with Article 6(1)(a) GDPR. As soon as the personal data are no longer required for the purposes described, the storage period ends or you withdraw your consent, these personal data are deleted.

f) List of cookies we use

A list and description of the cookies we use can be found under the following link:

5. Services with statistics cookies

Google Analytics

  • Type and scope of data processing

On our website we use the tracking tool Google Analytics of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660 („Google“).

We have contracted a so-called data processing agreement with Google.

Google Analytics uses cookies to enable an analysis of the website usage.

The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States.

On behalf of the operator of this website, Google will use this information for the purpose of systematically evaluating your use of the website, compiling reports on website activity and providing other services to website operators relating to website activity and internet usage.

If individual pages of our website are accessed, the following data is stored:

  • three bytes of the IP-address of the calling system of the user (anonymized IP-address)
  • accessed website
  • website from which the user accessed the page of our website (referrer)
  •  sub-pages that are called from the caller page
  •  time spent on the website
  •  frequency of a call of the website
  • scroll behavior and clicks
  • achievement of "website objectives" (e.g. newsletter registrations)
  • approximate location
  • information about the used browser, internet provider and device information

We use Google Analytics with enabled IP anonymization. Through this, the IP addresses are shortened by the last octet (e.g. 192.168.79.***; so-called IP masking). It is no longer possible to assign the abbreviated IP address to the calling computer or terminal device.

b) Purpose of data processing

The service of Google Analytics is used to analyse the usage behaviour of our online presence.

c) Legal basis

The legal basis for the use of Google Analytics is your consent pursuant Article 6(1)(a) GDPR.

d) Storage period

The stored data will be deleted as soon as the cookie expires, or you withdraw your consent.

Google Analytics stores cookies in your web browser for a period of 14 months since your last visit. These cookies contain a randomly generated user ID that allows you to be recognized during future visits to the website.

The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form for an unlimited period.

e) Right of withdrawal

The stored data will be deleted as soon as you withdraw your consent by deselecting the selected cookie category "Statistics" under "Change cookie settings".

f) Further information

Learn more about the terms of use of Google Analytics:

https://marketingplatform.google.com/about/analytics/terms/gb/

Further information on Google Analytics data protection:

https://support.google.com/analytics/answer/6004245?hl=en

Further information on Google’s privacy policy can be found here: https://policies.google.com/terms?gl=DE&hl=en

6. Services with marketing cookies

Facebook Custom Audience / Facebook-Pixel

  • Type and scope of data processing

We use the "visitor action pixel" of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook") within our Internet presence. The remarketing tag or pixel-code of Facebook was implemented. Facebook and we are jointly responsible for data processing.

The Facebook pixel enables Facebook to determine the visitors of our online offering as a target group for the display of advertising (so-called "Facebook ads"). The tracking of a user can also take place across several websites. We use Facebook pixel in order to display the Facebook advertising placed by us only to those Facebook users who have also shown an interest in our online offering or who exhibit certain features (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called "custom audiences").

The Facebook pixel also enables us to track the effectiveness of Facebook ads for statistical and market research purposes ("Audience Insights") by showing us whether users were referred to our website after clicking on a Facebook ad ("Conversion").

The Facebook pixel is a JavaScript code that sends the following data to Facebook:

  • http header information: including IP address, web browser information, page location, document, web page URL and web browser user agent (computer, smartphone, tablet, other), and date and time of use
  • pixel-specific data: Pixel ID and Facebook cookie data, including Facebook ID (used to associate events with a specific Facebook advertising account to associate them with a Facebook user).
  • additional information about the visit as well as standard and custom data events.

Further information can be found here. We also use the additional function " automatic advanced matching". Data such as first and last name, place of residence, e-mail addresses, telephone numbers or Facebook IDs of the users are transmitted to Facebook in encrypted form for the formation of target groups ("Custom Audiences" or "look alike audiences"). This also includes information from non-Facebook users and from users who are not logged on to Facebook when they visit our website. This can also be used to identify website visitors who have disabled the storage of third-party cookies. If no Facebook cookies are stored in your browser, no classification into one of the user groups referred to as "Custom Audience" will be made. If, however, the Facebook ID contained in the Facebook cookie is assigned to a Facebook user, Facebook assigns this user to a so-called "Custom Audience" according to the rules defined by us.

b) Purpose of data processing

We use Facebook pixels to display the "Facebook ads" that we have placed with Facebook users who have also shown an interest in our online offering or who have certain features that we transmit to Facebook (so-called "custom audiences").

c) Legal basis

The legal basis for the use of Facebook Custom Audience is your consent pursuant to Article 6(1)(a) GDPR.

d) Storage period

The stored data will be deleted as soon as the cookie expires, or you withdraw your consent.

e) Right of withdrawal

The stored data will be deleted as soon as you withdraw your consent by deselecting the selected cookie category "Marketing" under "Change cookie settings".

f) Further information

You can find more information about this here and in the Facebook's Data Policy.

7. Google Tag Manager

We use Google Tag Manager. Google Tag Manager is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, ("Google") that allows marketers to manage website tags through a single interface.         

Google Tag Manager only implements tags. Tags are small elements of code on your website which, among other things, serve to measure traffic and visitor behaviour, to identify the impacts of online advertisement and social channels, use remarketing and targeting and to test and optimize your website. This means: No additional cookies are used. Google Tag Manager triggers other tags, which may collect data. Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level - in particular, if you have opted for the Google Analytics opt-out solution described above or have made the corresponding settings in your browser - it will remain in effect for all tracking tags provided that these are implemented with the Google Tag Manager.

For more information see Google's privacy policy: https://policies.google.com/terms?gl=DE&hl=en

Privacy Policy for Advertising: www.google.de/intl/de/policies/technologies/ads.

8. Data collection for the implementation of pre-contractual measures and for contract fulfilment

a) Type and scope of data processing

In the pre-contractual area and at the conclusion of the contract we collect personal data about you (e.g., first and last name, address, e-mail address, telephone number, bank details.

b) Purpose of data processing

We collect and process this data exclusively for the purpose of contract execution and/or for the fulfilment of pre-contractual obligations.

c) Legal basis

The legal basis for this is Article 6(1)(b) GDPR. The processing of the data serves the fulfilment of a contract or the implementation of pre-contractual measures.

d) Storage period

The data will be deleted as soon as they are no longer necessary for the purpose of their processing.

In addition, statutory retention obligations may exist, such as commercial or tax retention obligations in accordance with the German Commercial Code (HGB) or the German Fiscal Code (AO). If such storage obligations exist, we will block or delete your data at the end of these storage obligations.

9. Registration at ECGBUDDY

a) Type and scope of data processing

On our website you can register so that we can suggest suitable job offers and further education programs. When you register, we collect and store the data you enter in the input mask. The data will not be passed on to third parties.

b) Purpose of data processing

Your registration is required for the use of certain content and services on our website or for the fulfilment of a contract or for the implementation of pre-contractual measures. After registration, you are free to modify the personal data provided at registration at any time or to have it completely deleted from the database of the data controller.

c) Legal basis

Legal basis for the processing is, in the case of consent Article 6(1)(a) GDPR. If your registration serves to prepare a contract, Article 6(1)(b) GDPR serves as an additional legal basis.

d) Storage period      
The data collected during registration will be stored by us as long as you are registered on our website. Legal retention periods remain unaffected.

10. Data transmission

We only pass on your personal data to third parties if

a) you have given your explicit consent to do so in accordance with Article 6(1)(a) GDPR.

b) this is legally permissible and, in accordance with Article 6(1)(b) GDPR, is necessary for the fulfilment of a contractual relationship with you or the implementation of pre-contractual measures.

c) there is a legal obligation under Article 6(1)(c) GDPR for the transfer.

We are legally obliged to transfer data to state authorities, e.g. tax authorities, social security carriers, health insurances, supervisory authorities and law enforcement agencies.

d) the disclosure in accordance with Article 6(1)(f) GDPR is necessary to safeguard legitimate corporate interests and to assert, exercise or defend legal claims, and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.

e) we use external service providers (so-called processors) to process personal data in accordance with Article 28(3) GDPR. These processors have been carefully selected by us and are obliged by a data processing agreement to handle personal data in accordance with data protection regulations.

We use such external service providers in the following areas:

  • IT
  • marketing

When transferring personal data to so-called third countries, i.e. outside the EU or EEA, we ensure that your personal data is treated with the same care as within the EU or EEA. We only transfer personal data to third countries where the EU Commission has confirmed an adequate level of data protection or where we have ensured the careful handling of personal data by contractual agreements or other suitable guarantees.

11. Contact form

a) Type and scope of data processing

On our website we allow you to send us messages via our contact form.

When you use our contact form, you can voluntary enter your e-mail address. We can only contact you using the contact details you provide. Unless you provide us with contact information, we will not be able to respond to your request.

b) Purpose of data processing

If you send us a message via our contact form, we will store and use your data as far as we need it to process your message, e.g. to answer your inquiry or to fulfill your information request.

c) Legal basis

If your request serves the preparation or conclusion of a contract with us, we process your personal data in accordance with Article 6(1)(b) GDPR. Otherwise Article 6(1)(f) GDPR is the relevant legal basis. Our legitimate interest for processing your personal data lies in the response to your message.

d) Storage period

Your data will be deleted after final processing of your message, unless you have given us your consent, on the basis of which we are entitled to store and use your data beyond this.

Mandatory legal provisions - in particular retention periods according to the German Commercial Code (HGB) or the German Fiscal Code (AO) - remain unaffected by this.

12. Contact options by e-mail

a) Type and scope of data processing

You can contact us by e-mail. Our data collection is limited to the e-mail address of the e-mail account used by you to contact us as well as to the personal data provided by you in the course of contacting us. If you send us an e-mail without encryption, the e-mail is not protected against unauthorized access or modification by third parties during transmission.

b) Purpose of data processing

The purpose of data processing is to be able to answer your request appropriately.

c) Legal basis

The legal basis for this is Article 6(1)(f) GDPR. There is a legitimate interest in the processing of the above-mentioned personal data in order to be able to process your request appropriately, e.g. to answer your inquiry or to fulfil your request for information.

d) Storage period      

The duration of the storage of the above-mentioned data depends on the background of your contact. Your personal data will be deleted on a regular basis if the intended purpose of the communication ceases to apply and storage is no longer necessary. This may result, for example, from processing your request.

13. Newsletter

a) Type and scope of data processing

On our website you can subscribe to a free regular e-mail newsletter. In order to send you the newsletter regularly, we need your e-mail address.

In connection with the newsletter distribution, your data will be forwarded to our newsletter service provider. Beyond this, your data will not be passed on to third parties.

For the newsletter distribution, we use the so-called double opt-in procedure.

This means that we will only send you an e-mail newsletter if you have explicitly confirmed your consent to the dispatch of the newsletter. We will then send you a confirmation e-mail asking you to click on a link to confirm that you wish to receive newsletters from us in the future.

This is to ensure that only you yourself, as the owner of the e-mail address provided, can subscribe to the newsletter. Your confirmation must take place promptly after receipt of the confirmation e-mail, otherwise your newsletter registration will be automatically deleted from our database.

When you subscribe to the newsletter, we collect and store the data you enter in the input mask (e.g. last name, first name, e-mail address). When you register for the newsletter, we also save your IP address entered by your Internet Service Provider (ISP) as well as the date and time of registration, in order to be able to trace possible misuse of your e-mail address at a later time. In the confirmation mail sent for control purposes (double opt in the e-mail) we also save the date and time of the click on the confirmation link and the IP address entered by the Internet Service Provider (ISP).

b) Purpose of data processing

The data collected by us when registering for the newsletter will be used exclusively for the purpose of sending you the requested newsletter.

c) Legal basis

The processing of your e-mail address for the newsletter dispatch is based on the declaration of consent voluntarily submitted by you in the following and revocable at any time in the future in accordance with Article 6(1)(a) GDPR and § 7(2)(3) UWG (German law against unfair competition).

In addition, we process your personal data to document your consent (Article 6(1)(c) GDPR).

d) Storage period

Your e-mail address will be stored as long as you have subscribed to the newsletter. After you have unsubscribed from the newsletter, your e-mail address will be deleted, unless you have explicitly consented to further use of your data.

14. Linking to social networks

We link our website to our social media platforms.

Therefore, we have linked a graphic of the respective network. When calling our website, there is no automatic connection to the respective server of the social network. The respective provider or operator of the pages is always responsible for the contents of the linked pages.

Only by clicking on the corresponding graphic you will be forwarded to the service of the respective social network.

Here the following data is processed by the respective network:

  • IP address
  • date, time
  • Visited website

If you are logged in to your user account for the respective network during this time, the network operator may be able to assign the information collected during the visit to the user's personal account.

If you interact via a "share" button of the respective network, this information can also be stored in the user's personal user account and published if necessary. If you want to prevent the collected information from being directly assigned to your user account, the user must log out of the respective social network before clicking on the graphic.

You can also configure the respective user account accordingly.

We include the following social networks on our website by linking to them:

  • Facebook

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Further information can be found in the privacy policy: https://www.facebook.com/policy.php

  • Instagram

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Further information can be found in the privacy policy: https://help.instagram.com/519522125107875

  • Youtube

Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland

Further information can be found in the privacy policy: https://www.youtube.com/static?template=terms

15. Data security and security measures

We are committed to protecting your privacy and treating your personal data confidentially. For this prupose, we take extensive technical and organisational security precautions, which are regularly checked and adapted to technological progress. 

These include the use of recognised encryption procedures (SSL or TLS). Unencrypted data, e.g. when sent by unencrypted e-mail, may be read by third parties. We have no influence on this. It is the responsibility of the respective user to protect the data provided by him/her against misuse by means of encryption or in any other way.

16. Your rights (as a data subject)

Here you will find your rights regarding your personal data. Details of this are set out in Articles 7, 15-22 and 77 of the GDPR. You can contact the controller (Section 2) or the data protection officer (Section 3) in this regard.

a) Right to withdraw your data protection consent in accordance with Article 7(3) GDPR

         You can withdraw your consent to the processing of your personal data at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

b) Right of access according to Article 15 GDPR in conjunction with § 34 BDSG

         You have the right to request confirmation as to whether we process personal data concerning you. If this is the case, you have the right to be informed about your personal data and to receive further information, e.g. the purposes of processing, the categories of personal data processed, the recipients and the planned duration of storage or the criteria for determining the duration.

c) Right to rectification and completion under Article 16 GDPR

         You have the right to demand the correction of incorrect data without delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete data.

d) Right to erasure ("right to be forgotten") in accordance with Article 17 GDPR in conjunction with § 35 BDSG

         You have the right of erasure, as far as the processing is not necessary.
This is the case, for example, if your data are no longer necessary for the original purposes, if you have withdrawn your declaration of consent under data protection law or if the data was processed unlawfully.

e) Right to restriction of processing in accordance with Article 18 GDPR

         You have the right to limit the processing, for example if you believe that personal data is incorrect.

f) Right to data portability according to Article 20 GDPR

         You have the right to receive personal data concerning you in a structured, common and machine-readable format.

g) Right to object according to Article 21 GDPR

         You have the right to object at any time for reasons arising from your particular situation to the processing of certain personal data concerning you.

         In the case of direct marketing, you, as the data subject, have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing, including profiling, insofar as it relates to such direct marketing.

h) Automated individual decision-making, including profiling in accordance with Article 22 GDPR

         You have the right not to be subject to a decision based solely on automated processing, including profiling, except in the exceptional circumstances referred to in Article 22 GDPR.

         You will not be subject to a decision based solely on automated processing of your data, including profiling (Article 13(2)(f) GDPR, Articles 22(1) to (4) GDPR, Article 4(4) GDPR, Articles 22(1) to (4) GDPR in conjunction with § 37 BDSG), which would have legal effect on you or would have a similarly significant adverse effect on you.

i) Right to lodge a complaint with a data protection supervisory authority according to Article 77 GDPR

         You can also lodge a complaint with a data protection supervisory authority at any time, for example if you believe that data processing is not in compliance with data protection regulations.

Competent supervisory authority:

Berliner Beauftragte für Datenschutz und Informationsfreiheit         
Friedrichstraße 219     
10969 Berlin    
Telephone: 030/13 88 9-0       
Telefax: 030/21 55 050
Email: mailbox@datenschutz-berlin.de

17. Changes to this privacy policy 

Our privacy policy serves the fulfilment of legal information duties. We update our data protection declaration as far as this becomes necessary.

`