GDPR

 

This is the declaration to data protection of Caresyntax GmbH (following: “Caresyntax”). It is valid for the offer described at www.caresyntax.com and is directed towards all of its users. It is also valid for all visitors of the website, persons who got into contact with Caresyntax and are interested in cooperation with Caresyntax as well as cooperation partners.

We take the protection of your personal data very seriously. So we use them solely according to the DSGVO (GDPR) and other national data protection laws. This is necessary to offer a functional website, together with our contents and performances.

In principle, personal data is only processed with your explicit permission, except when such a permission cannot be obtained, due to special reasons of if the processing is lawful.

It is lawful if at least one condition of Art. 6 para. 1 GDPR is fulfilled. We delete your data as soon as the purpose to record them is not applied or a legally required deadline (usually 7 days) is exhausted. It is possible to disagree further data processing at any time. Please send us a written revocation via mail or e-mail.

1. Logfiles

If you enter our website, our system automatically collects data and information of your computer. This includes

  • IP-address of the requesting computer
  • date and time of the visit
  • name and URL of the end of file
  • website origin (referrer-URL)
  • used browser and, if applicable, your computer operating system as well as the name of your access provider.

This data is collected in the logfiles of our system. We do not connect this data with other users’ personal data. The collection of the logfiles ensures the functional capability of our website, optimizes it and makes our informational/technical systems more secure. We do not use them for marketing purposes.

These are the reasons for our legitimate interest on data processing according to Art. 6 para. 1 lit. f GDPR. The collected data will be deleted as soon as their purpose is fulfilled. This is the case if the data is necessary to provide our website and their purpose is fulfilled when the session is closed. Because of the necessity of the logfiles for providing the website there is no possibility for you to revoke.

2.Cookies

On our website we use so-called “cookies”, text files which are stored on your terminal. Some of them – so-called session-cookies – are deleted when you close your browser. Other cookies are retained on your terminal and offer us – and others – to recognize your browser at a later use of our website (persistent cookies). Set cookies are processed individually and collect data eg as browser and position data as well as IP addresses. Persistent cookies are deleted automatically after a prescribed time.

Cookies are used to create our website more attractive and to enable the use of certain functions. As fas as we use persistent cookies for processing of personal data it is according to Art. 6 para.1 lit. f GDPR based on contract purposes or legally regarding our legitimate interest to offer a user-optimized website.

You can install your browser in a way that you are informed about setting of cookies so that you can bloc them particularly or generally exclude their acceptance in certain cases.

3.Use of Google Analytics

We use Google Analytics, a web analysis service of Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre parkway, Mountain View, CA 94043, USA; further: “Google”). Google Analytics uses so-called “cookies”, text files that are recorded on the users’ computer to offer an overview on the use of the website regarding information as:

– Browser type /version

– Operating system

– Referrer URL (previous site used)

– Host name of the visiting computer (IP address)

– Time of server request

Usually this information is transmitted to a Google server in the USA and stored there on a website with activated IP-anonymization. That means an abbreviation of the users’ IP address from members of EU states or other contracting states. Only exceptionally the complete IP address is transmitted to Google / USA and shortened then. On behalf of the website operator Google uses this information to evaluate the users’ website, to collect website activities and to offer further services regarding use of website or internet in general towards the website operator. Google Analytics does not connect your IP address (transmitted by your browser) with other Google data. With the help of appropriate setting of the browser software user can prevent a retaining of the cookies. This often – however – implies that if so the users are not able to use all website functions to the full extent. Besides that users can avoid Google’s processing of their data via installing of the browser plug-in of the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Alternatively to the browser-add-on or within browsers of mobile equipments please click this link to avoid further compilation on this website by Google Analytics. If you deleted your cookies you have to click his link again. For further Information regarding using conditions and data protection see http://www.google.com/analytics/terms/de.html  resp. https://www.google.de/intl/de/policies/. Google Analytics uses this supply also to evaluate data from AdWords and double-click-cookies statistically. If users do not agree they can deactivate it by using the notification manager (http://www.google.com/settings/ads/onweb/?hl=de).

4.Social Plug-ins

4.1.Facebook Plug-in

Our website contains plug-ins from Facebook, 1601 South California Ave, Palo Alto, CA 94304, USA. Facebook is a social network. You can recognize the respective plug-in at the logo of Facebook or the “like-button”. An overview of all Facebook plug-ins can be seen at: http://developers.facebook.com/docs/plugins)

As soon as you visit our website the Facebook plug-in produces a direct connection between your internet browser and the servers of Facebook and so Facebook is informed about your IP-address visits our website. If you are logged in at Facebook, via using the “like-button” you can link the content of our website to your Facebook profile. That enables Facebook to connect your visit on our website with your Facebook account. We as provider of our website are not informed about the content of transmitted data resp. their use. The following link informs you: http://de-de.facebook.com/policy.php

If you are member of Facebook but do not want Facebook to get data about you via our website and connects them, you have to log off at Facebook before visiting our website.

4.2.LinkedIn

On the Caresyntax website you will find plug-ins of the social network LinkedIn, resp. of the LinkedIn Corporation, 20239 Stierlin Court, Montain View, CA 94043, USA (“LinkedIn” as follows). You can recognize the plug-ins of LinkedIn at the corresponding logo or “recommend-button”. Please be aware that the plug-in connects your browser and the LinkedIn server by visiting our website. So LinkedIn is informed about visiting our website with your IP address. If you click the “recommend-button” of LinkedIn and are logged in at LinkedIn, you are able to connect contents from the Caresyntax website to your LinkedIn profile. So you enable LinkedIn to allocate your visit on our website to your user account. Please note that we are not informed about the content of the transmitted data and their use by LinkedIn. For further information on data collection and your legal possibilities as well as options for setting please see: http://www.linkedin.com/static?key=privacy_policy&trk=hb_ft_priv.

4.3.Twitter

The website of Caresyntax uses so called Social Plugins (“Plugins”) from the micro blogging service Twitter, which is operated by the Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”). These plugins are labelled with the service’s logo, for example a blue “Twitter bird”.
If a page including such plugin of Caresyntax’s website is opened, the browser automatically establishes a connection to Twitter’s servers. The plugin’s content is transferred directly from Twitter to the browser and incorporated into the page. Through this incorporation, Twitter gains the information, that your browser visited the regarding page of our website, even if the User is not registered at Twitter or is not logged into his or her Twitter account. This information (including the IP-address) is transferred directly by the browser to one of Twitter’s servers in the US and stored there. If the user is logged into his or her Twitter account, Twitter is able to associate the visit of Caresyntax’s website with the Twitter account. When interacting with the plugins, for example pressing the “Tweet”-button, the respective information is transferred directly to Twitter’s servers and stored there. This information is also published on the user’s Twitter account and is visible to the accompanying contacts.
Purpose and extent of the data collection plus further processing and usage of said data through Twitter, as well as rights and setting options for privacy protection of the user are found in the data privacy statement of Twitter: https://twitter.com/privacy
If you do not wish Twitter to associate data collected through our website to a twitter account, you have to log out of Twitter before visiting our website.

4.4.YouTube

Our website uses plugins from the website YouTube, which is operated by Google. Operator of said website is the YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages that includes a YouTube plugin, a connection is automatically established to YouTube’s servers. In this process, YouTube is informed which pages of our website have been visited by you. If you are logged into your YouTube account, YouTube is able to connect your surfing behaviour to your personal profile. To prevent this, you must log out of your YouTube account before visiting our website. The usage of YouTube takes place on behalf of an appealing depiction of our online offerings. This is a legitimate interest in terms of Art. 6 para. 1 lit. f DSGVO.
Further information regarding YouTube’s handling of user data can be found in the data privacy statement of YouTube under: https://google.de/intl/de/policies/privacy.

5.Contact form

Caresyntax provides a contact form on its website for users to get into contact with us. If they do so, we collect the data from the input mask (name and e-mail address). The processing of this information is only to get into contact and therefore voluntarily. As soon as possible the data will be deleted when they are no more necessary. The conversation is closed when it is evident that the circumstances are completed. Users are able at any time to revoke their permission, send an e-mail to datenschutz@caresyntax.com.

All data collected during getting into contact will be deleted then. But please note that thereafter we will not be able to continue the conversation.

6.Data integrity and security

To protect personal data from users of Caresyntax offers is an important component of the Caresyntax business philosophy. So they are preserved by technical, physical and administrative measures from loss, abuse and change. But an element of risk remains as always when personal data is sent or received via internet.

7.Data subject rights

The applicable data protection law grants users as data subject to the controller comprehensive data subject rights (information and intervention rights):

Right to confirmation, Art. 15 para. 1 sentence 1 GDPR

The data subject has the right to ask the controller for a confirmation of the processing of the personal data concerned.

Right to information, Art. 15 para. 1 sentence 2 GDPR

If the personal data of the data subject are processed, they have the right to inform about this personal data and to the following information:

  1. the processing purposes;
  2. the categories of personal data being processed;
  3. the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular to recipients in third countries or to international organizations;
  4. if possible, the planned duration for which the personal data are stored or, if this is not possible, the criteria for determining that duration;
  5. the existence of a right to rectification or erasure of the personal data concerning them, or to the restriction of processing by the controller or a right to object to such processing;
  6. the existence of a right of appeal to a supervisory authority;
  7. if the personal data are not collected from the data subject, all available information on the source of the data;
  8. the existence of automated decision-making including profiling as referred to in art. 22 para. 1 and 4 GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.

Right to correction and completion, Art. 16 GDPR

The data subject has the right to demand from the person responsible without delay the correction of incorrect personal data concerning him.

In consideration of the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary statement.

Right to cancellation (right to be forgotten), Art. 17 GDPR

The data subject has the right to require the person responsible to delete personal data concerning him or her without delay, and the person responsible is obliged to delete personal data immediately, if one of the following reasons applies:

  1. The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. The data subject withdraws the consent on which the processing referred to in Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR was based and lacks any other legal basis for the processing.
  3. The data subject shall object to the processing in accordance with Art. 21 para. 1 GDPR and there are no legitimate grounds for processing, or the data subject shall submit, in accordance with Art. 21 para. 2 GDPR.
  4. Objection to the processing.
  5. The personal data were processed unlawfully.
  6. The erasure of personal data is necessary to fulfill a legal obligation under Union or national law to which the controller is subject.
  7. The personal data were collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.

However, the above does not apply if the processing is done for legal purposes.

Right to restriction of processing, Art. 18 GDPR

The data subject has the right to require the controller to restrict the processing if one of the following conditions is met:

  1. the accuracy of the personal data is disputed by the data subject for a period allowing the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and the data subject refuses to delete the personal data and instead requests the restriction of the use of the personal data;
  3. the controller no longer needs the personal data for the purposes of the processing, but the data subject requires them to assert, exercise or defend legal claims; or
  4. the person concerned has lodged an objection to the processing referred to in Art. 21 para. 1 GDPR, pending determination of whether the legitimate grounds of the controller prevail over those of the data subject.

Therefore, if the processing has been restricted, these personal data may only be stored with the consent of the data subject or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for important public interest Union or a Member State.

An affected person who has restricted processing will be notified by the controller before the restriction is lifted.

Right to Data Transferability, Art. 20 GDPR

The data subject has the right to receive personal data relating to him or her provided to a controller in a structured, common and machine – readable format and has the right to transfer that information to another person, without interference from the controller to whom personal data provided if:

  1. the processing is based on a consent in accordance with Art. 6 para. 1 lit. a GDPR or Art.9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR; and
  2. the processing is done using automated procedures.

In exercising their right to data portability, the data subject has the right to obtain the personal data to be transferred directly from one controller to another responsible party where technically feasible.

Right to objection, Art. 21 GDPR

The data subject has the right at any time, for reasons arising from his / her special situation, against the processing of personal data relating to him / her which, pursuant to Art. 6 para. 1 lit. e and f GDPR, to object; this also applies to profiling based on these provisions. The controller no longer processes the personal data unless he can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or the processing is for the purpose of enforcing, pursuing or defending legal claims.

Right to revoke the consent granted, Art. 7 para. 3 GDPR

The data subject has the right to withdraw their consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation. The data subject will be informed before the consent is given. The revocation of consent must be as simple as the granting of consent.

Right to appeal, Art. 77 para. 1 GDPR

Without prejudice to any other administrative or judicial remedy, any data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of the habitual residence, place of work or place of alleged infringement, if the data subject considers that the processing concerns him / her personal data breaches this Regulation.

8.Controller

Caresyntax GmbH

Komturstraße 18A

12099 Berlin

+49 (0)30 71302970

Represented by: Dennis Kogan, Björn von Siemens

Data protection officer:

datasecurity@caresyntax.com

Current status: February 2019

 

Disclaimer

Transparency in Coverage (US Only):
UnitedHealthcare creates and publishes the Machine-Readable Files on behalf of Caresyntax Corp. To access the Machine-Readable Files, please click here.