The protection of your privacy as well as the security of all patient and business data during the processing of personal data is an important concern for us, which we consider in our processes. Here we inform you in detail about how we handle your data.
Controller according to Art. 4 para. 7 EU-General Data Protection Regulation (GDPR)
IRS Holding GmbH
Halstenbeker Weg 96b
Telefon: +49 4101 78 920
Data protection officer of the controller
IRS Holding GmbH
Dr. Ralf W. Schadowski
Halstenbeker Weg 96b
1. Rights of the data subject (Art. 15. GDPR)
In the following, we will inform you about your data subject rights. You can exercise these rights at any time and contact us directly for this purpose. If you request these rights from us, we will examine them in detail, considering the associated legal requirements and conditions. If necessary, we will request further information from you. We will explain the results of our examination and our procedure for fulfilling your request to you in detail. It is possible that we will not be able to fully comply with your requests in the way you would like.
This should not prevent you from claiming your rights from us or from inquiring with us in this regard. We will be happy to answer any questions you may have.
a) Right of access (Art. 15 GDPR)
In accordance with the law, you have the right to request information from us at any time as to whether and which of your personal data is being processed by us. This also includes information on the purposes of processing, if applicable, recipients to whom we have disclosed your data, the planned storage period and, if applicable, information on the origin of this data if we have not collected it directly from you. In addition, you have the right to a one-time free copy of your personal data stored by us. We reserve the right to charge a reasonable administrative fee for making the following copies.
b) Right of rectification (Art. 16 GDPR)
You have the right to request us to correct any inaccurate data we have stored about you. This also includes the right to have incomplete personal data completed.
c) Right to erasure (Art. 17 GDPR)
You have the right to request us to delete data that we have stored about you. If we have published data about you, this also includes our obligation, within the framework of the "right to be forgotten" pursuant to Article 17 (2) of the GDPR, to forward your request to delete all links to this data and copies or replications of this data to other controllers of this published personal data, considering available technology and implementation costs.
d) Right to restriction of processing (Art. 18 GDPR)
You have the right to demand that we restrict the processing of data that we have stored about you. After that, processing of this data is only possible with your consent or for a few legally defined purposes.
e) Right to object to processing (Art. 21 GDPR)
Insofar as we base the processing of your personal data on the balance of interests, you can object to the processing. This is the case if the processing is not necessary, in particular, for the performance of a contract with you, which is shown by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adjust the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.
Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your advertising objection via the contact channels listed above.
f) Right to revoke consent under data protection law (Art. 7 GDPR)
If you have given your consent to the processing of your data, you may revoke it at any time in accordance with Article 7 (3) of the GDPR. Such revocation affects the permissibility of processing your personal data after you have expressed it to us.
g) Right to data portability (Art. 20 GDPR)
You have the right to receive from us personal data that you have provided to us in a structured, common and machine-readable format for the purpose of transferring it to another controller. At your request and taking into account the available technical possibilities, this also includes direct transfer from us to the other responsible party.
h) Right of appeal to a supervisory authority (Art. 13 GDPR)
You have the right to lodge a complaint about our processing of data relating to you with a data protection supervisory authority at any time. You can reach the responsible data protection authority at: Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein, Postfach 71 16, 24171 Kiel, www.datenschutzzentrum.de
i) Automated decision-making including profiling (Art. 22 GDPR)
You have the right to obtain information about the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
2. legal basis for the processing of personal data (Art. 6 GDPR)
(1) Insofar as we obtain the consent of the data subject for processing operations involving personal data, this shall be based on the legal basis of Art. 6 (1) a of the EU General Data Protection Regulation (GDPR).
(2) When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
(3) Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) c GDPR serves as the legal basis.
(4) In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) (d) GDPR shall serve as the legal basis.
(5) If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 (1) (f) GDPR shall serve as the legal basis for the processing.
3. information about the collection of personal data
(1) In the following, we inform you about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g., name, address, e-mail addresses, user behaviour.
(2) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are legal retention obligations.
(3) If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. In doing so, we will also state the defined criteria for the storage period.
Collection of personal data when visiting our website
In the case of mere informational use of the website, i.e., if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis for this is Art. 6 para. 1 p. 1 lit. f GDPR):
- Browsertype and Browser Version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the Server Request
4. Data deletion and storage duration
(1) The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage expires.
(2) Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject.
(3) Data shall also be blocked or deleted if a storage period prescribed by the standards expires unless there is a need for further storage of the data for the conclusion or performance of a contract.
Our internet pages use so-called "cookies". Cookies are small text files and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.
In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behaviour or to display advertising.
Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions you have requested (functional cookies, e.g. for the shopping cart function) or to optimise the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 (1) lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies has been requested, the storage of the cookies in question is based exclusively on this consent (Art. 6 para. 1 lit. a GDPR); consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you separately about this within the framework of this data protection declaration and, if necessary, request your consent.
a) Cookie consent with Usercentrics
This website uses the cookie consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your terminal device or to the use of certain technologies and to document this in accordance with data protection law. The provider of this technology is Usercentrics GmbH, Rosental 4, 80331 Munich, website: usercentrics.com/de/ (hereinafter "Usercentrics").
When you enter our website, the following personal data is transferred to Usercentrics:
- Your consent(s) or the revocation of your consent(s)
- Your IP-Address
- Information about your browser
- Informationen about your Device
- Time of your visit to the website
Furthermore, Usercentrics stores a cookie in your browser in order to be able to allocate the consents granted to you or their revocation. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.
Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.
6. Further functions & offers of our company website
(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you must usually provide additional personal data that we use to provide the respective service and for which the data processing principles apply. Mandatory data is marked with an asterisk. Information in fields not marked in this way is purely voluntary.
(2) When you contact the service provider by e-mail, your e-mail address and, if you so indicate, your name, telephone number and [...] will be stored by us to answer your questions.
(3) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions, and are regularly monitored.
(4) Furthermore, we may pass on your personal data to third parties if we offer promotions, competitions, contracts or similar services together with partners. You will receive more information about this when you provide your personal data or below in the description of the offer.
(5) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer.
a) Contact form
If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b of the GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested.
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your enquiry). Mandatory legal provisions - in particular retention periods - remain unaffected.
b) Inquiry by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested.
The data you send us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
7. Third-party services
The legal basis for the use of locally deployed web analysis tools is Art. 6 para. 1 p. 1 lit. f GDPR, i.e., the protection of our legitimate interests in consideration of the interests of our website visitors. Our interest is the analysis of the use of our website by our website visitors, to improve our offer and to make it more interesting for you as a user. If the analysis tool used also serves other purposes or we use it for other interests, we will inform you about this directly in the explanations for the respective analysis tool.
The legal basis for the use of third-party providers to perform web analytics is based on Art. 6 para. 1 p. 1 lit. a.
a) Google Analytics
(1) This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
(2) Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, length of stay, operating systems used and the origin of the user. This data may be summarised by Google in a profile that is assigned to the respective user or their end device.
(3) Furthermore, Google Analytics may record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modelling approaches to supplement the collected data sets and uses machine learning technologies in the data analysis.
(4) Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.
(5) The use of this analysis tool is based on Art. 6 para. 1 lit. a GDPR. Your consent is obtained through the cookie banner used.
(6) Data transfer to the USA is based on the standard data protection clauses of the EU Commission. Details can be found here: privacy.google.com/businesses/controllerterms/mccs/.
(7) We have activated the IP anonymisation function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
b) Google Maps
(1) On this website, we use the Google Maps service by displaying interactive maps directly on our website and enabling you to use the map function conveniently. The legal basis for the use of the plug-in is Art. 6 para. 1 p. 1 lit. a GDPR. Consent is given through your selection in the cookie banner.
(2) By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. This occurs regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
c) Google Web Fonts
(1) This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. A connection to Google servers does not take place. This constitutes a legitimate interest within the meaning of Article 6 (1) (f) of the GDPR.
(2) If your browser does not support web fonts, a standard font from your computer will be used.
d) Google Tag Manager
(1) We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
(2) The Google Tag Manager is a tool with the help of which we can integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it. However, the Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States.
(3) The use of the Google Tag Manager is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in a quick and uncomplicated integration and management of various tools on his website. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of Processing
The marking of stored personal data with the aim of limiting their processing in the future.
Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law
A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
The data subject any freely given specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to personal data relating to him or her being processed.
Last update: 31.05.2021