+49 (0) 30 – 86 09 86 0

Privacy Policy Pursuant to Art. 13 EU GDPR

As the operator of this website we take the protection of your personal data very seriously, treat it confidentially and in accordance with the current statutory data protection regulations and the present Privacy Policy. Hereinafter we inform you in accordance with Article 13 of the EU General Data Protection Regulation (GDPR) on the processing of your personal data (hereinafter referred to as “data”).

1. Definition

The following Privacy Policy is based on the terms used by the European Regulatory Authori-ty when issuing the EU GDPR. In order to ensure easy readability and comprehensibility, we would like to explain in advance the terminology used.
In the present Privacy Policy we use, among others, the following terms:

a) Personal data
Personal data is any information relating to an identified or identifiable natural person (herein-after “data subject”). A natural person is considered to be identifiable if he/she can be identi-fied, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, which express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.

b) Data subject (user)
Data subject is any identified or identifiable natural person whose personal data is processed by the controller.

c) Processing
Processing is any operation or series of operations, with or without the aid of automated pro-cedures, related to personal data, such as collecting, registration, organizing, sorting, storing, adapting or modifying, reading, querying, using, disclosure by transferring, dissemination or any other form of provision, matching or association, restriction, deletion or destruction.

d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim to restrict their future processing.

e) Profiling
Profiling is any kind of automated processing of personal data that consists in using that per-sonal information to evaluate certain personal aspects relating to a natural person, in particu-lar, to analyse or predict aspects relating to job performance, economic situation, health, per-sonal preferences, interests, reliability, behaviour, whereabouts or relocation of that natural person.

f) Pseudonymisation
Pseudonymisation is the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without using some additional information, pro-vided that such additional information is kept separate and subject to technical and organiza-tional measures to ensure that the personal data is not assigned to an identified or identifiable natural person.

g) Controller or the person responsible for processing
Controller or the person responsible for processing is the natural or legal person, public au-thority, agency or other body that, alone or in concert with others, decides on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by the Union law or the law of the Member States, the controller and/or spe-cific criteria for his/her designation may be provided for under the Union law or the law of the Member States.

h) Processor
Processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

i) Recipient
Recipient is a natural or legal person, public authority, agency or other entity to whom person-al data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under the Union or the law of the Member State in connection with a particular investigation mandate are not considered as recipients.

j) Third party
Third party is a natural or legal person, public authority, agency or entity other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.

k) Consent
Consent is any declaration of will by the data subject, voluntarily given and unambiguously expressed in the form of a statement or other unambiguous confirmatory act, by which the data subject indicates that they consent to the processing of the personal data relating to him/her.

2. Controller

Prof. Dr. Frank-Werner Peter
Klinik am Wittenbergplatz – Plastische Chirurgie
Bayreuther Str. 36
10789 Berlin

Phone: +49 (0) 30 – 86 09 86 0
Fax: +49 (0) 30 – 86 42 33 36
E-Mail: info@beauty-pro.de

3. General Information About Data Processing

a) Scope of data processing
Generally, we process personal data of our users only insofar as this is necessary to provide a functioning website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent can not be obtained for actual reasons and the processing of the data is permitted by law.

b) Legal basis for the data processing
Insofar as we obtain the data subject’s consent for processing of personal data, Art. 6 Sec. 1 lit. a General Data Protection Regulation (EU GDPR) is used as legal basis.

For the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 Sec. 1 lit. b EU GDPR is used as legal basis. This also applies to processing operations required to carry out pre-contractual actions. Insofar as processing of personal data is required to fulfil a legal obligation that our company is subject to, Art. 6 Sec. 1 lit. c EU GDPR is used as legal basis.

In the event that vital interests of the data subject or another natural person require the pro-cessing of personal data, Art. 6 Sec. 1 lit. d EU GDPR is used as legal basis. If the processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the afore-mentioned interest, Art. 6 Sec. 1 lit. f EU-GDPR is used as legal basis for processing.

c) Duration of processing
We only process your data for as long as it is necessary to fulfil the contract, to maintain our relationship or in accordance with applicable legal provisions.

There are different retention periods for the storage of business documents. According to the Tax Code, data with tax relevance usually has a retention period of 10 years, other data ac-cording to the provisions of the German Commercial Code – 6 years.

As long as you do not object, we shall use your information to our mutual benefit within the framework of our trusting relationship.

If you wish your data to be deleted, we shall carry out the deletion immediately, as far as the deletion does not conflict with legal storage requirements.

4. SSL Encryption

This website uses SSL (Secure Socket Layer) encryption to transfer data from your browser to our server and to servers that provide files that we incorporate on our website. You can recognize the presence of SSL encryption by the text prefix “https” in front of the address of the web page that you open in the browser.

5. Contact Form and E-mail Contact

a) Description and scope of data processing
A contact form is available on our website, which can be used for electronic contact. If a user realizes this option, the data entered in the input mask will be transmitted to us and saved. Those data include:

– Name
– E-mail address
– Phone number
– Time of request

For the processing of the data, your consent is obtained during the sending process and ref-erence is made to the present Privacy Policy.

Alternatively, contact via the provided e-mail address is possible. In this case, the user’s per-sonal data transmitted by e-mail will be stored.

In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing of the conversation.

b) Legal basis for data processing
The legal basis for the processing of data after the user has provided his/her consent is Art. 6 Sec. 1 lit. a EU GDPR.

The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6 Sec. 1 lit. f EU GDPR. If the e-mail contact aims to conclude a contract, then Art. 6 Sec. 1 lit. b EU GDPR is the additional legal basis for the processing.

c) Purpose of data processing
The processing of the personal data from the input form serves us only to process the con-tact. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

d) Duration of storage
The data will be deleted as soon as they are no longer required for the purpose of their collec-tion. For the personal data from the input form of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.

The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.

e) Possibility to object and remove
The user has the possibility at any time to revoke his/her consent to the processing of the per-sonal data. If the user contacts us via e-mail, he/she may object to the storage of his/her per-sonal data at any time. In such a case, the conversation can not continue. All personal data stored in the course of contacting will be deleted in this case.

6. Google Analytics

a) Scope of data processing
We use Google Analytics, a web analytics service provided by Google Inc., 1600 Amphithea-ter Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies” (text files) which are stored on the user’s computer. The information generated by these cookies (time, location and frequency of website visits) is as a rule transmitted to and stored by Google on a server in the USA. Google will use this information for the purpose of evaluating the use of the website, compiling reports on the activities on the website and providing the website operator with other services related to the website use of the internet.

We use Google Analytics with the extension “anonymizeIp”. Thus, the IP address of the user within the member states of the European Union or in other contracting states of the Agree-ment on the European Economic Area will be shortened and thereby anonymized before be-ing transmitted to Google. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. For these exceptional cases in which personal data are transferred to the USA, Google is submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US Framework.

The IP address provided by your browser within the framework of Google Analytics will not be merged with other Google data.

b) Legal basis for data processing
The legal basis for the processing of the user’s personal data is Article 6 Sec. 1 lit. f EU GDPR.

c) Purpose of data processing
The processing of the users’ personal data enables us to analyse the use of our website. This helps us to constantly improve the content of our website and its user-friendliness. For these purposes, our legitimate interest in the processing of data is regulated according to Art. 6 Sec. 1 lit. f EU GDPR. The anonymization of the IP address sufficiently takes into account the in-terest of users in their protection of personal data.

d) Duration of storage
By default, sessions will end after 30 minutes of no activity and campaigns after six months. The duration of campaigns can be maximum two years.

e) Possibility to object and remove
Cookies are stored on the computer of the user and transmitted by it to us. Therefore, you as user have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full.

Users can also prevent collection by Google Analytics by clicking on the following link:
Google Analytics deactivation

An opt-out cookie will be set which prevents the future collection of your data when you visit this website. If the user deletes the corresponding cookie in the meantime from his own sys-tem, he/she must set the opt-out cookie again.

For more information about Terms of Service and Privacy, see http://www.google.com/analytics/terms/de.html and/or https://www.google.de/intl/de/policies/.

7. Google+

a) Scope of data processing
We have integrated the Google+ button as a component on our website. Google+ is a social network (an internet-based social meeting point where friends, acquaintances or strangers with the same interests meet and network digitally). Google+ is operated by Google Inc. (1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA).

Each time you visit an individual page on our website that incorporates a Google+ button, the Internet browser on the user’s computer system is automatically prompted by the respective Google+ button to download a representation of Google’s corresponding Google+ button. This provides Google with information about which specific subpage of our website is visited by the user. For more information about Google+ visit https://developers.google.com/+/ .

If the user is logged in to Google+ at the same time, with each visit to our website by the user during the entire duration of the user’s stay on our website Google recognizes which specific subpage of our website the user visits. This information is collected by Google+ Button and assigned by Google to the user’s Google+ account.

If the user confirms a Google+ button integrated on our website and thereby makes a rec-ommendation, Google assigns this information to the user’s personal Google+ user account and stores this personal data. A Google+ recommendation made by the user on our website is stored and processed together with other personal information, such as the name of the Google+ account used by the user and the photo stored in other services, such as the search engine results of the Google search engine, the user’s Google Account, or at other places, for example on websites or in connection with advertisements. Furthermore, Google is able to link the visit to this website with other personal data stored on Google.

Google always receives information about visiting our website via the Google+ button when-ever the user is logged in to Google+ at the time of accessing our website. It is irrelevant whether the user clicks on the Google+ button or not.

Additional information and Google’s privacy policy can be found at https://www.google.de/intl/de/policies/privacy/.

Additional information from Google with respect to the Google +1 button can be found at https://developers.google.com/+/web/buttons-policy .

b) Legal basis for data processing
The legal basis for the processing of the user’s personal data is Article 6 Sec. 1 lit. f EU GDPR.

c) Purpose of data processing
The purpose of Google’s collection of personal information is to improve or enhance Google’s different services.

d) Possibility to object and remove
If the user does not want to transfer personal data to Google, he/she can prevent this by log-ging out of hi/her Google+ account before visiting our website.

8. Google Maps

a) Scope of data processing
We use Google Maps API on our website. When Google Maps is used, Google also collects, processes and uses data about the use of the map functions by users. The provider is Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Additional information about Google’s data processing can be found in the Google Privacy Policy under https://www.google.com/policies/privacy/.

b) Legal basis for data processing
The legal basis for the processing of the user’s personal data is Article 6 Sec. 1 lit. f EU GDPR.

c) Purpose of data processing
The use of Google Maps visualizes geographic information.

d) Possibility to object and remove
Users can prevent the setting of cookies through our website, as shown above, at any time by means of a corresponding setting of the Internet browser used and thus permanently prevent the setting of cookies. This would also prevent Google from setting a cookie on the user’s computer system. In addition, already set cookies can be deleted at any time via the Internet browser or other software programs.

9. YouTube

a) Scope of data processing
On our website we use YouTube videos. This plug-in is operated by YouTube LLC (901 Cher-ry Ave., San Bruno, CA 94066 USA). When the user visits a page with the YouTube badge, he/she connects to YouTube’s servers. It provides YouTube with information about which website the user is visiting.
If the user logs into their YouTube account, YouTube can personally associate their user be-haviour.
If a YouTube video is started, the provider uses cookies (see above) that collect information about user behaviour.
Further information is available under https://www.google.com/intl/en/policies/privacy/ .

b) Legal basis for data processing
The legal basis is Art. 6 Abs. 1 Sec. 1 lit. f EU GDPR.

c) Possibility to object and remove
Users can prevent the setting of cookies, as shown above, at any time by means of a corre-sponding setting of the Internet browser used and thus permanently prevent the setting of cookies. This would also prevent Google from setting a cookie on the user’s computer sys-tem. In addition, already set cookies can be deleted at any time via the Internet browser or other software programs.

10. Contract Processors

We use the services of external service providers (processors), for eg., for shipping of goods, newsletter or payment transactions. A separate order processing contract has been signed with the respective service providers to ensure the protection of your personal data.

We cooperate with the following service providers:
– Vision64 GmbH & Co. KG
– Daniel Odinius

11. Your Rights as Data Subject

Pursuant to the EU GDPR you have the following rights:

a) Right of access to information
You are entitled to demand a confirmation from the controller whether the personal data con-cerning you is processed by us.

If such processing takes place, you can request information from the controller about the fol-lowing:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data that are processed;
(3) the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still to be disclosed;
(4) the intended duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
(5) the existence of a right to correct or delete of personal data relating to you, a right to re-strict the processing by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information on the source of the data if the personal data are not collected from the data subject;
(8) the existence of any automated decision-making including profiling under Article 22 Sec. 1 and 4 of the EU GDPR and – at least in these cases – substantive information about the logic involved and the scope and intended impact of such processing on the data subject.

You have the right to request information about whether your personal information is trans-ferred to a third country or to an international organization. In this context, you can request the information about the appropriate guarantees in connection with the transfer pursuant to Art. 46 EU GDPR.

b) Right to correction of your data
You have a right with respect to the controller to correct and / or complete the data, if your processed personal data are incorrect or incomplete. The controller shall make the correction without delay.

c) Right to restrict the processing of your data
You may request the restriction of the processing of your personal data under the following conditions:
(1) if you dispute the accuracy of your personal data for a period of time that enables the con-troller to verify the accuracy of your personal information;
(2) the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
(3) the controller no longer requires personal data for the purposes of processing, however, you require those to assert, exercise or defend legal claims, or
(4) if you have objected to the processing pursuant to Art. 21 Sec. 1 EU GDPR and it is not yet certain whether the legitimate reasons of the controller outweigh your reasons.

If the processing of personal data relating to you has been restricted, these data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public inter-est of the Union or a Member State.

If the processing has been restricted in accordance to the aforementioned you shall be in-formed by the controller prior to the lifting of the restriction.

b) Right to deletion of your data
aa) Obligation to delete
You may require the controller to delete your personal information without delay, and the con-troller is required to delete that information immediately if one of the following applies:
(1) Your personal data are no longer necessary for the purposes for which they were collect-ed or otherwise processed.
(2) You revoke your consent to the processing in accordance to Art. 6 Sec. 1 lit. a or Art. 9 Sec. 2 lit. a GDPR, and there is no other legal basis for processing.
(3) You object to the processing in accordance to Art. 21 Sec. 1 EU GDPR and there are no overriding justifiable reasons for the processing, or you object to the processing in accordance to Art. 21 Sec. 2 EU GDPR.
(4) Your personal data have been processed unlawfully.
(5) The deletion of personal data relating to you is required to fulfil a legal obligation under the Union law or the law of the Member States to which the controller is subject.
(6) The personal data relating to you were collected in relation to the offered information soci-ety services under Article 8 Sec. 1 EU GDPR.

bb) Information to third parties
If the controller has made the personal data relating to you public and is according to Article 17 Sec. 1 EU GDPR obliged to delete those, he shall take appropriate measures, considering the available technical means and costs of the implementation, also of technical nature, to inform data controllers who process the personal data that you, as data subject, have re-quested them to delete any links to such personal data or provide copies or replications of such personal data.

cc) Exceptions
The right to delete does not exist if the processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) to fulfil a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or to carry out a task of public interest or in the exercise of official authority conferred on the controller;
(3) for reasons of public interest in the field of public health pursuant to Art. 9 Sec.2 lit. h and i and Art. 9 Sec. 3 EU GDPR;
(4) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes acc. to Article 89 Sec. EU GDPR, to the extent that the law referred to in (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
(5) to assert, exercise or defend legal claims.

e) Right to information
If you have asserted towards the controller your right to correct, delete or restrict the pro-cessing, he/she is obliged to notify all recipients to whom your personal data have been dis-closed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You have the right towards the controller to be informed about these recipients.

f) Right to data portability
You have the right to receive personal information related to you which you have provided to the controller in a structured, conventional and machine-readable format. In addition, you have the right to submit this information to another controller without any hindrance by the controller to whom the personal information had been provided, if
(1) the processing is based on consent acc. to Art. 6 Sec. 1 lit. a EU GDPR or Art. 9 Sec. 2 lit. a EU GDPR or on a contract acc. to Art. 6 Sec. 1 Abs. 1 lit. b EU GDPR and
(2) the processing is done using automated procedures.

In exercising this right, you also have the right to effect that the personal data relating to you are transmitted directly from one controller to another, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected thereby.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegat-ed to the controller.

g) Right to object
You have the right at any time, for reasons that arise from your particular situation, to object against the processing of your personal data taking place pursuant to Art. 6 Sec. 1 lit. e or f EU GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless he/she can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of enforcing, exercising or defending legal claims.

If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such ad-vertising; this also applies to profiling insofar as it is associated with such direct advertisement.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58/EC, you have the option, in the context of the use of infor-mation society services, to exercise your right to object through automated procedures that use technical specifications.

h) Right to revoke the data protection consent declaration
You have the right to revoke your data protection consent declaration at any time. The revo-cation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

i) Right to complain to the Data Protection Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data relating to you violates the EU GDPR. The supervisory authority to which the complaint has been lodged informs the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 EU GDPR.

The jurisdiction of the supervisory authority depends on your place of residence. A list of su-pervisory authorities can be found here:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

The present Privacy Policy was created by the ASG Rechtsanwälte.