The responsible body within the meaning of Art. 24 GDPR is:
dr.balkenhol GmbH
Friedrich-von-Spee-Str. 37
40489 Düsseldorf (Germany)
Represented by the managing director Dr. Markus Balkenhol
Phone +49 211 1583 8103
Fax: +49 211 5422 2262
E-mail: mail@dr-balkenhol.com
This privacy policy provides information about what personal data is stored, processed and shared when you visit our website, how this is done and for what purpose.
Personal data according to Art. 4 No. 1 GDPR is any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
When you visit and use our website and related offers, data may be transferred to third countries, such as the United States, via subcontractors or companies affiliated with them. The processing is based on the adequacy decision between the USA and the EU of 10 July 2023. In addition, we minimise the risk as far as possible by concluding data processing agreements, where a contractual relationship exists, and by concluding standard data protection clauses including effective supplements required by the supervisory authorities.
When you visit our website, various server statistics are automatically stored, which your browser transmits to our provider's server. Every access to our website and every retrieval of a file stored on the website is logged. This storage is for internal system-related and statistical purposes. The following are logged: name of the file accessed, date and time of access, amount of data transferred, notification of successful access, web browser and requesting domain. In addition, the IP addresses of the requesting computers are logged in anonymised form.
This data is used for statistical analysis of visits to our site and cannot be traced back to specific individuals. This data is not merged with other data sources. We use the data to optimise our offering for users, for example by preventing access from malicious sites or optimising access via certain browsers, and the IP address log enables the page to be delivered to the visitor in the first place. The data is automatically deleted after 14 days for the above-mentioned purposes.
We use a secure server with TLS (Transport Layer Security) technology and 128-bit encryption to transfer your data. This ensures that your data is transmitted to us securely and cannot be read by unauthorised parties.
STRATO (hosting)
We use the web hosting service STRATO. The service is operated by STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany. STRATO enables us to maintain a domain under which we can publish our website. We also use STRATO's email system, cloud and servers. You can find out which data is collected and stored and for what purpose in the section above ("Server data"). Our legitimate interest lies in enabling the operation of a website on the Internet.
We have concluded a data processing agreement (DPA) with STRATO, in which this company assures and documents its compliance with appropriate technical and organisational measures. Further information can be found at and in STRATO's privacy policy at https://www.strato.de/datenschutz/.
Email enquiries
If you send us an enquiry by email, we will collect and store your email address and the data contained in the email in order to respond to your enquiry. Our legitimate interest lies in communicating with you and responding to your enquiries.
If the enquiry leads to a contractual relationship in the course of contract negotiations or if the enquiry relates to an existing contractual relationship, the legal basis is Art. 6 para. 1 lit. b) GDPR, as the storage of the data is necessary for the fulfilment of a pre-contractual or contractual obligation. The data will be deleted when the purpose for which it was stored no longer applies, i.e. after your email enquiry has been answered or when the matter relating to the enquiry has been conclusively clarified. In the case of an existing contractual relationship or a contractual relationship arising from the enquiry, the data will be deleted after the expiry of the statutory retention periods.
Use of our own cookies for functionality purposes
Our website uses so-called "cookies" in some places. A cookie is a piece of text information that our website places on the device you are using via your web browser. They serve to make our offer more user-friendly, effective and secure. We only use so-called "session cookies". They are automatically deleted at the end of your visit. You can disable cookies in your web browser. However, this may lead to impairments in functionality.
CookieYes (Cookie-Consent-Tool)
To obtain your consent, we use the consent tool "CookieYes", a product of CookieYes Limited, 3 Warren Yard Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom. If you give your consent, CookieYes will automatically log the following data at CookieYes:
The stored data is used to ensure that web analytics services only collect data with your consent, to document this consent, and to create and display cookie statements for end users.
The key and consent status are also stored in the end user's browser in the "cookieyes-consent" cookie so that the website can automatically read and comply with the end user's consent for all subsequent page requests and future end user sessions for up to 12 months. For more information, please refer to the CookieYes privacy policy at https://www.cookieyes.com/privacy-policy/.
For the purpose of communicating with our customers and providing general information about our company, we operate an account on www.linkedin.com, which is owned by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"). If you access the page via our website using the LinkedIn icon and are logged into your account at the same time, LinkedIn can immediately associate your visit to our website with your LinkedIn account. If you do not want LinkedIn to associate your data with your account, you must log out of LinkedIn before visiting our website. If you access interactive features of the page (liking, commenting, sharing, messaging, etc.), a LinkedIn login screen will appear. After logging in, you will be recognisable to LinkedIn as a specific user again.
Further information can be found in LinkedIn's privacy policy at https://de.linkedin.com/legal/privacy-policy. You can check the privacy settings in your LinkedIn account. You can activate the "Block third-party cookies" function in your browser settings. However, blocking cookies may result in limited functionality of the site.
Our legitimate interest in operating a LinkedIn account lies in presenting ourselves on social networks for the purpose of customer acquisition. By maintaining a LinkedIn account and, where applicable, interacting with it, you consent to the storage and use of your data by LinkedIn. You can revoke your consent at any time by deleting all cookies set in your browser. You can also prevent the collection of information by generally disabling the automatic setting of cookies in your browser settings.
YouTube-Account
We use the services of YouTube and operate an account there, which we use regularly to upload videos. The responsible body is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland transfers data to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, which we always point out. The data transfer is based on the EU-US Adequacy Decision (EU-US Data Privacy Framework). By joining, the provider certifies that it complies with appropriate and suitable technical and organisational measures to protect your personal data. Further information on whether and which data is collected by Google through the use of these services can be found in Google's privacy policy at https://policies.google.com/privacy.
Our legitimate interest in operating a YouTube account lies in presenting ourselves on social networks and providing video material. By maintaining a YouTube account and, where applicable, interacting with it, you consent to the storage and use of your data by YouTube. You can revoke your consent at any time by deleting all cookies set in your browser. You can also prevent the collection of information by generally disabling the automatic setting of cookies in your browser settings.
Downloading the digital business card
On our website, we offer you the option of downloading a digital business card in VCF format (vCard). By downloading the vCard, you can import the contact details it contains directly into your address lists, for example in Google or Microsoft. The downloaded vCard contains, among other things, personal data provided by us, such as name, email address, telephone number and professional position. After downloading the vCard and importing the data into your Google or Microsoft account, your personal data will be further processed by the respective providers (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA or Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). We have no influence on how these providers process your data. We therefore recommend that you read the respective privacy policies of Google (https://policies.google.com/privacy) and Microsoft (https://privacy.microsoft.com/de-de/privacystatement) to learn more about their data processing and protection.
The vCard you download is only stored temporarily on your device. We do not store any personal data generated by the download process on our servers. The data is processed and stored exclusively on Google's or Microsoft's servers once the vCard is imported into their system.
When you use our contact form, we collect and store your name, telephone number and email address for the purpose of responding to your enquiry. Before submitting your enquiry, you give us your express consent by ticking the box below the contact form.
If a contractual relationship develops from the enquiry in the course of contract negotiations or if the enquiry relates to an existing contractual relationship, the legal basis is Art. 6 para. 1 lit. b) GDPR, as the storage of the data is necessary for the fulfilment of a pre-contractual or contractual obligation. The data will be deleted when the purpose for which it was stored no longer applies, i.e. after we have responded to your contact form enquiry or when the matter relating to the enquiry has been conclusively clarified. In the case of an existing contractual relationship or a contractual relationship arising from the enquiry, the data will be deleted after expiry of the statutory retention periods.
Our website uses embedded videos from YouTube. The responsible body is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland transfers data to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, which we always point out. However, due to the activation of IP anonymisation on this website, your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The data transfer is based on the EU-US Adequacy Decision (EU-US Data Privacy Framework). By joining, the provider certifies that it complies with appropriate and suitable technical and organisational measures to protect your personal data in accordance with Nevertheless, we have concluded EU standard data protection clauses with Google, whereby Google certifies that it complies with appropriate and suitable technical and organisational measures to protect your personal data. For more info on whether and what data Google collects through the use of these services, check out Google's privacy policy at https://policies.google.com/privacy.
By clicking on a video and using YouTube, your data may be processed by YouTube. If you are logged into your Google/YouTube account when you access the video, Google can track which subpage of our website the video was accessed from. If you wish to prevent this additional data collection, please log out of your Google account before visiting our website or accessing the video on YouTube.
You give us your consent by agreeing to the consent tool we use. You can withdraw your consent at any time by deleting all cookies set in your browser. You can also prevent the collection of information by generally disabling the automatic setting of cookies in your browser settings. Details can be found in the terms of use applicable to the YouTube platform at https://www.youtube.com/t/terms and in Google's privacy policy at www.google.com/intl/de/policies/.
For the purpose of contract processing and invoicing, we collect and store the personal data you provide, such as your name, address and email address. If you have already provided us with this data during registration, we will use it for the purposes specified there for contract processing. The data will be passed on to tax advisors and banks for billing purposes. In addition, the billing data will be transferred to the tax office in accordance with tax law requirements pursuant to Art. 6 para. 1 lit. c) GDPR. This data will be deleted after expiry of the applicable statutory retention obligations. Unless we are subject to any statutory retention obligations, the data will be deleted once the purpose for which it was collected no longer applies.
a. Right to object, Art. 21 GDPR
If we process your data to protect legitimate interests (Art. 6 para. 1 lit. f) GDPR), you may object to this processing for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims. In the event of an objection to data processing for direct marketing purposes, processing for this purpose will no longer take place.
b. Right to information, Art. 15 GDPR
You have the right to obtain confirmation from us as to whether we are processing personal data concerning you and, if so, a right to information about the personal data and related information (Art. 15 para. 1 lit. a – h GDPR).
c. Right to rectification, Art. 16 GDPR
You have the right to request that we correct any inaccurate personal data concerning you without undue delay. In addition, taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.
d. Right to erasure, Art. 17 GDPR
You have the right to request that we erase personal data concerning you without undue delay, and we are obliged to erase such data without undue delay if one of the grounds specified in Art. 17 GDPR applies.
e. Right to restriction of processing, Art. 18 GDPR
You have the right to request that we restrict the processing of personal data concerning you if one of the conditions set out in Art. 18 GDPR is met.
f. Right to data portability, Art. 20 GDPR
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit this data to another controller, provided that the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b) and the processing is carried out by automated means.
g. Right to lodge a complaint, Art. 77 GDPR
If you believe that the processing of your personal data violates the Data Protection Regulation, you can lodge a complaint with a competent supervisory authority.
State Commissioner for Data Protection and Freedom of Information
North Rhine-Westphalia
Postfach 20 04 44
40102 Düsseldorf (Germany)
Phone: 0211 - 38424-0
Fax: 0211 - 38424-10
E-mail: poststelle@ldi.nrw.de
Deutsch