Introduction
Here we provide information about the processing of personal data when using our services on:
- our website sofortarzt.com;
- our profiles on social media platforms.
What is personal data? Personal data includes all information that can be related to a specific natural person, such as their name or IP address.
Contact Information
The data controller in accordance with Article 4(7) of the EU General Data Protection Regulation (GDPR) is: Deep Web Portal Ltd., 106 LAGAN ROAD, DUBLIN INDUSTRIAL ESTATE, DUBLIN11, D11 DXA9, IRELAND, VAT: IE4189288VH, e-mail: [email protected]
Our Data Protection Officer (DPO) is available under: [email protected]
Scope of Data Processing, Purposes, and Legal Bases
The purposes of data processing, its scope, and the legal bases are detailed in the following section. The legal foundations for processing personal data generally include the following:
- Article 6(1)(b) GDPR: This applies when processing personal data is necessary for fulfilling a contract, such as when a user purchases a product or service from us. It also covers pre-contractual activities like inquiries about our offerings.
- Article 6(1)(a) GDPR: This is the legal basis for processing operations requiring user consent.
- Article 6(1)(f) GDPR: Used when processing is based on legitimate interests, such as essential cookies for technical website functionality.
- Article 6(1)(c) GDPR: Applies when processing is necessary to comply with legal obligations, such as tax-related requirements.
Data Processing Outside the EEA
When transferring data to service providers or other third parties outside the EEA, EU Commission adequacy decisions (Article 45(3) GDPR) ensure data security during transmission. Such decisions exist for countries like Israel and Canada.
If no adequacy decision is in place, such as with the USA, the legal basis for data transfer is typically standard contractual clauses (SCCs), established by the EU Commission (Article 46(2)(b) GDPR). Many providers offer additional contractual guarantees beyond SCCs to enhance data protection.
Retention Period
Unless explicitly stated in this privacy policy, stored data is deleted once it is no longer necessary for its intended purpose and there are no legal retention requirements preventing deletion. If the data cannot be deleted due to legal or other permissible purposes, its processing is restricted; this means the data is locked and not used for other purposes. This applies, for example, to data retained for commercial or tax law obligations.
Rights of Data Subjects
Data subjects have the following rights regarding their personal data:
- Right to restrict processing;
- Right to data portability;
- Right to access information;
- Right to rectification or deletion;
- Right to object to processing;
- Right to withdraw consent at any time;
- Right to lodge a complaint with data protection authorities.
Obligation to Provide Data
Customers, interested parties, or third parties are required to provide only the personal data necessary to establish, execute, and terminate a business or other relationship, or that we are legally obligated to collect. Without this data, we may be unable to enter into a contract, provide a service, or continue an existing relationship.
No Automated Individual Decision-Making
We do not use fully automated decision-making processes as outlined in Article 22 of the GDPR to establish or conduct business or other relationships. Should we implement such processes in individual cases, we will provide specific information as required by law.
Contacting Us
When you contact us, for example via email or phone, the information you provide (e.g., names and email addresses) will be stored to respond to your inquiries. The legal basis for processing is our legitimate interest (Art. 6(1) lit. f GDPR) in answering requests directed to us. We will delete the data once it is no longer necessary for storage, or restrict processing if there are legal retention obligations.
Newsletter
We reserve the right to inform customers who have previously used our services or purchased goods about our offers via email, SMS, or other electronic means if they have not objected. The legal basis for this data processing is Art. 6(1) lit. f GDPR. Our legitimate interest lies in direct marketing (Recital 47 GDPR). Customers can object to the use of their email address for advertising purposes at any time at no additional cost, e.g., via a link in the email or by emailing us.
Interested parties can subscribe to a free newsletter. The data provided during registration is used solely for sending the newsletter. Consent can be revoked at any time, e.g., by clicking the relevant link in the newsletter or notifying us via email. Data processing remains lawful until revocation.
Based on the recipients' consent (Art. 6(1) lit. a GDPR), we also measure the open and click rates of our newsletters to understand which content is relevant to our recipients.
Data Processing on Our Website
Informational use of the website
When using the website for informational purposes, that is, when visitors do not provide specific information, we collect the personal data transmitted by the browser to our server in order to ensure the stability and security of our website. This is our legitimate interest, so the legal basis is Art. 6 (1) sentence 1 lit. f GDPR.
These data are:
- IP address
- Access status/HTTP status code
- Date and time of the request
- Content of the request (specific page)
- Amount of data transmitted
- Operating system and its interface
- Language and version of the browser
- Website from which the request originates
- Browser name
- Time zone difference from Greenwich Mean Time (GMT)
These data are also stored in log files. They will be deleted when their storage is no longer necessary, at the latest after 14 days.
Webhosting and provision of the website
Our website is hosted by Digital Ocean, DigitalOcean EU B.V. - Branch in Germany, Am Sandtorkai 68, 20457 Hamburg, Germany (Privacy Policy: https://www.digitalocean.com/legal/data-processing-agreement). The servers are located in the EU. The provider processes personal data transmitted via the website, such as content, usage, meta/communication data, or contact details. It is in our legitimate interest to provide a website, so the legal basis for data processing is Article 6 (1) sentence 1 lit. f GDPR.
We use a content delivery network to help make our website available. The provider is Cloudflare Inc., 106 East 6th Street, Suites 350 and 400, Austin, TX 78701, USA (Privacy Policy: https://www.cloudflare.com/en-gb/privacypolicy/). The provider processes personal data transmitted via the website, such as content, usage, meta/communication data, or contact details. It is in our legitimate interest to provide a website, so the legal basis for data processing is Article 6 (1) sentence 1 lit. f GDPR.
Contact Form
When contacting us via the contact form on our website, we store the data requested there and the content of the message.
The legal basis for processing is our legitimate interest in responding to inquiries addressed to us. Therefore, the legal basis for processing is Article 6 (1) sentence 1 lit. f GDPR.
We delete the data collected in this context once it is no longer necessary for storage or restrict processing if legal retention obligations exist.
Customer Area
Visitors to our website can create a customer account. The data requested in this context is processed to fulfill the user contract for the account, so the legal basis for processing is Article 6 (1) sentence 1 lit. b GDPR.
Offering Goods or Services
We offer goods or services through our website. The processing of data is carried out for the performance of the contract concluded with the respective site visitor (Article 6 (1) sentence 1 lit. b GDPR).
Payment service providers
To process payments, we use payment processors who are themselves data controllers within the meaning of Article 4 (7) GDPR. As far as these processors receive data and payment information entered by us during the order process, we fulfill the contract concluded with our customers (Article 6 (1) sentence 1 lit. b GDPR).
Third-Party Tools
Trustpilot
We use Trustpilot for customer reviews. The provider is Trustpilot A/S, Pilestraede 58, 5th Floor, DK-1112 Copenhagen K, Denmark. The provider processes usage data (e.g., visited websites, content interest, access times) and meta/communication data (e.g., device information, IP addresses) within the EU.
The legal basis for processing is Article 6(1) sentence 1 lit. f GDPR. We have a legitimate interest in receiving feedback on our services through customer reviews.
The data will be deleted once the purpose of its collection no longer applies, and no retention obligation exists. More information can be found in the provider’s privacy policy at: https://uk.legal.trustpilot.com/for-businesses/business-privacy-policy.
Microsoft Advertising (Bing Ads)
We use Microsoft Advertising (Bing Ads) for analysis and advertising. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. The provider processes usage data (e.g., visited websites, content interest, access times) and meta/communication data (e.g., device information, IP addresses) in the USA.
The legal basis for processing is Article 6(1) sentence 1 lit. a GDPR. Processing occurs based on consent. Affected individuals can revoke their consent at any time by contacting us using the details provided in our privacy policy. The revocation does not affect the legality of the processing before the revocation.
We delete the data when the purpose for its collection no longer applies. Further information is available in the provider’s privacy policy at: https://www.microsoft.com/en-gb/privacy/privacystatement.
Facebook Like Button
We use the Facebook Like Button to share interests on social media. The provider is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (e.g., visited websites, content interest, access times) and meta/communication data (e.g., device information, IP addresses) in the USA.
The legal basis for processing is Article 6(1) sentence 1 lit. a GDPR. Processing occurs based on consent. Affected individuals can withdraw their consent at any time by contacting us via the contact details in our privacy policy. The revocation does not affect the legality of processing before withdrawal.
The legal basis for data transfer to a country outside the EEA is consent.
Data will be deleted when the purpose of collection no longer applies and there are no legal retention obligations. Further information is available in the provider’s privacy policy at: https://www.facebook.com/policy.php.
Facebook Custom Audiences
We use Facebook Custom Audiences for advertising. The provider is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) in the USA.
The legal basis for processing is Article 6(1) sentence 1 lit. a GDPR. Processing occurs based on consent. Affected individuals can withdraw consent at any time by contacting us via the contact details provided in our privacy policy. Withdrawal does not affect the legality of processing before withdrawal.
The legal basis for transferring data to a non-EEA country is Standard Contractual Clauses. The security of data transferred to the third country (i.e., a country outside the EEA) is ensured in accordance with Standard Data Protection Clauses issued under the procedure in Article 93(2) GDPR (Article 46(2)(c) GDPR), agreed with the provider.
We delete the data when the purpose for its collection no longer applies. Further information is available in the provider's privacy policy: https://www.facebook.com/policy.php.
Google Webfonts
We use Google Webfonts for fonts on the website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes meta/communication data (e.g., device information, IP addresses) in the USA.
The legal basis for processing is Article 6(1) sentence 1 lit. a GDPR. Processing occurs based on consent. Affected individuals can withdraw consent at any time by contacting us using the details in our privacy policy. Withdrawal does not affect the legality of processing before withdrawal.
The legal basis for transferring data to a non-EEA country is consent.
Further information is available in the provider's privacy policy: https://policies.google.com/privacy?hl=en-GB.
Google reCAPTCHA
We use Google reCAPTCHA for the management of authentications. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, D04e5w5, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) and meta-/communication data (e.g., device information, IP addresses) in the USA.
The legal basis for the processing is Article 6(1), sentence 1, letter a of the GDPR. The processing takes place based on consent. Affected persons can revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the legality of the processing until the revocation.
The legal basis for the transfer to a country outside the EEA is consent.
Further information can be found in the provider's privacy policy at: https://policies.google.com/privacy?hl=en-GB.
Google Analytics
We use Google Analytics for analysis. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, D04e5w5, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) and meta-/communication data (e.g., device information, IP addresses) in the USA.
The legal basis for the processing is Article 6(1), sentence 1, letter a of the GDPR. The processing takes place based on consent. Affected persons can revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the legality of the processing until the revocation.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (i.e., a country outside the EEA) is ensured in accordance with the standard data protection clauses adopted based on the examination procedure under Article 93(2) GDPR (Article 46(2), letter c GDPR), which we have agreed with the provider.
The data is deleted when the purpose of its collection no longer applies and there is no obligation to retain it. Further information can be found in the provider's privacy policy at: https://policies.google.com/privacy?hl=en-GB.
Google Tag Manager
We use Google Tag Manager for analysis and advertising. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) in the USA.
The legal basis for the processing is Article 6(1), sentence 1, letter a of the GDPR. The processing takes place based on consent. Affected persons can revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the legality of the processing until the revocation.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (i.e., a country outside the EEA) is ensured in accordance with the standard data protection clauses adopted based on the examination procedure under Article 93(2) GDPR (Article 46(2), letter c GDPR), which we have agreed with the provider.
We delete the data when the purpose of its collection no longer applies. Further information can be found in the provider's privacy policy at: https://policies.google.com/privacy?hl=en-GB.
Hotjar
We use Hotjar to better understand the needs of our users and to optimize the offerings and experience on this website.
With the help of Hotjar's technology, we gain a better understanding of our users' experiences (e.g., how much time users spend on certain pages, which links they click, what they like and dislike, etc.), and this helps us tailor our offerings to our users' feedback.
Hotjar uses cookies and other technologies to collect data on our users' behavior and their devices, specifically the IP address of the device (captured and stored only in anonymized form during your website use), screen size, device type (unique device identifiers), information about the browser used, location (country only), and the language preference for displaying our website.
Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.
Further information can be found under the section ‘about Hotjar’ at Hotjar's help page.
Facebook Pixel
We use Facebook Pixel for analysis. The provider is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
The provider processes usage data (e.g., visited websites, interest in content, access times) in the USA. The legal basis for the processing is Article 6(1), sentence 1, letter a of the GDPR. The processing takes place based on consent. Affected persons can revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the legality of the processing until the revocation.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (i.e., a country outside the EEA) is ensured in accordance with the standard data protection clauses adopted based on the examination procedure under Article 93(2) GDPR (Article 46(2), letter c GDPR), which we have agreed with the provider.
The data is deleted when the purpose of its collection no longer applies and there is no obligation to retain it. Further information can be found in the provider's privacy policy at: https://www.facebook.com/policy.php.
Data Processing on Social Media Platforms
We are present on social media networks to introduce our company and services to our customers. The operators of these networks also process users' data for advertising purposes. Among other things, they create user profiles based on online behavior, which are used to display advertising on the network's pages and elsewhere on the internet that matches users' interests. For this purpose, the network operators store information about user behavior in cookies on users' computers. It is also possible that the operators combine this information with other data. More information and ways for users to object to the processing by the page operators can be found in the privacy policies listed below. It is also possible that the operators or their servers are located outside the EU, which means they process data there. This can pose risks for users, for example, because enforcing their rights may be more difficult, or government authorities may access the data.
When users contact us through our profiles on these networks, we process the data provided to answer the inquiries. This constitutes our legitimate interest, making the legal basis Art. 6 Para. 1 Sentence 1 lit. f GDPR.
The operator is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy is available here: https://www.facebook.com/policy.php. An option to object to data processing is available through ad settings: https://www.facebook.com/settings?tab=ads.
Based on an agreement, we are jointly responsible with Facebook for the processing of data from visitors to our profile under Article 26 of the GDPR. Facebook explains which data is processed exactly at: https://www.facebook.com/legal/terms/information_about_page_insights_data. Affected individuals can exercise their rights both with us and with Facebook. However, according to our agreement with Facebook, we are obligated to forward inquiries to Facebook. Affected individuals will therefore receive a quicker response if they contact Facebook directly.
We maintain a profile on Instagram. The operator is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy is available here: https://help.instagram.com/519522125107875.
YouTube
We maintain a profile on YouTube. The operator is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The privacy policy is available here: https://policies.google.com/privacy?hl=en-GB.
We maintain a profile on Twitter. The operator is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The privacy policy is available here:https://twitter.com/en/privacy. An option to object to data processing is available through ad settings: https://twitter.com/personalization.
We maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy is available here: https://www.linkedin.com/legal/privacy-policy?_l=en_EN. An option to object to data processing is available through ad settings:https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Changes to This Privacy Policy
We reserve the right to change this privacy policy with effect for the future. A current version is always available on this website.
- Introduction
- Contact Information
- Scope of Data Processing, Purposes, and Legal Bases
- Data Processing Outside the EEA
- Retention Period
- Rights of Data Subjects
- Obligation to Provide Data
- No Automated Individual Decision-Making
- Contacting Us
- Newsletter
- Data Processing on Our Website
- Third-Party Tools
- Data Processing on Social Media Platforms
- Changes to This Privacy Policy