Data protection
General information on data processing
This privacy policy describes the collection and use of personal data in connection with the use of our website https://kumihealth.de (“Website”) in accordance with the requirements of the General Data Protection Regulation (“GDPR”). Processing activities that are not covered by this privacy policy may be supplemented by additional privacy policies that must be observed separately.
Controller
Controller in the sense of the GPDR is
Kumi Health GmbH ("Kumi"/”we”/“us“)
Eifflerstraße 43
22769 Hamburg
Germany
Data protection officer
We have appointed an external data protection officer through Simpliant. Simpliant advises us as an external data protection officer and on the implementation and maintenance of our data protection management system. For more information about Simpliant, visit http://www.simpliant.eu.
You can reach our appointed data protection officer by mail at:
Simpliant GmbH
- Boris Arendt -
Fasanenstraße 12
10623 Berlin
Germany
Or by email at:
boris.arendt@simpliant.eu
Data subject rights and supervisory authority
You can exercise the following rights:
- Right to information about your data stored by us and its processing (Art. 15 GDPR)
- Right to rectify incorrect personal data (Art. 16 GDPR)
- Right to have your data stored by us erased (Art. 17 GDPR)
- Right to restrict data processing if we are not yet allowed to erase your data due to legal obligations (Art. 18 GDPR)
- Right to portability of data if you have consented to data processing or have concluded a contract with us (Art. 20 GDPR)
- Right to object to the processing of your data by us (Art. 21 GDPR)
To exercise your rights, you can contact us by email at info@kumihealth.de.
Pursuant to Article 77 GDPR in conjunction with Section 19 of the German Federal Data Protection Act (BDSG), you may at any time file a complaint with a supervisory authority, e.g., with the responsible supervisory authority of the federal state in which you live or with the authority responsible for us.
Processing of data, purpose, and legal basis
We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
The legal basis of all our data processing operations is Article 6 (1) GDPR. Further information is provided in the context of presenting the individual processing operations.
Storage period
We take all reasonable steps to ensure that your personal data is processed only for the period of time necessary in each case for the specific purpose of processing. If the storage period is not specified below, your personal data will be erased or blocked as soon as the purpose or legal basis for the storage ceases to apply. Personal data will not be erased if storage is required by law (e.g., Section 257 of the German Commercial Code [HGB], Section 147 of the German Tax Code [AO]). We may furthermore retain your personal data until the expiry of the statutory limitation periods (usually three years; in individual cases, however, up to ten years or longer), provided that this is necessary to assert, exercise, or defend legal claims.
Data security
To protect the security of your data during transmission, we use technical and organizational security measures, in particular the encryption of our website, to prevent unauthorized access by third parties. Encryption via HTTPS is preset. Our security measures are continuously improved and adapted in line with technological developments.
Transmission to service providers
We use service providers in delivering our offers. These service providers act only according to our instructions and are contractually obligated to comply with the provisions of Article 28 GDPR.
Unless otherwise stated below, your data will not be transferred to a third country outside the European Union. Your personal data will only be transferred to third countries if the requirements of Article 44 and 49 GDPR are met, in particular standard contractual clauses, binding corporate rules, and adequacy decision of the Commission.
No obligation to provide data/no profiling
You have no legal or contractual obligation to provide us with data. However, some services can only be provided if the required data is provided by you. Your personal data will not be used for automated individual decision making, including profiling.
Website
Our website offers different areas with different features for the visitor, which are described in more detail below.
Server protocols
Nature and purpose of data processing:
When you access our website, information of a general nature is automatically collected. This information, called server log files, includes:
- IP address
- Name of the access provider
- Browser type, browser software version, and browser language
- Operating system
- Date and time of access
- Content of the access
- Amount of data transferred
- Access status (successful transmission/error)
- Web page(s) to which the access was redirected
- Web pages visited
Processing is performed for the following purposes:
- Ensuring a trouble-free connection to the website
- Ensuring a smooth use of our website
- Evaluation of system security and stability
Legal basis:
Processing is carried out pursuant to Article 6 (1) (f) GDPR on the basis of our legitimate interest in hosting the website and improving and monitoring the security, stability, and functionality of the website.
Recipient:
The recipient of the data is a technical service provider who is responsible for operating and maintaining our website. As processors, the service providers are obliged to process the data only within the scope of our instructions.
Retention period:
Server log files regarding server access are deleted after 14 days and server log files regarding error messages are deleted after 7 days.
Consent management
Nature and purpose of processing:
Our website uses cookies for various processing activities for which your consent is required. In order to obtain and store such consent, we use what is called a cookie banner. As part of this, a cookie – a small text file – is placed on your terminal device to register your selection/consent. Among other things, we process your IP address for this purpose.
Legal basis:
The processing is based on our legitimate interests in documenting compliance with the provisions of Article 6 (1) (f) GDPR. This cookie is thus also technically necessary.
You can find more information under the item “Cookies.”
Newsletter
Newsletter Data:
If you would like to receive the newsletter that we offer on our website, we require your email address in addition to information that allows us to confirm that you are the owner of the email address and that you agree to receive the newsletter. We do not collect additional data, or only collect it if you volunteer it. We use this data solely to send the requested information and do not provide it to third parties.
Processing of the data you enter on the newsletter registration form takes place solely on the basis of your consent (Article 6 (1) (a) GDPR). You can revoke the consent that you have granted us to store and use your personal data and email address for the purpose of sending you the newsletter at any time by clicking on the “unsubscribe” link in the newsletter. The legality of the data processing that has already taken place remains unaffected by your revocation.
We will store the data you provided us with for the purpose of receiving the newsletter until you unsubscribe, and the data will be deleted upon your cancellation of the newsletter. Data that we store for other purposes (such as email addresses for the member area) remains unaffected by this.
EVALANCHE:
This website uses EVALANCHE to send newsletters. The provider is SC-NETWORKS GMBH, Enzianstr. 2, 82319 Starnberg, Germany.
EVALANCHE is a service that organizes and analyzes the distribution of newsletters. The data you provide in order to receive the newsletter is stored on Evalanche’s servers IN GERMANY.
If you do not wish your data to be analyzed by Evalanche, you can refuse to allow it. There is an corresponding link for this purpose in every newsletter.
Data Analysis by EVALANCHE:
EVALANCHE helps us analyze our newsletter campaigns. For instance, we use it to see whether a newsletter has been opened and which links have been clicked. This allows us to determine which links are clicked particularly often.
We can also see whether certain previously defined actions were taken after the links were opened or clicked on (conversion rate). For instance, we can see whether you visited a website after clicking on it in the newsletter.
Evalanche also makes it possible for us to cluster newsletter recipients based on various categories. This allows us to tailor the newsletters better to individual target groups.
You can find detailed information on Evalanche’s functions by clicking on the following link: https://www.sc-networks.de/loesungen/enterprise/
Legal Basis:
Processing of your data is based on your consent (Article 6 (1) (a) GDPR). You can revoke this consent at any time. The legality of the data processing that has already taken place remains unaffected by your revocation.
Storage Period:
We will store the data you provided us with for the purpose of receiving the newsletter until you unsubscribe. Upon your cancellation of the newsletter, your data will be deleted from our servers as well as from Evalanche’s servers. Data that we store for other purposes (such as email addresses to respond to inquiries) remains unaffected by this.
You can find detailed information about Evalanche’s privacy policies at: https://www.sc-networks.de/unternehmen/datenschutz/
Contract Data Processing Agreement:
We have signed a contract with Evalanche that obliges them to protect our customers’ data and to not make it available to third parties. You are welcome to request information about this by writing us at info@kumihealth.
Contact
Nature and purpose of processing:
In order to provide you with the best possible support as you use our offers, we offer you the possibility of contacting us via the contact form on our website or by email. In this context, we process your name, your email address, if applicable, and the content of your inquiry.
Legal basis:
The data is processed to implement precontractual measures (Article 6 (1) (b) GDPR). It is also carried out to protect our legitimate interests, pursuant to Article 6 (1) (f) GDPR, in efficiently communicating with interested parties or customers.
Recipients:
The recipients of the data are processors. As processors, the service providers are obliged to process the data only within the scope of our instructions.
Transfer to third countries:
Data is transferred to the United States of America. The processing contracts with the service provider contain standard contractual clauses approved by the EU Commission and appropriate guarantees that the data protection obligations will be met.
Scheduling
Nature and purpose of data processing:
We offer the opportunity to schedule an appointment with our consulting team via an automated function integrated into the website. In order to make an appointment, we need to process your name, email address, and other data you provide.
Legal basis:
The data is processed exclusively on the basis of our legitimate interest in offering efficient communication channels to the public (Article 6 (1) (f) GDPR) or on the basis of initiating or maintaining communication in the context of an existing business relationship (legal basis Article 6 (1) (b) GDPR).
Recipient:
The recipient of the data is a processor in the United States. For this purpose, we have concluded the necessary data processing agreement, which obligates the service provider to process the data only in accordance with our instructions.
Transfer to third countries:
Appropriate safeguards exist for the transfer of your data to countries outside the EU. The data processing contract with the service provider contains standard contractual clauses approved by the EU Commission and appropriate guarantees that the data protection obligations will be met.
Web fonts
Nature and purpose of data processing:
For our website to be displayed correctly, certain fonts must be downloaded from web servers. To perform this action, the user’s IP address is processed.
Legal basis:
Wenn personenbezogene Daten (wie die IP-Adresse) gespeichert werden, ist die Rechtsgrundlage hierfür Art. Art. 6 Abs. 1 lit. f. DSGVO auf der Grundlage unseres berechtigten Interesses an der Qualitätssicherung und Funktionalität unserer Webseite.
Recipient:
Empfänger der Daten ist ein Dienstleister in den Vereinigten Staaten. Als Auftragsverarbeiter ist der Dienstleister verpflichtet, die Daten nur im Rahmen unserer in einem Datenverarbeitungsvertrag festgehaltenen Weisungen zu verarbeiten.
Transfer to third countries:
Data is transferred to the United States of America. The processing contracts with the service provider contain standard contractual clauses approved by the EU Commission and appropriate guarantees that the data protection obligations will be met.
Applications
Our website offers you the opportunity to apply for jobs at Kumi. For these applications, we use a separate portal provided by a processor and provide our applicants with a separate privacy policy. This policy is available at the following Link.
Website analysis
Nature and purpose of data processing:
This website uses cookie-based technology to help us better understand how the website is used. We do this by compiling reports of activity on the site, which do not identify specific individuals. For this purpose, analysis cookies process your IP address and data on how you use our website (e.g., which pages were visited and which buttons were clicked).
Legal basis:
The processing takes place with your consent (pursuant to Article 6 (1) (a) GDPR).
You can find more information under the item “Cookies.”
Personalized advertising
Nature and purpose of data processing:
We use cookie-based technologies to help us deliver more effective and personalized advertising.
This enables us to determine the visitors to our website as the target group for the display of advertising (what is known as “targeted advertising”). In addition, we can track the effectiveness of our online advertising by seeing whether users were redirected to our website after clicking on such advertising (what is known as “conversion tracking”). We may also use service providers to identify users who have visited our website as potential customers and recipients of advertising (what is known as “retargeting”).
Legal basis:
The processing takes place with your consent (pursuant to Article 6 (1) (a) GDPR).
You can find more information under the item “Cookies.”
Cookies
Our website uses what are known as cookies. Cookies cannot harm your device and do not contain viruses. Cookies serve to make our website more user-friendly, effective, and secure. Cookies are small text files that are stored on your terminal device and in your browser.
Most of the cookies we use are what are known as session cookies. These cookies are automatically deleted after the end of the session. Session cookies are used to associate successive page views with individual users accessing our website at the same time. Other cookies are stored on your device until you delete them. These cookies allow us to recognize your browser on your next visit.
If personal data is processed and the cookies are not technically necessary to display our website, the processing is based on Article 6 (1) (a) GDPR.
Information on cookies used and ways to manage your consent can be found here:
Data processing on our social media pages
We operate pages on the following social media channels:
- Facebook: facebook.com or mobile app of Facebook Inc. 1601 S. California Ave, Palo Alto, CA 94304, USA or Facebook Ireland Ltd. 4 Grand Canal Square, Dublin 2, Ireland, view policy: https://www.facebook.com/policy.php
- Instagram: instagram.com or mobile app of Facebook Ireland Ltd. 4 Grand Canal Square, Dublin 2, Ireland, view policy: http://instagram.com/about/legal/privacy/
- Twitter: twitter.com or mobile app of Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, view policy: https://twitter.com/en/privacy
- LinkedIn: linkedin.com or mobile app by LinkedIn Corporation, Legal Department Privacy, 1000 W. Maude Ave, Sunnyvale, CA 94085, USA or LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, view policy: https://www.linkedin.com/legal/privacypolicy
- Xing: Xing.de or mobile app from New Work SE, Dammtorstrasse 30, 20354 Hamburg, Germany, view policy: https://privacy.xing.com/de/datenschutzerklaerung
- YouTube: Youtube.com or mobile app of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, view policy: https://policies.google.com/privacy
When you visit our social media pages, data is processed both by us and by the respective social media provider as the responsible party.
The respective social media provider assumes the data protection obligations toward you as a user, such as providing information about data processing, and is the contact for your rights. This follows from the fact that such a provider has direct access to the relevant information on the social media site and the processing of your data.
When you use Facebook, Instagram, Twitter, LinkedIn or Reddit, data may also be processed outside the EU.
Data processing and legal basis:
Our social media sites allow us to communicate with you and provide you with interesting information. Via your comments as well as the images, messages, and reactions you share, we may receive additional data from you that we process to communicate with you. If you use social media on multiple devices, it is possible that your data will be analyzed across devices.
In addition, the providers of social media sites may also use cookies and tracking technologies to analyze and improve their services.
Data processing is carried out with your consent or for the purpose of responding to your inquiry (Article 6 (1) (a), (b) GDPR) or on the basis of legitimate interest in improving services and external presentation (Article 6 (1) (f) GDPR).
We, as well as Facebook, use the “Page Insights” function to process statistical data from users of our Facebook pages (see also the agreement at https://www.facebook.com/legal/terms/page_controller_addendum). With this function, data is processed in the form of what are known as “Page Insights,” which are described in more detail at https://www.facebook.com/legal/terms/information_about_page_insights_data.
Usage data from the Facebook pages is used to generate analyses and statistics in the form of Page Insights, which help us to improve our marketing activities and public image. These analyses may also give us information about the users who interact with our Facebook pages, and their behavior, or we may use them to display relevant content and develop features that may be of interest to users. These page statistics show us, for example, which people from certain target groups interact most with our Facebook page or which content on the Facebook page was visited, shared, or clicked on, as well as when and how often. When individuals are classified into target groups, demographic data or data about the individual’s location is also included in order to target advertising at these persons. If you use Facebook on multiple devices, it is possible that your data will be analyzed across devices. The data collected in this way is processed statistically and is generally anonymous, i.e., we cannot establish any reference to the individual person.
Information on these Page Insights and data processing can be found, for example, in Facebook’s privacy policy at https://www.facebook.com/policy.php or at https://www.facebook.com/business/a/page/pageinsights.
Facebook also uses cookies and storage technologies. You can find more information here: https://www.facebook.com/policies/cookies/.
As a Facebook user, you can always influence how your user behavior is recorded when you visit Facebook pages. To do this, you can manage the advertising preferences settings in your Facebook account or at https://www.facebook.com/ads/preferences, or the Facebook settings in your account or at https://www.facebook.com/settings.
Facebook also provides ways for you to contact them or exercise your rights at https://www.facebook.com/help/contact/2061665240770586 or https://www.facebook.com/help/contact/308592359910928.
If you use Instagram and have an Instagram account, Instagram can associate your activities with your Instagram profiles. We, as well as Instagram, use the Instagram Insights function to process statistical data of the users of our Instagram pages (for Facebook, which is affiliated with the provider of Instagram, see also the agreement at https://www.facebook.com/legal/terms/page_controller_addendum). With this function, data is processed in the form of what are known as “Instagram Insights,” which are described in more detail at https://help.instagram.com/788388387972460?helpref=faq_content.
Instagram Insights comprise evaluations and statistics created from usage data from our Instagram pages; they help us improve our marketing activities and public image. Instagram Insights helps us learn more about our users and how our content is working with you, our audience. For this purpose, Instagram provides us with statistics on specific posts and stories created for the platform in order to find out how users have interacted with this content. When individuals are classified into target groups, demographic data or data about the individual’s location is also included in order to target advertising at these persons. If you use Instagram on multiple devices, it is possible that your data will be analyzed across devices. The data collected in this way is processed statistically and is generally anonymous, i.e., we cannot establish any reference to the individual person.
Instagram also uses cookies and similar technologies. You can find more information about this here: http://instagram.com/about/legal/privacy/.
As an Instagram user, you can always influence how your user behavior is recorded when you visit Instagram pages. To do this, you can manage the settings for ads in your Instagram account or at https://www.instagram.com/accounts/privacy_and_security/. Instagram also provides ways for you to contact them or exercise your rights at https://help.instagram.com/contact/1845713985721890 or http://instagram.com/about/legal/privacy/.
Changes to the privacy policy
We reserve the right to adapt this privacy policy to ensure it always complies with the current legal requirements, or to change our offers in our privacy policy, for instance when introducing new services. The current version of the privacy policy applies.