General information about data processing
This privacy policy describes the collection and use of personal data in connection with the use of our web offer https://kumihealth.de ("website") according to the requirements of the General Data Protection Regulation ("GDPR"). Processing activities not covered by this privacy policy may be supplemented by additional privacy policies that should be observed separately.
Responsible
The responsible party in terms of GDPR is
Kumi Health GmbH ("Kumi"/"we"/"us")
Lippmannstraße 8a
22769 Hamburg
Germany
Data Protection Officer
We have ordered an external data protection officer through Simpliant. Simpliant advises us as an external data protection officer and in the implementation and maintenance of our data protection management system. More information about Simpliant can be found at http://www.simpliant.eu.
You can reach our appointed data protection officer by post:
Simpliant GmbH
- Boris Arendt -
Fasanenstraße 12
10623 Berlin
Germany
Or by email at:
boris.arendt@simpliant.eu
Rights of the affected and supervisory authority
You can exercise the following rights:
Right to access your data stored with us and its processing (Article 15 GDPR),
Right to rectification of inaccurate personal data (Article 16 GDPR),
Right to erasure of your data stored with us (Article 17 GDPR),
Right to restriction of processing when we are not permitted to delete your data due to legal obligations (Article 18 GDPR),
Right to data portability if you have consented to data processing or entered into a contract with us (Article 20 GDPR),
Right to object to the processing of your data by us (Article 21 GDPR)
To exercise your rights, you can contact us by e-mail at info@kumihealth.de.
You can file a complaint with a supervisory authority at any time in accordance with Article 77 GDPR in conjunction with Section 19 BDSG, for instance, with the responsible supervisory authority of the federal state in which you reside, or with the authority responsible for us.
Processing of data, purpose and legal bases
We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
The legal basis for all our processing activities is based on Art. 6 para. 1 GDPR. You will receive further information in the context of the presentation of the individual processing operations.
Storage duration
We take all appropriate steps to ensure that your personal data is processed only for the duration necessary for the respective processing purpose. If the storage duration is not stated below, your personal data will be deleted or blocked as soon as the purpose or the legal basis for storage ceases to exist. Deletion of personal data does not occur if storage is required by law (e.g., § 257 HGB, 147 AO). Furthermore, we may retain your personal data until the expiration of statutory limitation periods (generally 3 years; in individual cases, however, up to 10 years or longer) to the extent necessary for the assertion, exercise, or defense of legal claims.
Data security
To protect the security of your data during transmission, we implement technical and organizational security measures, particularly the encryption of our website, to prevent unauthorized access by third parties. The encryption via HTTPS is set by default. Our security measures are continuously improved and adjusted according to technological developments.
Transmission to service providers
We use service providers to deliver our offers. These service providers only act according to our instructions and are contractually obliged to comply with the provisions of Art. 28 GDPR. Unless stated otherwise below, your data will not be transferred to a third country outside the European Union. Your personal data will only be transferred to third countries if the requirements of Art. 44 - 49 GDPR are met, in particular Standard Contractual Clauses, Binding Corporate Rules, and an adequacy decision by the Commission.
No obligation to provide data/No profiling
There is no legal or contractual obligation to provide us with data. However, some services may only be provided if the required data is made available by you. Your personal data will not be used for automated individual decision-making, including profiling.
Website
Our website offers different areas with various functionalities for the visitor, which are described in more detail below.
Server logs
Nature and purpose of data processing:
When you access our website, information of a general nature is automatically collected. This information, referred to as server log files, includes:
IP address
Name of the access provider
Browser type, version of the browser software, and language of the browser
Operating system
Date and time of access
Content of the access
Amount of data transferred
Access status (successful transfer/error)
Website(s) that access was redirected to
Visited websites
The processing takes place for the following purposes:
Ensuring a trouble-free connection to the website
Ensuring smooth use of our website
Assessment of system security and stability
Legal basis:
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in hosting the website and improving and monitoring the security, stability, and functionality of the website.
Recipient:
The recipient of the data is a technical service provider responsible for the operation and maintenance of our website. As a processor, the service providers are obliged to process the data only within the framework of our instructions.
Retention period:
The server log files regarding server accesses are deleted after 14 days and server log files regarding error messages are deleted after 7 days.
Consent Management
Purpose and Nature of Processing:
Our website uses cookies for various processing activities that require your consent. In order to obtain such consent and to store it, we use a so-called "cookie banner." In this context, a cookie—a small text file—is set on your device to register your choice/consent. For this purpose, we process, among other things, your IP address.
Legal Basis:
The processing is carried out on the basis of our legitimate interests in documenting compliance with the provisions of the GDPR Art. 6 para. 1 lit. f. GDPR. It is therefore also a technically necessary cookie.
Further information can be found under the section “Cookies”.
Newsletter
Newsletter Data:
If you would like to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the provided email address and that you agree to receive the newsletter. No additional data will be collected, or only on a voluntary basis. We will use this data solely for the purpose of sending the requested information and will not share it with third parties.
The processing of the data entered into the newsletter registration form is based solely on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent to the storage of the data, the email address, and its use for sending the newsletter at any time, for example, via the "Unsubscribe" link in the newsletter. The lawfulness of the data processing operations that have already taken place remains unaffected by the withdrawal.
The data you have provided for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after canceling the newsletter. Data that has been stored with us for other purposes (e.g., email addresses for the members' area) remains unaffected.
EVALANCHE:
This website uses EVALANCHE for sending newsletters. The provider is SC-NETWORKS GMBH, Enzianstr. 2, 82319 Starnberg, Germany.
EVALANCHE is a service that can be used, among other things, to organize and analyze the sending of newsletters. The data you enter for the purpose of receiving the newsletter is stored on EVALANCHE's servers IN GERMANY.
If you do not want analysis by EVALANCHE, you can refuse this. We provide a corresponding link in each newsletter message for this purpose.
Data Analysis by EVALANCHE:
With the help of EVALANCHE, we are able to analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links may have been clicked. In this way, we can also determine which links were clicked particularly often.
Furthermore, we can see whether certain predefined actions were executed after opening/clicking (conversion rate). For example, we can determine if you visited a website after clicking on the newsletter.
EVALANCHE also allows us to segment the newsletter recipients into various categories (“cluster”). This way, newsletters can be better tailored to the respective target groups.
For detailed information about the features of EVALANCHE, please refer to the following link: https://www.sc-networks.de/loesungen/enterprise/
Legal Basis:
The data processing is carried out based on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw this consent at any time. The lawfulness of the processing operations that have already taken place remains unaffected by the withdrawal.
Storage Duration:
The data you have provided for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you cancel the newsletter from both our servers and the servers of EVALANCHE. Data stored with us for other purposes (e.g., email addresses for inquiries) remains unaffected.
For more information, please refer to EVALANCHE's privacy policy at: https://www.scnetworks.de/unternehmen/datenschutz/
Conclusion of a contract for order data processing:
We have concluded a contract with EVALANCHE in which we obligate EVALANCHE to protect our customers' data and not to pass it on to third parties. You can request information on this by written request to info@kumihealth.
Contact
Type and purpose of processing:
In order to provide you with the best possible support in using our services, we offer you the opportunity to contact us via a contact form on the website or by email. In this context, we process your name, if applicable, your email address, and the content of your inquiry.
Legal basis:
The data is processed for the purpose of carrying out pre-contractual measures (Art. 6 para. 1 lit. b GDPR). It is also carried out to safeguard our legitimate interests under Art. 6 para. 1 lit. f GDPR in efficient communication with interested parties or customers.
Recipients:
The recipients of the data are processors. As processors, the service providers are required to process the data only in accordance with our instructions.
Transfer to third countries:
Data is transmitted to the United States of America. The data processing agreements with the service provider contain standard contractual clauses approved by the EU Commission and adequate guarantees that the data protection obligations are upheld.
Scheduling
Nature and purpose of data processing:
We provide the ability to schedule appointments with our consulting team through automated integration. To schedule an appointment, we must process your name, your email address, and other data you provide.
Legal basis:
The processing of data is carried out exclusively on the basis of our legitimate interest in offering efficient communication channels to the public (Art. 6 para. 1 lit. f. GDPR), or on the basis of initiating communication or communication within the scope of an existing business relationship (Legal basis Art. 6 para. 1 lit. b. GDPR).
Recipient:
The recipient of the data is a data processor in the United States. To this end, we have concluded the necessary data processing agreement, in which the service provider is obliged to process the data only according to our instructions.
Transfer to third countries:
For the transfer of your data to countries outside the EU, appropriate safeguards are in place. The data processing agreement with the service provider contains standard contractual clauses approved by the EU Commission and appropriate guarantees that data protection obligations are adhered to.
Webfonts
Nature and purpose of data processing:
In order for our website to be displayed correctly, certain fonts must be downloaded from web servers. To carry out this action, the user's IP address is processed.
Legal basis:
If personal data (such as the IP address) is stored, the legal basis for this is Art. 6 para. 1 lit. f. GDPR based on our legitimate interest in ensuring the quality and functionality of our website.
Recipients:
The recipient of the data is a service provider in the United States. As a data processor, the service provider is required to process the data only within the framework of our instructions as laid out in a data processing agreement.
Transfer to third countries:
Data is transferred to the United States of America. The data processing agreements with the service provider contain standard contractual clauses approved by the EU Commission and adequate safeguards that ensure compliance with data protection obligations.
Applications
On our website, we offer you the opportunity to apply for positions at Kumi. For this, we use a separate portal from a processor and provide our applicants with a separate privacy policy. This is available at the following link.
Website analysis
Purpose and scope of data processing:
This website uses a cookie-based technology that helps us better understand how the website is used. We do this by compiling reports on the activity on the website that do not identify specific individuals. To this end, analytics cookies process your IP address and usage behavior data on our website (e.g., which pages were visited and which buttons were clicked).
Legal basis:
The processing is carried out with your consent in accordance with Art. 6 para. 1 lit. a GDPR.
Further information can be found under the section “Cookies”.
Personalized advertising
Nature and Purpose of Data Processing:
We use cookie-based technologies that help us deliver more effective and personalized advertising.
This allows us to identify visitors to our online services as a target audience for advertising (so-called "targeted advertising"). Furthermore, we can track the effectiveness of our online advertising by seeing whether users were redirected to our website after clicking on such advertising (so-called "conversion tracking"). We may also use service providers to identify users who have visited our website as potential customers and recipients of advertising (so-called "retargeting").
Legal Basis:
The processing is carried out with your consent according to Art. 6 para. 1 lit. a GDPR.
For more information, see the section “Cookies”.
Cookies
Our website uses so-called cookies. Cookies do not harm your device and do not contain viruses. Cookies are used to make our offerings more user-friendly, effective, and secure. Cookies are small text files that are stored on your device and in your browser.
Most of the cookies we use are known as session cookies. These cookies are automatically deleted at the end of the session. Session cookies are used to assign consecutive page requests to the individual users accessing our website at the same time. Other cookies are stored on your device until you delete them. These cookies allow us to recognize your browser on your next visit.
As far as personal data is processed and the cookies are not technically necessary to display our website, the processing is based on Art. 6 para. 1 lit. a. GDPR.
Information on the cookies used and options for managing your consent can be found here:
This website uses cookies. We use cookies to personalize content and ads, to provide social media features, and to analyze our traffic. We also share information about your use of our site with our social media, advertising, and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.
Cookies are small text files that can be used by websites to make a user's experience more efficient.
The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we need your permission.
This site uses different types of cookies. Some cookies are placed by third-party services that appear on our pages.
You can at any time change or withdraw your consent from the Cookie Declaration on our website.
Learn more about who we are, how you can contact us, and how we process personal data in our Privacy Policy.
Please state your consent ID and date when you contact us regarding your consent.
Your consent applies to the following domains: kumihealth.de
Data processing on our social media pages
We operate pages on the following social media channels:
Facebook: facebook.com or mobile app of Facebook Inc. 1601 S. California Ave, Palo Alto, CA 94304, USA or Facebook Ireland Ltd. 4 Grand Canal Square, Dublin 2, Ireland, see: https://www.facebook.com/policy.php
Instagram: instagram.com or mobile app of Facebook Ireland Ltd. 4 Grand Canal Square, Dublin 2, Ireland, see: http://instagram.com/about/legal/privacy/
Twitter: twitter.com or mobile app of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, see also: https://twitter.com/en/privacy
LinkedIn: linkedin.com or mobile app of LinkedIn Corporation, Legal Department - Privacy, 1000 W. Maude Ave, Sunnyvale, CA 94085, USA or LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, see: https://www.linkedin.com/legal/privacy-policy
Xing: Xing.de or mobile app of New Work SE, Dammtorstraße 30., 20354 Hamburg, Germany see also: https://privacy.xing.com/de/datenschutzerklaerung
YouTube: Youtube.com or mobile app of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4., Ireland, see also: https://policies.google.com/privacy
When you visit our social media pages, data will be processed both by us and by the respective social media provider as the controller.
The respective social media provider assumes the data protection obligations towards you as a user, such as informing you about data processing, and is your contact for your rights. This results from the fact that such a provider has direct access to the relevant information on the social media page and the processing of your data.
When using Facebook, Instagram, Twitter, LinkedIn, or Reddit, data may also be processed outside the EU.
Data processing and legal basis
On our social media pages, we can communicate with you and provide you with interesting information. Through your comments, shared images, messages, and reactions, we can obtain more data from you that we process for communication with you. If you use social media on multiple devices, cross-device analysis of data may occur.
In addition, social media page providers may also use cookies and tracking technologies to analyze and improve their services.
Data processing occurs with your consent or for the purpose of responding to your request (Art. 6 para. 1 lit. a, b GDPR) or on the basis of the legitimate interest in improving services and public representation (Art. 6 para. 1 lit. f GDPR).
Facebook and we use the "Page Insights" feature to process statistical data from users of our Facebook pages (see also the agreement at: https://www.facebook.com/legal/terms/page_controller_addendum). Data is processed in the form of so-called "Page Insights," which are described in more detail at: https://www.facebook.com/legal/terms/information_about_page_insights_data.
From the usage data of the Facebook pages, evaluations and statistics in the form of Page Insights are created, which help us improve our marketing activities and our external appearance. We can also learn about the users and their behavior who interact with or use our Facebook pages, or use them to display relevant content and develop features that may be of interest to them. These page statistics show us, for example, which individuals from specific target groups interact most with our Facebook page or which content on the Facebook page was visited, shared, or clicked on when and how often. When categorizing individuals into target groups, demographic data or data about a person's location is also taken into account to target advertising to those individuals. If you use Facebook on multiple devices, a cross-device evaluation of the data may be conducted. The data collected in this way is statistically processed and is usually anonymous, meaning we cannot establish a connection to any individual person.
Information about these Page Insights and data processing can be found, for example, in Facebook's privacy policy at https://www.facebook.com/policy.php or at https://www.facebook.com/business/a/page/page-insights.
Facebook also uses cookies and storage technologies. Further information can be found here: https://www.facebook.com/policies/cookies/
As a Facebook user, you can influence at any time how your user behavior is recorded when visiting Facebook pages. You can manage the advertising preferences settings in your Facebook account or at: https://www.facebook.com/ads/preferences or manage the Facebook settings in your account or at https://www.facebook.com/settings.
Facebook also offers options for contacting or exercising rights at: https://www.facebook.com/help/contact/2061665240770586 or https://www.facebook.com/help/contact/308592359910928.
If you use Instagram and have an account there, Instagram can assign your activities to your profiles there. Instagram and we use the feature Instagram Insights to process statistical data of the users of our Instagram pages (see also for Facebook, which is connected with the provider of Instagram, the agreement at: https://www.facebook.com/legal/terms/page_controller_addendum). Data is processed in the form of so-called "Instagram Insights", which are described in more detail at https://help.instagram.com/788388387972460?helpref=faq_content .
In the form of Instagram Insights, evaluations and statistics are created from the usage data of the Instagram pages, which support us in improving our marketing activities and our public appearance. With the help of Instagram Insights, we can learn more about our users and the performance of our content with you as an audience. For this purpose, Instagram provides us with statistics on certain posts and created stories to find out how users interacted with them. When categorizing individuals into target groups, demographic data or data about a person's location is also included to specifically target advertising to these individuals. If you use Instagram on multiple devices, cross-device analysis of the data may occur. The data collected in this way is statistically processed and is usually anonymous, meaning we cannot establish a connection to an individual person.
Instagram also uses cookies and similar technologies. You can find more information about this at: http://instagram.com/about/legal/privacy/
As an Instagram user, you can influence how your user behavior is recorded when visiting Instagram pages at any time. You can manage the settings for ads in your Instagram account or at https://www.instagram.com/accounts/privacy_and_security/. Instagram also offers ways to contact or exercise rights at: https://help.instagram.com/contact/1845713985721890 or http://instagram.com/about/legal/privacy/.
Changes to the Privacy Policy
We reserve the right to adjust this privacy policy to ensure that it always meets current legal requirements or to make changes to our offerings in the privacy policy, for example, when introducing new services. The current version of the privacy policy applies.