Privacy Policy

The following information is intended to provide you with an overview of how we process your personal data and what your rights are.

1. Who is responsible for processing my personal data?

Controller

BEO MedConsulting Berlin GmbH
Dipl.-Ing. Michael Vent (CEO)
Dipl.-Ing., MBA Karsten Nieter-Kubin (COO)
Helmholtzstrasse 2-9
10587 Berlin
Tel. +49 (0)30 318 045 30
Fax +49 (0)30 318 045 40
info@beoberlin.de

 

Data protection officer (external)

Dirk Trettin, Attorney at Law
datenschutz@beoberlin.de

2. What data do you process when I visit your website?

We process personal data solely within the legal framework of the relevant legislation and, where appropriate, with your consent. Personal data means any information relating to an identified or identifiable natural person. When you visit our website, we store certain data about the browser and operating system you are using, the date and time of your visit, the access status (for instance error messages), your use of the website’s features, any search terms you may have entered, the frequency with which you access individual web pages, the description of files that are accessed, the data volume that is transmitted, the website from which you accessed our website and the website you access from our website. For security reasons, especially to prevent and identify attacks on our website or fraud attempts, we also store your IP address and the name of your Internet service provider. We only store other personal data if you provide us with such data for registering or logging in or on a contact form, or for performing a contract.

3. For what purposes do you process my data when I visit your website?

We use the data we collect when you visit our website to make operating our website as comfortable as possible for you and to protect our IT systems against attacks and other illegal actions. If you provide us with further personal data, for instance when you register or log in or use a contact form, or for performing a contract, we will use these data within the necessary scope for the stated purposes, for the purpose of customer management, and for the processing and billing of any transactions.

4. To whom will my personal data be transmitted?

We use qualified service providers (for instance IT service providers or marketing agencies) for operating, optimising and securing our website. We will only transmit your personal data to them if this is necessary for providing and using the web pages and their features, for pursuing our legitimate interests or if you have given your consent. Your personal data will not be transmitted to third parties for any purposes other than those stated in this privacy policy.

 

5. What is the legal basis for processing my personal data?

We are only justified in processing your personal data on the basis of your consent (legal basis). Here is a list of the most important legal bases.

• Art. 6 (1) (a) GDPR
If you have given us your consent to the processing of your personal data.
• Art. 6 (1) (b) GDPR
If the processing of your personal data is necessary for the performance of a contract with you or in order to take steps prior to entering into a contract with you.
• Art. 6 (1) (c) GDPR
If the processing of your personal data is necessary for compliance with our legal obligations (for instance for the safekeeping of data).

• Art. 6 (1) (f) GDPR
If the processing of your personal data is necessary for the purposes of pursuing our legitimate interests and the legitimate interests of third parties (for instance maintaining the functionality of our IT systems, marketing our services and the documentation of business contacts as required by law).

6. Use of cookies

We use cookies on our website. Cookies are small text files containing certain data that are stored on your end device (laptop, tablet, Smartphone, etc.). Cookies are necessary for ensuring that we are able to provide certain features on our web pages, such as retaining the language selected by you as the user for displaying our website. Cookies also enable us to identify when our website has already been accessed from a certain end device. This makes it possible to identify returning visitors (or at least their end devices) and gain information about their use behaviour and probable interests. If you do not wish cookies to be installed on your device, you should deactivate the installation of cookies in the settings of your browser. There are four categories of cookies, depending on their function and the purpose for which they are used.

Strictly necessary cookies
These cookies are essential for you to navigate our website and use its features, for instance for setting your data privacy preferences, for logging in or for filling in forms. Without these cookies we are unable to provide properly the services you request via the website. Under applicable laws, we do not need your consent as a user for strictly necessary cookies. The legal basis for the processing of personal data using strictly necessary cookies lies in our legitimate interest in operating our website (Art. 6 (1) (f) GDPR).

Performance cookies
Performance cookies collect data about the use of our website, for instance which pages are most frequently visited and how visitors move about on the website. They are intended to help us improve the user-friendliness of the website and your experience as a user. The data collected from the use of performance cookies are aggregated and cannot as a rule be allocated to any specific natural person. If in individual cases data processed using performance cookies allow you to be identified as a specific natural person, your consent as a user is the legal basis for the processing of your personal data (Art. 6 (1) (a) GDPR).

Functional cookies
Functional cookies enable a website to store an input or selection made by you, such as your user name, language preference or the geographical region in which you are located; and to offer you as a user improved and more personal features. They are also used to enable requested features such as the playing of videos. If in individual cases data processed using functional cookies allow you to be identified as a specific natural person, your consent as a user is the legal basis for the processing of your personal data (Art. 6 (1) (a) GDPR).

Marketing cookies
Marketing cookies are used to enable the display of tips advertising third party websites that may be more relevant to you and your interests. They are also used to limit the frequency with which an advertisement is displayed and to measure and steer the effectiveness of advertising campaigns. The legal basis for the processing of any data that may be related to you as an identifiable natural person using marketing cookies is your consent as a user (Art. 6 (1) (a) GDPR).

7. When will my data be erased?

We erase your IP address and the name of your Internet service provider, which we store purely for security reasons, after seven days. Otherwise. we erase your personal data once they are no longer required for the purpose for which we collected and processed them. Your personal data will only be stored beyond this period if this is required under the laws, regulations and other legislation to which we are subject (for instance a statutory period of safekeeping).

8. What tools do you use?

Google reCAPTCHA
We use the reCAPTCHA feature by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (Google) on our website. This feature is mainly used to distinguish whether an input is being made by a natural person or fraudulently by machine or automated processing. This service includes the transmission to Google of the IP address and any other data needed by Google for the reCAPTCHA feature, and under Art. 6 (1) (f) GDPR is on the basis of our legitimate interest in establishing that individuals are acting in their own responsibility on the Internet and in preventing misuse, fraud and spam. The use of Google reCAPTCHA may also involve the transmission of personal data to the servers of Google LLC. in the USA. For further information about Google reCAPTCHA and Google’s privacy policy, please go to https://www.google.com/intl/de/policies/privacy/

Google Maps
We also use Google Maps by Google on our website. Google Maps is a web service for displaying interactive maps for a visual display of geographical information. If you use this service, our location will be displayed for you with details of how to reach us by road or public transport. As soon as you access the sub-pages in which the Google Maps map is embedded, information about your use of our website, such as your IP address, will be transmitted to Google servers and stored there, and may also be transmitted to servers of Google LLC in the USA. This will happen regardless of whether or not Google provides a user account from which you are logged in or a user account exists. If you are logged into Google, your data will be directly attributed to your account. If you do not wish your data to be attributed to your Google profile, you must log out before activating the button. Google will store and analyse your data (even if you are not logged in as a user) as a user profile. Google collects, stores and analyses your data under Art. 6 (1) (f) GDPR on the basis of its legitimate interest in inserting personalised advertising, in market research and/or in the design of Google websites to meet the needs of users. You have the right to object to the formation of these user profiles, but must contact Google if you wish to exercise this right. If you do not consent to the future transmission of your data to Google within the framework of your use of Google Maps, you may also deactivate the Google Maps web service completely by switching off the JavaScript application in your browser’s settings. You will then not be able to use Google Maps or the map display on this website.

You can find Google’s terms of use here: https://www.google.de/intl/de/policies/terms/regional.html
The additional terms of use for Google Maps are at: https://www.google.com/intl/de_US/help/terms_maps.html
Full information on data privacy in connection with the use of Google Maps is on Google’s Internet site (Google Privacy Policy): https://www.google.de/intl/de/policies/privacy/

Web analysis
Our website uses Matomo, a web analysis service by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. Matomo installs cookies on your end device to enable us to analyse your use of our website. The information collected in this way is stored solely on our server (in-house-hosting). This prevents any transmission of your data to third parties.

For this purpose, a cookie is installed on the user’s end device, enabling us to keep track of activities and, for instance, identify return visits. Your IP address is automatically abbreviated (IP masking) so that you are no longer individually identifiable. The information that is analysed includes your approximate geographical location, your end device, your monitor resolution, your browser and the sites you have visited including how long you spent there.

We use Matomo to analyse the use of our website and its individual features and offerings and to enable us constantly to improve your user experience. The statistical analysis of user behaviour enables us to make constant improvements in the features and services we offer.

If we obtain your consent as a user, your personal data are processed on the legal basis of Art. 6 (1) (a) GDPR. You may withdraw the consent you have given at any time with future effect. To withdraw your consent, all you need to do is deactivate this service in the Cookie Consent Tool that is provided on the website. Otherwise, it is based on Art. 6 (1) (f) GDPR. Our legitimate interest is in the optimisation of our website, the improvement of the services and features we offer and online marketing.

You may prevent this analysis by deleting existing cookies and deactivating the placing of cookies in your browser’s settings. You can find more information on data privacy in Matumo’s privacy policy at https://matomo.org/privacy-policy/.

Vimeo
On our website we use videos for various requirements, such as spreading information. For technical reasons, these videos are not hosted on our own server. We use the services of the external provider Vimeo (Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA). Using this plug-in enables us to display video material of interest to you direct on our website.

When you open a page in our web presence that contains such a plug-in, your browser creates a direct link with the Vimeo servers. The content of the plug-in is transmitted direct to your browser by Vimeo and embedded in the page. This embedding informs Vimeo that your browser has opened the relevant page in our web presence, even if you do not have a Vimeo account or are not currently logged into Vimeo. This information (including your IP address) is transmitted direct by your browser to a Vimeo server in the USA, where it is stored. If you are logged into Vimeo, Vimeo can attribute your visit to our website directly to your Vimeo account. If you interact with the plug-ins, for instance by clicking on the start button of a video, this information, too, will be directly transmitted to a Vimeo server, where it will be stored. As a protective measure, we fundamentally lock Vimeo videos into the Do Not Track option, so that only minimal personal data are transmitted to Vimeo. Regarding the use of data in connection with the use of videos (for instance type of browser and end device) we refer you to the provider’s data privacy policy. The provider is the controller responsible for the relevant data processing. You can find Vimeo’s privacy policy at https://vimeo.com/privacy

To the extent that we obtain your consent as user, your personal data are processed on the legal basis of Art. 6 (1) (a) GDPR. You may withdraw the consent you have given at any time with future effect. . To withdraw your consent, all you need to do is deactivate this service in the Cookie Consent Tool that is provided on the website. Otherwise, it is based on Art. 6 (1) (f) GDPR. Our legitimate interest is in a technically stable website and the spreading of information.

9. Social Media Plug-ins

Our website uses the Share feature of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. If you are logged into your LinkedIn user account and click on the LinkedIn Share button, you will be transferred in a separate browser window to your user account. A direct link is created between your browser and the LinkedIn server via the plug-in. This informs LinkedIn that you have visited our website using your IP address. This also enables LinkedIn to attribute your visit to our website to you and to your user account. We wish to point out that we have no knowledge of the content of the transmitted (personal) data or of how LinkedIn uses them. If you need further information, please refer to the LinkedIn privacy policy at https://www.linkedin.com/legal/privacy-policy. We use the social plug-in of the LinkedIn social network to extend awareness of our company. The legal basis for this is Art. 6 (1) (f) GDPR. The commercial motivation behind this is a legitimate interest within the meaning of the GDPR. Each respective provider is responsible for guaranteeing that it operates in compliance with relevant data protection legislation.

 

10. Newsletter

If you subscribe to our newsletter, we need you to provide us with your email address. Other data may be provided voluntarily. Unless you consent to your data being used for purposes beyond this, the data you provide will be used solely for sending you our newsletter. To send you our newsletter we use the service provider CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany. The legal basis for the processing of your personal data is your consent, which you give us by subscribing to the newsletter (Art. 6 (1) (a) GDPR). You may unsubscribe the newsletter at any time using the unsubscribe link provided in the newsletter.
Möchten Sie von Ihrem Widerrufs- oder Widerspruchsrecht Gebrauch machen, genügt eine E-Mail an uns.

11. Contacting us

Personal data are collected when you contact us, for instance using a contact form or by email. The data collected when using a contact form can be seen in the form itself. These data are stored and used solely for the purpose of responding to your message or for contacting you and for the associated technical management. The legal basis for the processing of these data is our legitimate interest in accordance with Art. 6 (1) (f) GDPR in responding to your message. If you contact us with a view to entering into a contract with us, the additional legal basis for processing your data is Art. 6 (1) (b) GDPR. Your data will be erased once the processing of your enquiry has been completed. This is deemed to be the case if it is clear from the relevant circumstances that the matter in question has been fully dealt with and if erasure of your data is not prevented by statutory safe-keeping obligations.

12. Will my data be transmitted to recipients outside the EU?

We fundamentally work with service providers based within the EU. If in exceptional cases personal data are transmitted to recipients outside the EU and processed there, we fundamentally ensure by means of appropriate measures that an appropriate level of data protection is achieved that is as comparable as possible with European data protection legislation.

13. Online meetings and online seminars

We use various tools for holding telephone and video conferences, online meetings or online seminars (together referred to here as Online Meetings). For online seminars we use the edudip tool, a service provided by edudip GmbH, Jülicher Strasse 306, 52070 Aachen, Germany (the Provider). Various kinds of data are processed when Online Meeting software is used. The scope of the data depends on the details you provide as data before or during your participation in an Online Meeting. The following personal data are processed:

Details of the user
Forename, surname, telephone number (optional), email address, password (if Single Sign On is not being used), profile photo (optional), department (optional)
Meeting-metadata
Subject, description (optional), participants‘-IP addresses, device/hardware information
For recordings (optional)
MP4 files of all video, audio and presentation recordings, M4A files of all audio recordings, text file of the Online Meeting chat.
For dialling in by telephone
Details of telephone numbers for incoming and outgoing calls, country name, start and end times. Other connection data may be stored as required, such as the IP address of the device.
Text, audio and video data
You may be able to use the chat, question or survey features in an Online Meeting. If so, the text you input will be processed for display in the Online Meeting and, if necessary, for the record. To enable the display of video and the playback of audio, the relevant data from the microphone in your end device and any video camera in your end device will be processed during the Online Meeting. You may at any time switch off the camera or put the microphone on mute using their applications..

If we wish to record Online Meetings, we will notify you if this transparently beforehand and – if necessary – ask for your consent. The fact that recording is taking place will also be displayed for you in the app. If necessary for the purpose of making a record of the outcome of an Online Meeting, we will make a record of the content of chats. For webinars, we may also process the questions asked by webinar participants for the purpose of recording and post-production of the webinar. If personal data are processed by our staff when Online Meetings are held, the legal basis for the processing of data is Section 26 of the Federal Data Protection Act (BDSG). Otherwise, the legal basis for the processing of data from Online Meetings is Art. 6 (1) (b) GDPR, if such Meetings are held within the scope of contractual relationships. Where no contractual or pre-contractual relationship exists, the legal basis is Art. 6 (1) (f) GDPR. We have an interest in the effective holding of Online Meetings. Personal data processed in connection with participation in Online Meetings will fundamentally not be transmitted to third parties unless they are intended to be so transmitted. Please note that content from Online Meetings as well as from in-person meetings and conferences are frequently used to communicate information with customers, prospective customers and third parties, which means that they are intended for transmission. If necessary, the Provider will be informed of the data mentioned above if this is stipulated as part of our order processing contract with the order processor.

14. Data protection in the application process

We collect and process applicants’ personal data for the purpose of processing their applications. The data may also be processed electronically. If we sign an employment contract with an applicant, the data that have been transmitted for the purpose of processing the application will be stored, subject to statutory provisions. The legal basis for this is Art. 6 (1) (b) GDPR in conjunction with Section 26 (1) BDSG. If the controller responsible for processing does not sign an employment contract with the applicant, the application documents are erased six months after the announcement of the rejection decision, unless the controller responsible for processing has other legitimate interests preventing erasure. These other legitimate interests might for example include a duty to provide evidence in proceedings under the German General Equal Treatment Act (AGG).

 

15. Will my data be used for automated decision-making?

As a company aware of our responsibilities, we do not use automated decision-making or profiling.

 

 

16. Data security measures

During your visit to our website we use the widespread SSL (Secure Socket Layer) process for encryption. Otherwise, we use appropriate technical and organisational security measures to protect data against chance or intentional manipulation, loss, destruction and unauthorised third party access. Our security measures are constantly updated and improved as the technology develops.

 

 

 

17. What are my rights and who should I contact?

As a subject of data processing (data subject), you have the right to information (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (“the right to be forgotten“) (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), data portability (Art. 20 GDPR), to object (Art. 21 GDPR) and the right to withdraw any consent you have given under data privacy law for the processing of your data.

Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6 (1) GDPR. If you lodge an objection, we as the controller will no longer process the personal data concerning you, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Right to withdraw consent
You have the right to withdraw at any time any consent you have given under data privacy law for the processing of your data with effect for the future. Withdrawal of consent will not affect the lawfulness of processing up to the time you withdraw your consent. Nor will any continued processing on a different legal basis be affected, for instance for the fulfilment of legal obligations.

Please if possible address any claims and declarations to the following contact address: info@beoberlin.de. If you believe that the processing of your personal data breaches statutory provisions, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR).

 

 

 

 

Last amended inFebruary 2021.

Menu