Our website can generally be used without providing personal data. If you want to use certain services via our website, processing of your personal data may be necessary.
The processing of your personal data is always carried out in accordance with the General Data Protection Regulation (GDPR) and the country-specific data protection regulations that apply to us.
We have taken appropriate technical and organizational measures in accordance with Article 32 of the GDPR to ensure an appropriate level of protection. We have also set up procedures to ensure that your rights are exercised, that data is deleted and that we respond to a threat to data. We have already taken the protection of your personal data into account when developing and selecting the hardware and software used. We hereby comply with the principle of data protection through technology design/through data protection-friendly default settings, Art. 25 GDPR. Our security measures include, in particular, the encrypted transmission (SSL encryption) of data between your browser and our server.
I. Definitions
To make our data protection declaration easier to understand, we would first like to explain to you some of the terms used. For the purposes of this privacy policy, the term:
1) “personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); An identifiable natural person is a natural person who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more special features that express the physical , physiological, genetic, psychological, economic, cultural or social identity of that natural person;
2) "Processing" means any operation or series of operations carried out with or without the aid of automated procedures in connection with personal data, such as the collection, recording, organization, structuring, storage, adaptation or modification, reading, retrieving, using, disclosing by transmission, dissemination or any other form of provision, matching or combination, restriction, deletion or destruction;
3) "Restriction of processing" means the marking of stored personal data with the aim of restricting their future processing;
4) "Profiling" means any type of automated processing of personal data, which consists in using these personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to analyze or predict that natural person's work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;
5) "Pseudonymization" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data is not assigned to an identified or identifiable natural person;
6) “Controller” means the natural or legal person, public authority, institution or other body which, alone or jointly with others, decides on the purposes and means of processing personal data; If the purposes and means of this processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law
7) “Processor” means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller;
8) “Recipient” means a natural or legal person, public authority, agency or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, public authorities which may receive personal data in the context of a specific investigative task under Union or Member State law shall not be deemed to be recipients; the processing of these data by the said authorities will be carried out in accordance with the applicable data protection rules in accordance with the purposes of the processing;
9) “Third party” means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or the processor to process personal data;
10) “Consent” of the data subject means any voluntary, informed and unambiguous expression of will in the specific case in the form of a statement or other clear confirmatory act by which the data subject indicates that he or she agrees to the processing of personal data concerning them;
11) “personal data breach” means a breach of security that, whether accidental or unlawful, results in the destruction, loss, alteration, or unauthorized disclosure of or access to personal data, that have been transmitted, stored or otherwise processed.
II. Responsible person
The person responsible within the meaning of the General Data Protection Regulation as well as the data protection laws applicable in the member states of the European Union and other data protection regulations is:
mivita e.K.
Mr Alois Ried
Leinfeld 2
87755 Kirchhaslach
Telephone: +49 (0) 8333 946 17 67
Mail: info@mivita.care
III. Cookies
Our website uses cookies. Cookies are small text files that are stored and stored on a computer system via an Internet browser.
Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string through which websites and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows the websites and servers visited to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified via the unique cookie ID.
By using cookies, we can provide you with more user-friendly services that would not be possible without the cookie setting.
Using a cookie, the information and offers on our website can be optimized for the user. As already mentioned, cookies enable us to recognize the users of our website. The purpose of this recognition is to make it easier for you to use our websites. For example, the user of a website that uses cookies does not have to re-enter their access data each time they visit the website because this is done by the website and the cookie stored on the user's computer system.
The data processed by cookies is necessary for the purposes mentioned to protect our legitimate interests in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR.
You can prevent the setting of cookies through our website at any time by adjusting the appropriate settings on the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If you deactivate the setting of cookies in the Internet browser you use, not all functions of our website may be fully usable.
IV. Data and information that is stored when you visit our website
Every time you visit our website, general data and information is recorded that is stored in the server's log files.
The following data/information may be collected:
- the browser types and versions used - the operating system used, - the website from which you access our website - the sub-sites, which are accessed on our website - the date and time of access to our website, - your IP address - your Internet service provider - other similar data and information that serves to avert danger in the event of attacks on our IT systems .
We need this information in order to be able to accurately provide the content of our website. to ensure the long-term functionality of our IT system and to be able to provide the authorities with the information necessary for criminal prosecution in the event of a cyber attack. This is also our legitimate interest within the legal basis for processing this data in accordance with Article 6 Paragraph 1 Letter f of the GDPR. When using this general data and information, we do not draw any conclusions about the data subject. We store the anonymous data from the server log files separately from all personal data. V. Contacting us electronically
Due to the regulations of the Telemedia Act (TMG), we are obliged to provide a general email address in the imprint of our website, which you can use to contact us by email. You also have the option of contacting us using the contact forms on our website. You can use the contact forms to make inquiries about the products or our business or apply to us as a consultant. The personal data you send to us via email or our contact forms will be automatically stored for the purposes of processing or contacting you.
By sending your message, you consent to the processing of the transmitted data. Processing is carried out on the basis of Article 6 Paragraph 1 Letter a GDPR with your consent. You can revoke your consent at any time by notifying us, without this affecting the lawfulness of the processing carried out based on your consent before its revocation. We only use your email address to process your request. Your data will then be deleted unless you have consented to further processing and use.
VI. Legal basis for processing
If we obtain your consent for a specific processing purpose, Art. 6 I lit. a GDPR serves as the legal basis for the processing operation.
If the processing of personal data is necessary to fulfill a contract, the processing is based on Art. 6 I lit. b GDPR. This also applies to processing operations that are necessary to carry out pre-contractual measures, such as inquiries about our products or other services.
If we are subject to a legal obligation that requires the processing of personal data, such as to fulfill tax obligations, the legal basis for the processing is Art. 6 I lit. c GDPR.
If the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, the processing would be based on Art. 6 I lit. d GDPR.
Ultimately, Art. 6 I lit. f GDPR can be the legal basis for a processing operation. This is the case if the processing operation is not covered by any of the aforementioned legal bases and the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is to carry out our business activities for the benefit of the well-being of our employees/shareholders.
VII. Legal or contractual regulations for the provision of personal data
The provision of personal data is partly required by law (e.g. tax regulations) and can also result from contractual regulations (e.g. information about the contractual partner). If you want to conclude a contract with us, it is necessary that you provide us with personal data, which will subsequently be processed by us. Failure to provide personal data would mean that we would not be able to conclude a contract with you.
VIII. Routine deletion/blocking of personal data
We only process and store personal data for the period necessary to achieve the storage purpose or if this is required by the European legislator or another legislator in laws or regulations was provided. If the storage purpose no longer applies or if a storage period prescribed by the European legislator or another responsible legislator expires, the personal data will be blocked or deleted routinely and in accordance with legal regulations.
After the respective statutory retention period has expired, the relevant data will be routinely deleted unless it is no longer required to fulfill the contract or initiate a contract. According to the legal requirements in Germany, storage takes place in particular for 10 years in accordance with Sections 147 Paragraph 1 AO, 257 Paragraph 1 Nos. 1 and 4, Paragraph 4 HGB (books, records, management reports, accounting documents, trading books, more relevant for taxation). documents, etc.) and 6 years in accordance with Section 257 Paragraph 1 Nos. 2 and 3, Paragraph 4 HGB (commercial letters).
IX. Your rights
1) Right to confirmation and information
You have the right to request confirmation from us as to whether the relevant personal data is being processed. If you would like to exercise legal rights, you can contact us at any time.
You also have the right to receive free information from us about the personal data stored about you and a copy of this information. You are also entitled to information about the following information:
- the processing purposes - the categories of personal data that are processed - the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular recipients in Third countries or international organizations - if possible, the planned period for which the personal data will be stored or, if this is not possible, the criteria for determining that period - the existence of a right to rectification or deletion of the personal data concerning them or to restriction of processing by the controller or a right to object to this processing - the existence of a right to lodge a complaint with a supervisory authority - if the personal data are not collected from the data subject: all available information about the origin of the data - the existence of automated decision-making including profiling in accordance with Article 22 Para. 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject
You also have the right to information about: whether personal data has been transferred to a third country or to an international organization. If this is the case, you also have the right to receive information about the appropriate guarantees in connection with the transmission.
If you would like to exercise this right to information, you can contact us at any time.
2) Right to rectification
You have the right to request the immediate correction of incorrect personal data concerning you. You also have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data - including by means of a supplementary declaration.
If you would like to exercise this right to correction, you can contact us at any time.
3) Right to deletion (“Right to be forgotten”)
You have the right to request that the personal data concerning you be deleted immediately, if one of the following reasons applies and to the extent that the processing is not necessary:
- The personal data were collected or otherwise processed for purposes for which they are no longer necessary; - You revoke your consent on which the processing was based in accordance with Article 6 Paragraph 1 Letter a GDPR or Article 9 Paragraph 2 Letter a GDPR and there is no other legal basis for the processing; - You object to the processing in accordance with Art. 21 Para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 Para. 2 GDPR; - The personal data was processed unlawfully; - The deletion of personal data is necessary to comply with a legal obligation under Union or Member State law to which we are subject. - The personal data was collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR.
If one of the reasons mentioned above applies and you would like to have personal data stored by us deleted, you can contact us at any time. We will ensure that the deletion request is complied with immediately.
If the personal data has been made public by us and we as the person responsible are obliged to delete the personal data in accordance with Article 17 Para. 1 GDPR, we will take appropriate measures, including technical ones, taking into account the available technology and the implementation costs to inform other data controllers who process the published personal data that you have requested that these other data controllers delete all links to this personal data or copies or replications of this personal data, to the extent that the processing is not required. We will take the necessary steps in individual cases.
4) Right to restriction of processing
You have the right to request that we restrict processing if one of the following conditions is met:
- The The accuracy of the personal data is contested by you for a period enabling us to verify the accuracy of the personal data; - The processing is unlawful, you refuse the deletion of the personal data and instead request the restriction of the use of the personal data; - We no longer need the personal data for the purposes of processing, but you need it to establish, exercise or defend legal claims; - You have lodged an objection to the processing in accordance with Article 21 Para. 1 GDPR and it is not yet clear whether our legitimate reasons outweigh yours.
If one of the above conditions is met and you would like to request the restriction of personal data stored by us, you can contact us at any time. We will arrange for the processing to be restricted.
5) Right to data portability
You have the right to receive from us the personal data concerning you, which you have provided, in a structured, common and machine-readable format . You also have the right to transmit this data to another person responsible without hindrance from us, provided that the processing is based on consent in accordance with Art. 6 Para. 1 Letter a GDPR or Art. 9 Para. 2 Letter a GDPR or on a contract in accordance with Art 6 Paragraph 1 Letter b GDPR and the processing is carried out using automated procedures, unless the processing is necessary for the performance of a task that is in the public interest or in the exercise of official authority vested in us.
Furthermore, when exercising your right to data portability in accordance with Art. 20 Para. 1 GDPR, you have the right to have the personal data transmitted directly from us to another person responsible, to the extent that this is technically feasible and provided this does not affect the rights and freedoms of other people.
To assert your right to data portability, you can contact us at any time.
6) Right to object
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you based on Art 6 Paragraph 1 Letters e or f GDPR to lodge an objection. This also applies to profiling based on these provisions.
In the event of an objection, we will no longer process the personal data unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If we process personal data in order to conduct direct advertising, you have the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling insofar as it is connected to such direct advertising. If you object to the processing for direct advertising purposes, we will no longer process the personal data for these purposes.
In addition, you have the right, for reasons arising from your particular situation, to object to the processing of personal data concerning you that is carried out by us for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 DSGVO to lodge an objection, unless such processing is necessary to fulfill a task in the public interest.
To exercise your right to object, you can contact us. In connection with the use of information society services, notwithstanding Directive 2002/58/EC, you are free to exercise your right to object using automated procedures using technical specifications.
7) Automated decisions in individual cases, including profiling
You have the right not to be subject to a decision based solely on automated processing - including profiling - which has legal effects against you or similar way, unless the decision is necessary for the conclusion or performance of a contract between you and us or is permitted by Union or Member State law to which we are subject and such law takes appropriate measures to safeguard your rights and freedoms included or with your express consent.
If the decision is necessary for the conclusion or performance of a contract between you and us or if it is made with your express consent, we will take appropriate measures to protect your rights and freedoms as well as your legitimate interests, including at least this Right to obtain human intervention on the part of the person responsible, to express one's own point of view and to challenge the decision.
If you would like to assert your rights with regard to automated decisions, you can contact us at any time.
8) Right to revoke your data protection consent
You have the right to revoke your consent to the processing of personal data at any time. If you would like to exercise your right to revoke your consent, you can contact us at any time.
9) Right to complain to the supervisory authority
According to Art. 77 GDPR, you have the right to complain to the supervisory authority if you are of the opinion that the processing of your personal data is not taking place lawfully.
X. Collaboration with processors/third parties
If, as part of our data processing, we disclose your data to other people/companies, transmit it to them or grant them access to your data, this is done exclusively on the basis of legal permission, your consent, a legal obligation or based on our legitimate interests. If third parties have been or will be commissioned by us to process data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.
XI. Transfers to third countries
If we process data in a third country or this occurs as part of the use of third-party services, this will only take place if it is necessary to fulfill our (pre-)contractual obligations, based on your consent legal obligation or based on our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if the special requirements of Art. 44 ff. GDPR are met. Accordingly, processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
XII. Integration of third-party services and content
Based on our legitimate interests within the meaning of Article 6 Paragraph 1 Letter f of the GDPR, we use offers from third-party providers on our website in order to be able to integrate their content. The providers of this content receive knowledge of your IP address, since without knowledge of the IP address the content cannot be transmitted to your browser. We strive to only use third-party content where your IP address is used exclusively to deliver the content. There is still the possibility that third parties use so-called “pixel tags” - these are invisible graphics also known as “web beacons” - for statistical or marketing purposes. “Pixel tags” can evaluate information such as visitor traffic on our website.
Below we give you an overview of the third-party offers we use, along with links to their data protection declarations:
External fonts from Google, LLC., https://www.google.com/ fonts (“Google Fonts”). The integration of Google Fonts occurs through a server call at Google (usually in the USA). The data protection declaration can be found here: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated
Videos from the “YouTube” platform of the third-party provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. The data protection declaration can be found here: https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated
As of: October 5, 2018