Privacy Policy

Unsere aktuelle Datenschutzerklärung kannst du hier einsehen.
A. General

I. Information on the collection of personal data

1. name and address of the responsible person

2. name and address of our data protection officer

3. name and address of the data protection supervisory authority responsible for us      

4. general information on data processing        

4.1 Scope of the processing of personal data

4.2 Legal basis for the processing of personal data

4.3 Period of data storage

4.4 Use of cookies

4.4.1 What kind of cookies do we use?  

4.4.1.1 Necessary cookies        

4.4.1.2 Performance cookies    

4.4.1.3 Functional cookies        

4.4.1.4 Advertising/Tracking Cookies    

4.4.2 Why do we use cookies?  

4.4.2.1 Technically necessary cookies  

4.4.2.2 Analysis and marketing cookies

4.4.3 Legal basis for the use of cookies

4.4.4 Cookie consent tool          

4.4.5 Obtaining Consent via the CURE App (Letter C.)  

4.4.6 How can I disable or remove cookies?      

4.4.7 Duration of storage, possibility of objection and elimination

5. use of our contact form and e-mail contact and support chat.

5.1 Functionality and scope of data processing

5.1.1 Contact form on the Internet pages          

5.1.2 Email contact and support chat    

5.2 Legal basis for data processing

5.3 Purpose of the data processing      

5.4 Duration of storage

5.5 Possibility of objection and elimination

6. data processing by third parties        

6.1 Commissioned data processing      

6.2 Requirements for the transfer of personal data to third countries

6.2.1 General  

6.2.2 Data transmission to the USA      

6.3 Legal obligation to transmit certain data

7. your rights    

7.1 Summary

7.2 Your rights in detail

7.2.1 Right to information          

7.2.2 Right to rectification          

7.2.3 Right to restrict processing          

7.2.4 Right to deletion  

7.2.4.1 Obligation to delete        

7.2.4.2 Information to third parties        

7.2.4.3 Exceptions        

7.2.5 Right to information          

7.2.6 Right to data portability    

7.2.7 Right of objection

7.2.8 Right to revoke the declaration of consent under data protection law        

7.2.9 Automated decision in individual cases including profiling  

7.2.10 Right to complain to a supervisory authority        

II. Objection or revocation against the processing of your data

1. revocability of consent13

2. indication of the possibility to object to data processing in case of balancing of interests          

3. notice of the possibility to object to direct marketing

III. data security

B. Processing of personal data when visiting our Internet pages (www.getcure.app)

I. SSL or TLS encryption

II. creation of log files

1. legal basis for data processing

2. purpose of data processing

3. duration of storage

4. possibility of objection and removal

III. Use of our newsletter

1. functionality and scope

2. registration by Double Opt.In

4. legal basis for data processing

5. purpose of data processing

6. receiver

7. duration of storage

8. possibility of objection and elimination

IV. Special technologies

1. analysis, tracking, marketing  

1.1 Google Analytics    

1.1.1 Nature and purpose of processing

1.1.2 Legal basis; revocation of consent

1.2 Google Global Site Tag      

1.3 Google Tag Manager          

1.4 Google Firebase    

1.5 Facebook Pixel      

1.6 Facebook Custom Audiences          

1.7 TikTok Pixel            

2. Social plugins          

2.1 Twitter plugin          

2.2 Facebook plugin    

2.3 Instagram plugin    

2.4 LinkedIn plugin      

2. linking on Instagram, Twitter, LinkedIn, Facebook      

3. cloud services; ContentDeliveryNetworks; website optimization; other

3.1 Webflow    

3.2 Fastly CDN

3.3 jQuery        

3.4 Cloudflare  

3.5 Amazon Cloudfront

3.6 jsDelivr CDN          

3.7 HubSpot    

3.8 Typeform    

3.9 Applications

C. Processing of personal data when using the CURE app

I. The collection of personal data concerning you

1. the data collected during the download        

2. data collected when using the CURE app

3. orders via the CURE app

3.1 General

3.2 Storage duration    

II. special technologies

1. use of the payment service provider Adyen

1.1 Payment with credit card    

1.2 Payment by direct debit (SEPA)      

2. google firebase        

3. facebook pixel          

4. zendesk live chat      

5. social sign-in buttons

1.         Facebook        

D. Our social media presences

I. Platforms

1.Facebook      

2. instagram    

3. twitter          

4.LinkedIn        

II. nature and scope of data processing

A. General

 

I. Information on the collection of personal data

 

1. name and address of the responsible person

We, the CURE Group GmbH, Pariser Platz 6a, D-10117Berlin; represented by its managing directors Manuel Aberle, Ali El-Ali; registered in the Commercial Register of the Charlottenburg District Court under the registration number: HRB237437B; e-mail: hello@getcure.app; web: www.getcure.app (hereinafter referred to as "We" and"CURE"), responsible parties within the meaning of the European DataProtection Regulation ("GDPR") and other provisions of data protection law, inform you, the user, about the processing of personal data when using our internet pages accessible at www.getcure.app("Internet pages" - letter B.) as well as the ordering application"CURE" for mobile operating systems iOS and Android operated by us(hereinafter referred to as "CURE App" - letter C.), through which the user can select medicinal products, medical devices and other goods customary in pharmacies (hereinafter collectively referred to as "goods"and "pharmacy assortment") from pharmacies that (also) offer their assortment through the CURE App (hereinafter referred to as "ParticipatingPharmacy(ies)"), have the Participating Pharmacies receive corresponding offers for the conclusion of purchase contracts from us and order from us on behalf of the Participating Pharmacy either to the address (which may differ from your billing address) specified by you and exclusively in the FederalRepublic of Germany or to the address of the Participating Pharmacy. (which may differ from your billing address) exclusively in the Federal Republic ofGermany (hereinafter referred to as the "Delivery Address") in the delivery area of one of the Participating Pharmacies (hereinafter referred to collectively as the "Delivery Area") or collect the goods in person from the Participating Pharmacy proposed to you and selected by you.

 

2. name and address of our data protection officer

Our data protection officer within the meaning of Art. 4 (7) of the EU General Data ProtectionRegulation is: DataCo GmbH, Thomas Regier, you can reach him by email at: behoerdenmeldung@dataguard.de or by phone at: 089-740045840 or at our postal address with the addition "the data protection officer".

 

3. name and address of the data protection supervisory authority responsible for us

The data protection supervisory authority responsible for us is: Berliner Beauttragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, D-10969 Berlin, visitor entrance: Puttkamerstr. 16-18, Tel.: +49 3013889-0, Fax: +49 30 2155050, E-Mail: mailbox@datenschutz-berlin.de

 

4. general information on data processing

Below you will find general information on the processing of personal data by us. Personal data is all data that can be related to the data subject, e.g.name, address, location data, IP address, device identifier, SIM card number, address as well as e-mail address, fingerprint, images, movies, audio recordings, but also your user behavior.

 

4.1 Scope of the processing of personal data

As a matter of principle, we collect and use personal data only insofar as this is necessary for the provision of functional websites and the CURE app as well as for the provision of our services. The collection and use of personal data regularly only takes place after your consent. An exception applies in those cases where it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by legal regulations.

 

4.2 Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) sentence 1 lit. aDSGVO serves as the legal basis for the processing of personal data. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) p. 1 lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. Insofar as processing of personal data is necessary for compliance with a legal obligation to which we are subject, Art. 6 (1) p. 1 lit. c DSGVO serves as the legal basis. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) p. 1 lit. d DSGVO serves as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest,Art. 6 (1) p. 1 lit. f DSGVO serves as the legal basis for the processing.

 

4.3 Data storage period

We delete your personal data as soon as they are no longer required for the purposes for which we collected or used them according to the. As a rule, we store your personal data for the duration of the usage or contractual relationship for the use of the websites or the CURE app. In principle, your data is only stored on our servers in Germany, subject to any transfer that may take place in accordance with the regulations in letter A.I.6. However, storage may take place beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings. Contract processors used by us(letter A.I.6.1) will store your data on their system for as long as it is necessary in connection with the provision of the service for us in accordance with the respective order. Legal requirements for the storage and deletion of personal data remain unaffected by the above (e.g. §257 of the German Commercial Code ("HGB") or § 147 of the GermanFiscal Code ("AO"). If the storage period prescribed by the statutory provisions expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.

 

4.4 Use of cookies

We use cookies when operating our websites and the CURE app. Cookies and similar technologies are very small text documents or pieces of code that often contain a unique identification code. When you visit a website or use a mobile app, a computer asks your computer or mobile device for permission to store this file on your computer or mobile device and access information. Information collected through cookies and similar technologies may include the date and time of your visit and how you use a particular website or mobile application.

 

4.4.1 What kind of cookies do we use?

 

4.4.1.1 Necessary cookies

These cookies are necessary for our web pages and the CURE app to function properly. Some of the following actions can be performed with these cookies. - Save items in a shopping cart for online purchases - Save your cookie settings for this website - Save language settings - Sign in for your customer account. We need to verify that you are logged in.

 

4.4.1.2 Performance cookies

These cookies are used to collect statistical information about the use of our websites and the CURE app, also called analytics cookies. We use this data to improve performance and optimize websites.

 

4.4.1.3 Functional cookies

These cookies enable more functionality for our website visitors and CURE app users. These cookies may be set by our third-party service providers or our own websites or the CURE app. The following functionalities may or may not be enabled if you accept this category: - Live chat services - Watch online videos - Social media sharing buttons - Sign in with social media in the CURE app.

 

4.4.1.4 Advertising/Tracking Cookies

These cookies are set by external advertising partners and are used for profiling and data tracking across multiple websites. If you accept these cookies, we can display our ads on other websites based on your user profile and preferences. These cookies also store data about how many visitors have seen or clicked on our ads in order to optimize advertising campaigns.

 

4.4.2 Why do we use cookies?

Cookies ensure that you stay logged into the CURE app, all items in your shopping cart remain saved, you can shop safely, and our websites continue to run smoothly. Cookies also ensure that we can see how our websites and the CURE app are used and how we can improve them. In addition, depending on your preferences, our own cookies may be used to present you with targeted advertising that matches your personal interests.

 

4.4.2.1 Technically necessary cookies

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our websites and the CURE app cannot be offered without the use of cookies. We require cookies for the following applications:

 

- Shopping Cart

-Marking search terms

-Session

-PLZ input / geodata

 

The user data collected through technically necessary cookies are not used to create user profiles. See also cookie policy of  www.cookieFirst.com.

 

4.4.2.2 Analysis and marketing cookies

Analytics and marketing cookies are used to improve the quality of our website and the CURE app and its content. Through analysis and marketing cookies, we learn how our offers are used and can thus constantly optimize them. These purposes are also our legitimate interest in processing the personal data according to Art. 6 para. 1 p. 1 lit. f DSGVO.

 

4.4.3 Legal basis for the use of cookies

The legal basis for the processing of personal data using technically necessary cookies is our legitimate interest Art. 6 para. 1p. 1 lit. f DSGVO. Any use of cookies that is not strictly technically necessary constitutes data processing that is only permitted with your explicit and active consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO. This applies in particular to the use of advertising/tracking cookies. In addition, we will only share your personal data processed through cookies with third parties if you have given your explicit consent to do so in accordance with Art. 6 (1) p.1 lit. a DSGVO.

 

4.4.4 Cookie consent tool

Our website uses the cookie consent tool from CookieFirst.com, CookieFirst by Digital Data Solutions B.V., Plantage Middenlaan 42a, 1018 DH Amsterdam, to obtain effective user consent for cookies and cookie-based applications that require consent. Through its integration, users are shown a banner when they access the page, in which consent for certain cookies and/or cookie-based applications and/or cookie categories can be given by ticking the box. The tool blocks the setting of all cookies requiring consent until the respective user grants the corresponding consent by setting a check mark. This ensures that such cookies are only set on your respective end device if you have given your consent. In order for the cookie consent tool to be able to clearly assign page views to individual users and to individually record, log and store the consent settings you have made for a session duration, certain user information (including the IP address) is collected when our Internet pages are called up by the cookie consent tool, transmitted to servers of the provider of the cookie consent tool and stored there. This data processing is carried out in accordance with Art. 6 (1) p. 1lit. f DSGVO on the basis of our legitimate interest in a legally compliant, user-specific and user-friendly consent management for cookies and thus in alegally compliant design of our internet pages. Further legal basis for the described data processing is Art. 6 para. 1 p. 1 lit. c DSGVO. As the responsible party, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.Further information on the use of data by the provider of the cookie consent tool can be found in its privacy policy, available at: https://cookiefirst.com/legal/privacy-policy/ andhttps://cookiefirst.com/legal/cookie-declaration/.

 

4.4.5 Obtaining Consent via the CURE App (Letter C.)

When using the CURE app, consent to data processing operations requiring consent is obtained via corresponding prompts within the app or through the operating system of your mobile device.

 

4.4.6 How can I disable or remove cookies?

You can choose to accept all but the necessary cookies. In the settings of the browser of your terminal device or the system settings of the operating system of your mobile terminal device or the CURE app settings, you can change the settings so that certain cookies/technologies are blocked. However, if you block the cookies/technologies, you may not be able to use all the technical features of our websites or the CURE app and this may have a negative impact on your user experience.

 

4.4.7 Duration of storage, possibility of objection and elimination

Cookies are stored on the user's terminal device and transmitted from it to our site. By changing the settings in your internet browser or the settings of your mobile device, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our Internet pages or the CURE app, it may no longer be possible to use all functions of the Internet pages or the CURE app in full.

 

5. use of our contact form and e-mail contact and support chat.

 

5.1 Functionality and scope of data processing

 

5.1.1 Contact form on the Internetpages

Our website contains a contact form that can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored. These data are:

 

-               First name, last name, name pharmacy, phone number, city pharmacy

-               Email

-               Driving license possession

-               Upload application documents

-               Communication

 

At the time of sending the message via contact form, email and support chat, the following data is also stored:

 

- The IP address of the user

- Date and time of the request

-Browser type

 

5.1.2 Email contact and support chat

Alternatively, it is possible to contact us via the email address provided or via support chat (CURE app only). In this case, the personal data of the user transmitted with the e-mail or in the chat will be stored. In this context, no disclosure of the data to third parties is pursued.The data is used exclusively for processing the conversation.

 

5.2 Legal basis for data processing

The legal basis for the processing of the personal data provided to us in the context of your contact is our legitimate interest within the meaning of Art. Art. 6 para. 1 lit. f DSGVO in the processing of your request. If the contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

 

5.3 Purpose of the data processing

The processing of the personal data transmitted to us in the context of your contact serves us solely to process the contact. This also constitutes the necessary legitimate interest in processing the data, cf.above. The other personal data processed during the sending process serve to prevent misuse of the communication channels we offer you and to ensure the security of our information technology systems.

 

5.4 Duration of storage

Subject to statutory retention obligations, the data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail/support chat, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of fourteen (14) days at the latest.

 

5.5 Possibility of objection and elimination

If the user contacts us, he can object to the storage of his personal data at any time; both under our contact details listed above.In such a case, the conversation cannot be continued.  All personal data stored in the course of contacting us will be deleted in this case.

 

6. data processing by third parties

 

6.1 Commissioned data processing

It may happen that commissioned service providers are used for individual functions of our websites or the CURE app. As with any larger company, we also use external domestic and foreign service providers(e.g. for the areas of IT, logistics, telecommunications, sales and marketing)to process our business transactions. These service providers only act on our instructions and have been appointed in accordance with iSv. Art. 28 DSGVO, they are contractually obligated to comply with the provisions of data protection law.

The following categories of recipients, which are usually processors, may receive access to your personal data:

 

service providers foro peration of our websites and the CURE app and the processing ofdata stored or transmitted by the systems (e.g. for data center services, payment processing, IT security) The legal basis for the transfer is then Art. 6 Abs. 1 S. 1 lit. b or lit. f DSGVO, as far as it does not concern order processors;

 

Government agencies/authorities, insofar as this is necessary to fulfill a legal obligation The legal basis for the disclosure is then Art. 6 Abs. 1 S. 1 lit. c DSGVO;

 

Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures) The legal basis for the disclosure is then Art. 6 Abs. 1 S. 1 lit. b or lit. f DSGVO.

 

In addition, we will only disclose your personal data to third parties if you have given your consent in accordance with Art. 6 Abs. 1 S. 1 lit. a DSGVO you have given your express consent to this. If personal data from you is passed on by us to our subsidiaries or is passed on to us by our subsidiaries (e.g. for advertising purposes), this is done on the basis of existing order processing relationships.

 

6.2 Requirements for the transfer of personal data to third countries

 

6.2.1 General

In the course of our business relationships, your personal data may be transferred or disclosed to third party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing takes place exclusively for the fulfillment of contractual and business obligations and to maintain your business relationship with us. We will inform you about the respective details of the transfer in the following at the relevant points.

 

Some third countries are certified by the EuropeanCommission as having a level of data protection comparable to the EEA standard through so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html).However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible through binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct. Please contact our data protection officer (see A.I.2) if you would like more information on this.

 

6.2.2 Data transmission to the USA

On our websites and for the CURE app, we use analysisand advertising tools from companies with (headquarters) in the USA (e.g.Google). When these tools are active, your personal data may be transferred tothe US servers. We would like to point out that the USA is not a safe thirdcountry in the sense of EU data protection law. US companies are obliged tohand over personal data to security authorities without you as a data subjectbeing able to take legal action against this. It can therefore not be ruled outthat US authorities (e.g. intelligence services) process, evaluate andpermanently store your data located on US servers for monitoring purposes. Wehave no influence on these processing activities.

 

6.3 Legal obligation to transmit certain data

We may be subject to a specific legal or statutory obligation to provide the lawfully processed personal data to third parties, in particular public bodies (Art. 6 Abs. 1 S. 1 lit. c DS-GVO).

 

7. your rights

 

7.1 Summary

You have the following rights with respect to us regarding personal data concerning you:

 

-               Right to information,

-               Right to rectification or deletion,

-               Right to restriction of processing,

-               Right to object to processing,

-               Right to data portability.

-                

You also have the right to complain to a data protection supervisory authority about our processing of your personal data.

 

7.2 Your rights in detail

If personal data is processed by you, you are a data subject within the meaning of the GDPR and you have the following rights against us:

 

7.2.1 Right to information

You may request confirmation from us as to whether personal data concerning you is being processed by us.  If there is such processing, you can request information from us about the following:

 

(1)the purposes for which the personal data are processed

(2)the categories of personal data which are processed

(3)the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed

(4)the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage duration

(5)the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by us or a right to object to such processing

(6)the existence of a right of appeal to a supervisory authority

(7)any available information on the origin of the data, if the personal data are not collected from the data subject

(8)the existence of automated decision-making, including profiling, pursuant to Article 22(1)and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject

 

You have the right to request information about whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 DSGVO in connection with the transfer.

 

7.2.2 Right to rectification

You have a right to rectification and/or completionvis-à-vis us, insofar as the processed personal data concerning you are inaccurate or incomplete. We shall carry out the correction without undue delay.

 

7.2.3 Right to restrict processing

Under the following conditions, you may request the restriction of the processing of personal data concerning you:

 

(1)if you dispute the accuracy of the personal data concerning you for a period of time that allows us to verify the accuracy of the personal data

(2)the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data

(3)we no longer need the personal data for the purposes of processing, but you need them for the assertion, exercise or defense of legal claims, or

(4)if you have objected to the processing pursuant to Art. 21 (1)DSGVO and it has not yet been determined whether our legitimate grounds override your grounds

 

If the processing of personal data relating to you has been restricted, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.

 

7.2.4 Right to deletion

 

7.2.4.1 Obligation to delete

You may request that we delete the personal data concerning you without undue delay, and we are obliged to delete such data without undue delay if one of the following reasons applies:

 

(1)The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed

(2)You revoke your consent on which the processing was based pursuant to Art. 6 (1) a or Art.9 (2) a DSGVO and there is no other legal basis for the processing

(3)You object to the processing pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) DSGVO

(4)The personal data concerning you have been processed unlawfully

(5)The erasure of personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject

(6)The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8(1) DSGVO

 

7.2.4.2 Information to third parties

If we have made the personal data concerning you public and we are obliged to erase it pursuant to Article 17(1) of the GDPR, we shall take reasonable steps, including technical measures, to inform data controllers processing the personal data that you, as the data subject, have requested erasure of all links to or copies or replications of such personal data, taking into account the available technology and the cost of implementation.

 

7.2.4.3 Exceptions

The right to erasure does not exist insofar as the processing is necessary to

 

(1)to exercise the right to freedom of expression and information

(2)for compliance with a legal obligation which requires processing under Union orMember State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

(3)for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and(i) and Art. 9(3) DSGVO

(4)for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or

(5)to assert, exercise or defend legal claims

 

7.2.5 Right to information

If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right against us to be informed about these recipients.

 

7.2.6 Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, to whom the personal data was provided, provided that

 

(1)the processing is based on consent pursuant to Art. 6 para. 1 lit. a DSGVO or Art.9 para. 2 lit. a DSGVO or on a contract pursuant to Art. 6 para. 1 lit. b DSGVO and

(2)the processing is carried out with the aid of automated procedures

 

In exercising this right, you also have the right to have the personal data concerning you transferred directly from and to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this. The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

 

7.2.7 Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 (1) (e) or (f)DSGVO; this also applies to profiling based on these provisions.

 

We will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims. If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

 

7.2.8 Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

 

7.2.9 Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

 

(1)is necessary for the conclusion or performance of a contract between you and us

(2)is permitted by legislation of the Union or the Member States to which we are subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests; or

(3)is done with your express consent

 

However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unlessArticle 9(2)(a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests. With regard to the cases mentioned in (1) and (3), we take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on our part, to express your point of view and to contest the decision.

 

7.2.10 Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

 

II. Objection or revocation against theprocessing of your data

 

1. revocability of consent

If you have given your consent to the processing of your data, you may revoke this consent at any time. Such revocation affects the permissibility of processing your personal data after you have expressed it to us.

 

2. indication of the possibility to object to the data processing in case of balancing of interests

Insofar as we base the processing of your personal data on the balance of interests, you can object to the processing. This is the case if the processing is not necessary, in particular, for the performance of a contract with you, which is shown by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adjust the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.

 

3. notice of the possibility to object to direct marketing

Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your advertising objection under the following contact details:

 

CURE GroupGmbH, Pariser Platz 6a, D-10117Berlin; phone: 089-740045840; e-mail: hello@getcure.app.

 

III. data security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties, taking into account the state of the art, implementation costs and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments. We will be happy to provide you with more detailed information on request. Please contact our data protection officer (A.I.2.).

B. Processing of personal data whenvisiting our Internet pages (www.getcure.app)

 

I. SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator, our website uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to"https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

 

II. creation of log files

During the mere informational use of our Internet pages, i.e. when you do not transmit any information to us, our system automatically collects data and information from the computer system of the calling end device. The following data is collected:

 

-               Internet Protocol address (IP address)

-               Time and date of the respective access

-               Time zone difference from Greenwich MeanTime (GMT)

-               The specific page accessed

-               Access status / Hypertext TransferProtocol (http)

-               Amount of data that was transferred in each case

-               Website from which our website is accessed(referrer URL)

-               Internet browser used (incl. language and version)

-               Operating system used

 

The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.

 

1. legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 p. 1 lit. f DSGVO.

 

2. purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 p. 1lit. f DSGVO.

 

3. duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the online store, this is the case when the respective session has ended.  In the case of storage of data in log files, this is the case after seven (7) days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

 

4. possibility of objection and removal

The collection of data for the provision of the internet pages and the storage of the data in log files is absolutely necessary for the operation of the internet pages. Consequently, you do not have the option to object.

 

III. Use of our newsletter

1. functionality and scope

On our website you have the possibility to register for our free newsletter. When registering for the newsletter, the following data is transmitted to us from the input mask:

 

- Email address

- City

 

In addition, the following data is collected during registration:

 

-               IP address of the calling computer

-               Date and time of registration

 

The only mandatory data for sending our newsletter is your e-mail address. The provision of further, separately marked data is voluntary and will be used to address you personally.

 

If you order via the CURE app, the email address you provide as part of the order may be used by us to send you our newsletter. In such a case, only direct advertising for our own similar services is sent via the newsletter. There is no disclosure of data third parties in connection with the data processing for the dispatch of newsletters. The data will be used exclusively for sending the newsletter.

 

2. registration by Double Opt.In

 

For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after your registration we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within [24 hours], your information will be blocked and automatically deleted after one (1) month. In addition, we store your respective IP addresses used and times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

 

4. legal basis for data processing

The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 p. 1 lit. a DSGVO if the user has given his consent. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG. The legal basis for the use of contract processors for newsletter dispatch is Art. 6para. 1 p. 1 lit. f) in conjunction with Art. DSGVO or standard contractual clauses (in case of transfer to third countries).

 

5. purpose of data processing

The collection of the user's e-mail address serves to deliver the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.

 

6. receiver

Recipients of the data are our order processors, if applicable.

 

7. duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the user's e-mail address is stored for as long as the subscription to the newsletter is active. The other personal data collected during the registration process is usually deleted after a period of seven (7) days.

 

8. possibility of objection and elimination

The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, a corresponding link can be found in each newsletter.

 

We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files that are stored in our online store. For the evaluations, we link the above-mentioned data and the web beacons with your e-mail address and an individual ID. [OPTIONAL: Links received in the newsletter also contain this ID] [EITHER:] The data is collected exclusively pseudonymously, i.e. theIDs are not linked to your other personal data, a direct personal reference is excluded. [OR:] With the data obtained in this way, we create a user profile to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletters, which links you click on in them and infer your personal interests from this.We link this data to actions taken by you in the online store. [END of alternatives]. You can object to this tracking at anytime by clicking on the separate link provided in each email or by informing us via another contact method. The information will be stored for as long as you are subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously. [OPTIONAL:Furthermore, such tracking is not possible if you have deactivated the display of images by default in your e-mail program. In this case, the newsletter will not be fully displayed to you and you may not be able to use all the features.If you display the images manually, the above tracking will occur].

 

IV. Special technologies

 

1. Analysis, Tracking, Marketing

 

1.1 Google Analytics

 

1.1.1 Nature and purpose of processing

If you have given your consent, Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View,CA 94043 USA (hereinafter referred to as "Google"), is used on our website. Google Analytics uses cookies that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of these web pages is usually transmitted to aGoogle server in the USA and stored there. However, due to the activation of IP anonymization on these Internet pages, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The data sent by us and linked to cookies, userIDs (e.g. user ID) or advertising IDs are automatically deleted after 14months. The deletion of data whose retention period has been reached takes place automatically once a month.

 

These web pages use Google Analytics with the extension "anonymize IP". This means that IP addresses are processed in abbreviated form, which means that personal references can be ruled out. Insofar as the data collected about you is related to a person, this is therefore immediately excluded and the personal data is thus immediately deleted.  You can find more information about Google Analytics at:

 

http://www.google.com/analytics/terms/de.html (Terms of use), http://www.google.com/intl/de/analytics/learn/privacy.html (Overview of data protection:)

http://www.google.de/intl/de/policies/privacy(Privacy Policy).

 

1.1.2 Legal basis; revocation of consent

We have a legitimate interest in the use of thesefunctionalities to make our website more user-friendly. The legal basis for theprocessing of your data in this respect is Art. 6 para. 1 p. 1 lit. f DSGVO. Incase of your consen , theprocessing is based on Art. 6 para. 1 p. 1 lit. a DSGVO and Section 25 para. 1TTDSG, insofar as the consent includes the storage of cookies or access toinformation in the user's terminal device (e.g. device fingerprinting) asdefined by the TTDSG. You can revoke the consent at any time. You can alsoprevent tracking by Google Analytics on our website by clicking on this link[5] [6] . This willistall an opt-out cookie on your device. This will prevent the collection byGoogle Analytics for this website and for this browser in the future, as longas the cookie remains installed in your browser. You can also prevent thestorage of cookies by selecting the appropriate settings on your browsersoftware; however, please note that in this case you may not be able to use thefull functionality of this website. You can also prevent the collection of datageneraed by the cookie and related to your use of the website (including yourIP address) to Google and the processing of this data by Google by downloand installing the browser plugin available at the following link: Browser Add On to disable GoogleAnalytics.[7] [8] Furthermore, you can deactivate Google Analytics at any time using the cookie-consents tool.

 

1.2 Google Global Site Tag

We use Google Analytics including "Google GlobalSite Tag" from Google. We use this to determine information about the use of our offers across different end devices (so-called "cross-device tracking"). For this purpose, we store a unique ID on the user's end device, from which a pseudonymous profile of the user is created with information from the use of the various end devices. In this respect, we have alegitimate interest in the use of Google Global Site Tag to optimize our website and our advertising.  We have alegitimate interest in the use of these functionalities in order to make our web pages more user-friendly. The legal basis for the processing of your data in this respect is Art. 6 para. 1 p. 1 lit. f DSGVO. In case of your consent, the processing is based on Art. 6 para. 1 p. 1 lit. a DSGVO and Section 25para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time with effect for the future. You can also object to the collection and storage of data at anytime in the settings of your Google customer account.

 

1.3 Google Tag Manager

On our websites, we use the Google Tag Manager fromGoogle. Google Tag Manager is a solution that allows marketers to managewebsite tags through one interface. The Tag Manager tool itself (whichimplements the tags) is a cookie-less domain and does not collect any personaldata. The tool takes care of triggering other tags, which in turn may collectdata. Google Tag Manager does not access this data. If a deactivation has beenmade at the domain or cookie level, this remains in place for all tracking tagsimplemented with Google Tag Manager. The legal basis for the processing of yourdata is Art. 6 para. 1 p. 1 lit. f DSGVO. You can obtain further informationfrom Google at the link: http://www.google.de/tagmanager/use-policy.html. Click here to be excludedfrom collection via Google Tag Manager.[9] [10] 

 

1.4 Google Firebase

We on (also) on our Internet pages GoogleFirebase ("Firebase") from Google with various functionalities."Firebase Analytics" thereby enables the analysis of the use of ouroffer. Thus, completely anonymized information about the use of our website iscollected and transmitted to Google and stored there. Google uses theadvertising ID of the end device for this purpose. Google will use theaforementioned information to evaluate the use of our internet pages and toprovide us with further services related to the use of our internet pages.  You canrestrict the use of the advertising ID in the device settings. [11] [12] Furthermore,we use Firebase Remote Config, which allows us to perform A/B tests andcustomize the behavior and appearance of our web pages, Personal data is notstored.  You can object to the use ofFirebase at any time by sending an email to_________[13] [14] [15] [16] 

 

1.5 Facebook Pixel

We use the so-called "Facebook pixel" of thesocial network Facebook, 1601 South California Avenue, Palo Alto, CA 94304,USA, on our website. So-called tracking pixels are integrated on our website.When you visit our website, the tracking pixel establishes a direct connectionbetween your browser and the Facebook server. Facebook thereby receives, amongother things, the information from your browser that our page was called upfrom your end device. If you are a Facebook user, Facebook can assign yourvisit to our website to your user account. We would like to point out that we,as the provider of the Internet pages, have no knowledge of the content of thetransmitted data or its use by Facebook. We can only select which segments ofFacebook users (such as age, interests) should be displayed our advertising. Bycallingup the pixel from your browser, Facebook can also see whether aFacebook ad was successful, e.g. led to an online purchase. This allows us torecord the effectiveness of the Facebook ads for statistical and marketresearch purposes. We have a legitimate interest in usingthese functionalities to make our websites more user-friendly. The legal basisfor the processing of your data in this respect is Art. 6 para. 1 p. 1 lit. fDSGVO. In case of your consent[21] , the processing is based on Art. 6 para. 1 p. 1 lit. a DSGVO and Section 25 para. 1TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time with effect for the future. You can also click the following link if you do not want data to be collected via the Facebook pixel: https://www.facebook.com/settings?tab=ads#_=_.Alternatively, you can deactivate the Facebook Pixel on the page of the DigitalAdvertising Alliance under the following link: http://www.aboutads.info/choices/.[22] [23] 

 

1.6 Facebook Custom Audiences 

We use Facebook's "Custom Audiences" remarketing function on our websites. This enables interest-based advertisements ("Facebook ads") to be displayed to users of the website when they visit the Facebook social network or other websites that also use this method. In this way, we pursue the interest of displaying advertisements that are of interest to you in order to make our Internet pages more interesting for you. Due to the marketing tools used, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our state of knowledge:Through the integration of Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding Internet page of our website, or clicked on an ad from us. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that the provider will learn and store your IP address and other identifiers.Deactivation of the "Facebook Custom Audiences" function is available for logged-in users at https://www.facebook.com/settings/?tab=ads#_möglich.  We have a legitimate interest in the use of these functionalities in order to make our websites more user-friendly. The legal basis for the processing of your data in this respect is Art. 6 para. 1p. 1 lit. f DSGVO. In case of your consent, the processing is based on Art. 6para. 1 p. 1 lit. a DSGVO and Section 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time with effect for the future.

 

1.7 TikTok Pixel

We use the so-called TikTok Pixel on our Internetpages. The TikTok Pixel is an advertising tool provided by TikTok TechnologyLimited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and TikTokInformation Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH,United Kingdom (collectively "TikTok"). The TikTok Pixel is aJavaScript code snippet that allows us to understand and track visitors'activity on our websites. For this purpose, the Tiktok Pixel collects andprocesses information about visitors to our websites or the devices they use(so-called event data). The event data collected via the TikTok Pixel is usedfor targeting our advertisements and for improving ad delivery and personalizedadvertising. For this purpose, the event data collected on our websites bymeans of the TikTok Pixel is used. Some of this event data is informationstored in the device you are using. In addition, the TikTok Pixel also usescookies to store information on the device you are using. We have a legitimateinterest in the use of these functionalities in order to make our Internetpages more user-friendly. The legal basis for the processing of your data inthis respect is Art. 6 para. 1 p. 1 lit. f DSGVO. In case of your consent[26] [27] [28] , theprocessing is based on Art. 6 para. 1 p. 1 lit. a DSGVO and Section 25 para. 1TTDSG, insofar as the consent includes the storage of cookies or access toinformation in the user's terminal device (e.g. device fingerprinting) withinthe meaning of the TTDSG. The consent can be revoked at any time with effectfor the future. The collection and transmission of the Event Data is carried outby us and TikTok as jointly responsible parties. We have entered into aprocessing agreement with TikTok as joint controllers, which sets out thedistribution of data protection obligations between us and TikTok. In thisagreement, we and TikTok have agreed, among other things, that we arerespoible for providing you with all information pursuant to Art. 13, 14 GDPRabout the joint processing of personal data; that TikTok is responsible forenabling the rights of data subjects pursuant to Art. 15 to 20 GDPR withrespect to personal data stored by Facebook Ireland after the joint processing.You can access the agreement concluded between us and TikTok athttps://ads.tiktok.com/i18n/official/article?aid=300871706948451871. TikTok isthe sole controller of the processing of the transmitted Event Data followingthe transmission. For more information about how TikTok processes personaldata, including the legal basis on which TikTok relies and how you can exerciseyour rights against TikTok, please see TikTok's Data Policy athttps://www.tiktok.com/legal/privacy-policy?lang=de-DE.

 

2. social plugins

 

2.1 Twitterplugin

Functions of the Twitter service are integrated on ourInternet pages. These functions are offered by Twitter International Company,One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. By usingTwitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. In the process, data is also transferred to Twitter. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter. For more information, please refer to Twitter's privacy policy at: https://twitter.com/de/privacy.The use of the Twitter plugin is based on Art. 6 para. 1 p. 1 lit. f DSGVO. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6para. 1 p. 1 lit. a DSGVO and 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device(e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time with effect for the future. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.You can change your privacy settings on Twitter in the account settings athttps://twitter.com/account/settings.

Source: eRecht24.de

 

2.2 Facebook plugin

Plugins of the social network Facebook are integrated on our website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2,Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries. You can recognize the Facebook plugins by the Facebook logo or the "Like button" ("Like") on this website. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/?locale=de_DE.When you visit these web pages, a direct connection is established between your browser and the Facebook server via the plugin. Facebook thereby receives the information that you have visited these Internet pages with your IP address. If you click the Facebook "Like" button while you are logged into yourFacebook account, you can link the content of these Internet pages on yourFacebook profile. This allows Facebook to associate the visit to these Internet pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. For more information, please refer to Facebook's privacy policy at: https://de-de.facebook.com/privacy/explanation.If you do not want Facebook to be able to associate your visit to these webpages with your Facebook user account, please log out of your Facebook user account. The use of Facebook plugins is based on Art. 6 para. 1 p. 1 lit. fDSGVO. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art.6 para. 1 p. 1 lit. a DSGVO and Section 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time with effect for the future. Insofar as personal data is collected on our websites with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 GrandCanal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our websites. Facebook is responsible for the data security of the Facebook products. You can assert data subject rights (e.g. requests for information)regarding the data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum,

https://de-de.facebook.com/help/566994660333381und

https://www.facebook.com/policy.php.

Source: eRecht24.de

 

2.3 Instagram plugin

Functions of the Instagram service are integrated on our website. These functions are offered by Meta Platforms Ireland Limited, 4Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. If you are logged into your Instagram account, you can link the content of this website to yourInstagram profile by clicking on the Instagram button. This allows Instagram to associate the visit of these web pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram. The storage and analysis of the data is based on Art. 6 para. 1 p. 1 lit. f DSGVO. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 p. 1 lit. a DSGVO andSection 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time with effect for the future. Insofar as personal data is collected on our websites with the help of the tool described here and forwarded to Facebook orInstagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, GrandCanal Harbour, Dublin 2, Ireland are jointly responsible for this data processing(Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook or Instagram. The processing by Facebook or Instagram that takes place after the forwarding isnot part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum.According to this agreement, we are responsible for providing the privacy information when using the Facebook or Instagram tool and for theprivacy-secure implementation of the tool on our websites. Facebook is responsible for the data security of the Facebook or Instagram products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:

https://www.facebook.com/legal/EU_data_transfer_addendum,

https://help.instagram.com/519522125107875 und

https://de-de.facebook.com/help/566994660333381.

For more information, please see Instagram's privacypolicy:

https://instagram.com/about/legal/privacy/.

Source: eRecht24.de

 

2.4 LinkedIn plugin

Functions of the LinkedIn service are integrated on our Internet pages. These functions are offered by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.If you are logged into your LinkedIn account, you can link the content of these web pages to your LinkedIn profile by clicking on the LinkedIn button. This allows LinkedIn to associate the visit of these web pages with your user account. We would like to point out that we, as the provider of the Internet pages, have no knowledge of the content of the transmitted data or its use byLinkedIn. The storage and analysis of the data is based on Art. 6 para. 1 p. 1lit. f DSGVO. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art.6 para. 1 p. 1 lit. a DSGVO and Section 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time with effect for the future. Further information on this can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.Data transfer to the USA is based on the standard contractual clauses of the EUCommission. Details can be found here: https://de.linkedin.com/legal/l/dpa

 

2. Linking on Instagram, Twitter,LinkedIn, Facebook

On our websites, we advertise our presence on the social networks listed below. The integration takes place via a linked graphic of the respective network. The use of this linked graphic prevents a connection to the respective server of the social network from being automatically established when a website with a social media advertisement is called up in order to display a graphic of the respective network itself. Only by clicking on the corresponding graphic will the user be redirected to the service of the respective social network. After the user has been forwarded, information about the user is collected by the respective network. It cannot be ruled out here that processing of the data collected in this way takes place in the USA. This is initially data such as IP address, date, time and page visited. If the user is logged into his user account of the respective network during this time, the network operator may be able to assign the collected information of the specific visit of the user to the personal account of the user. If the user interacts via a "Share" button of the respective network, this information can be stored in the user's personal user account and may be published. If the user wants to prevent the collected information from being directly assigned to his user account, he must log out before clicking on the graphic. In addition, it is possible to configure the respective user account accordingly. We have included on our Internet pages by linking:

Twitter of Twitter International Company, OneCumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, Privacy Policy: https://twitter.com/privacy;  

Facebook and Instagram of Meta Platforms IrelandLimited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, PrivacyPolicy Facebook: https://www.facebook.com/policy.php,Privacy Policy Instagram: https://instagram.com/about/legal/privacy/;

 

LinkedIn of LinkedIn Ireland Unlimited Company, WiltonPlace, Dublin 2, Ireland https://www.linkedin.com/legal/privacy-policy

 

3. cloud services; ContentDeliveryNetworks; website optimization; other

 

3.1 Webflow

We host ourInternet pages at Webflow. The provider is Webflow, Inc., 398 11th Street, 2ndFloor, San Francisco, CA 94103, USA. When you visit our websites, Webflow collects various log files including your IP addresses. Webflow is a tool for creating and hosting websites. Webflow stores cookies or other recognition technologies that are necessary for the presentation of the Internet pages to provide certain Internet page functions and to ensure security (necessary cookies). For details, see Webflow's privacy policy: https://webflow.com/legal/eu-privacy-policy.The use of Webflow is based on Art. 6 para. 1 p.1 lit. f DSGVO. We have alegitimate interest in the most reliable presentation of our Internet pages.Data transfer to the USA is based on the standard contractual clauses of the EUCommission. Details can be found here: https://webflow.com/legal/eu-privacy-policy.We have concluded a contract on order processing (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensuresthat this provider only processes the personal data of our website visitors inaccordance with our instructions and in compliance with the DSGVO. Source:www.eRecht24.de

 

3.2 Fastly CDN 

We use the content delivery network (CDN) Fastly to deliver content. The Fastly CDN is operated by Fastly Inc, General Counsel 475 Brannan St, Suite 300 San Francisco, CA 94107. The Fastly CDN makes content from our Internet pages available on various servers distributed around the world. This shortens the loading time of the Internet pages, achieves greater reliability and increased protection against data loss. The content embedded on these Internet pages, such as images and videos, is retrieved from Fastly CDN when the page is called up. Through this retrieval, information about your use of our Internet pages may be transmitted to servers of Fastly in other EU countries and stored there. When transferring data to the USA or another third country outside the EU that does not have a level of data protection equivalent to the GDPR, we conclude standard contractual clauses with CDN Fastly and, if necessary, take other necessary measures to ensure an adequate level of data protection. Data processing by CDN Fastly already occurs when using the webpages with the corresponding content. The use of Fastly Web Services and theCDN Fastly is in the interest of higher reliability, increased protection against data loss and better loading speed of our Internet pages. This represents our legitimate interest within the meaning of Art. 6 para. 1 p. 1lit. f DSGVO. The privacy policy of fastly is available at:https://www.fastly.com/de/privacy/

 

3.3 jQuery

We use the javascript library "jQuery". To increase the loading speed of our webpages and thus provide you with a better user experience, we use Google's CDN(content delivery network) to load this library. Chances are that you have already used jQuery on another page from Google CDN. In that case, your browser can access the cached copy and it doesn't need to be downloaded again. If your browser does not have a cached copy or for some other reason downloads the file from the Google CDN, again data is transferred from your browser to Google. The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. fDSGVO. Information of the third party provider: Google Dublin, Google IrelandLtd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.User conditions: http://www.google.com/analytics/terms/de.html, Overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the data protection declaration: http://www.google.de/intl/de/policies/privacy.

 

3.4 Cloudflare

We use functions of the CloudFlare content delivery network of CloudFlare GermanyGmbH, Rosental 7, 80331 Munich, Germany on our Internet pages. A ContentDelivery Network (CDN) is a network of regionally distributed servers connectedvia the Internet that is used to deliver content - especially large media files such as videos. CloudFlare provides web optimization and security services that we use to improve the load times of our website and to protect it from misuse.When you visit our website, a connection is established to CloudFlare's servers in order to retrieve content, for example. Personal data can be stored and evaluated in server log files, especially the activity of the user (in particular, which pages have been visited) and device and browser information(in particular, the IP address and operating system). Further information on the collection and storage of data by CloudFlare can be found here:https://www.cloudflare.com/de-de/privacypolicy/. The use of Cloud Flare's functions serves to deliver and accelerate online applications and content. The collection of this data is based on Art. 6 para. 1 p. 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimization of its websites - for this purpose, the serverlog files must be collected. Your personal information will be stored for as long as necessary to fulfill the purposes described in this privacy policy or as required by law. Information on objection and removal options vis-à-visCloudFlare can be found at: https://www.cloudflare.com/de-de/privacypolicy/.

 

3.5 Amazon Cloudfront

We also use the CDN Cloudfront on our websites. This is a service of Amazon Web Services Inc, 410 Terry Avenue North, Seattle, WA98109-5210, USA. The Cloudfront CDN provides duplicates of data of a web page on different servers distributed worldwide in order to achieve a faster loading time of the web page, a higher reliability and an increased protection against data loss. Some of the images and videos embedded on these web pages areretrieved from Cloudfront CDN when the page is accessed. Through this retrieval, information about your use of our Internet pages (such as your IPaddress) is transmitted to Amazon servers in other EU countries and stored there. This happens as soon as you enter our internet pages. The use of AmazonWeb Services and the Amazon CDN Cloudfront is in the interest of greater reliability of the Internet pages, increased protection against data loss and better loading speed of these Internet pages. This constitutes a legitimate interest within the meaning of Art. 6 (1) p. 1 lit. f DSGVO. You can find out more about Amazon Web Services' data protection measures at: https://aws.amazon.com/de/data-protection/.The current privacy policy of Amazon Web Services can be found at: https://aws.amazon.com/de/privacy/.

 

3.6 jsDelivr CDN

We use the CDN of js Delivr on our internet pages. ACDN is a service with the help of which content. The processing of the users' data takes place solely in order to be able to deliver our Internet pages more quickly with the help of regionally distributed servers connected via theInternet. For this purpose, the browser you use must connect to the servers of the CDN. In this way, the CDN obtains knowledge that our website was accessed via your IP address. The use is based on our legitimate interests, i.e. interestin a safe and efficient provision, analysis and optimization of our online offer in accordance with Art. 6 para. 1 p. 1 lit. f. DSGVO. For more information, please see the privacy policy of jsDelivr: https://www.jsdelivr.com/privacy-policy-jsdelivr-net/

 

3.7 HubSpot

On our websites, we use the service of Hubspot ofHubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, telephone: +353 15187500 for various purposes. Hubspot is an integrated software solution that allows us to manage customer data and cover various aspects of our online marketing. These include: Email Marketing, Social Media Publishing &Reporting, Reporting, Contact Management (e.g. user segmentation & CRM),Landing Pages and Contact Forms.

 

We use all collected information exclusively for the optimization of our marketing measures and for contact management with you. As part of optimizing our marketing efforts, Hubspot may collect and process the following data:
- Geographic location
- Browser type
- Navigation
- Referral URL
- Performance
- Information about how often the application is used
- Mobile apps
- HubSpot
- Files viewed on site
- Domain names
- Pages
- Aggregated usage
- Operatingsystem version-Internet service provider
- IP address
- Device identifier
- Duration of visit
- Where the application was
- Operating occur
- Access times
- Clickstream
- model and version


More information about HubSpot's privacy policy "
More information from HubSpot regarding the EU Privacy Policy "More information about the cookies used by HubSpot can be found here & here.

 

We have a legitimate interest in the use of the aforementioned functionalities in order to make our website more user-friendly.In this respect, the legal basis for the processing of your data is Art. 6para. 1 p. 1 lit. f DSGVO. In case of your consent, the processing is based onArt. 6 para. 1 p. 1 lit. a DSGVO and Section 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time with effect for the future. Insofar as the management of your data serves the purpose of fulfilling a contract or initiating a contract between us, Art. 6 (1) p. 1 lit. b DSGVO is the legal basis. In the context of processing with HubSpot, data may be transmitted to the USA. The security of the transfer is secured by so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that corresponds to that of the DSGVO. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49 (1) (a) DSGVO may serve as the legal basis for the transfer to third countries. The data processing agreement that complies with the standard contractual clauses can be found athttps://legal.hubspot.com/dpa. You can learn more about the data that is processed through the use of HubSpot in the Privacy Policy athttps://legal.hubspot.com/de/privacy-policy.

 

3.8 Typeform

We use Typeform, a technology of TYPEFORM SL, C/Bac deRoda, 163 (Local), 08018 Barcelona Spain, for our contact forms (see aboveletter A.5.). This enables us to provide you with a simple means of contact.For this purpose, we share the following personal data with Typeform:

 

E-mail address

[first name]

[last name]

[Phone number]

 

Typeform is a recipient of your personal data and acts as a processor for us (Art. 28 DSGVO). In addition, Typeform collects the following personal data with the help of cookies: Information about your terminal device (IP address, device information, operating system, browser settings). Furthermore, usage data is collected such as date and time when you used the contact form. Typeform needs this data to ensure the display of the contact form and its functionality. This corresponds to Typeform's legitimate interest(according to Art. 6 para. 1 p. 1 lit. f DSGVO) and serves the execution of the contract (according to Art. 6 para. 1 lit. b DSGVO). For more information, please visit: https://help.typeform.com/hc/en-us/articles/360029581691-What-happens-to-my-data.For further information on objection and removal options vis-à-vis Typeform, please visit: https://admin.typeform.com/to/dwk6gt.We have a legitimate interest in the use of these functionalities to make our websites and the CURE app more user-friendly. The legal basis for the processing of your data in this respect is Art. 6 para. 1 p. 1 lit. f DSGVO. Incase of your consent, the processing is based on Art. 6 para. 1 p. 1 lit. aDSGVO and Section 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time with effect for the future. After termination of the contract between us and Typeform, your data will be deleted by Typeform without delay and by us subject to letters A.I.4.3 and A.I.5.4.

 

3.9 Applications

If you apply to us (e.g. as a CURE rider), we process the personal data you provide to us in the application process, such as your name, address, place of residence, age, application photo, e-mail and telephone number, professional history including schools, training, studies. If you send the data by e-mail, it is processed electronically and usually unencrypted. If, following the application process, an employment or other service contract is concluded, we will store your data for the purpose of processing the contractual relationship in compliance with the legal provisions Legal basis for the processing of your data for contract performance and pre-contractual inquiries is Art. 6 para. 1 sentence 1 lit. b DSGVO and, insofar as we are subject to a legal obligation, Art. 6 para. 1 sentence 1 lit. c DSGVO. In the case of your consent, Art. 6 para. 1 p.1 lit. a DSGVO serves as the legal basis. If an employment contract is not concluded, your data will be deleted after completion of the application process or at the latest two (2) months after its completion. This does not apply if legal provisions prevent deletion or if the continued storage of your data is necessary for the purpose of providing evidence, for example in proceedings under the General Equal Treatment Act(AGG). The application process is deemed to be completed when the rejection letter is sent to you.

C. Processing of personal datawhen using the CURE app

 

I. The collection of personal data concerning you

 

1. the data collected during the download

When you download the CURE app, certain personal data required for this purpose is transmitted to the corresponding app store (e.g.Apple App Store or Google Play). In particular, the email address, username, customer number of the downloading account, the individual device identification number, payment information and the time of the download will be transmitted to the App Store. We have no influence on the collection and processing of this data; rather, it is carried out exclusively by the App Store selected by you. Accordingly, we are not responsible for this collection and processing; the responsibility for this lies solely with the App Store.

 

2. data collected when using theCURE app

We can inevitably only provide you with the benefits of the CURE app if we collect certain personal data about you that is necessary for the operation of the app when you use it. We collect this data only if this is necessary for the performance of the contract between you and us (Art. 6 Abs. 1 S. 1 lit. b DSGVO). Furthermore, we collect this data if this is necessary for the functionality of the CURE app and your interest in the protection of your personal data does not outweigh this (Art. 6 Abs. 1 S.1 lit. f DSGVO). We collect and process the following data from you:

 

Device information Access data includes the IP address, device ID, device type, device-specific settings and CURE app settings and CURE app properties, the date and time of the retrieval, time zone the amount of data transferred and whether the data exchange was complete, CURE app crash, browser type and operating system. This access data is processed to enable the operation of theCURE app technical;

Data that you provide to us: To use the CURE app, you must create a user account with us. Youcan find more information on this in section 2 of the CURE General Terms of Use. To do this, you must provide at least your first name, last name and email address.If you order via the CURE app, we also collect and process the data mentioned in section 3.1;

Information with your consent: We process other information (e.g. GPS location data, reminders)if you allow us to do soPlease note some features of the CURE app cannot be used without sharing your GPS location;

Contact form data When using contact forms, the data transmitted thereby are processed (e.g.name and first name, e-mail address, your request, time of transmission).

 

3. orders via the CURE app

 

3.1 General

If you wish to order via the CURE APP, it is necessary for the conclusion of the contract between you and the pharmacy selected by you and supplying you ("pharmacy") that you provide your personal data, which both we as the operator of the CURE APP and the pharmacy require for the processing of your order. This also concerns, as far as relevant, the transfer of the data necessary for the processing of your order to payment service providers and, in the case of purchase on account, to credit agencies for the purpose of creditworthiness inquiries. Mandatory information necessary for the processing of contracts is marked separately, other information is voluntary.This is in addition to the data already collected during your registration:

 

●              First name, last name

●              Billing address (street, house number, postal code, city)

●              Delivery address (street, house number, postal code, city)

●              Phone number (mandatory)

 

We and the pharmacy supplying you process the data you provide to process your order. For this purpose, we may pass on your payment data to the payment service provider who collects the purchase price to be paid by you as purchaser on our behalf and pays it to the pharmacy. The legal basis for this is Art. 6 para. 1 p. 1 lit. b DSGVO. We may also process the data you provide to inform you about other interesting services of the same kind or tosend you e-mails with technical information. To prevent unauthorized access by third parties to your personal data, in particular financial and health data, the ordering process is encrypted using TLS technology.  

 

3.2 Storage duration

We store your data only as long as this is necessary for the provision of our services or we are legally obligated or entitled to store it. Letter A.I.4. applies.

 

II. special technologies

 

1. use of the payment service provider Adyen

The payment of the purchase price to the pharmacy supplying you will be processed by the payment service provider Adyen BV, Simon Carmiggelstraat 6 - 50, 1011 DJ Amsterdam, The Netherlands ("Adyen").

 

1.1 Payment with credit card

When paying by credit card (Visa/MASTER Card/AmericanExpress), the payment data you enter will be collected and stored by Adyen in accordance with Art. 6 (1) p. 1 lit. b DSGVO and only passed on to the companies involved in the payment process. With the credit card payment you accept the terms and conditions of the payment provider. A collection or storage of payment data by us does not take place in this case. When paying by credit card, the following data will be processed:

Card type(American Express, Mastercard or VISA

- Cardholder name-
Card number

- Check Validity period

 

1.2 Payment by direct debit (SEPA)

Payment by direct debit, the payment data entered willbe collected by Adyen pursuant to Art. 6 (1) p. 1 lit. b DSGVO, stored and onlypassed on to the companies involved in the payment process. With the directdebit payment, the customer accepts the terms and conditions of the paymentprovider. In this case, we do not collect or storethe payment data.[3]  Whenpaying by direct debit, the following data will be processed:

Name of the account holder

- Country

- Account number

- Bank code number

 

2. google firebase

In the CURE app, we use Google Firebase("Firebase") from Google with various functionalities. "FirebaseAnalytics" enables the analysis of the use of our offer. This captures completely anonymized information about the use of our website/CURE app and transmits it to Google, where it is stored. Google uses the advertising ID of the end device for this purpose. Google will use the aforementioned information to evaluate the use of our app and to provide us with further services associated with the use of apps. You can restrict the use of the advertising ID in the device settings (iOS: Privacy/ Advertising/ No Ad Tracking; Android:Account/ Google/ Ads). Furthermore, we use Firebase Remote Config, which allows us to run A/B tests and customize the behavior and appearance of the CURE app without having to download a new version. Personal data is not stored.  You can object to the use of Firebase at anytime by setting the slider for Anonymous Statistics accordingly under"Settings" in the app.

 

3. facebook pixel

The explanations to B.IV.5 apply accordingly to the use of Facebook Pixel in the CURE app.

 

4. zendesk live chat

We use for the CURE[5]  app theso-called Zendesk chat of the provider Zendesk, Inc, 1019 Market Street SanFrancisco, CA 94103 ("Zendesk") with the help of which the user cancommunicate with us in real time. The user will be notified if one of ourrepresentatives is currently online to provide an immediate response toquestions. When you use our live chat system, the data you provide is stored inorder to answer your questions. The data collected includes:

-               Chathistory

-               Specified name

-               IP address

-               Country of origin

-               Visited pages

-               Duration of the visit of the pages

 

Other personal information, depending on the information provided (e.g. email address, phone number). It is possible to collect contact information such as name, phone and email address to facilitate[7]  contact. Zendesk Chat uses cookies. The information generated by the cookie about the use of the CURE app (including your anonymized IP address) is transmitted to and stored on a Zendesk Chat server in the United States. The information is only visible for the moment you are on a particular page and is not stored.Conducted chats are logged and stored. By using Zendesk Chat, we can improve our offer and make it more interesting for you as a user. We have a legitimate interest in the use of these functionalities to make our offers more user-friendly. The legal basis for the processing of your data in this respect is Art. 6 para. 1 p. 1 f) DSGVO. In case of your consent, the processing isbased on Art. 6 para. 1 p. 1 a) DSGVO. You can revoke your consent at any time for the future.You can also prevent the installation of cookies by selecting the appropriate settings on your browser software; we point out that in this case, not all functions of the website can be used in full. For more information on data processing by Zendesk, please see Zendesk's privacy policy at www.zendesk.de/company/customers-partners/privacy-policy/ and the EU data protection page www.zendesk.de/company/customers-partners/eu-data-protection/.If you have any questions, you can also contact Zendesk directly atprivacy@zendesk.com.

 

5. social sign-in buttons

In the CURE app, we have included the buttons. [dependingon your setup, e.g. "Continue with Facebook" or "GoogleSign-In"]. With thesefunctions, we enable you to easily log in via your social network login. Thelegal basis for the use of the plug-ins is Art. 6 Abs. 1 S. 1 lit. aDS-GVO, i.e. the integration only takes place after your consent. The plug-inprovider stores the data collected about you as usage profiles and uses them forpurposes of advertising, market research and/or demand-oriented design of itswebsite. Such an evaluation is carried out in particular (also for users whoare not logged in) for the display of needs-based advertising and in order toinform other users of the social network about your activities in the CURE[11]  app. Youhave the right to object to the creation of these user profiles, whereby youmust contact the respective plug-in provider to exercise this right. The datatransfer takes place regardless of whether you have an account with the plug-inprovider and are logged in there. If you are logged in to the plug-in provider,the data you have collected from us will be directly assigned to your accountwith the plug-in provider and information will be exchanged that also enablesyou to log in to us. The information collected is stored on servers of theproviders, in the case of international providers also outside Europe. Forthesess, the providers have, according to their own statements, imposed a standardon themselves that corresponds to the former EU-US Privacy Shield and havepromised to comply with applicable data protection laws in the internationaltransfer of data. We have also agreed so-called standard data protectionclauses with the providers, the purpose of which is to ensure compliance withan appropriate level of data protection in the third country. The revocation ofyour consent is possible at any time without affecting the permissibility ofthe processing until the revocation. The easiest way to revoke your consent is via ourConsent Manager [12] or via thefunctions of the social media providers. For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the data protection declarations of these providers communicated below. There you will also receive further information on your rights in this regard and setting options for protecting your privacy. Addresses of the respective plug-in providers and URL of the respective privacy notices:

 

1.Facebook

operated by Meta Platforms Ireland Limited, 4 GrandCanal Square, Dublin 2, Ireland ("Facebook"). You can view theprivacy policy at https://www.facebook.com/about/privacy/update?ref=old_policy;

D. Our social media presences

 

I. Platforms

We have various presences in so-called social media platforms. We currently operate the presences with the following providers:

 

1.Facebook

operated by Meta Platforms Ireland Limited, 4 GrandCanal Square, Dublin 2, Ireland ("Facebook"). You can view the privacy policy at https://www.facebook.com/about/privacy/update?ref=old_policy;

 

2. instagram

also operated by Facebook. You can view the data protection notice at https://help.instagram.com/155833707900388;

 

3. twitter

operated by Twitter International Company, OneCumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland("Twitter"). You can view the data protection information at https://twitter.com/de/privacy and adjust your data protection settings yourself at https://twitter.com/account/settings.

 

4.LinkedIn

operated by LinkedIn Ireland Unlimited Company, WiltonPlace, Dublin 2, Ireland ("LinkedIn"). You can view the privacy policy at https://www.linkedin.com/legal/privacy-policy.

 

II. nature and scope of data processing

We use the technical platform and services of the providers for these information services. We would like to point out that you use our appearances on social media platforms and their functions on your own responsibility. This applies in particular to the use of interactive functions(e.g. commenting, sharing, rating). When you visit our websites, the providers of the social media platforms collect, among other things, your IP address and other information that is stored on your terminal device in the form of cookies. This information is used to provide us, as operators of the accounts, with statistical information about interaction with us. The data collected about you in this context is processed by the platforms and may be transferred to countries outside the European Union, in particular the USA. According to their own statements, all of the aforementioned providers maintain an adequate level of data protection equivalent to that of the former EU-US Privacy Shield and we have concluded the standard data protection clauses with the companies.The following agreements are authoritative:

 

Facebook: Facebook Terms of Use, the other terms and policies listed there at the end, and the Shared Responsibility Agreement,

 

Instagram: Instagram's Terms of Use, Instagram's DataPolicy, and, because Instagram is a Facebook offering, also the Facebook policies and agreements described above.

 

LinkedIn: LinkedIn data processing agreement.

 

Twitter: Twitter's terms and conditions and the policies referenced therein.

 

We are not aware of how the social media platforms use the data from your visit to our account and interaction with our posts for their own purposes, how long this data is stored and whether data is passed onto third parties. Data processing may differ depending on whether you are registered and logged in to the social network or visit the site as a non-registered and/or non-logged-in user. When you access a post or the account, the IP address assigned to your terminal device is transmitted to the provider of the social media platform. If you are currently logged in as a user, a cookie on your end device can be used to track how you have moved around the network.Buttons embedded in websites enable the platforms to record your visits to these website pages and assign them to your respective profile. Based on this data, content or advertising can be offered tailored to you. If you want to avoid this, you should log out or deactivate the "stay logged in"function, delete the cookies present on your device and restart your browser.

 

We, as the provider of the information service, also only process the data from your use of our service that you provide to us and that requires interaction. For example, if you ask a question that we can only answer by email, we will store your information in accordance with the general principles of our data processing, which we describe in this privacy policy.The legal basis for processing your data on the social media platform is Art. 6 Abs. 1 S. 1 lit. f DS-GVO.

 

To exercise your data subject rights, you can contact both us or the provider of the social media platform. To the extent that one party is not responsible for responding or must obtain the information from the other party, we or the provider will then forward your request to the respective partner. Please contact the operator of the social media platform directly for questions about profiling, processing of your data when using the website. For questions about the processing of your interaction with us on our site, write to the contact details provided by us above.

 

The providers describe what information the social media platform receives and how it is used in their privacy statements (see link in the table above). There you will also find information on contact options as well as on the settings options for advertisements. You can also find more information on social networks and how to protect your data atwww.youngdata.de.

 

Booth:  16.02.2022

Unsere aktuelle Datenschutzerklärung kannst du hier einsehen.

A. General 


I. Information on the collection of personal data


1. name and address of the responsible person

We, the CURE Group GmbH, Pariser Platz 6a, D-10117 Berlin; represented by its managing directors Manuel Aberle, Ali El-Ali; registered in the Commercial Register of the Charlottenburg District Court under the registration number: HRB237437B; e-mail: hello@getcure.app; web: www.getcure.app (hereinafter referred to as "We" and "CURE"), responsible parties within the meaning of the European Data Protection Regulation ("GDPR") and other provisions of data protection law, inform you, the user, about the processing of personal data when using our internet pages accessible at www.getcure.app ("Internet pages" - letter B.) as well as the ordering application "CURE" for mobile operating systems iOS and Android operated by us (hereinafter referred to as "CURE App" - letter C.), through which the user can select medicinal products, medical devices and other goods customary in pharmacies (hereinafter collectively referred to as "goods" and "pharmacy assortment") from pharmacies that (also) offer their assortment through the CURE App (hereinafter referred to as "Participating Pharmacy(ies)"), have the Participating Pharmacies receive corresponding offers for the conclusion of purchase contracts from us and order from us on behalf of the Participating Pharmacy either to the address (which may differ from your billing address) specified by you and exclusively in the Federal Republic of Germany or to the address of the Participating Pharmacy. (which may differ from your billing address) exclusively in the Federal Republic of Germany (hereinafter referred to as the "Delivery Address") in the delivery area of one of the Participating Pharmacies (hereinafter referred to collectively as the "Delivery Area") or collect the goods in person from the Participating Pharmacy suggested to you and selected by you.


2. name and address of our data protection officer 

Our data protection officer within the meaning of Art. 4 (7) of the EU General Data Protection Regulation is: DataCo GmbH, Thomas Regier, you can reach him by email at: behoerdenmeldung@dataguard.de or by phone at: 089-740045840 or at our postal address:

DataCo GmbH

Dachauer Straße 65

80335 München

Deutschland

+49 89 7400 45840

www.dataguard.de


3. name and address of the data protection supervisory authority responsible for us

The data protection supervisory authority responsible for us is: Berliner Beauttragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, D-10969 Berlin, visitor entrance: Puttkamerstr. 16-18, Tel.: +49 30 13889-0, Fax: +49 30 2155050, E-Mail: mailbox@datenschutz-berlin.de


4. general information on data processing

Below you will find general information on the processing of personal data by us.  Personal data is all data that can be related to the data subject, e.g. name, address, location data, IP address, device identifier, SIM card number, address as well as e-mail address, fingerprint, images, movies, audio recordings, but also your user behavior.


4.1 Scope of the processing of personal data

As a matter of principle, we collect and use personal data only insofar as this is necessary for the provision of functional websites and the CURE app as well as for the provision of our services. The collection and use of personal data regularly only takes place after your consent. An exception applies in those cases where it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by legal regulations. 


4.2 Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) sentence 1 lit. a DSGVO serves as the legal basis for the processing of personal data. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) p. 1 lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. Insofar as processing of personal data is necessary for compliance with a legal obligation to which we are subject, Art. 6 (1) p. 1 lit. c DSGVO serves as the legal basis. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) p. 1 lit. d DSGVO serves as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 (1) p. 1 lit. f DSGVO serves as the legal basis for the processing. 


4.3 Data storage period

We delete your personal data as soon as they are no longer required for the purposes for which we collected or used them according to the. As a rule, we store your personal data for the duration of the usage or contractual relationship for the use of the websites or the CURE app. As a rule, your data is only stored on our servers in Germany, subject to any transfer that may take place in accordance with the regulations in letter A.I.6. However, storage may take place beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings. Contract processors used by us (letter A.I.6.1) will store your data on their system for as long as it is necessary in connection with the provision of the service for us in accordance with the respective order. Legal requirements for the storage and deletion of personal data remain unaffected by the above (e.g. § 257 of the German Commercial Code ("HGB") or § 147 of the German Fiscal Code ("AO"). If the storage period prescribed by the statutory provisions expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.


4.4 Use of cookies 

We use cookies when operating our websites and the CURE app. Cookies and similar technologies are very small text documents or pieces of code that often contain a unique identification code. When you visit a website or use a mobile app, a computer asks your computer or mobile device for permission to store this file on your computer or mobile device and access information. Information collected through cookies and similar technologies may include the date and time of your visit and how you use a particular website or mobile application.


4.4.1 What kind of cookies do we use?


4.4.1.1 Necessary cookies

These cookies are necessary for our web pages and the CURE app to function properly. Some of the following actions can be performed with these cookies. - Save items in a shopping cart for online purchases - Save your cookie settings for this website - Save language settings - Sign in for your customer account. We need to verify that you are logged in.


4.4.1.2 Performance cookies

These cookies are used to collect statistical information about the use of our websites and the CURE app, also called analytics cookies. We use this data to improve performance and optimize websites.


4.4.1.3 Functional cookies

These cookies enable more functionality for our website visitors and CURE app users. These cookies may be set by our third-party service providers or our own websites or the CURE app. The following functionalities may or may not be enabled if you accept this category: - Live chat services - Watch online videos - Social media sharing buttons - Sign in with social media in the CURE app.


4.4.1.4 Advertising/Tracking Cookies

These cookies are set by external advertising partners and are used for profiling and data tracking across multiple websites. If you accept these cookies, we can display our ads on other websites based on your user profile and preferences. These cookies also store data about how many visitors have seen or clicked on our ads in order to optimize advertising campaigns.


4.4.2 Why do we use cookies?

Cookies ensure that you stay logged into the CURE app, all items in your shopping cart remain saved, you can shop safely, and our websites continue to run smoothly. The cookies also ensure that we can see how our websites and the CURE app are used and how we can improve them. In addition, depending on your preferences, our own cookies may be used to present you with targeted advertising that matches your personal interests.


4.4.2.1 Technically necessary cookies

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our websites and the CURE app cannot be offered without the use of cookies. We require cookies for the following applications:


  • Shopping cart
  • Remember search terms
  • Session
  • Zip code input / Geodata


The user data collected through technically necessary cookies are not used to create user profiles. See also cookie policy of  www.cookieFirst.com.


4.4.2.2 Analysis and marketing cookies

Analytics and marketing cookies are used to improve the quality of our website and the CURE app and its content. Through analysis and marketing cookies, we learn how our offers are used and can thus constantly optimize them. These purposes are also our legitimate interest in processing the personal data according to Art. 6 para. 1 p. 1 lit. f DSGVO.


4.4.3 Legal basis for the use of cookies

The legal basis for the processing of personal data using technically necessary cookies is our legitimate interest Art. 6 para. 1 p. 1 lit. f DSGVO. Any use of cookies that is not strictly technically necessary constitutes data processing that is only permitted with your explicit and active consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO. This applies in particular to the use of advertising/tracking cookies. Furthermore, we will only disclose your personal data processed by cookies to third parties if you have given your express consent to do so in accordance with Art. 6 (1) p. 1 lit. a DSGVO.


4.4.4 Cookie consent tool

Our website uses the cookie consent tool from CookieFirst.com, CookieFirst by Digital Data Solutions B.V., Plantage Middenlaan 42a, 1018 DH Amsterdam, to obtain effective user consent for cookies and cookie-based applications that require consent. Through its integration, users are shown a banner when they access the page, in which consent for certain cookies and/or cookie-based applications and/or cookie categories can be given by ticking the box. The tool blocks the setting of all cookies requiring consent until the respective user grants the corresponding consent by setting a check mark. This ensures that such cookies are only set on your respective end device if you have given your consent. In order for the cookie consent tool to be able to clearly assign page views to individual users and to individually record, log and store the consent settings you have made for a session duration, certain user information (including the IP address) is collected when our Internet pages are called up by the cookie consent tool, transmitted to servers of the provider of the cookie consent tool and stored there. This data processing is carried out in accordance with Art. 6 (1) p. 1 lit. f DSGVO on the basis of our legitimate interest in a legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our Internet pages. Further legal basis for the described data processing is Art. 6 para. 1 p. 1 lit. c DSGVO. As the responsible party, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent. Further information on the use of data by the provider of the cookie consent tool can be found in its privacy policy, available at: https://cookiefirst.com/legal/privacy-policy/ and https://cookiefirst.com/legal/cookie-declaration/. 


4.4.5 Obtaining Consent via the CURE App (Letter C.)

When using the CURE app, consent to data processing operations requiring consent is obtained via corresponding prompts within the app or through the operating system of your mobile device.


4.4.6 How can I disable or remove cookies?

You can choose to accept all but the necessary cookies. In the settings of the browser of your terminal device or the system settings of the operating system of your mobile terminal device or the CURE app settings, you can change the settings so that certain cookies/technologies are blocked. However, if you block the cookies/technologies, you may not be able to use all the technical features of our websites or the CURE app and this may have a negative impact on your user experience.


4.4.7 Duration of storage, possibility of objection and elimination

Cookies are stored on the user's terminal device and transmitted from it to our site. By changing the settings in your internet browser or the settings of your mobile device, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our Internet pages or the CURE app, it may no longer be possible to use all functions of the Internet pages or the CURE app in full.


5. use of our contact form and e-mail contact and support chat.


5.1 Functionality and scope of data processing


5.1.1 Contact form on the Internet pages

Our website contains a contact form that can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored. These data are:


  • First name, last name, name pharmacy, phone number, city pharmacy
  • Email
  • Driving license possession
  • Upload application documents
  • Communication


At the time of sending the message via contact form, email and support chat, the following data is also stored:


- The IP address of the user

- Date and time of the request

-Browser type


5.1.2 Email contact and support chat

Alternatively, it is possible to contact us via the email address provided or via support chat (CURE app only). In this case, the personal data of the user transmitted with the e-mail or in the chat will be stored. In this context, no disclosure of the data to third parties is pursued. The data is used exclusively for processing the conversation.


5.2 Legal basis for data processing 

The legal basis for the processing of the personal data provided to us in the context of your contact is our legitimate interest within the meaning of Art. Art. 6 para. 1 lit. f DSGVO in the processing of your request. If the contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.


5.3 Purpose of the data processing

The processing of the personal data transmitted to us in the context of your contact serves us solely to process the contact. This also constitutes the necessary legitimate interest in processing the data, cf. above. The other personal data processed during the sending process serve to prevent misuse of the communication channels we offer you and to ensure the security of our information technology systems.


5.4 Duration of storage

Subject to statutory retention obligations, the data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail/support chat, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of fourteen (14) days at the latest.


5.5 Possibility of objection and elimination

If the user contacts us, he can object to the storage of his personal data at any time; both under our contact details listed above. In such a case, the conversation cannot be continued.  All personal data stored in the course of contacting us will be deleted in this case.


6. data processing by third parties


6.1 Commissioned data processing 

It may happen that commissioned service providers are used for individual functions of our websites or the CURE app. As with any larger company, we also use external domestic and foreign service providers (e.g. for the areas of IT, logistics, telecommunications, sales and marketing) to process our business transactions. These are only active according to our instructions and have been contracted iSv. Article 28 DSGVO, they are contractually obligated to comply with the data protection provisions. 

The following categories of recipients, which are usually processors, may receive access to your personal data: 


service providers foroperation of our websites and the CURE app and the processing of data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security) legal basis for the transfer is then Art. 6 para. 1 p. 1 lit. b or lit. f DSGVO, insofar as it does not involve order processors;


Government agencies/authorities, insofar as this is necessary to fulfill a legal obligation legal basis for the disclosure is then Art. 6 para. 1 p. 1 lit. c DSGVO;


Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures) legal basis for the disclosure is then Art. 6 para. 1 sentence 1 lit. b or lit. f DSGVO.


In addition, we will only disclose your personal data to third parties if you have given your express consent to do so in accordance with Art. 6 (1) sentence 1 lit. a DSGVO. If personal data from you is passed on by us to our subsidiaries or is passed on to us by our subsidiaries (e.g. for advertising purposes), this is done on the basis of existing order processing relationships.


6.2 Requirements for the transfer of personal data to third countries


6.2.1 General

In the course of our business relationships, your personal data may be transferred or disclosed to third party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing takes place exclusively for the fulfillment of contractual and business obligations and to maintain your business relationship with us. We will inform you about the respective details of the transfer in the following at the relevant points.


Some third countries are certified by the European Commission as having a level of data protection comparable to the EEA standard through so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be obtained here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible through binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct. Please contact our data protection officer (see A.I.2) if you would like more information on this.


6.2.2 Data transmission to the USA

On our websites and for the CURE app, we use analysis and advertising tools from companies with (headquarters) in the USA (e.g. Google). When these tools are active, your personal data may be transferred to the US servers. We would like to point out that the USA is not a safe third country in the sense of EU data protection law. US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.


6.3 Legal obligation to transmit certain data

We may be subject to a specific legal or statutory obligation to provide the lawfully processed personal data to third parties, in particular public bodies (Art. 6 para. 1 sentence 1 lit. c DS-GVO).


7. your rights


7.1 Summary

You have the following rights with respect to us regarding personal data concerning you:


  • Right to information,
  • Right to rectification or deletion,
  • Right to restriction of processing,
  • Right to object to processing,
  • Right to data portability.


You also have the right to complain to a data protection supervisory authority about our processing of your personal data.


7.2 Your rights in detail

If personal data is processed by you, you are a data subject within the meaning of the GDPR and you have the following rights against us:


7.2.1 Right to information

You may request confirmation from us as to whether personal data concerning you is being processed by us.  If there is such processing, you can request information from us about the following:


(1)the purposes for which the personal data are processed

(2)the categories of personal data which are processed

(3)the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed

(4)the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage duration

(5)the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by us or a right to object to such processing

(6)the existence of a right of appeal to a supervisory authority

(7)any available information on the origin of the data, if the personal data are not collected from the data subject

(8)the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject


You have the right to request information about whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 DSGVO in connection with the transfer.


7.2.2 Right to rectification 

You have a right to rectification and/or completion vis-à-vis us, insofar as the processed personal data concerning you are inaccurate or incomplete. We shall carry out the correction without undue delay.


7.2.3 Right to restrict processing

Under the following conditions, you may request the restriction of the processing of personal data concerning you:


(1)if you dispute the accuracy of the personal data concerning you for a period of time that allows us to verify the accuracy of the personal data

(2)the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data

(3)we no longer need the personal data for the purposes of processing, but you need them for the assertion, exercise or defense of legal claims, or

(4)if you have objected to the processing pursuant to Art. 21 (1)DSGVO and it has not yet been determined whether our legitimate grounds override your grounds


If the processing of personal data relating to you has been restricted, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.


7.2.4 Right to deletion


7.2.4.1 Obligation to delete

You may request that we delete the personal data concerning you without undue delay, and we are obliged to delete such data without undue delay if one of the following reasons applies:


(1)The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed

(2)You revoke your consent on which the processing was based pursuant to Art. 6 (1) a or Art. 9 (2) a DSGVO and there is no other legal basis for the processing

(3)You object to the processing pursuant to Art. 21 (1)DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) DSGVO

(4)The personal data concerning you have been processed unlawfully

(5)The deletion of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject

(6)The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8(1) DSGVO


7.2.4.2 Information to third parties

If we have made the personal data concerning you public and we are obliged to erase it pursuant to Article 17(1) of the GDPR, we shall take reasonable steps, including technical measures, to inform data controllers processing the personal data that you, as the data subject, have requested erasure of all links to or copies or replications of such personal data, taking into account the available technology and the cost of implementation. 


7.2.4.3 Exceptions

The right to erasure does not exist insofar as the processing is necessary to


(1)to exercise the right to freedom of expression and information

(2)for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

(3)for reasons of public interest in the field of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) DSGVO

(4)for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right referred to in Section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or

(5)to assert, exercise or defend legal claims


7.2.5 Right to information

If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right against us to be informed about these recipients.


7.2.6 Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, to whom the personal data was provided, provided that


(1)the processing is based on consent pursuant to Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO or on a contract pursuant to Art. 6 para. 1 lit. b DSGVO and

(2)the processing is carried out with the aid of automated procedures


In exercising this right, you also have the right to have the personal data concerning you transferred directly from and to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this. The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.


7.2.7 Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 (1) (e) or (f) DSGVO; this also applies to profiling based on these provisions. 


We will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims. If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.


7.2.8 Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.


7.2.9 Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision 


(1)is necessary for the conclusion or performance of a contract between you and us

(2)is permitted by legislation of the Union or the Member States to which we are subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests; or

(3)isdone with your express consent


However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests. With regard to the cases mentioned in (1) and (3), we take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on our part, to express your point of view and to contest the decision.


7.2.10 Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.


II. Objection or revocation against the processing of your data


1. revocability of consent

If you have given your consent to the processing of your data, you may revoke this consent at any time. Such revocation affects the permissibility of processing your personal data after you have expressed it to us. 


2. indication of the possibility to object to the data processing in case of balancing of interests

Insofar as we base the processing of your personal data on the balance of interests, you can object to the processing. This is the case if the processing is not necessary, in particular, for the performance of a contract with you, which is shown by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adjust the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing. 


3. notice of the possibility to object to direct marketing

Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your advertising objection under the following contact details: 


CURE Group GmbH, Pariser Platz 6a, D-10117 Berlin; phone: 089-740045840; e-mail: hello@getcure.app.


III. data security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties, taking into account the state of the art, implementation costs and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments. We will be happy to provide you with more detailed information on request. Please contact our data protection officer (A.I.2.).

B. Processing of personal data when visiting our Internet pages (www.getcure.app)


I. SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator, our website uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.


II. creation of log files

During the mere informational use of our Internet pages, i.e. when you do not transmit any information to us, our system automatically collects data and information from the computer system of the calling end device. The following data is collected:


  • Internet Protocol address (IP address)
  • Time and date of the respective access
  • Time zone difference from Greenwich Mean Time (GMT)
  • The specific page accessed
  • Access status / Hypertext Transfer Protocol (http)
  • Amount of data that was transferred in each case
  • Website from which our website is accessed (referrer URL)
  • Internet browser used (incl. language and version)
  • Operating system used


The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.


1. legal basis for data processing 

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 p. 1 lit. f DSGVO.


2. purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 p. 1 lit. f DSGVO.


3. duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the online store, this is the case when the respective session has ended.  In the case of storage of data in log files, this is the case after seven (7) days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.


4. possibility of objection and removal

The collection of data for the provision of the internet pages and the storage of the data in log files is absolutely necessary for the operation of the internet pages. Consequently, you do not have the option to object. 


III. Use of our newsletter

1. functionality and scope

On our website you have the possibility to register for our free newsletter. When registering for the newsletter, the following data is transmitted to us from the input mask:


- Email address

- City


In addition, the following data is collected during registration:


  • IP address of the calling computer
  • Date and time of registration


The only mandatory data for sending our newsletter is your e-mail address. The provision of further, separately marked data is voluntary and will be used to address you personally.


If you order via the CURE app, the email address you provide as part of the order may be used by us to send you our newsletter. In such a case, only direct advertising for our own similar services is sent via the newsletter. There is no disclosure of data third parties in connection with the data processing for the dispatch of newsletters. The data will be used exclusively for sending the newsletter


2. registration by Double Opt.In


For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after your registration we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within [24 hours], your information will be blocked and automatically deleted after one (1) month. In addition, we store your respective IP addresses used and times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.


4. legal basis for data processing

The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 p. 1 lit. a DSGVO if the user has given his consent. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG. The legal basis for the use of contract processors for newsletter dispatch is Art. 6 para. 1 p. 1 lit. f) in conjunction with Art. DSGVO or standard contractual clauses (in case of transfer to third countries). 


5. purpose of data processing

The collection of the user's e-mail address serves to deliver the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.


6. receiver

Recipients of the data are our order processors, if applicable.


7. duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the user's e-mail address is stored for as long as the subscription to the newsletter is active. The other personal data collected during the registration process is usually deleted after a period of seven (7) days.


8. possibility of objection and elimination

The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, a corresponding link can be found in each newsletter.


We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files that are stored in our online store. For the evaluations, we link the above-mentioned data and the web beacons with your e-mail address and an individual ID. [OPTIONAL: Links received in the newsletter also contain this ID] [EITHER:] The data is collected exclusively pseudonymously, i.e. the IDs are not linked to your other personal data, a direct personal reference is excluded. [OR:] With the data obtained in this way, we create a user profile to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletters, which links you click on in them and infer your personal interests from this. We link this data to actions taken by you in the online store. [END of alternatives]. You can object to this tracking at any time by clicking on the separate link provided in each email or by informing us via another contact method. The information will be stored for as long as you are subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously. [OPTIONAL: Furthermore, such tracking is not possible if you have deactivated the display of images by default in your e-mail program. In this case, the newsletter will not be fully displayed to you and you may not be able to use all the features. If you display the images manually, the above tracking will occur].


IV. Special technologies


1. analysis, tracking, marketing


1.1Google Analytics


1.1.1 Nature and purpose of processing

If you have given your consent, Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereinafter referred to as "Google"), is used on our website. Google Analytics uses cookies that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of these web pages is usually transmitted to a Google server in the USA and stored there. However, due to the activation of IP anonymization on these Internet pages, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. The deletion of data whose retention period has been reached takes place automatically once a month. 


These web pages use Google Analytics with the extension "anonymize IP". This means that IP addresses are processed in abbreviated form, which means that personal references can be ruled out. Insofar as the data collected about you is related to a person, this is therefore immediately excluded and the personal data is thus immediately deleted.  You can find more information about Google Analytics at:


http://www.google.com/analytics/terms/de.html (Terms of use), http://www.google.com/intl/de/analytics/learn/privacy.html (Overview of data protection:) 

http://www.google.de/intl/de/policies/privacy (Privacy Policy).


1.1.2 Legal basis; revocation of consent

We have a legitimate interest in the use of these functionalities to make our website more user-friendly. The legal basis for the processing of your data in this respect is Art. 6 para. 1 p. 1 lit. f DSGVO. In case of your consent , the processing is based on Art. 6 para. 1 p. 1 lit. a DSGVO and Section 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. You can revoke the consent at any time. You can also prevent tracking by Google Analytics on our website by clicking on this link . This will install an opt-out cookie on your device. This will prevent the collection by Google Analytics for this website and for this browser in the future, as long as the cookie remains installed in your browser. You can also prevent the storage of cookies by selecting the appropriate settings on your browser software; however, please note that in this case you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: Browser Add On to disable Google Analytics. In addition, you can deactivate Google Analytics at any time using the cookie-consents tool. 


1.2 Google Global Site Tag 

We use Google Analytics including "Google Global Site Tag" from Google. We use this to determine information about the use of our offers across different end devices (so-called "cross-device tracking"). For this purpose, we store a unique ID on the user's end device, from which a pseudonymous profile of the user is created with information from the use of the various end devices. In this respect, we have a legitimate interest in the use of Google Global Site Tag to optimize our website and our advertising.  We have a legitimate interest in the use of these functionalities in order to make our web pages more user-friendly. The legal basis for the processing of your data in this respect is Art. 6 para. 1 p. 1 lit. f DSGVO. In case of your consent, the processing is based on Art. 6 para. 1 p. 1 lit. a DSGVO and Section 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time with effect for the future. You can also object to the collection and storage of data at any time in the settings of your Google customer account. 


1.3 Google Tag Manager

On our websites, we use the Google Tag Manager from Google. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool takes care of triggering other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager. The legal basis for the processing of your data is Art. 6 para. 1 p. 1 lit. f DSGVO. You can obtain further information from Google at the link: http://www.google.de/tagmanager/use-policy.html. Click here to be excluded from collection via Google Tag Manager.


1.4 Google Firebase

We on (also) on our Internet pages Google Firebase ("Firebase") from Google with various functionalities. "Firebase Analytics" thereby enables the analysis of the use of our offer. Thus, completely anonymized information about the use of our website is collected and transmitted to Google and stored there. Google uses the advertising ID of the end device for this purpose. Google will use the aforementioned information to evaluate the use of our internet pages and to provide us with further services related to the use of our internet pages.  You can restrict the use of the advertising ID in the device settings. Furthermore, we use Firebase Remote Config, which allows us to perform A/B tests and customize the behavior and appearance of our web pages, personal data is not stored.  You can object to the use of Firebase at any time by sending an email to_________


1.5 Facebook Pixel

We use the so-called "Facebook pixel" of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA, on our website. So-called tracking pixels are integrated on our website. When you visit our website, the tracking pixel establishes a direct connection between your browser and the Facebook server. Facebook thereby receives, among other things, the information from your browser that our page was called up from your end device. If you are a Facebook user, Facebook can assign your visit to our website to your user account. We would like to point out that we, as the provider of the Internet pages, have no knowledge of the content of the transmitted data or its use by Facebook. We can only select which segments of Facebook users (such as age, interests) should be displayed our advertising. By calling up the pixel from your browser, Facebook can also see whether a Facebook ad was successful, e.g. led to an online purchase. This allows us to record the effectiveness of the Facebook ads for statistical and market research purposes. We have a legitimate interest in using these functionalities to make our websites more user-friendly. The legal basis for the processing of your data in this respect is Art. 6 para. 1 p. 1 lit. f DSGVO. In the case of your consent , the processing is based on Art. 6 para. 1 p. 1 lit. a DSGVO and Section 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time with effect for the future. You can also click the following link if you do not want data to be collected via the Facebook pixel: https://www.facebook.com/settings?tab=ads#_=_. Alternatively, you can deactivate the Facebook Pixel on the page of the Digital Advertising Alliance under the following link: http://www.aboutads.info/choices/. 


1.6 Facebook Custom Audiences

We use Facebook's "Custom Audiences" remarketing function on our websites. This enables interest-based advertisements ("Facebook ads") to be displayed to users of the website when they visit the Facebook social network or other websites that also use this method. In this way, we pursue the interest of displaying advertisements that are of interest to you in order to make our Internet pages more interesting for you. Due to the marketing tools used, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding Internet page of our website, or clicked on an ad from us. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that the provider will learn and store your IP address and other identifiers. Deactivation of the "Facebook Custom Audiences" function is available for logged-in users at https://www.facebook.com/settings/?tab=ads#_möglich.  We have a legitimate interest in the use of these functionalities in order to make our websites more user-friendly. The legal basis for the processing of your data in this respect is Art. 6 para. 1 p. 1 lit. f DSGVO. In case of your consent, the processing is based on Art. 6 para. 1 p. 1 lit. a DSGVO and Section 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time with effect for the future.


1.7 TikTok Pixel

We use the so-called TikTok Pixel on our Internet pages. The TikTok Pixel is an advertising tool provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom (collectively "TikTok"). The TikTok Pixel is a JavaScript code snippet that allows us to understand and track visitors' activity on our websites. For this purpose, the Tiktok Pixel collects and processes information about visitors to our websites or the devices they use (so-called event data). The event data collected via the TikTok Pixel is used for targeting our advertisements and for improving ad delivery and personalized advertising. For this purpose, the event data collected on our websites by means of the TikTok Pixel is used. Some of this event data is information stored in the device you are using. In addition, the TikTok Pixel also uses cookies to store information on your terminal device. We have a legitimate interest in the use of these functionalities in order to make our Internet pages more user-friendly. The legal basis for the processing of your data in this respect is Art. 6 para. 1 p. 1 lit. f DSGVO. In case of your consent , the processing is based on Art. 6 para. 1 p. 1 lit. a DSGVO and Section 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time with effect for the future. The collection and transmission of the Event Data is carried out by us and TikTok as jointly responsible parties. We have entered into a processing agreement with TikTok as joint controllers, which sets out the distribution of data protection obligations between us and TikTok. In this agreement, we and TikTok have agreed, among other things, that we are responsible for providing you with all information pursuant to Art. 13, 14 GDPR about the joint processing of personal data; that TikTok is responsible for enabling the rights of data subjects pursuant to Art. 15 to 20 GDPR with respect to personal data stored by Facebook Ireland after the joint processing. You can access the agreement concluded between us and TikTok at https://ads.tiktok.com/i18n/official/article?aid=300871706948451871. TikTok is the sole controller of the processing of the transmitted Event Data following the transmission. For more information about how TikTok processes personal data, including the legal basis on which TikTok relies and how you can exercise your rights against TikTok, please see TikTok's Data Policy at https://www.tiktok.com/legal/privacy-policy?lang=de-DE.


2. social plugins


2.1 Twitter plugin

Functions of the Twitter service are integrated on our Internet pages. These functions are offered by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. In the process, data is also transferred to Twitter. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter. For more information, please refer to Twitter's privacy policy at: https://twitter.com/de/privacy. The use of the Twitter plugin is based on Art. 6 para. 1 p. 1 lit. f DSGVO. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 p. 1 lit. a DSGVO and 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time with effect for the future. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html. You can change your privacy settings on Twitter in the account settings at https://twitter.com/account/settings.

Source: eRecht24.de


2.2 Facebook plugin

Plugins of the social network Facebook are integrated on our website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries. You can recognize the Facebook plugins by the Facebook logo or the "Like button" ("Like") on this website. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/?locale=de_DE. When you visit these web pages, a direct connection is established between your browser and the Facebook server via the plugin. Facebook thereby receives the information that you have visited these Internet pages with your IP address. If you click the Facebook "Like" button while you are logged into your Facebook account, you can link the content of these Internet pages on your Facebook profile. This allows Facebook to associate the visit to these Internet pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. For more information, please refer to Facebook's privacy policy at: https://de-de.facebook.com/privacy/explanation. If you do not want Facebook to be able to associate your visit to these web pages with your Facebook user account, please log out of your Facebook user account. The use of Facebook plugins is based on Art. 6 para. 1 p. 1 lit. f DSGVO. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 p. 1 lit. a DSGVO and Section 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time with effect for the future. Insofar as personal data is collected on our websites with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our websites. Facebook is responsible for the data security of the Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:https://www.facebook.com/legal/EU_data_transfer_addendum,

https://de-de.facebook.com/help/566994660333381 und

https://www.facebook.com/policy.php.

Source: eRecht24.de


2.3 Instagram plugin

Functions of the Instagram service are integrated on our website. These functions are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit of these web pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram. The storage and analysis of the data is based on Art. 6 para. 1 p. 1 lit. f DSGVO. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 p. 1 lit. a DSGVO and Section 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time with effect for the future. Insofar as personal data is collected on our websites with the help of the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook or Instagram. The processing by Facebook or Instagram that takes place after the forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook or Instagram tool and for the privacy-secure implementation of the tool on our websites. Facebook is responsible for the data security of the Facebook or Instagram products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:

https://www.facebook.com/legal/EU_data_transfer_addendum,

https://help.instagram.com/519522125107875 und

https://de-de.facebook.com/help/566994660333381.

For more information, please see Instagram's privacy policy:

https://instagram.com/about/legal/privacy/.

Source: eRecht24.de


2.4 LinkedIn plugin

Functions of the LinkedIn service are integrated on our Internet pages. These functions are offered by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. If you are logged into your LinkedIn account, you can link the content of these web pages to your LinkedIn profile by clicking on the LinkedIn button. This allows LinkedIn to associate the visit of these web pages with your user account. We would like to point out that we, as the provider of the Internet pages, have no knowledge of the content of the transmitted data or its use by LinkedIn. The storage and analysis of the data is based on Art. 6 para. 1 p. 1 lit. f DSGVO. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 p. 1 lit. a DSGVO and Section 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time with effect for the future. Further information on this can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://de.linkedin.com/legal/l/dpa 


2. linking on Instagram, Twitter, LinkedIn, Facebook

On our websites, we advertise our presence on the social networks listed below. The integration takes place via a linked graphic of the respective network. The use of this linked graphic prevents a connection from being automatically established to the respective server of the social network when a website with a social media advertisement is called up in order to display a graphic of the respective network itself. Only by clicking on the corresponding graphic will the user be redirected to the service of the respective social network. After the user has been forwarded, information about the user is collected by the respective network. It cannot be ruled out here that processing of the data collected in this way takes place in the USA. This is initially data such as IP address, date, time and page visited. If the user is logged into his user account of the respective network during this time, the network operator may be able to assign the collected information of the specific visit of the user to the personal account of the user. If the user interacts via a "Share" button of the respective network, this information can be stored in the user's personal user account and may be published. If the user wants to prevent the collected information from being directly assigned to his user account, he must log out before clicking on the graphic. In addition, it is possible to configure the respective user account accordingly. We have included on our Internet pages by linking: 

Twitter of Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, Privacy Policy: https://twitter.com/privacy;  

Facebook and Instagram of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Privacy Policy Facebook: https://www.facebook.com/policy.php, Privacy Policy Instagram: https://instagram.com/about/legal/privacy/; 


LinkedIn of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland https://www.linkedin.com/legal/privacy-policy 


3. cloud services; ContentDeliveryNetworks; website optimization; other


3.1 Webflow

We host our Internet pages at Webflow. The provider is Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA. When you visit our websites, Webflow collects various log files including your IP addresses. Webflow is a tool for creating and hosting websites. Webflow stores cookies or other recognition technologies that are necessary for the presentation of the Internet pages to provide certain Internet page functions and to ensure security (necessary cookies). For details, see Webflow's privacy policy: https://webflow.com/legal/eu-privacy-policy. The use of Webflow is based on Art. 6 para. 1 p.1 lit. f DSGVO. We have a legitimate interest in the most reliable presentation of our Internet pages. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://webflow.com/legal/eu-privacy-policy. We have concluded a contract on order processing (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO. Source: www.eRecht24.de 


3.2 Fastly CDN

We use the content delivery network (CDN) Fastly to deliver content. The Fastly CDN is operated by Fastly Inc, General Counsel 475 Brannan St, Suite 300 San Francisco, CA 94107. The Fastly CDN makes content from our Internet pages available on various servers distributed around the world. This shortens the loading time of the Internet pages, achieves greater reliability and increased protection against data loss. The content embedded on these Internet pages, such as images and videos, is retrieved from Fastly CDN when the page is called up. Through this retrieval, information about your use of our Internet pages may be transmitted to servers of Fastly in other EU countries and stored there. When transferring data to the USA or another third country outside the EU that does not have a level of data protection equivalent to the GDPR, we conclude standard contractual clauses with CDN Fastly and, if necessary, take other necessary measures to ensure an adequate level of data protection. Data processing by CDN Fastly already occurs when using the web pages with the corresponding content. The use of Fastly Web Services and the CDN Fastly is in the interest of higher reliability, increased protection against data loss and better loading speed of our Internet pages. This represents our legitimate interest within the meaning of Art. 6 para. 1 p. 1 lit. f DSGVO. The privacy policy of fastly is available at: https://www.fastly.com/de/privacy/


3.3 jQuery

We use the javascript library "jQuery". To increase the loading speed of our web pages and thus provide you with a better user experience, we use Google's CDN (content delivery network) to load this library. Chances are that you have already used jQuery on another page from Google CDN. In that case, your browser can access the cached copy and it doesn't need to be downloaded again. If your browser does not have a cached copy or for some other reason downloads the file from the Google CDN, again data is transferred from your browser to Google. The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. f DSGVO. Information of the third party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: http://www.google.com/analytics/terms/de.html, Overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the data protection declaration: http://www.google.de/intl/de/policies/privacy.


3.4 Cloudflare

We use functions of the CloudFlare content delivery network of CloudFlare Germany GmbH, Rosental 7, 80331 Munich, Germany on our Internet pages. A Content Delivery Network (CDN) is a network of regionally distributed servers connected via the Internet that is used to deliver content - especially large media files such as videos. CloudFlare provides web optimization and security services that we use to improve the load times of our website and to protect it from misuse. When you visit our website, a connection is established to CloudFlare's servers in order to retrieve content, for example. Personal data can be stored and evaluated in server log files, especially the activity of the user (in particular, which pages have been visited) and device and browser information (in particular, the IP address and operating system). Further information on the collection and storage of data by CloudFlare can be found here: https://www.cloudflare.com/de-de/privacypolicy/. The use of CloudFlare's functions serves to deliver and accelerate online applications and content. The collection of this data is based on Art. 6 para. 1 p. 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimization of its websites - for this purpose, the server log files must be collected. Your personal information will be stored for as long as necessary to fulfill the purposes described in this privacy policy or as required by law. Information on objection and removal options vis-à-vis CloudFlare can be found at: https://www.cloudflare.com/de-de/privacypolicy/.


3.5 Amazon Cloudfront

We also use the CDN Cloudfront on our websites. This is a service of Amazon Web Services Inc, 410 Terry Avenue North, Seattle, WA 98109-5210, USA. The Cloudfront CDN provides duplicates of data of a web page on different servers distributed worldwide in order to achieve a faster loading time of the web page, a higher reliability and an increased protection against data loss. Some of the images and videos embedded on these web pages are retrieved from Cloudfront CDN when the page is accessed. Through this retrieval, information about your use of our Internet pages (such as your IP address) is transmitted to Amazon servers in other EU countries and stored there. This happens as soon as you enter our internet pages. The use of Amazon Web Services and the Amazon CDN Cloudfront is in the interest of greater reliability of the Internet pages, increased protection against data loss and better loading speed of these Internet pages. This constitutes a legitimate interest within the meaning of Art. 6 (1) p. 1 lit. f DSGVO. You can find out more about Amazon Web Services' data protection measures at: https://aws.amazon.com/de/data-protection/. The current privacy policy of Amazon Web Services can be found at: https://aws.amazon.com/de/privacy/.


3.6 jsDelivr CDN

We use the CDN of jsDelivr on our internet pages. A CDN is a service with the help of which content. The processing of the users' data takes place solely in order to be able to deliver our Internet pages more quickly with the help of regionally distributed servers connected via the Internet. For this purpose, the browser you use must connect to the servers of the CDN. In this way, the CDN obtains knowledge that our website was accessed via your IP address. The use is based on our legitimate interests, i.e. interest in a safe and efficient provision, analysis and optimization of our online offer in accordance with Art. 6 para. 1 p. 1 lit. f. DSGVO. For more information, please see the privacy policy of jsDelivr: https://www.jsdelivr.com/privacy-policy-jsdelivr-net/


3.7 HubSpot

On our websites, we use the service of Hubspot of HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, telephone: +353 1 5187500 for various purposes. Hubspot is an integrated software solution that allows us to manage customer data and cover various aspects of our online marketing. These include: Email Marketing, Social Media Publishing & Reporting, Reporting, Contact Management (e.g. user segmentation & CRM), Landing Pages and Contact Forms. 


We use all collected information exclusively for the optimization of our marketing measures and for contact management with you. As part of optimizing our marketing efforts, Hubspot may collect and process the following data:




Geographic location
- Browser type
- Navigation information
- Referral URL
- Performance data
- Information about how often the app is used
- Mobile apps data
- HubSpot subscription service credentials
- Files viewed on site
- Domain names
- Pages viewed
- Aggregated usage
- Operating system version
- Internet service provider
- IP address
- Device identifier
- Duration of visit
- Where the app was downloaded from
- Operating


More information about HubSpot's privacy policy "
M ore information from HubSpot regarding the EU Privacy Policy "More information about the cookies used by HubSpot can be found here & here.


We have a legitimate interest in the use of the aforementioned functionalities in order to make our website more user-friendly. In this respect, the legal basis for the processing of your data is Art. 6 para. 1 p. 1 lit. f DSGVO. In case of your consent, the processing is based on Art. 6 para. 1 p. 1 lit. a DSGVO and Section 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time with effect for the future. Insofar as the management of your data serves the purpose of fulfilling a contract or initiating a contract between us, Art. 6 (1) p. 1 lit. b DSGVO is the legal basis. In the context of processing with HubSpot, data may be transmitted to the USA. The security of the transfer is secured by so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that corresponds to that of the DSGVO. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49 (1) lit. a DSGVO may serve as the legal basis for the transfer to third countries. The data processing agreement that complies with the standard contractual clauses can be found at https://legal.hubspot.com/dpa. You can learn more about the data that is processed through the use of HubSpot in the Privacy Policy at https://legal.hubspot.com/de/privacy-policy.


3.8 Typeform

We use Typeform, a technology of TYPEFORM SL, C/Bac de Roda, 163 (Local), 08018 Barcelona Spain, for our contact forms (see above letter A.5.). This allows us to provide you with a simple way to contact us. For this purpose, we share the following personal data with Typeform:


E-mail address

[first name]

[last name]

[Phone number]


Typeform is a recipient of your personal data and acts as a processor for us (Art. 28 DSGVO). In addition, Typeform collects the following personal data with the help of cookies: Information about your terminal device (IP address, device information, operating system, browser settings). Furthermore, usage data is collected such as date and time when you used the contact form. Typeform needs this data to ensure the display of the contact form and its functionality. This corresponds to Typeform's legitimate interest (according to Art. 6 para. 1 p. 1 lit. f DSGVO) and serves the execution of the contract (according to Art. 6 para. 1 lit. b DSGVO). For more information, please visit: https://help.typeform.com/hc/en-us/articles/360029581691-What-happens-to-my-data. For further information on objection and removal options vis-à-vis Typeform, please visit: https://admin.typeform.com/to/dwk6gt. We have a legitimate interest in the use of these functionalities to make our websites and the CURE app more user-friendly. The legal basis for the processing of your data in this respect is Art. 6 para. 1 p. 1 lit. f DSGVO. In case of your consent, the processing is based on Art. 6 para. 1 p. 1 lit. a DSGVO and Section 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time with effect for the future. After termination of the contract between us and Typeform, your data will be deleted by Typeform without delay and by us subject to letters A.I.4.3 and A.I.5.4.


3.9 Applications

If you apply to us (e.g. as a CURE rider), we process the personal data you provide to us in the application process, such as your name, address, place of residence, age, application photo, e-mail and telephone number, professional history including schools, training, studies. If you send the data by e-mail, it is processed electronically and usually unencrypted. If, following the application process, an employment or other service contract is concluded, we will store your data for the purpose of processing the contractual relationship in compliance with the legal provisions Legal basis for the processing of your data for contract performance and pre-contractual inquiries is Art. 6 para. 1 sentence 1 lit. b DSGVO and, insofar as we are subject to a legal obligation, Art. 6 para. 1 sentence 1 lit. c DSGVO. In the case of your consent, Art. 6 para. 1 p.1 lit. a DSGVO serves as the legal basis. If an employment contract is not concluded, your data will be deleted after completion of the application process or at the latest two (2) months after its completion. This does not apply if legal provisions prevent deletion or if the further storage of your data is necessary for the purpose of providing evidence, for example in proceedings under the General Equal Treatment Act (AGG). The application process is deemed to be completed when the rejection letter is sent to you.


C. Processing of personal data when using the CURE app


I. The collection of personal data concerning you


1. the data collected during the download

When you download the CURE app, certain personal data required for this purpose is transmitted to the corresponding app store (e.g. Apple App Store or Google Play). In particular, the email address, user name, customer number of the downloading account, the individual device identification number, payment information and the time of the download will be transmitted to the app store. We have no influence on the collection and processing of this data; rather, it is carried out exclusively by the App Store selected by you. Accordingly, we are not responsible for this collection and processing; the responsibility for this lies solely with the App Store.


2. data collected when using the CURE app

We can inevitably only provide you with the benefits of the CURE app if we collect certain personal data about you that is necessary for the operation of the app when you use it. We only collect this data if this is necessary for the fulfillment of the contract between you and us (Art. 6 para. 1 p. 1 lit. b DSGVO). Furthermore, we collect this data if this is necessary for the functionality of the CURE app and your interest in the protection of your personal data does not outweigh this (Art. 6 para. 1 S.1 lit. f DSGVO). We collect and process the following data from you: 


Device information Access data includes the IP address, device ID, device type, device-specific settings and CURE app settings and CURE app properties, the date and time of the retrieval, time zone the amount of data transferred and whether the data exchange was complete, CURE app crash, browser type and operating system. This access data is processed to enable the operation of the CURE app technical;

Data that you provide to us: To use the CURE app, you must create a user account with us. You can find more information on this in section 2 of the CURE General Terms of Use. To do this, you must provide at least your first name, last name and email address. If you order via the CURE app, we also collect and process the data mentioned in section 3.1;

Information with your consent: We process other information (e.g. GPS location data, reminders) if you allow us to do soPlease notesome features of the CURE app cannot be used without sharing your GPS location;

Contact form data When using contact forms, the data transmitted thereby are processed (e.g. name and first name, e-mail address, your request, time of transmission).


3. orders via the CURE app


3.1 General

If you wish to order via the CURE APP, it is necessary for the conclusion of the contract between you and the pharmacy you have selected and which supplies you ("Pharmacy") that you provide your personal data, which both we as the operator of the CURE APP and the Pharmacy require for the processing of your order. This also concerns, where relevant, the disclosure of data necessary for the processing of your order to payment service providers and, in the case of purchase on account, to credit agencies for the purpose of creditworthiness inquiries. Mandatory information necessary for the processing of contracts is marked separately, other information is voluntary. This is in addition to the data already collected during your registration: 


  • First name, last name
  • Billing address (street, house number, postal code, city)
  • Delivery address (street, house number, postal code, city)
  • Phone number (mandatory)


We and the pharmacy supplying you process the data you provide for the purpose of processing your order. For this purpose, we may pass on your payment data to the payment service provider who collects the purchase price to be paid by you as the purchaser on our behalf and pays it to the pharmacy. [PB1] The legal basis for this is Art. 6 para. 1 p. 1 lit. b) DSGVO. We may also process the data you provide to inform you about other interesting services of the same kind or to send you e-mails with technical information. Since the order of pharmacy-standard goods may contain health data as such or health data can be derived from the order, we process your health data only after your consent to do so (see above Art. 9 (2) a) DSGVO). The permissibility of the processing of your order data including your health data by the pharmacy supplying you results from Art. 6 para.1 p. 1 lit. b) as well as Art. 9 para. 2 lit. a) (consent) or lit. h)(supply in the health sector, here by a pharmacy) DSGVO. To prevent unauthorized access by third parties to your personal data, in particular financial and health data, the ordering process is encrypted using TLS technology.  


3.2 Storage duration

We store your data only as long as this is necessary for the provision of our services or we are legally obligated or entitled to store it. Letter A.I.4. applies.


II. special technologies


1. use of the payment service provider Adyen

The payment of the purchase price to the pharmacy supplying you will be processed by the payment service provider Adyen BV, Simon Carmiggelstraat 6 - 50, 1011 DJ Amsterdam, The Netherlands ("Adyen"). 


1.1 Payment with credit card

When paying by credit card (Visa/MASTER Card/American Express), the payment data you enter will be collected by Adyen pursuant to Art. 6 (1) p. 1 lit. b DSGVO, stored and only passed on to the companies involved in the payment process. With the credit card payment you accept the terms and conditions of the payment provider. A collection or storage of payment data by us does not take place in this case. When paying by credit card, the following data will be processed:

Card type (American Express, Mastercard or VISA)
- Cardholder name
- Card number
- Check digit
- Validity period


1.2 Payment by direct debit (SEPA)

payment by direct debit, the payment data entered will be recorded and stored by Adyen pursuant to Art. 6 (1) p. 1 lit. b DSGVO and only passed on to the companies involved in the payment process. With the direct debit payment, the customer accepts the terms and conditions of the payment provider. In this case, we do not collect or store the payment data. When paying by direct debit, the following data will be processed:

Name of the account holder
- Country
- Account number
- Bank codenumber


2. google firebase

In the CURE app, we use Google Firebase ("Firebase") from Google with various functionalities. "Firebase Analytics" enables the analysis of the use of our offer. This captures completely anonymized information about the use of our website/CURE app and transmits it to Google, where it is stored. Google uses the advertising ID of the end device for this purpose. Google will use the aforementioned information to evaluate the use of our app and to provide us with further services associated with the use of apps. You can restrict the use of the advertising ID in the device settings (iOS: Privacy/ Advertising/ No Ad Tracking; Android: Account/ Google/ Ads). Furthermore, we use Firebase Remote Config, which allows us to run A/B tests and customize the behavior and appearance of the CURE app without having to download a new version. Personal data is not stored.  You can object to the use of Firebase at any time by setting the slider for Anonymous Statistics in the app under "Settings" accordingly.


3. facebook pixel

The explanations to B.IV.5 apply accordingly to the use of Facebook Pixel in the CURE app.


4. zendesk live chat

We use for the CURE app the so-called Zendesk Chat of the provider Zendesk, Inc, 1019 Market Street San Francisco, CA 94103 ("Zendesk") with the help of which the user can communicate with us in real time. The user will be notified if one of our representatives is currently online to provide an immediate response to questions. When you use our live chat system, the data you provide is stored in order to answer your questions. The data collected includes:

  • Chat history
  • Specified name
  • IP address
  • Country of origin
  • Visited pages
  • Duration of the visit of the pages


Other personal information, depending on the information provided (eg e-mail address, phone number). It is possible to collect contact information such as name, phone and email address to facilitate contact . Zendesk Chat uses cookies. The information generated by the cookie about the use of the CURE app (including your anonymized IP address) is transmitted to and stored on a Zendesk Chat server in the United States. The information is only visible for the moment you are on a particular page and is not stored. Conducted chats are logged and stored. By using Zendesk Chat, we can improve our offer and make it more interesting for you as a user. We have a legitimate interest in the use of these functionalities to make our offers more user-friendly. The legal basis for the processing of your data in this respect is Art. 6 para. 1 p. 1 f) DSGVO. In case of your consent, the processing is based on Art. 6 para. 1 p. 1 a) DSGVO. You can revoke your consent at any time for the future.You can also prevent the installation of cookies by selecting the appropriate settings on your browser software; we point out that in this case, not all functions of the website can be used in full. For more information on data processing by Zendesk, please see Zendesk's privacy policy at www.zendesk.de/company/customers-partners/privacy-policy/ and the EU data protection page www.zendesk.de/company/customers-partners/eu-data-protection/. If you have any questions, you can also contact Zendesk directly at privacy@zendesk.com.


5. social sign-in buttons

In the CURE app, we have included the buttons. [depending on your setup, e.g. "Continue with Facebook" or "Google Sign-In"] . With these functions, we enable you to easily log in via your social network login. The legal basis for the use of the plug-ins is Art. 6 para. 1 p. 1 lit. a DS-GVO, i.e. the integration only takes place after your consent. The plug-in provider stores the data collected about you as usage profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and in order to inform other users of the social network about your activities in the CURE app . You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, the data you have collected from us will be directly assigned to your account with the plug-in provider and information will be exchanged that also enables you to log in to us. The information collected is stored on servers of the providers, in the case of international providers also outside Europe. For these cases, the providers have, according to their own statements, imposed a standard on themselves that corresponds to the former EU-US Privacy Shield and have promised to comply with applicable data protection laws in the international transfer of data. We have also agreed so-called standard data protection clauses with the providers, the purpose of which is to ensure compliance with an appropriate level of data protection in the third country. The revocation of your consent is possible at any time without affecting the permissibility of the processing until the revocation. The easiest way to revoke your consent is via our Consent Manager or via the functions of the social media providers. For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the data protection declarations of these providers communicated below. There you will also receive further information on your rights in this regard and setting options for protecting your privacy. Addresses of the respective plug-in providers and URL of the respective privacy notices:


1.Facebook

operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). You can view the privacy policy at https://www.facebook.com/about/privacy/update?ref=old_policy;


(....)

D. Our social media presences


I. Platforms

We have various presences in so-called social media platforms. We currently operate the presences with the following providers: 


1.Facebook

operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). You can view the privacy policy at https://www.facebook.com/about/privacy/update?ref=old_policy;


2. instagram

also operated by Facebook. You can view the data protection notice at https://help.instagram.com/155833707900388;


3. twitter

operated by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland ("Twitter"). You can view the data protection information at https://twitter.com/de/privacy and adjust your data protection settings yourself at https://twitter.com/account/settings.


4.LinkedIn

operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"). You can view the privacy policy at https://www.linkedin.com/legal/privacy-policy. 


II. nature and scope of data processing

We use the technical platform and services of the providers for these information services. We would like to point out that you use our appearances on social media platforms and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). When you visit our websites, the providers of the social media platforms collect, among other things, your IP address and other information that is stored in the form of cookies on your terminal device. This information is used to provide us, as operators of the accounts, with statistical information about interaction with us. The data collected about you in this context is processed by the platforms and may be transferred to countries outside the European Union, in particular the USA. According to their own statements, all of the aforementioned providers maintain an adequate level of data protection that corresponds to that of the former EU-US Privacy Shield and we have concluded the standard data protection clauses with the companies. The following agreements are authoritative:


Facebook: Facebook Terms of Use, the other terms and policies listed there at the end, and the Shared Responsibility Agreement,


Instagram: Instagram's Terms of Use, Instagram's Data Policy, and, because Instagram is a Facebook offering, also the Facebook policies and agreements described above.


LinkedIn: LinkedIn data processing agreement.


Twitter: Twitter's terms and conditions and the policies referenced therein.


We are not aware of how the social media platforms use the data from your visit to our account and interaction with our posts for their own purposes, how long this data is stored and whether data is passed on to third parties. Data processing may differ depending on whether you are registered and logged in to the social network or visit the site as a non-registered and/or non-logged-in user. When you access a post or the account, the IP address assigned to your terminal device is transmitted to the provider of the social media platform. If you are currently logged in as a user, a cookie on your end device can be used to track how you have moved around the network. Buttons embedded in websites enable the platforms to record your visits to these website pages and assign them to your respective profile. Based on this data, content or advertising can be offered tailored to you. If you want to avoid this, you should log out or deactivate the "stay logged in" function, delete the cookies present on your device and restart your browser.


We, as the provider of the information service, also only process the data from your use of our service that you provide to us and that requires interaction. If, for example, you ask a question that we can only answer by e-mail, we will store your information in accordance with the general principles of our data processing, which we describe in this privacy policy. The legal basis for the processing of your data on the social media platform is Art. 6 para. 1 p. 1 lit. f DS-GVO.


To exercise your data subject rights, you can contact both us or the provider of the social media platform. To the extent that one party is not responsible for responding or must obtain the information from the other party, we or the provider will then forward your request to the respective partner. Please contact the operator of the social media platform directly for questions about profiling, processing of your data when using the website. For questions about the processing of your interaction with us on our site, write to the contact details provided by us above.


The providers describe what information the social media platform receives and how it is used in their privacy statements (see link in the table above). There you will also find information on contact options as well as on the settings options for advertisements. You can also find more information on social networks and how to protect your data at www.youngdata.de.


Status: 16.02.2022


CURE


Content:

A. General

I. Information on the collection of personal data

1. name and address of the person responsible

2. name and address of our data protection officer

3. name and address of the data protection supervisory authority responsible for us4

4 General information on data processing

4.1 Scope of the processing of personal data

4.2 Legal basis for the processing of personal data

4.3 Period of data storage

4.4 Use of cookies

4.4.1 What kind of cookies do we use?

       4.4.1.1 Necessary cookies

       4.4.1.2 Performance cookies

       4.4.1.3 Functional cookies

       4.4.1.4 Advertising/Tracking Cookies

4.4.2 Why do we use cookies?

       4.4.2.1 Technically necessary cookies

       4.4.2.2 Analysis and marketing cookies

4.4.3 Legal basis for the use of cookies

4.4.4 Cookie Consent Manager

4.4.5 Obtaining consent via the CURE app (point C.)

4.4.6 How can I disable or remove cookies?

4.4.7 Duration of storage, possibility of objection and elimination

5. use of our contact form and e-mail contact and support chats

5.1 Functionality and scope of data processing

5.1.1 Contact form on the Internet pages

5.1.2 Email contact and support chat

5.1.3 Video interview with a pharmacist

5.2 Legal basis for data processing

5.3 Purpose of the data processing

5.4 Duration of storage

5.5 Possibility of objection and removal

6 Data processing by third parties

6.1 Commissioned data processing

6.2 Conditions for transfer of personal data to third countries

6.2.1 General

6.2.2 Data transmission to the USA

6.3 Legal obligation to transmit certain data

7. your rights

II. Objection or revocation against the processing of your data

1. revocability of consent

       2. indication of the possibility to object to the data processing in case of balancing of interests

       3. information on the possibility to object to direct marketing

III Data security

B. Processing of personal data when visiting our website (www.getcure.app)

I. Creation of log files

1. legal basis for data processing

2 Purpose of the data processing

3. duration of storage

4. right of objection and removal

II. special technologies

1. analysis, tracking, marketing

       1.1 GoogleAnalytics

1.1.1 Nature and purpose of the processing

1.1.2 Legal basis; revocation of consent

1.2 Hotjar

1.3 HubSpot

1.4 Google Adwords Conversion

2. social plugins

2.1 Twitter Plugin

2.2 Facebook Plugin

2.3 Instagram Plugin

2.4 LinkedIn Plugin

2. linking on Instagram, Twitter, LinkedIn, Facebook

3. other

3.1 Webflow

3.2 jQuery

3.3 Cloudflare

3.4 Amazon Cloudfront

3.5 jsDelivr CDN

3.6 Online Shop Hosting at Shopify

3.7 Bootstrap CDN

3.8 Typeform

3.9 Applications

3.10 Google Maps

3.11 Google Fonts

3.12 Font Awesome

       C. Supplementary information on the processing of personal data when using the CURE app

I. The collection of personal data concerning you

1. the data collected during the download

2. data collected when using the CURE app; health data

3. registration of the customer account

3.1 Functionality and scope of data processing

3.2 Legal basis and purpose of the data processing

3.3 Duration of storage

3.4 Possibility of objection and removal

4. orders via the CURE app

4.1 General information

4.2 Storage period

II. Specific technologies

1. usage of the payment service provider Adyen

2. google firebase

3. zendesk live chat

4. social sign-in buttons

D. Our Social Media Presence

I. Platforms

1.Facebook

2. instagram

3. twitter

4. LinkedIn

II. Nature and scope of data processing

A. General

I. Information on the collection of personal data

1. name and address of the person responsible

We, the CURE Group GmbH, Pariser Platz 6a, D-10117 Berlin; e-mail: hello@getcure.app; represented by its managing directors Manuel Aberle, Ali El-Ali; registered in the Commercial Register of the Charlottenburg District Court under the registration number: HRB237437B; e-mail: hello@getcure.app; web: www.getcure.app (hereinafter referred to as "We" and "CURE"), the responsible party within the meaning of the European Data Protection Regulation ("GDPR") and other provisions of data protection law, informs you, the user, about the processing of personal data when using our internet pages accessible at www.getcure.app ("Internet pages" - letter B.) as well as the ordering application "CURE" for mobile operating systems iOS and Android operated by us (hereinafter referred to as "CURE App" - letter C.), via which the User can select medicinal products, medical devices and other goods customary in pharmacies (hereinafter collectively referred to as "Goods" and "Pharmacy Assortment") from pharmacies which (also) offer their assortment via the CURE App (hereinafter referred to as "Participating Pharmacy(ies)"), have corresponding offers for the conclusion of purchase contracts transmitted by us to the Participating Pharmacies and order from us on behalf of the Participating Pharmacy either to the address (which may differ from your billing address) exclusively in the Federal Republic of Germany or to the address of the Participating Pharmacy specified by you. (which may differ from your billing address) exclusively in the Federal Republic of Germany (hereinafter referred to as the "Delivery Address") in the delivery area of one of the Participating Pharmacies (hereinafter referred to collectively as the "Delivery Area") or collect the goods in person from the Participating Pharmacy suggested to you and selected by you. The Participating Pharmacy supplying you processes your order data for its own purposes and on its own responsibility, but without further ado also exclusively for the performance of the purchase contract concluded with it, which we arrange for it. The Participating Pharmacy supplying you will inform you independently about the relevant data processing procedures. We will refer you separately to the General Terms and Conditions and the Data Protection Declaration of the Participating Pharmacy supplying you in the order process.

2. name and address of our data protection officer

Our data protection officer within the meaning of Art. 4 (7) of the EU General Data Protection Regulation is: DataCo GmbH, Dachauer Straße 65, D-80335 Munich, +49 89 7400 45840, Email: [a] behoerdenmeldung@dataguard.de. You can reach him at the aforementioned contact details or by sending a message to our aforementioned postal or email address with the addition of "the data protection officer".

3. name and address of the data protection supervisory authority responsible for us

The data protection supervisory authority responsible for us is: Berliner Beauttragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, D-10969 Berlin, visitor entrance: Puttkamerstr. 16-18, Tel.: +49 30 13889-0, Fax: +49 30 2155050, E-Mail: mailbox@datenschutz-berlin.de.

4 General information on data processing

Below you will find general information on the processing of personal data by us.  Personal data is all data that can be related to the data subject, e.g. name, address, location data, IP address, device identifier, SIM card number, address as well as e-mail address, fingerprint, but also your user behaviour.

4.1 Scope of the processing of personal data

As a matter of principle, we collect and use personal data only insofar as this is necessary for the provision of functional websites and the CURE app as well as for the provision of our services. The collection and use of personal data is regularly only carried out with your consent. An exception applies in those cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by legal regulations.

4.2 Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) sentence 1 lit. a) DSGVO serves as the legal basis for the processing of personal data. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) S. 1 lit. b) DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. Insofar as processing of personal data is necessary for compliance with a legal obligation to which we are subject, Art. 6 (1) p. 1 lit. c) DSGVO serves as the legal basis. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) S. 1 lit. d) DSGVO serves as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 (1) sentence 1 lit. f) DSGVO serves as the legal basis for the processing.

4.3 Period of data storage

We delete your personal data as soon as they are no longer required for the purposes for which we collected or used them. As a rule, we store your personal data for the duration of the usage or contractual relationship for the use of the websites or the CURE app. In principle, your data is only stored on our servers in Germany, subject to any transfer that may take place in accordance with the regulations in letter A.I.6. However, storage may take place beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings. Order processors used by us (letter A.I.6.1) will store your data on their system for as long as is necessary in connection with the provision of the service for us in accordance with the respective order. Legal requirements for the storage and deletion of personal data remain unaffected by the above (e.g. § 257 of the German Commercial Code ("HGB") or § 147 of the German Fiscal Code ("AO"). If the storage period prescribed by the statutory provisions expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.

4.4 Use of cookies

We use cookies in the operation of our websites and the CURE app. Cookies and similar technologies are very small text documents or pieces of code that often contain a unique identification code. When you visit a website or use a mobile app, a computer asks your computer or mobile device for permission to store this file on your computer or mobile device and access information. Information collected through cookies and similar technologies may include the date and time of your visit and how you use a particular website or mobile application.

4.4.1 What kind of cookies do we use?

4.4.1.1 Necessary cookies

These cookies are necessary for our websites and the CURE app to function properly. Some of the following actions can be performed using these cookies. - Save items in a shopping cart for online purchases - Save your cookie settings for this website - Save language settings - Sign in for your customer account. We need to verify that you are logged in.

4.4.1.2 Performance Cookies

These cookies are used to collect statistical information about the use of our websites and the CURE app, also called analytics cookies. We use this data to improve performance and optimise the website.

4.4.1.3 Functional cookies

These cookies enable more functionality for our website visitors and CURE app users. These cookies may be set by our third-party service providers or our own websites or the CURE app. The following functionality may or may not be enabled if you accept this category: Watch online videos - Social media sharing buttons.

4.4.1.4 Advertising/Tracking Cookies

These cookies are set by third-party advertising partners and are used for profiling and data tracking across multiple websites. If you accept these cookies, we can display our ads on other websites based on your user profile and preferences. These cookies also store data about how many visitors have seen or clicked on our ads in order to optimize advertising campaigns.

4.4.2 Why do we use cookies?

Cookies ensure that you stay logged into the CURE app, all items in your shopping cart remain saved, you can shop safely and our websites continue to run smoothly. Cookies also ensure that we can see how our websites are used and how we can improve them. In addition, depending on your preferences, our own cookies may be used to present you with targeted advertising that matches your personal interests.

4.4.2.1 Technically necessary cookies

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our websites and the CURE app cannot be offered without the use of cookies. We require cookies for the following applications:

  • - shopping cart
  • - Remember search terms
  • - session
  • - Postcode input
  • - geodata

The user data collected through technically necessary cookies are not used to create user profiles.

4.4.2.2 Analysis and marketing cookies

Analysis and marketing cookies are used to improve the quality of our website and the CURE app and its content. Through analysis and marketing cookies, we learn how our offers are used and can thus continuously optimize them. These purposes also constitute our legitimate interest in the processing of personal data pursuant to Art. 6 (1) sentence 1 lit. f) DSGVO.

4.4.3 Legal basis for the use of cookies

The legal basis for the processing of personal data using technically necessary cookies is our legitimate interest Art. 6 para. 1 p. 1 lit. f) DSGVO. Any use of cookies that is not strictly technically necessary constitutes data processing that is only permitted with your explicit and active consent pursuant to Art. 6 (1) S. 1 lit. a) DSGVO. This applies in particular to the use of advertising/tracking cookies. Furthermore, we will only disclose your personal data processed by cookies to third parties if you have given your express consent to do so in accordance with Art. 6 (1) S. 1 lit. a) DSGVO.

4.4.4 Cookie Content Manager

Our website uses the cookie consent tool "CookieFirst" from Digital Data Solutions B.V., Plantage Middenlaan 42a, 1018 DH Amsterdam, Netherlands, to obtain effective user consent for cookies and cookie-based applications that require consent. Through its integration, users are shown a banner when they call up the page, in which consent for certain cookies and/or cookie-based applications and/or cookie categories can be given by ticking the box. In doing so, the tool blocks the setting of all cookies requiring consent until the respective user grants the corresponding consent by setting a check mark. This ensures that such cookies are only set on your respective end device if you have given your consent. In order for the cookie consent tool to be able to clearly assign page views to individual users and to individually record, log and store the consent settings made by you for a session duration, certain user information (including the IP address) is collected when our Internet pages are called up by the cookie consent tool, transmitted to servers of the provider of the cookie consent tool and stored there. This data processing is carried out in accordance with Art. 6 (1) sentence 1 lit. f DSGVO on the basis of our legitimate interest in a legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our Internet pages. Further legal basis for the described data processing is Art. 6 para. 1 p. 1 lit. c DSGVO. As the responsible party, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent. Further information on the use of data by the provider of the cookie consent tool can be found in its privacy policy, available at: https://cookiefirst.com/legal/privacy-policy/ and https://cookiefirst.com/legal/cookie-declaration/.

4.4.5 Obtaining Consent via the CURE App (Letter C.)

When using the CURE app, consent to data processing operations requiring consent is obtained via appropriate prompts within the app or through the operating system of your mobile device.

4.4.6 How can I disable or remove cookies?

You can choose to accept all but the most essential cookies. You can change the settings to block certain cookies/technologies in the browser settings of your mobile device or the system settings of the operating system of your mobile device or the CURE app settings. However, if you block the cookies/technologies, you may not be able to use all the technical features of our websites or the CURE app and this may have a negative impact on your user experience.

4.4.7 Duration of storage, possibility of objection and elimination

Cookies are stored on the user's terminal device and are transmitted from this to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser or the settings of your mobile device, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our internet pages or the CURE app, it may no longer be possible to use all the functions of the internet pages or the CURE app to their full extent.

5. use of our contact form and e-mail contact and support chats

5.1 Functionality and scope of data processing

5.1.1 Contact form on the Internet pages

Our website contains a contact form which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored. These data are depending on the subject of your request:

  • your name
  • Your first name
  • your email address
  • your telephone number
  • Driving licence available Yes/No (Become a CURE driver)
  • your message

At the time of sending the message via contact form, email and support chat, the following data is also stored:

  • - The IP address of the user
  • - Date and time of the request

5.1.2 Email contact and support chat

Alternatively, it is possible to contact us via the email address provided or via support chat (CURE app only). In this case, the personal data of the user transmitted with the e-mail or in the chat will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for the processing of the conversation.

5.1.3 Video interview with a pharmacist

You can also initiate a video call with a pharmacist via our contact form on the Internet pages if you have pharmaceutical questions about your order. In this case, we only process your first and last name, the IP address and the date and time of your request. We do not gain any knowledge of the content of the conversation.

5.2 Legal basis for data processing

The legal basis for the processing of the personal data provided to us in the context of your contact is our legitimate interest iSd. Art. 6 para. 1 lit. f DSGVO in the processing of your request. If the purpose of contacting you is to conclude a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DSGVO.

5.3 Purpose of the data processing

The processing of the personal data transmitted to us in the context of your contact serves us solely to process the contact request. This also constitutes the necessary legitimate interest in the processing of the data, see above. The other personal data processed during the sending process serve to prevent misuse of the communication channels we offer you and to ensure the security of our information technology systems.

5.4 Duration of storage

Subject to statutory retention obligations, the data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail/support chat, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven (7) days at the latest.

5.5 Possibility of objection and removal

If the user contacts us, he can object to the storage of his personal data at any time; both under our contact details listed above. In such a case, the conversation cannot be continued.  All personal data stored in the course of contacting us will be deleted in this case.

6. data processing by third parties

6.1 Commissioned data processing

It may happen that commissioned service providers are used for individual functions of our websites or the CURE app. As with any larger company, we also use external domestic and foreign service providers (e.g. for the areas of IT, logistics, telecommunications, sales and marketing) to process our business transactions. These are only active according to our instructions and have been contracted iSv. Article 28 DSGVO contractually obliged to comply with the data protection provisions.

The following categories of recipients, which are usually processors, may have access to your personal data:

       CURE app and the processing of the data stored or transmitted by the systems (e.g. for data centre services, payment processing, IT security)        legal basis for the transfer is then Art. 6 para. 1 p. 1 lit. b) or lit. f) DSGVO, insofar as it does not involve order processors;

       Government agencies/authorities, insofar as this is necessary for the fulfilment of a legal obligation        legal basis for the disclosure is then Art. 6 para. 1 p. 1 lit. c) DSGVO;

       Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures)        legal basis for the disclosure is then Art. 6 para. 1 sentence 1 lit. b) or lit. f) DSGVO.

In addition, we will only pass on your personal data to third parties if you have given your express consent to do so in accordance with Article 6 (1) sentence 1 a) DSGVO. If personal data from you is passed on by us to our subsidiaries or is passed on to us by our subsidiaries (e.g. for advertising purposes), this is done on the basis of existing order processing relationships.

6.2 Conditions for the transfer of personal data to third countries

6.2.1 General

In the course of our business relationships, your personal data may be passed on or disclosed to third party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing takes place exclusively for the fulfilment of contractual and business obligations and for the maintenance of your business relationship with us. We will inform you about the respective details of the transfer in the following at the relevant points.

Some third countries are certified by the European Commission as having a level of data protection comparable to the EEA standard by means of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is sufficiently guaranteed. This is possible through binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognised codes of conduct. Please contact our data protection officer (see A.I.2) if you would like more information on this.

6.2.2 Data transmission to the USA

We use analysis and advertising tools from companies with (headquarters) in the USA (e.g. Google) on our websites and for the CURE app. When these tools are active, your personal data may be transferred to the US servers. We would like to point out that the USA is not a safe third country in the sense of EU data protection law. US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

6.3 Legal obligation to transmit certain data

We may, under certain circumstances, be subject to a specific legal or statutory obligation to make the lawfully processed personal data available to third parties, in particular public bodies (Art. 6 para. 1 sentence 1 lit. c DS-GVO).

7. your rights

You have the following rights in relation to us in respect of personal data relating to you:

  • Right of access,
  • Right of rectification or erasure,
  • Right to restrict processing,
  • Right to object to processing,
  • Right to data portability.

You also have the right to complain to a data protection supervisory authority about our processing of your personal data.

II. Objection or revocation against the processing of your data

1. revocability of consent

If you have given your consent to the processing of your data, you may revoke this consent at any time. Such a revocation affects the permissibility of the processing of your personal data after you have expressed it to us.

2. indication of the possibility to object to the data processing in case of balancing of interests

Insofar as we base the processing of your personal data on the balance of interests, you can object to the processing. This is the case if the processing is not necessary, in particular, for the performance of a contract with you, which is shown by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.

3. reference to the possibility to object to direct marketing

Of course, you can object to the processing of your personal data for the purposes of advertising and data analysis at any time. You can inform us about your advertising objection under the following contact details:

CURE Group GmbH, Pariser Platz 6a, D-10117 Berlin; e-mail: hello@getcure.app.

III Data security

We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties, taking into account the state of the art, the implementation costs and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments. We will be happy to provide you with more detailed information on request. Please contact our data protection officer (A.I.2).

We use SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site/app operator. You can recognize an encrypted connection on our Internet pages by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

B. Processing of personal data when visiting our website (www.getcure.app)

I. Creation of log files

During the mere informative use of our Internet pages, i.e. if you do not transmit any information to us, our system automatically collects data and information from the computer system of the calling end device. The following data is collected:

  • Internet Protocol (IP) address
  • Time and date of the respective access
  • Time zone difference from Greenwich Mean Time (UTC)
  • Amount of data that was transferred in each case
  • Website from which our website is accessed (referrer URL)

The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.

1. legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 p. 1 lit. f) DSGVO.

2. the purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 p. 1 lit. f) DSGVO.

3. duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the online shop, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after 365 days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

4. possibility of objection and elimination

The collection of data for the provision of the internet pages and the storage of the data in log files is absolutely necessary for the operation of the internet pages. Consequently, you do not have the option to object.

II. special technologies

1. analysis, tracking, marketing

  1. Google Analytics

1.1.1 Nature and purpose of the processing operation

If you have given your consent, Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereinafter referred to as: "Google") is used on our website. Google Analytics uses cookies, which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. However, due to the activation of IP anonymization on these Internet pages, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. The deletion of data whose retention period has been reached takes place automatically once a month.

These web pages use Google Analytics with the extension "anonymize IP". This means that IP addresses are processed in abbreviated form, which means that personal references can be ruled out. Insofar as the data collected about you is related to a person, this is therefore immediately excluded and the personal data is thus immediately deleted.  You can find more information about Google Analytics at:

http://www.google.com/analytics/terms/de.html (Terms of use), http://www.google.com/intl/de/analytics/learn/privacy.html (Overview of data protection:)

http://www.google.de/intl/de/policies/privacy (Privacy Policy).

1.1.2 Legal basis; revocation of consent

We have a legitimate interest in the use of these functionalities in order to make our website more user-friendly. In this respect, the legal basis for the processing of your data is Art. 6 (1) p. 1 lit. f) DSGVO. In case of your consent, the processing is based on Art. 6 para. 1 p. 1 lit. a) DSGVO and § 25 para. 1 TTDSG, as far as the consent includes the storage of cookies or the access to information in the user's terminal device (e.g. device fingerprinting) in the sense of the TTDSG. You can revoke your consent at any time. You can also prevent tracking by Google Analytics on our website by clicking on this [b] link. This will install an opt-out cookie on your device. This will prevent the collection by Google Analytics for this website and for this browser in the future, as long as the cookie remains installed in your browser. You may also refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: [c]Browser Add On to disable Google Analytics. You can also deactivate Google Analytics at any time using the cookie-consents tool.

1.2 Hotjar

Our websites use Hotjar, a web analytics service provided by Hotjar Ltd, Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta ("Hotjar"), to better understand user behaviour, to understand our users' needs and to optimise our services and user experience. Hotjar allows us to better understand the user experience on our sites (i.e., how long users spend on which of our sites, which links they click, what they like and dislike, etc.) so that we can tailor our offerings based on user feedback. Hotjar uses cookies and other technologies to collect information about user behavior and user devices (specifically, a device's IP address (which is collected and stored in anonymized form), screen size, device type (unique device identifiers), browser information, geographic information (on a country-by-country basis only), preferred language for viewing our website). Hotjar stores this data in a pseudonymized user profile. Neither Hotjar nor we will use this information to identify individual users, nor will the data be merged with other data about individual users. Further details can be found in Hotjar's privacy policy at this link: https://www.hotjar.com/privacy. We have a legitimate interest in the use of the marketing functionality described above in order to optimise our website and our advertising. The legal basis in this respect is Art. 6 para. 1 p. 1 f) DSGVO. If you give us a corresponding consent, e.g. by means of your consent to the storage of cookies, the processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a) DSGVO and § 25 Para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time. In addition, you can object to the creation of user profiles, the storage of data about your use of our site by Hotjar and the use of tracking cookies by Hotjar on other sites at any time under the following link or prevent them: https://www.hotjar.com/opt-out.

1.3 HubSpot

On our websites, we use the service of HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, telephone: +353 1 5187500 for various purposes. Hubspot is an integrated software solution that allows us to manage customer data and cover various aspects of our online marketing. These include: Email Marketing, Social Media Publishing & Reporting, Reporting, Contact Management (e.g. user segmentation & CRM), Landing Pages and Contact Forms.

We use all collected information exclusively for the optimization of our marketing measures and for contact management with you. As part of the optimization of our marketing measures, the following data may be collected and processed via Hubspot:

  • Geographical position
  • Browser type
  • Navigation information
  • Reference URL
  • Performance data
  • Information about how often the application is used
  • Mobile Apps data
  • Login information for the HubSpot subscription service
  • Files displayed on site
  • Domain names
  • Pages viewed
  • Aggregated use
  • Version of the operating system
  • Internet Service Provider
  • IP address
  • Device identifier
  • Duration of the visit
  • Where the application was downloaded from
  • Operating system
  • Events that occur within the application
  • Access times
  • Clickstream data
  • -Device model and version

Learn more about HubSpot's privacy policy "

More information from HubSpot regarding EU data protection regulations "

You can find more information about the cookies used by HubSpot here & here.

We have a legitimate interest in the use of the aforementioned functionalities in order to make our website more user-friendly. In this respect, the legal basis for the processing of your data is Art. 6 (1) sentence 1 lit. f DSGVO. In case of your consent, the processing is based on Art. 6 para. 1 p. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time with effect for the future. Insofar as the management of your data serves the purpose of fulfilling a contract or initiating a contract between us, Art. 6 (1) p. 1 lit. b DSGVO is the legal basis. In the context of processing with HubSpot, data may be transmitted to the USA. The security of the transfer is secured by so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that corresponds to that of the DSGVO. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49 (1) a DSGVO may serve as the legal basis for the transfer to third countries. The data processing agreement that complies with the standard contractual clauses can be found at https://legal.hubspot.com/dpa. You can learn more about the data that is processed through the use of HubSpot in the Privacy Policy at https://legal.hubspot.com/de/privacy-policy.

1.4 Google Adwords Conversion

We use the offer of Google Adwords to draw attention to our attractive offers with the help of advertising media (so-called "Google Adwords") on external websites. We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. In this way, we pursue the interest of showing you advertising that is of interest to you, of making our website more interesting for you and of achieving a fair calculation of advertising costs. These advertisements are delivered by Google via so-called "Ad Servers". For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as display of the ads or clicks by users, can be measured. If you access our website via a Google ad, Google Adwords will store a cookie on your PC. These cookies usually lose their validity after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and, if applicable, the marker that the user does not wish to be addressed (again) are usually stored as analysis values for this cookie. These cookies enable Google to recognise your internet browser. If a user visits certain pages of the website of an Adwords customer and the cookie stored on his computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each Adwords customer. Cookies can therefore not be tracked via the websites of Adwords customers. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising tools, in particular we cannot identify the users on the basis of this information. Due to the marketing tools used, your browser automatically wants to establish a direct connection with Google's server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of AdWords Conversion, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider may obtain and store your IP address.  We have a legitimate interest in the use of the marketing functionality described above in order to optimise our website and our advertising. The legal basis in this respect is Art. 6 para. 1 p. 1 lit. f) DSGVO.  If you give us a corresponding consent, e.g. by means of your consent to the storage of cookies, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a) DSGVO; the consent can be revoked at any time. You can (also) prevent participation in this tracking procedure by: a) setting your browser software accordingly, in particular suppressing third-party cookies will result in you not receiving any.google.de/settings/ads, whereby this setting will be deleted when you delete your cookies; c) receiving ads from third-party providers; b) deactivating cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com", https://wwwDeaktivierung of the interest-based ads of the providers that are part of the self-regulatory campaign "About Ads" via the link http://www.aboutads.info/choices, this setting being deleted when you delete your cookies; d) by permanently disabling them in your browsers Firefox, Internetexplorer or Google Chrome at the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent. Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html.

2. social plugins

2.1 Twitter Plugin

Functions of the Twitter service are integrated on our Internet pages. These functions are offered by the Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. In the process, data is also transferred to Twitter. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter. For more information, please refer to the privacy policy of Twitter at: https://twitter.com/de/privacy. The use of the Twitter plugin is based on Art. 6 (1) p. 1 lit. f) DSGVO. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 p. 1 lit. a) DSGVO and 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time with effect for the future. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html. You can change your privacy settings on Twitter in the account settings at https://twitter.com/account/settings.

Source: eRecht24.de

2.2 Facebook Plugin

Plugins of the social network Facebook are integrated on our website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries. You can recognise the Facebook plugins by the Facebook logo or the "Like" button on this website. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/?locale=de_DE. When you visit these web pages, a direct connection is established between your browser and the Facebook server via the plugin. Facebook thereby receives the information that you have visited these Internet pages with your IP address. If you click the Facebook "Like" button while you are logged into your Facebook account, you can link the content of these web pages on your Facebook profile. This allows Facebook to associate your visit to these web pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. You can find more information on this in Facebook's data protection statement at: https://de-de.facebook.com/privacy/explanation. If you do not want Facebook to be able to associate your visit to these web pages with your Facebook user account, please log out of your Facebook user account. The use of Facebook plugins is based on Art. 6 para. 1 p. 1 lit. f) DSGVO. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 p. 1 lit. a) DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time with effect for the future. Insofar as personal data is collected on our Internet pages with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our websites. Facebook is responsible for the data security of the Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum,

https://de-de.facebook.com/help/566994660333381 und

https://www.facebook.com/policy.php.

Source: eRecht24.de

2.3 Instagram Plugin

Functions of the Instagram service are integrated on our website. These functions are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit of these web pages with your user account. We point out that we, as the provider of the pages, do not receive any knowledge of the content of the transmitted data as well as their use by Instagram. The storage and analysis of the data is based on Art. 6 para. 1 p. 1 lit. f) DSGVO. The website operator has a legitimate interest in the greatest possible visibility in social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 p. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time with effect for the future. Insofar as personal data is collected on our websites with the help of the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook or Instagram. The processing by Facebook or Instagram that takes place after the forwarding is not part of the joint responsibility. Our joint responsibilities have been set out in a Joint Processing Agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook or Instagram tool and for implementing the tool on our websites in a way that is secure from a data protection perspective. Facebook is responsible for the data security of the Facebook or Instagram products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:

https://www.facebook.com/legal/EU_data_transfer_addendum,

https://help.instagram.com/519522125107875 und

https://de-de.facebook.com/help/566994660333381.

For more information, please see Instagram's privacy policy:

https://instagram.com/about/legal/privacy/.

Source: eRecht24.de

2.4 LinkedIn Plugin

Functions of the LinkedIn service are integrated on our website. These functions are offered by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. If you are logged into your LinkedIn account, you can link the content of these web pages to your LinkedIn profile by clicking on the LinkedIn button. This allows LinkedIn to associate your visit to these Internet pages with your user account. We would like to point out that we, as the provider of the Internet pages, have no knowledge of the content of the transmitted data or its use by LinkedIn. The storage and analysis of the data is based on Art. 6 para. 1 p. 1 lit. f) DSGVO. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 p. 1 lit. a) DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time with effect for the future. Further information on this can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://de.linkedin.com/legal/l/dpa

2. linking on Instagram, Twitter, LinkedIn, Facebook

On our website, we advertise our presence on the social networks listed below. The integration takes place via a linked graphic of the respective network. The use of this linked graphic prevents the automatic establishment of a connection to the respective server of the social network when a website with a social media advertisement is called up in order to display a graphic of the respective network itself. Only by clicking on the corresponding graphic is the user redirected to the service of the respective social network. After the user has been forwarded, information about the user is collected by the respective network. It cannot be ruled out that the data collected in this way is processed in the USA. This is initially data such as IP address, date, time and page visited. If the user is logged into his user account of the respective network during this time, the network operator may be able to assign the collected information of the specific visit of the user to the personal account of the user. If the user interacts via a "share" button of the respective network, this information can be stored in the user's personal user account and possibly published. If the user wants to prevent the collected information from being directly assigned to his user account, he must log out before clicking on the graphic. In addition, it is possible to configure the respective user account accordingly. We have integrated on our Internet pages by linking:

Twitter of Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, Privacy Policy: https://twitter.com/privacy;  

Facebook and Instagram of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Privacy Policy Facebook: https://www.facebook.com/policy.php, Privacy Policy Instagram: https://instagram.com/about/legal/privacy/;

LinkedIn of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland https://www.linkedin.com/legal/privacy-policy

3. miscellaneous

3.1 Webflow

We host our Internet pages at Webflow. The provider is Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA. When you visit our websites, Webflow collects various log files including your IP addresses. Webflow is a tool for creating and hosting websites and a content management system. Webflow stores cookies or other recognition technologies that are necessary for the presentation of the internet pages to provide certain internet page functions and to ensure security (necessary cookies). For details, please refer to Webflow's privacy policy: https://webflow.com/legal/eu-privacy-policy. The use of Webflow is based on Art. 6 para. 1 p.1 lit. f) DSGVO. We have a legitimate interest in the most reliable presentation of our Internet pages. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://webflow.com/legal/eu-privacy-policy. We have concluded a contract on order processing (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO. Source: www.eRecht24.de

3.2 jQuery

We use the Javascript library "jQuery". In order to increase the loading speed of our web pages and thus provide you with a better user experience, we use Google's CDN (content delivery network) to load this library. Chances are you have already used jQuery on another page from the Google CDN. In that case, your browser can fall back to the cached copy and it doesn't need to be downloaded again. If your browser does not have a cached copy or is downloading the file from the Google CDN for some other reason, data will again be transferred from your browser to Google. The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. f DSGVO. Information of the third party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: http://www.google.com/analytics/terms/de.html, Overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the data protection declaration: http://www.google.de/intl/de/policies/privacy.

3.3 Cloudflare

We use functions of the Content Delivery Network CloudFlare of CloudFlare Germany GmbH, Rosental 7, 80331 Munich, Germany on our Internet pages. A Content Delivery Network (CDN) is a network of regionally distributed servers connected via the Internet that is used to deliver content - especially large media files such as videos. CloudFlare provides web optimization and security services that we use to improve our website load times and protect it from misuse. When you visit our website, a connection is established to CloudFlare's servers in order to retrieve content, for example. Personal data can be stored and evaluated in server log files, especially the activity of the user (in particular, which pages have been visited) and device and browser information (in particular, the IP address and operating system). Further information on the collection and storage of data by CloudFlare can be found here: https://www.cloudflare.com/de-de/privacypolicy/. The use of CloudFlare's functions serves the delivery and acceleration of online applications and content. The collection of this data is based on Art. 6 para. 1 p. 1 lit. f) DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimization of its websites - for this purpose, the server log files must be collected. Your personal information will be stored for as long as necessary to fulfil the purposes described in this privacy policy or as required by law. You can find information on objection and removal options vis-à-vis CloudFlare at: https://www.cloudflare.com/de-de/privacypolicy/.

3.4 Amazon Cloudfront

We also use the CDN Cloudfront on our websites. This is a service of Amazon Web Services Inc, 410 Terry Avenue North, Seattle, WA 98109-5210, USA. The Cloudfront CDN provides duplicates of data of a web page on different servers distributed worldwide in order to achieve a faster loading time of the web page, a higher reliability and an increased protection against data loss. Some of the images and videos embedded on these web pages are retrieved from Cloudfront CDN when the page is accessed. Through this retrieval, information about your use of our Internet pages (such as your IP address) is transmitted to Amazon servers in other EU countries and stored there. This happens as soon as you enter our website. The use of Amazon Web Services and the Amazon CDN Cloudfront is in the interest of a higher reliability of the Internet pages, the increased protection against data loss and a better loading speed of these Internet pages. This constitutes a legitimate interest within the meaning of Art. 6 (1) p. 1 lit. f) DSGVO. You can find out more about Amazon Web Services' data protection measures at: https://aws.amazon.com/de/data-protection/. The current privacy policy of Amazon Web Services can be found at: https://aws.amazon.com/de/privacy/.

3.5 jsDelivr CDN

We use the CDN of jsDelivr on our internet pages. A CDN is a service, with the help of which content can be served. The processing of user data takes place solely in order to be able to deliver our Internet pages more quickly with the help of regionally distributed servers connected via the Internet. For this purpose, the browser you use must connect to the servers of the CDN. This enables the CDN to know that our website has been accessed via your IP address. The use is based on our legitimate interests, i.e. interest in a safe and efficient provision, analysis and optimization of our online offer in accordance with Art. 6 para. 1 p. 1 lit. f) DSGVO. For more information, please see the privacy policy of jsDelivr: https://www.jsdelivr.com/privacy-policy-jsdelivr-net/

3.6 Online shop hosting with Shopify

We host our online store with Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"). Shopify is a tool for creating and hosting websites. When you visit our online store, Shopify collects your IP address and information about the device and browser you are using. Shopify also analyzes visitor numbers, visitor sources, and customer behavior, and compiles user statistics. When you make a purchase from our online store, Shopify also collects your name, email address, shipping and billing addresses, payment information, and other data related to the purchase (e.g., phone number, amount of sales made, etc.). For analytics, Shopify stores cookies in your browser. For details, see Shopify's privacy policy: https://www.shopify.de/legal/datenschutz. The use of Shopify is based on Art. 6 para. 1 p. 1 lit. f) DSGVO. We have a legitimate interest in the most reliable presentation of our online shop. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 p. 1 lit. a) DSGVO; the consent can be revoked at any time. We have concluded an order processing agreement in accordance with Art. 28 DSGVO with Shopify. This ensures that Shopify processes your personal data on our behalf and only according to our instructions.

3.7 Bootstrap CDN

In order to deliver all of our individual web pages (sub-pages of our web pages) to you quickly and securely on all devices, we use the CDN BootstrapCDN, an open source service provided by jsdelivr.com of the Polish software company ProspectOne, Królewska 65A/1, 30-081, Kraków, Poland. A Content Delivery Network (CDN) is a network of regionally distributed servers connected via the Internet. Through this network, content, especially very large files, can be delivered quickly even during large peak loads. BootstrapCDN works in such a way that so-called JavaScript libraries are delivered to your browser. If your browser downloads a file from BootstrapCDN, your IP address is transmitted during the connection to the Bootstrap CDN server. Therefore, personal data can be sent and stored. BootstrapCDN can thus collect and store user data such as IP address, browser type, browser version, which web page is loaded or time and date of the page visit. The privacy policy of BootstrapCDN or jsdelivr.com explicitly states that the company does not use cookies or other tracking services. BootstrapCDN has servers located in various countries and your information may be stored outside of the European Economic Area. BootstrapCDN retains personal data processed on our behalf for as long as necessary to provide services offered, as necessary to comply with legal obligations, resolve disputes and enforce agreements. You always have the right to access, rectify and delete your personal data. If you have any questions, you can also contact BootstrapCDN's data controller at any time. If you want to prevent this data transfer, you can install a JavaScript blocker (see for example https://noscript.net/) or disable the execution of JavaScript codes in your browser. Please note, however, that this will prevent the website from providing the usual service (such as fast loading speed). If you have consented to BootstrapCDN being used, the legal basis of the corresponding data processing is this consent. According to Art. 6 para. 1 p. 1 lit. a) DSGVO (consent), this consent constitutes the legal basis for the processing of personal data as it may occur during the collection by BootstrapCDN. From our side, there is also a legitimate interest in using BootstrapCDN to optimize our websites and make them more secure. The corresponding legal basis for this is Art. 6 para. 1 p. 1 lit. f) DSGVO (Legitimate Interests). We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. The data processing is essentially carried out by BootstrapCDN. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. It may also happen that this data is linked to data from possible other BootstrapCDN services where you have a user account. For more information about BootstrapCDN's privacy practices, please visit https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net. Source : https://www.adsimple.de/datenschutz-generator/

3.8 Typeform

We use Typeform, a technology of TYPEFORM SL, C/Bac de Roda, 163 (Local), 08018 Barcelona Spain, for our contact forms (see above letter A.5.). This enables us to provide you with a simple means of contact. For this purpose, we provide the following personal data to Typeform:

  • E-mail address
  • First name
  • Last name

Typeform is a recipient of your personal data and acts as a processor for us (Art. 28 DSGVO). In addition, Typeform collects the following personal data with the help of cookies: Information about your terminal device (IP address, device information, operating system, browser settings). Furthermore, usage data is collected such as date and time when you used the contact form. Typeform needs this data to ensure the display of the contact form and its functionality. This corresponds to Typeform's legitimate interest (according to Art. 6 para. 1 p. 1 lit. f) DSGVO) and serves the execution of the contract (according to Art. 6 para. 1 lit. b) DSGVO). Further information can be found at: https://help.typeform.com/hc/en-us/articles/360029581691-What-happens-to-my-data. You can find further information on the possibilities of objection and removal vis-à-vis Typeform at: https://admin.typeform.com/to/dwk6gt. We have a legitimate interest in using these functionalities to make our websites more user-friendly. The legal basis for the processing of your data in this respect is Art. 6 para. 1 p. 1 lit. f) DSGVO. In case of your consent, the processing is based on Art. 6 para. 1 p. 1 lit. a) DSGVO and § 25 para. 1 TTDSG, as far as the consent includes the storage of cookies or the access to information in the user's terminal device (e.g. device fingerprinting) in the sense of the TTDSG. The consent can be revoked at any time with effect for the future. After termination of the contract between us and Typeform, your data will be deleted by Typeform without delay and by us subject to letters A.I.4.3 and A.I.5.4.

3.9 Applications

If you apply to us (e.g. as a CURE rider), we process the personal data you send us during the application process, such as your name, address, place of residence, age, application photo, e-mail and telephone number, professional background including schools, training, studies. If you send the data by e-mail, it will be processed electronically and usually unencrypted. If, following the application process, an employment or other service contract is concluded, we store your data for the purpose of processing the contractual relationship in compliance with the statutory provisions. The legal basis for processing your data for the purpose of contract performance and pre-contractual enquiries is Art. 6 (1) sentence 1 lit. b) DSGVO and, insofar as we are under a legal obligation, Art. 6 (1) sentence 1 lit. c) DSGVO. In the case of your consent, Art. 6 Para. 1 S.1 lit. a) DSGVO serves as the legal basis. If no employment contract is concluded, your data will be deleted after completion of the application process or at the latest two (2) months after its completion. This does not apply if legal provisions prevent deletion or if the continued storage of your data is necessary for the purpose of providing evidence, for example in proceedings under the General Equal Treatment Act (AGG). The application process is deemed to be completed when the rejection letter is sent to you.

3.10 Google Maps

Our website uses the map service Google Maps. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 (1) f) DSGVO. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a) DSGVO; the consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/. More information on the handling of user data can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de.

3.11 Google Fonts

Google Fonts are implemented on our Internet pages. Google Fonts enable us to provide you with a uniform appearance of our internet pages, regardless of which fonts are installed on your local system. The Google Fonts are loaded from a server of Google Inc. ("Google") in the USA, unless your browser has access to a local copy in its cache, i.e. Google is theoretically aware of the use of the offer. We have a legitimate interest in the use of these functionalities in order to make our internet pages more user-friendly. The legal basis for the processing of your data in this respect is Art. 6 para. 1 p. 1 lit. f) DSGVO. In case of your consent, the processing is based on Art. 6 para. 1 p. 1 lit. a) DSGVO. You can revoke your consent at any time via the cookie consent manager, which can be accessed at any time via our homepage. Further information can be obtained from Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use: http://www.google.com/analytics/terms/de.html, Overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the privacy policy: http://www.google.de/intl/de/policies/privacy.

3.12 Font Awesome

Our Internet pages use so-called web fonts or icons from Fonticons, Inc. for the uniform display of fonts or icons. When you call up a page, your browser loads the required web fonts or icons into your browser cache in order to display texts, fonts and icons correctly. For this purpose, the browser you are using must connect to the servers of Fonticons, Inc. This enables Fonticons, Inc. to know that your IP address has been used to access our website. Font Awesome is used in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f) DSGVO. In case of your consent, the processing is based on Art. 6 para. 1 p. 1 lit. a) DSGVO. You can revoke your consent at any time via the cookie consent manager, which can be accessed at any time via our homepage. If your browser does not support Font Awesome, a standard font will be used by your computer. For more information about Font Awesome, please visit https://fontawesome.com/help and read the Fonticons, Inc. privacy policy: https://fontawesome.com/privacy.

C. Supplementary information on the processing of personal data when using the CURE app

I. The collection of personal data concerning you

1. the data collected during the download

When downloading the CURE app, certain personal data required for this purpose will be transmitted to the corresponding app store (e.g. Apple App Store or Google Play). In particular, the email address, the user name, the customer number of the downloading account, the individual device identification number, payment information and the time of the download will be transmitted to the App Store. We have no influence on the collection and processing of this data, which is carried out exclusively by the App Store selected by you. Accordingly, we are not responsible for this collection and processing; the responsibility for this lies solely with the App Store.

2. data collected when using the CURE app; health data

We can only provide you with the benefits of the CURE app if we collect certain personal data about you that is necessary for the operation of the app. We only collect this data if this is necessary for the performance of the contract between you and us (Art. 6 para. 1 p. 1 lit. b) DSGVO). Furthermore, we collect this data if this is necessary for the functionality of the CURE app and your interest in the protection of your personal data does not outweigh this (Art. 6 (1) S.1 lit. f) DSGVO). Special categories of personal data, namely health data (as defined in Art. 4 No. 15, Art. 9 DSGVO), i.e. data that may result from your order, e.g. medicines ordered by you, are only processed by us in accordance with Art. 9 (2) a) DSGVO if you have given us your express consent to do so.

We collect and process the following data from you:

  • Device information: Access data includes the IP address, device ID, device type, device-specific settings and CURE app settings and CURE app properties, the date and time of the retrieval, time zone the amount of data transferred and whether the data exchange was complete, CURE app crash, browser type and operating system. This access data is processed to enable the technical operation of the CURE app;
  • Data that you provide to us: In order to use the CURE app, you must create a user account with us. You can find more information on this in section 2 of the CURE General Terms of Use. To do this, you must provide at least your first name, last name and email address. If you order via the CURE app, we also collect and process the (order) data mentioned in section 3.1, which may also include health data (only with your consent). We store your orders placed via the CURE app in your user account for any subsequent orders;
  • Information with your consent: Health data; Other information (e.g. GPS location data, reminders) we process if you allow us to do so. Please note that some features of the CURE app cannot be used without sharing your GPS location;
  • Contact form data: When using contact forms, the data transmitted through them are processed (e.g. surname and first name, e-mail address, your request, time of transmission).

3. registration of the customer account

3.1 Functionality and scope of data processing

In order to be able to order, you must register in the CURE app by providing personal data. The data is entered into an input mask in the CURE app and transmitted to us and stored.

A passing on of these data to third parties, except for the handling of your order to the participating pharmacy, which is to supply you and our order processors commissioned with the delivery, does not take place.

The following data is collected as part of the registration process:

  • First and last name
  • Customer number (optional)
  • E-mail address
  • Password self-selected

The following data is also stored at the time of registration:

  • The IP address of the user
  • Date and time of registration

As part of the registration process, the user's consent to the processing of this data is obtained.

3.2 Legal basis and purpose of data processing

The legal basis for the processing of the data is Art. 6 (1) a) DSGVO if you have given your consent. Your registration serves to place an order with one of the Participating Pharmacies and is necessary for the fulfilment of the purchase contract with the Participating Pharmacy supplying you and for the implementation of pre-contractual measures. The legal basis for the processing of the data in this respect is Art. 6 Para. 1 lit. b) DSGVO.

3.3 Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for the data collected during the registration process when the registration on our website is cancelled or modified.  This is the case for data collected during the registration process for the fulfilment of a contract or for the implementation of pre-contractual measures when the data is no longer necessary for the implementation of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contractual partner in order to comply with contractual or legal obligations or to exercise rights.

3.4 Possibility of objection and removal

As a user, you have the option to cancel your registration at any time. You can have the data stored about you changed at any time. If the data is required for the performance of a contract or for the implementation of pre-contractual measures, a premature deletion of the data is only possible insofar as contractual or legal obligations or rights do not oppose a deletion.

4. orders via the CURE app

4.1 General information

If you wish to order via the CURE APP, it is necessary for the conclusion of the contract between you and the pharmacy ("Pharmacy") selected by you and supplying you that you provide your personal data, which both we as the operator of the CURE APP and the Pharmacy itself require for the processing of your order in addition to information about the product ordered by you. This also concerns, as far as relevant, the passing on of the (payment) data necessary for the processing of your order to payment service providers and, in the case of purchase on account, to credit agencies for the purpose of creditworthiness inquiries. Mandatory information necessary for the processing of contracts is marked separately, other information is voluntary. This is in addition to the data already collected during your registration:

  • First name, last name
  • Delivery address/invoice address (street, house number, postcode, town)
  • Telephone number (mandatory)

We and the pharmacy supplying you process the data you provide for the purpose of processing your order. For this purpose, we may pass on your payment data to the payment service provider who collects the purchase price to be paid by you as the buyer on our behalf and pays it to the pharmacy. The legal basis for this is Art. 6 para. 1 p. 1 lit. b) DSGVO. We may also process the data you provide to inform you about other interesting services of the same kind or to send you e-mails with technical information. Since the order of goods customary in pharmacies may contain health data as such or health data can be derived from the order, we process your health data only after receiving your consent to do so (cf. above Art. 9 (2) a) DSGVO). The permissibility of the processing of your order data including your health data by the pharmacy supplying you results from Art. 6 Para. 1 S. 1 lit. b) as well as Art. 9 Para. 2 lit. a) (consent) or lit. h) (supply in the health sector, here by a pharmacy) DSGVO. To prevent unauthorised access by third parties to your personal data, in particular financial and health data, the ordering process is encrypted using TLS technology.  

4.2 Storage period

We store your data only as long as this is necessary for the provision of our services or we are legally obliged or entitled to store it by law or on the basis of your express consent. Letter A.I.4. applies.

II. special technologies

The CURE app uses the following technologies and functionalities:

1. use of the payment service provider Adyen

The payment of the purchase price to the pharmacy supplying you is processed via the payment service provider Adyen BV, Simon Carmiggelstraat 6 - 50, 1011 DJ Amsterdam, Netherlands ("Adyen"). When paying by credit card (Visa/MASTER-Card/American Express), the payment data you enter will be collected by Adyen in accordance with Art. 6 (1) p. 1 lit. b) DSGVO, stored and only passed on to the companies involved in the payment process. With the credit card payment you accept the terms and conditions of the payment provider. In this case, we do not collect or store the payment data. When paying by credit card, the following data will be processed:

  • Card type (American Express, Mastercard or VISA)
  • cardholder name
  • Card number
  • Check digit
  • Validity period

2. google firebase

In the CURE app, we use Google Firebase ("Firebase") from Google with various functionalities. "Firebase Analytics" enables the analysis of the use of our offer. This means that completely anonymised information about the use of our website/CURE app is collected and transmitted to Google and stored there. Google uses the advertising ID of the end device for this purpose. Google will use the aforementioned information to evaluate the use of our app and to provide us with further services associated with the use of apps. You can restrict the use of the advertising ID in the device settings (iOS: Privacy/ Advertising/ No Ad Tracking; Android: Account/ Google/ Ads). Furthermore, we use Firebase Remote Config, which allows us to run A/B tests and customize the behavior and appearance of the CURE app without downloading a new version. Personal data is not stored.  You can object to the use of Firebase at any time by setting the slider for Anonymous Statistics in the app under "Settings" accordingly.

3. zendesk live chat

For the CURE app, we use the so-called Zendesk Chat of the provider Zendesk, Inc, 1019 Market Street San Francisco, CA 94103 ("Zendesk") with the help of which the user can communicate with us in real time. The user will be notified if one of our representatives is currently online to provide an immediate response to questions. If you use our live chat system, the data you provide will be stored in order to answer your questions. The data collected includes:

  • Chat history
  • Specified name
  • IP address
  • Country of origin
  • Visited pages
  • Duration of the visit of the pages

Other personal information, depending on the information provided (e.g. email address, phone number). It is possible to collect contact information such as name, phone, and email address to make it easier to get in touch. Zendesk Chat uses cookies. The information generated by the cookie about your use of the CURE app (including your anonymized IP address) is transmitted to and stored on a Zendesk Chat server in the United States. The information is only visible for the moment you are on a particular page and is not stored. Conducted chats are logged and stored. By using Zendesk Chat, we can improve our service and make it more interesting for you as a user. We have a legitimate interest in using these functionalities to make our offers more user-friendly. The legal basis for the processing of your data in this respect is Art. 6 para. 1 p. 1 f) DSGVO. In case of your consent, the processing is based on Art. 6 para. 1 p. 1 a) DSGVO. You can revoke your consent at any time for the future. You may also refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. For more information on data processing by Zendesk, please see Zendesk's privacy policy at www.zendesk.de/company/customers-partners/privacy-policy/ and the EU data protection page www.zendesk.de/company/customers-partners/eu-data-protection/. If you have any questions, you can also contact Zendesk directly at privacy@zendesk.com.

4. social sign-in buttons

In the CURE app we have integrated the signin buttons from Facebook, Google and Apple. With these functions, we enable you to easily log in to the CURE app via your login to the aforementioned social network providers. The legal basis for the use of the plug-ins is Art. 6 para. 1 p. 1 lit. a) DSGVO, i.e. the integration only takes place after your consent. The plug-in provider stores the data collected about you as usage profiles and uses these for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about your activities in the CURE app. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected from us will be directly assigned to your account with the plug-in provider and information will be exchanged that also enables you to log in to us. The information collected is stored on servers of the providers, in the case of international providers also outside Europe. For these cases, the providers have, according to their own statements, imposed a standard on themselves that corresponds to the former so-called US Privacy Shield and have promised to comply with applicable data protection laws in the international transfer of data. We have also agreed so-called standard data protection clauses with the providers, the purpose of which is to ensure compliance with an appropriate level of data protection in the third country. The revocation of your consent is possible at any time without affecting the permissibility of the processing until the revocation. The easiest way to revoke your consent is to use the functions of the social media providers. For further information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the data protection declarations of these providers communicated below. There you will also receive further information on your rights in this regard and setting options for protecting your privacy. Addresses of the respective plug-in providers and URL of the respective privacy notices:

a) Facebook

operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). You can view the privacy policy at https://www.facebook.com/about/privacy/update?ref=old_policy;

b) Google

operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA.

c) Apple

operated by Apple Inc, Infinite Loop, Cupertino, CA 95014 USA.

D. Our social media presences

I. Platforms

We have various presences in so-called social media platforms. We currently operate the presences with the following providers:

1.Facebook

operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). You can view the privacy policy at https://www.facebook.com/about/privacy/update?ref=old_policy;

2. instagram

also operated by Facebook. You can view the data protection notice at https://help.instagram.com/155833707900388;

3. twitter

operated by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland ("Twitter"). You can view the data protection information at https://twitter.com/de/privacy and adjust your data protection settings yourself at https://twitter.com/account/settings.

4. LinkedIn

operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"). You can view the data protection information at https://www.linkedin.com/legal/privacy-policy.

II. type and scope of data processing

We use the technical platform and services of the providers for these information services. We would like to point out that you use our appearances on social media platforms and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). When you visit our websites, the providers of the social media platforms collect, among other things, your IP address and other information that is stored in the form of cookies on your terminal device. This information is used to provide us, as the operator of the accounts, with statistical information about your interaction with us. The data collected about you in this context is processed by the platforms and may be transferred to countries outside the European Union, in particular the USA. All of the aforementioned providers claim to maintain an adequate level of data protection equivalent to the former EU-US Privacy Shield and we have entered into the standard data protection clauses with the companies. The following agreements are authoritative:

Facebook: Facebook Terms of Service, the other terms and policies listed there at the end, and the Shared Responsibility Agreement,

Instagram: Instagram's Terms of Use, Instagram's Data Policy, and, because Instagram is a Facebook offering, also the Facebook policies and agreements described above.

LinkedIn: LinkedIn Data Processing Agreement.

Twitter: The general terms and conditions of Twitter and the guidelines referred to therein.

We are not aware of how the social media platforms use the data from your visit to our account and interaction with our posts for their own purposes, how long this data is stored and whether data is passed on to third parties. Data processing may differ depending on whether you are registered and logged in to the social network or are visiting the site as a non-registered and/or non-logged-in user. When you access a post or the account, the IP address assigned to your terminal device is transmitted to the provider of the social media platform. If you are currently logged in as a user, a cookie on your end device can be used to track how you have moved around the network. Buttons embedded in websites enable the platforms to record your visits to these website pages and assign them to your respective profile. Based on this data, content or advertising can be offered tailored to you. If you want to avoid this, you should log out or deactivate the "stay logged in" function, delete the cookies on your device and restart your browser.

We, as the provider of the information service, also only process the data from your use of our service that you provide to us and that requires interaction. For example, if you ask a question that we can only answer by email, we will store your information in accordance with the general principles of our data processing, which we describe in this privacy policy. The legal basis for the processing of your data on the social media platform is Art. 6 (1) p. 1 lit. f DS-GVO.

To exercise your data subject rights, you can contact both us or the provider of the social media platform. To the extent that one party is not responsible for responding or must obtain the information from the other party, we or the provider will forward your request to the respective partner. Please contact the operator of the social media platform directly for questions about the profiling, processing of your data when using the website. For questions about the processing of your interaction with us on our site, write to the contact details provided by us above.

Which information the social media platform receives and how it is used is described by the providers in their data protection declarations (see link in the table above). There you will also find information on contact options as well as on the settings options for advertisements. Further information on social networks and how you can protect your data can also be found at www.youngdata.de.

Status: 08.07.2022