The protection of personal data is of particular importance to the management of Praxis Spöckmaier. The use of the internet pages of Praxis Spöckmaier is generally possible without providing any personal data. However, if a data subject wishes to use special services offered by our practice via our website, the processing of personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, we generally obtain the consent of the data subject. The processing of personal data, such as a data subject’s name, address, email address, or telephone number, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to Praxis Spöckmaier. By means of this privacy policy, our practice would like to inform the public about the nature, scope, and purpose of the personal data collected, used, and processed by us. Furthermore, data subjects are informed of their rights by means of this privacy policy. As the controller responsible for processing, Physiotherapy Spöckmaier has implemented numerous technical and organizational measures to ensure the most complete protection possible of personal data processed via this website. Nevertheless, internet-based data transmissions may generally have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us via alternative means, such as by telephone. 1. Definitions The privacy policy of Praxis Spöckmaier is based on the terminology used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easy to read and understand for the public as well as for our clients and business partners. To ensure this, we explain the terminology used in advance. This privacy policy uses, among others, the following terms: a) Personal data Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. b) Data subject A data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing. c) Processing Processing is any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. d) Restriction of processing Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future. e) Profiling Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. f) Pseudonymization Pseudonymization is the processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. g) Controller The controller is the natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law. h) Processor A processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller. i) Recipient A recipient is a natural or legal person, public authority, agency, or another body to which personal data are disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients. j) Third party A third party is a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data. k) Consent Consent of the data subject is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of personal data relating to them, by a statement or by a clear affirmative action. 2. Name and Address of the Controller Controller within the meaning of the GDPR and other applicable data protection laws: Phillip M. Spöckmaier Gohliser Str. 12 04105 Leipzig Germany Phone: +49 341 59 16 69 22 Email: office (at) spoeckmaier (dot) de Website: www.spoeckmaier.de 3. Collection of General Data and Information The website of Praxis Spöckmaier collects a series of general data and information with each visit by a data subject or an automated system. These general data and information are stored in the server log files. The following may be collected: (1) browser types and versions used (2) operating system used by the accessing system (3) referring website (4) subpages accessed (5) date and time of access (6) IP address (7) internet service provider (8) other similar data used for security purposes Praxis Spöckmaier does not draw conclusions about the data subject from these data. This information is needed to deliver content correctly, optimize content and advertising, ensure system security, and provide authorities with necessary information in the event of a cyberattack. The anonymous data are evaluated statistically to improve data protection and data security. 4. Contact via the Website The website www.spoeckmaier.de contains information enabling quick electronic contact, including an email address. If a data subject contacts the controller by email or via a contact form, the personal data transmitted are automatically stored and used solely for processing or contacting the data subject. These data are not passed on to third parties. 5. Routine Erasure and Blocking of Personal Data The controller processes and stores personal data only for the period necessary to achieve the purpose of storage or as required by law. When the purpose no longer applies or statutory retention periods expire, the personal data are routinely blocked or deleted. 6. Rights of the Data Subject Data subjects have the following rights under the GDPR: Right of confirmation Right of access (including copies and detailed information) Right to rectification Right to erasure (“right to be forgotten”) Right to restriction of processing Right to data portability Right to object to processing Rights related to automated decision-making, including profiling Right to withdraw consent at any time To exercise these rights, the data subject may contact any employee of Praxis Spöckmaier at any time. 7. Data Protection in Applications and the Application Process The controller processes personal data of applicants for the purpose of handling the application process. If an employment contract is concluded, the data are stored for employment purposes. If no contract is concluded, application documents are deleted two months after rejection, unless legitimate interests (e.g. AGG evidence obligations) require longer storage. 8. Legal Basis for Processing Processing is based on Article 6(1) GDPR: Consent (lit. a) Contractual necessity (lit. b) Legal obligation (lit. c) Vital interests (lit. d) Legitimate interests (lit. f) 9. Legitimate Interests Where processing is based on Article 6(1)(f) GDPR, our legitimate interest is the conduct of our business activities for the benefit of our employees and stakeholders. 10. Storage Duration Personal data are stored in accordance with statutory retention periods and deleted once no longer required for contractual or legal purposes. 11. Legal or Contractual Requirements to Provide Data The provision of personal data may be legally or contractually required. Failure to provide such data may result in the inability to conclude a contract. 12. Automated Decision-Making As a responsible organization, we do not use automated decision-making or profiling. This privacy policy was generated by the Data Protection Statement Generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, acting as data protection officer, in cooperation with the data protection lawyers of WILDE BEUGER SOLMECKE | Attorneys at Law.