How we handle your data and your rights
– Information in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR) –
Dear customer, please find below information on how your personal data is processed when you use this appointments tool and on your entitlements and rights in accordance with data protection regulations.
1. Who is responsible for data processing and who can I contact in this regard?
The controller is:
Tel.: +49 (0)40 6750 6510
Fax: +49 (0)40 6750 6506
2. What sources and data do we use?
We process the personal data that we obtain from you when you use this appointments tool.
When you book an appointment, we typically log details such as your form of address, surname, first name, company name, email address and optionally also your telephone number.
3. To what end do we process your data (purpose of data processing) and what is the legal basis for this?
We process personal data in accordance with the provisions of the EU’s General Data Protection Regulation (GDPR) and Germany’s Federal Data Protection Act (BDSG):
3.1 For the performance of a contract (Article 6 [1b] GDPR)
Personal data is first and foremost processed (Article 4  GDPR) in order for the appointments tool to be able to be used. The purposes of data processing include online appointment booking and online appointment management.
3.2 For the purposes of legitimate interests (Article 6 [1f] GDPR)
Insofar as is necessary, we process your data above and beyond the purposes of contractual performance in order to safeguard our and third-party legitimate interests such as in the following instances:
• Safeguarding IT security and IT operation
• Asserting legal entitlements and defending legal disputes
If necessary, your data is processed for the purposes of averting danger in the event of attacks on the information technology systems.
3.3 Based on your consent (Article 6 [1a] GDPR)
Insofar as you have given us your consent to our processing personal data for the purposes of communication as part of business relations, such processing is legal on the basis of the consent granted by you. Once granted, you may revoke your consent at any time. This equally applies to any declarations of consent submitted to us prior to the enforcement of the GDPR, in other words before 25 May 2018.
Please note that a revocation is effective for the future only. Data processing performed prior to a revocation is not affected.
3.4 For compliance with a legal obligation (Article 6 [1c] GDPR) or due to public interest (Article 6 [1e] GDPR)
We as a company are additionally subject to various legal obligations/statutory requirements (e.g. trade laws, tax laws). The purposes of data processing include the performance of control and mandatory disclosure obligations pursuant to tax law and the evaluation and management of risks.
4. Who is my data shared with?
Access to your data is given to those within the company who need said data in order for us to perform our contractual and legal obligations. Data processors contracted by us (Article 28 GDPR) may also be provided with data for the aforementioned purposes subject to the observance of statutory prerequisites. These are companies in the area of IT services.
With regard to the sharing of data with recipients outside of the company, please note that we shall only disclose information relating to you if required by law, if you have given your consent to this or if we are authorised to provide information.
Under these circumstances, the recipients of personal data may be, for example: • Law enforcement authorities
5. How long is my data stored for?
We process your personal data for as long as this is necessary for the purposes of arranging appointments using the appointments tool.
Insofar as is necessary and subject to your consent, we shall process and store your personal data for the duration of our business relations, including, for example, the initiation and execution of a contract.
We are also subject to various record retention and documentation obligations pursuant among other things to the German Commercial Code (HGB) and Germany’s Fiscal Code (AO). The record retention and documentation time frames stipulated there range from two to ten years.
The retention period is ultimately determined by the statutory limitation periods. For example, these are three years in accordance with Section 195 ff. of the German Civil Code (BGB), but can in some cases also be up to 30 years.
6. Is data transmitted to third countries?
Data is only transmitted to third countries (countries outside of the European Economic Area [EEA]) insofar as this is necessary for the execution of your orders, this is stipulated by law or you have granted your consent. We shall notify you of the details separately insofar as this is stipulated by law.
7. What data protection rights do I have?
Affected persons have the right to information pursuant to Article 15 GDPR, the right to data correction pursuant to Article 16 GDPR, the right to data deletion pursuant to Article 17 GDPR, the right to limitations on data processing pursuant to Article 18 GDPR and the right to data portability pursuant to Article 20 GDPR. The limitations in accordance with Sections 34 and 35 BDSG apply in the case of the right to information and the right to data deletion. You also have the right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG).
8. Am I obliged to make data available?
When arranging appointments using the appointments tool, you are only required to provide the personal data which is necessary for the arrangement of appointments or which we are required by law to collect. Without said data, we will generally be forced to refuse the appointment arrangement requests you submit via the appointments tool or to cease to honour an existing contract or, if necessary, terminate such a contract.
In the event that you have given your consent to your data being processed for the purposes of establishing business relations with us, you are only required to provide the personal data necessary for the establishment, execution and termination of business relations or the personal data which we are legally obliged to collect. Without said data, we will generally be unable to establish business relations or will be forced to cease to honour an existing contract or, if necessary, terminate such a contract.
9. To what extent is there automated individual decision-making?
As a rule, pursuant to Article 22 GDPR we do not make use of automated decision-making in order to establish and execute business relations. Should we make use of this method in individual cases, we shall notify you of this separately insofar as this is stipulated by law.
10. To what extent is my data used for profiling (scoring)?
As a rule, we do not use profiling pursuant to Article 22 GDPR. Should we make use of this method in individual cases, we shall notify you of this separately insofar as this is stipulated by law.
Information regarding your right to object pursuant to Article 21 GDPR
You have the right to object at any time to your personal data being processed on the basis of Article 6 (1e) GDPR (data processing in the public interest) and Article 6 (1f) GDPR (data processing for the purposes of legitimate interests) for reasons relating to your specific situation.
If you lodge an objection, we shall cease to process your personal data unless we can present compelling and legitimate grounds for the data processing which outweigh your interests, rights and liberties or unless the data processing serves the assertion, execution or defence of legal claims.
Your objection may take any form and should be submitted to: