Name and address of the party responsible for the website

The party responsible in the sense of the General Data Protection Regulation and other national data privacy regulations of the EU member states as well as other data protection stipulations is:

opseo Holding B.V.

Legally represented by managing directors Holger Eden and Simon Faiss

Isarstrasse 4
65451 Kelsterbach
Germany

Tel.:  +49 6142 94 290-0
Fax:  +49 6142 94 290-28
info@opseo-intensivpflege.de

The responsible party’s data protection officer is:

Pascal Hille LL.M
Legal Adviser
opseo Holding B.V.
Käthe-Kollwitz-Ufer 77
01309 Dresden
Germany

Tel.: +49 351 850735-39
E-mail: datenschutz@opseo.de

General information on data processing

Scope of processing of personal data

As a general rule we only process the personal data of our users where this is necessary for the provision of a functioning website as well as our content and services. The processing of personal data of our users is carried out regularly only with the consent of the user. An exception applies in those cases where obtaining prior consent is not possible for genuine reasons and the processing of the data is permitted by legal regulations.

Legal basis for the processing of personal data

Where we obtain consent from the relevant person for processing operations involving personal data, the legal basis is Article 6(1)(a) of the EU General Data Protection Regulation (GDPR).
For the processing of personal data necessary for performance of a contract to which the affected person is party, the legal basis is Article 6(1)(b) GDPR. This also applies to processing required for the execution of precontractual measures.
If processing of personal data is necessary for the fulfillment of a legal obligation our company is subject to, the legal basis is Article 6(1)(c) GDPR.

In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Article 6(1)(d) of the GDPR serves as the legal basis.

If processing is required for the pursuit of a legitimate interest for our company or a third party and this outweighs the interests and the fundamental rights and freedoms of the person affected, the legal basis is Article 6(1)(f) GDPR.

Data deletion and duration of storage

The personal data of the data subject shall be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

Provision of the website and creation of log files

Description and scope of data processing

Each time somebody accesses our website, our system automatically records data and information on the computer system of the person viewing the site.
The following data are recorded in this context:

  • Information about the browser type and version used
  • The user’s operating system
  • The user’s Internet service provider
  • The user’s IP address
  • Date and time of access
  • websites via which the user’s system reached our website
  • websites that are accessed by the user’s system via our website
  • Name and URL of the file viewed
  • Report about whether the access was successful

The data are likewise stored in our system’s log files. We do not store this data together with any other personal data relating to the user.

Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Article 6(1)(f) GDPR.

Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

Storage in log files takes place to ensure the website’s functionality. In addition, we use the data to optimize the website and ensure the security of our information technology systems. In this context, there is no evaluation of the data for marketing purposes.

These purposes constitute our legitimate interest in data processing according to Article 6(1)(f) GDPR.

Duration of storage

The data are deleted as soon as they are no longer required for the purpose for which they were recorded. In the case of data recording for provision of the website, this is the case once the relevant session has ended.

In the case of data storage in log files, this occurs after seven days at the latest.

Storage beyond this deadline is not possible. In this case, the IP addresses of users are deleted or anonymized, so that assignment of the calling client is no longer possible.

Possibility of objection and removal

Recording of data for provision of the website and storage of data in log files is essential for operation of the website. The user therefore has no option to object.

Use of Cookies

a) Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the internet browser or on the user’s computer system by the internet browser. If a user accesses a website, a cookie can be stored on their operating system. This cookie has a specific sequence of characters that permits definitive identification of the browser when the website is accessed again.
We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to be identifiable even after the user switches pages.

The following data is stored and transmitted in the cookies:

  • Language settings
  • Type / version of browser
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request

b) Legal basis for data processing 
The legal basis for the processing of personal data using cookies is Article 6(1)(f) GDPR.

c) Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for the user. Some functions of our website cannot be offered without the use of cookies. This is necessary so that the browser can be recognized again even after the user switches pages.

We need cookies for the following applications:

  • Contact
  • Service requests
  • Requesting information
  • Adoption of language settings
  • Memorizing search terms

The user data collected through technically necessary cookies are not used to create user profiles.
These purposes also constitute our legitimate interest in processing of personal data according to Article 6(1)(f) GDPR.

e) Duration of storage, right to object and right to erasure
Cookies are stored on the user’s computer and transferred from it to our website. That means you as a user also have full control over the use of cookies. You can disable or limit transmission of cookies by changing the settings in your internet browser. Previously stored cookies can be deleted at any time. This can also take place automatically. If cookies are disabled for our website, the user may find they are no longer able to use all the functions of our website in full.

Contact form and e-mail contact

Description and scope of data processing

Our website includes a contact form that can be used for getting in touch with us electronically. If the user makes use of this option, the data they enter in the input fields are sent to us and stored.

When the user sends a message, the following data are also stored:
The IP address of the user
Date and time of contact

  • Name
  • E-mail
  • Subject
  • Message

For the processing of the data, your consent is obtained during the submission process and reference is made to this privacy policy.

Alternatively, we can be contacted via the e-mail address provided. In this case, the user’s personal data submitted with the e-mail are stored.

No data is disclosed to third parties in connection with this. The data are used exclusively for dealing with correspondence.

Legal basis for data processing

The legal basis for processing data is the existing consent given by the user pursuant to Article 6(1)(a) GDPR.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Article 6(1)(f) GDPR. If the e-mail contact aims at the conclusion of a contract, the legal basis for the processing is Article 6(1)(b) GDPR.

Purpose of data processing

Processing of personal data from the contact form is solely for handling correspondence. Where contact is made by e-mail, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the message submission process serve to prevent abuse of the contact form and to ensure the security of our information technology systems.

Duration of storage

The data are deleted as soon as they are no longer required for the purpose for which they were recorded. For the personal data from the input screen of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is considered ended when the circumstances indicate that the relevant matter has been conclusively dealt with.

As a rule, the collected data is deleted as soon as it is no longer required. Accordingly, deletion takes place at the latest upon expiry of the relevant statutory retention periods. These are usually between three and ten years.

Possibility of objection and removal

The user has the possibility to revoke their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case, the correspondence cannot be continued.

The objection should be addressed to:

opseo Holding B.V.

Legally represented by the managing directors Holger Eden and Simon Faiss.

Isarstrasse 4
65451 Kelsterbach
Germany

T:  +49 6142 94 290-0
F:  +49 6142 94 290-28
info@opseo-intensivpflege.de

This can be done in writing by mail or e-mail.

In this case, all the personal data stored during the course of correspondence are deleted.

Disclosure of personal data to third parties (Part 1)

For contract performance to:

A) Within the framework of contract fulfillment, your personal data will be forwarded to the responsible cost units such as health and nursing care insurance companies.

aa) Legal basis for the processing of personal data

The legal basis for the processing of personal data is Article 6(1)(b) GDPR.

bb) Purpose of the processing or forwarding of personal data

The purpose of the processing or forwarding of your personal data is the fulfillment of contractual obligations, in particular the billing of the service from the contract:

  • Doctors, hospitals, pharmacies, and other business partners necessary for the provision of medical and therapeutic aids, as well as for treatment from medical and auxiliary professions such as physiotherapy, occupational therapy, and speech therapy.

B) Within the framework of the performance of the contract, your personal data will be communicated to the following categories of companies:

  • Credit institutions, payment service providers, and billing companies (e.g., PayPal, credit card companies, collection service providers)

aa) Legal basis for the processing of personal data

The legal basis for the processing and/or forwarding of personal data for the enforcement of due claims is Article 6(1)(f) GDPR.

bb) Purpose of the processing or forwarding of personal data

The purpose of processing and forwarding is the billing and collection of contractual receivables and invoices for the fulfillment of contractual relations.

  • Duration of storage for A) and B)

As a rule, the collected data is deleted as soon as it is no longer required. Accordingly, deletion takes place at the latest upon expiry of the relevant statutory retention periods. These are usually between three and ten years. 

  • Possibility of objection and removal

As a user, you have the option to terminate the solicitation at any time. You can also have the stored data relating to you changed at any time.

If the data is required for the fulfillment of a contract or for the implementation of precontractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

Disclosure of personal data to third parties (Part 2)

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. 

Google Analytics uses so-called “cookies.” These are text files that are stored on your computer and allow an analysis of your use of the website. The information generated by the cookie about your use of this website is generally transferred to a Google server in the USA and stored there. 

The legal basis for storage of Google Analytics cookies is Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.

IP anonymization

We have activated the IP anonymization function on this website. This means that Google will abbreviate your IP address within the member states of the European Union or in other states party to the agreement on the European Economic Area before it is transferred to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and abbreviated there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports about website activities, and to provide further services connected to use of the website and internet use as requested by the website operator.

Browser plugin

You can prevent storage of cookies by adjusting the settings of your browser software accordingly. We would nevertheless like to point out that if you do so, it may not be possible to use all the functions of this website in their entirety. In addition to this, you can prevent transfer of the data generated by the cookie and relating to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: Browser add-on to disable Google Analytics.

Objection to data collection

You can prevent the collection of your data by Google Analytics by clicking on the following link. This stores an opt-out cookie, which prevents the recording of your data during any future visits to this website: Disable Google Analytics. 

You can find more information on Google Analytics’ handling of user data in Google’s data privacy policy.

Commissioned data processing

We have concluded an agreement for Google to process data on our behalf and we apply the strict regulations of the German data protection authorities in our use of Google Analytics.

Google Analytics Remarketing

Our websites use the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider of this service is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. 

This function makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one end device (e.g., cell phone) can also be displayed on another of your end devices (e.g., tablet or PC). 

If you have given your consent, Google will link your web and app browsing history with your Google account for this purpose. In this way, the same personalized advertising messages can be displayed on every end device on which you log in with your Google account. 

To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad targeting. 

You can permanently object to cross-device remarketing/targeting by deactivating personalized advertising in your Google account, which you can do via this link

The aggregation of the collected data in your Google account is based solely on your consent, which you can give or revoke at Google (Art. 6.1(a) GDPR). In the case of data collection processes that are not merged in your Google account (e.g., because you do not have a Google account or have objected to the merging), the collection of the data is based on Art. 6.1(f) GDPR. The legitimate interest arises from the fact that the website operator has an interest in the anonymized analysis of website visitors for advertising purposes. 

Further information and the data protection provisions can be found in Google’s data privacy policy.

Facebook Retargeting

With your consent on our website we use te “website Custom Audiences” retargeting tool from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. Should you have a Facebook user account, and this account can be recognized by the tool on the basis of existing Facebook Cookies, the tool generates a non-person-based test sum that is sent to Facebook for analysis and marketing purposes. Moreover, we encipher your email address and transmit it in encoded form to Facebook. Because of the Cookie recognition tool and transmission of encoded information, Facebook is able to make you targeted product recommendations as personalized ad banners on your Facebook page on our behalf. You can reject use of Facebook website Custom Audiences by clicking: https://www.facebook.com/ads/website_custom_audiences/.

Presence of third parties (Google Maps, YouTube etc.)

As part of our online services our website in some places also uses the embedded content of third parties such as YouTube, Google-Maps or third-party graphics. It is customary in such cases for your IP address to be forwarded to the third party for the service to be used (e.g., an image in the browser). We essentially have no influence over how third parties handle the data.

Please consult the respective data privacy notices of the third-party browser plug-ins:

  • Google-Maps - https://www.google.com/intl/de/policies/privacy/.
  • Facebook- https://de-de.facebook.com/policy.php.
  • Facebook-Plugins

Facebook

Our Web pages integrate plugins from social network Facebook, provided by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The Facebook plugins can be recognized by the Facebook logo or the “Like” button on our page. For an overview of Facebook plugins please click: https://developers.facebook.com/docs/plugins/.
When you visit our Webpages, the plugin creates a direct link between your browser and the Facebook server. Facebook in this way receives the information that you visited our page along with your IP address. If you click the Facebook “Like” button while logged into your Facebook-account, you can link the contents of our Webpages to your Facebook profile. As a result, Facebook ca connect your visiting our Webpages to your user account. We expressly point out that as the provider of these pages we receive no information on the content of the data thus forwarded or their use by Facebook. For further information on this please consult Facebook’s Data Privacy Policy.
Should you not want Facebook to be able to connect your visiting our Webpages with your Facebook user account then please log out of your Facebook user account.

Google Maps

This website uses Google Maps to present a location map. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To this end, the browser you use has to connect to the Google servers. As a result, Google is informed that your IP address has clicked onto our website. The terms and conditions of use of Google Maps can be found at the Google Maps terms of service. For exhaustive details please consult the google.de data protection center: Transparency and options as well data protection terms and conditions.

Please note te separate data privacy terms of other service providers such as Google Analytics in our Data Privacy Policy

Rights of the person concerned

If your personal data is processed, then you classify as a person concerned in terms of the German General Data Protection Regulations (GDPR) and you have the following rights vis-à-vis the party responsible:

Right to information

You can demand from the party responsible confirmation whether personal data concerning your person has been processed by us.
Should such processing have occurred, then you can demand the following information from the party responsible:
(1)       the purposes for which the personal data has been processed;
(2)       the categories of personal data that have been processed;
(3)       the recipient and/or categories of recipients to whom the data relating to your person has been disclosed or will be disclosed;
(4)       the planned storage duration of the data relating to your person or, if no firm statement can be made in this regard, the criteria for deciding the storage duration;
(5)       the existence of a right to correct or delete the data relating to your person, the right to restrict processing by the party responsible or the right to object to this processing;
(6)       the existence of a right to file a complaint with a supervisory authority;
(7)       all available information on the origin of the data if the personal data was not collected from the person concerned;
(8)       the existence of automated decision-making including profiling as per Article 22(1&4) GDPR and (at least in these cases) meaningful information on the logic involved as well as the scope and intended impact of such processing for the person concerned.
You have the right to demand information whether the personal data concerned has been or will be forwarded to a third-party country or an international organization. In this connection you can demand to be informed about appropriate guarantees pursuant to Article 46 GDPR in connection with the data forwarding.

Right to rectification

You have the right to rectification and/or completion on the part of the responsible party to the extent that personal data concerning you is incorrect or incomplete. The party responsible shall undertake to rectify the data without delay.

Right to restrict processing

You can demand that processing of the personal data concerning you under the following conditions:
(1)       if you contest the accuracy of the personal data concerning you for a period that enables the party responsible to check the accuracy of the personal data;
(2)       the processing is not legal and you reject deletion of the personal data and instead demand restricted usage of the personal data;
(3)       the responsible party no longer requires the personal data for the purposes of processing yet you require this to bring, exercise or defend legal claims, or
(4)       if you have filed an objection against processing as per Article 21(1) GDPR and it has not yet been decided whether the justified reasons on the part of the responsible party outweigh your reasons.

If processing of the personal data concerning you was restricted, then this data (apart from storing them) may only be processed with your approval or in order to bring, exercise or defend legal claims or to protect the rights of other natural and legal entities or for reasons of the important public interest of the European Union or one of its member states.
If restriction of processing is effected as per the above conditions, then the party responsible will inform you of the fact before the restriction is lifted.

Right to deletion

Duty to delete

You can demand from the party responsible that the personal data concerning you be deleted without delay and the party responsible is obliged to delete the data immediately to the extent that one of the following reasons applies:
(1)       The personal data concerning you are no longer needed for the purposes for which they were collected or processed in some other way.
(2)       You revoke your agreement on which processing was permissible as per Article 6(1)(a) or Article 9(2)(2) GDPR, and there is no other legal basis for the processing.
(3)       You file an objection as per Article 21(1) GDPR against the processing and there are no precedent justified reasons for the processing, or you file an objection against processing as per Article 21(2) GDPR.
(4)       The personal data concerning you was illegally processed.
(5)       Deletion of the personal data concerning you is necessary to fulfill a legal duty under EU law or the law of the member states to which the party responsible is subject.
(6)     The personal data concerning you was collected with reference to the services offered by the information company as per Article 8(1) GDPR.

Information provided to third parties

Should the party responsible have made public the personal data and should he be obliged to delete them as per Article 17(1) GDPR, then he shall initiate measures that are appropriate factoring in available technology and implementation costs to inform the persons responsible for the data processing who process the personal data that you are a person concerned have demanded from them the deletion of all links to these personal data or copies of or replications of these personal data. 

Exceptions

The right to deletion does not exist if the processing is necessary to
(1)       exercise the right to freedom of opinion and information;
(2)       fulfill a legal obligation to which processing is subject as per the laws of the European Union or its member states and to which the party responsible is subject or to discharge a duty that is in the public interests or to exercise public powers that were conferred on the party responsible;
(3)       meet reasons relating to public interest in the field of public health as per Article 9(2)(h&i) as well as Article 9(3) GDPR;
(4)       meet archival purposes in the public interest, scientific or historical research purposes or for statistical purposes as per Article 89(1) GDPR, to the extent that the right stated under a) above presumably rendered realizing these goals impossible or seriously impairs them, or
(5)       bring, exercise or defend legal claims.

Right of notification

Should you have asserted claims against the party responsibility to the right to rectify, delete, or restrict processing, then the latter shall be obliged to inform all recipients to whom the personal data concerning you was revealed of this rectification, deletion, or restriction of processing unless this proves to be impossible or involves disproportionate effort.
You have the right vis-à-vis the responsible party to be notified of the recipients in question.

Right to data portability

You have the right to receive the personal data concerning you that you made available to the party responsible in a structure, customary, and machine-readable format. Moreover, you have the right to forward these data to another party responsible without the party responsible to whom the data in question was made available preventing you, to the extent that
(1)       processing was based on permission granted as per Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on an agreement as per Article 6(1)(b) GDPR and
(2)       processing occurs using automated processes.

When exercising this right, you also possess the right to insist that the personal data concerning you is transmitted direct by one responsible party to another to the extent that this is technically feasible. This may not impair the liberties and rights of other persons.
The right to portability does not apply for processing of personal data required to discharge a duty that is in the public interest or occurs exercising a public power assigned to the party responsible.

Right of objection

You have the right deriving from your special circumstances at any point to file an objection against the processing of the personal data concerning you as processed as per Article 6(1)(e or f) GDPR; this also applies to profiling based on these stipulations.
The party responsible shall no longer process the personal data concerning you unless he can prove there are compelling reasons worth of protection for the processing, that their interests, rights and liberties are more important, or that processing serves brining, exercising or defending legal claims.
If the personal data concerning you is processed in order to conduct direct advertising then you have the right at any time to object to the processing of the personal data concerning you for the purpose of such advertising; this also applies for profiling to the extent that it is associated with such direct advertising.
Should you object to processing for the purposes of direct advertising then the personal data concerning you will no longer be used for this purpose.
You have the option to exercise your right of objection by means of automated processes where technical specifications are involved in the context of the use of the information provider company’s services and irrespective of Directive 2002/58/EC.

Right to revoke the data privacy law declaration of consent

You have the right to revoke your data privacy law declaration of consent at any time. Revocation of the consent does not affect the legality of the processing undertaken on the basis of the consent prior to its revocation.

Automated decision on a case-by-case basis incl. profiling

You have the right to be subject to decisions taken not exclusively by an automated processing procedure (including profiling) that has a legal effect on you or in a similar manner considerably impairs you.

This does not apply if the decision
(1)       is required to conclude or fulfill a contract between yourself and the party responsible,
(2)       is permissible as per the legal regulations of the European Union or its member states and to which the party responsible is subject and these legal regulations provide due measure to preserve your rights and liberties and your legitimate interests or
(3)       occurs with your express consent.

However, these decisions may not be made on the basis of special categories of personal data as per Article 9(1) GDPR to the extent that Article 9(2)(a or g) GDPR does not apply and appropriate measures have been taken to protect the rights and liberties as well as your justified interests.
As regards the cases stated in (1) and (3) above, the parry responsible shall take appropriate measures in order to preserve rights and liberties as well as your justified interests which shall include at least the right to ensuring a person intervenes on the part of the party responsible, to the right present one’s own point of view, and to challenge the decision.

Right to bring a complaint before a supervisory authority

Irrespective of a judicial remedy under administrative law or at the instruction of a court obtained elsewhere, you have the right to file a complaint with a supervisory authority, in particular in the member state where you reside or of your place of work or at the place where the purported violation occurred if you believe the processing of the personal data concerning you violates the GDPR.
The supervisory authority to which the complaint is submitted shall inform the plaintiff of the status of the complaint and of then option to seek legal remedy as per Article 78 GDPR.
The supervisory authority under whose ambit we come is the Data Protection Officer of the State of Hessen:

Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163
65021 Wiesbaden
Germany 
Tel.: +49 611 1408 - 0
Fax: +49 611 1408 - 611

Data protection guidelines for clients and other parties concerned

We wish with the following information to give you an overview of the processing of your personal data and your rights under data protection law.

Who is in charge of data processing and whom can I contact?

opseo Holding B.V.

legally represented by managing directors Holger Eden and Simon Faiss

Isarstrasse 4
65451 Kelsterbach
Germany

Tel.:  +49 6142 94 290-0
Fax:  +49 6142 94 290-28
info@opseo-intensivpflege.de

What sources and data do we use?

We process personal data that we receive from our clients and business partners in the framework of our business relationships. We also process personal data (as far as is necessary to provide our service) that we permissibly collect from publicly accessible sources (e.g., lists of debtors, land registers, commercial register, list of associations, the press, the Internet) or that are legally forwarded to us by other companies and/or third parties (e. g., a credit agency).
Relevant personal data include data on the person (name, address and other contact details, date/place of birth and nationality), legitimation data (e.g., ID data, tax ID number, pension insurance number, etc.) and order data (e.g., payment order). This data can also stem from our discharging our contractual duties, information on your financial status (e.g., on creditworthiness, scoring or rating data), credit-relevant data (e.g., income and expenditure), documentation data (e.g., minutes of advisory sessions) and other comparable data from the above categories. Moreover, data is gathered from health and care insurers, doctors providing treatment, and hospitals.

Why do we process your data (purpose of processing) and on what legal basis?

We process personal data in line with the stipulations of the EU General Data Protection Regulation (GDPR) and the Federal German Data Protection Act (BDSG)

  • to fulfill contractual duties (Article 6[1][b] GDPR).

Data is processed in order to fulfill and/or provide the contractual duties between the care service (...) GmbH and our business partners and clients. Thus, also with logistics companies, mail-order companies, information agencies, lawyers and other business partners required to fulfill and assert such contracts. This includes forwarding personal information such as name, address, date of birth, invoices, and other invoicing and financial data such as tax ID no., commercial registry entry no., etc. In the context of our services, we also exchange/obtain data from/with health and care insurers, and health data from/with doctors and hospitals.

  • In the framework of a balance of interests (Article 6[1][f] GDPR).

To the extent necessary, we process your data over and above fulfilling the contract proper to preserve the justified interests of ourselves or third parties. For example, when consulting or exchanging data with information agencies, to bring legal claims, and to defend in litigation, to prevent or clarify criminal acts or for corporate management measures or to advance products and services.

  • On the basis of your consent (Article 6[1][a] GDPR).

Should you have given us your consent to process personal data for certain purposes, (e.g., to send you information, submit offers to you, etc.) this agreement is due and proper on the basis of your consent. A consent granted can be revoked at any point. This also applies to revoking declarations of consent that were granted us before GDPR applied, i.e., before May 25, 2018. Revocation of the consent will only apply for the future and does not affect the legality of the data processed prior to revocation.

Who gets my data?

Inside the opseo Holding B.V. care service, those sections and/or persons receive access to your data that need them to fulfill their contractual duties and issue invoice and bring claims as arise from the business relationship.
Moreover, personal data for the purposes of fulfilling the contract and providing our service may be obtained from other business partners necessary for the service provision. For example, health and care insurers, doctors and hospitals, pharmacies, suppliers, logistics companies, information agencies, debt registers, and the like. Other data recipients are those agencies for which you gave us consent to transfer data and/or for which we in order to balance interests are authorized to send personal data.

Are data sent to a third-party country or an international organization?

On principle, no personal data is transferred to countries outside the European Union (so-called third-party countries) to the extent that this is not prescribed by law (e.g., fiscal registration duties) or you have consented to this.

For how long will my data be stored?

We process and store your personal data as long as this is necessary to fulfill our contractual and statutory duties. If data are no longer required to fulfill these duties they are regularly deleted, unless their further processing, limited in time, is necessary for the following purposes:

  • Fulfillment of retention obligations under trade or fiscal laws that can arise from: German Commercial Code (HGB), Tax Code (AO). The retention and/or documentation periods stated there tend as a rule to be 2-10 years.
  • Retention of evidence as part of regulations on the statute of limitations. According to sections 195 ff. of the German Civil Code (BGB) the period of limitation can be up to 30 years whereby the regular limitation period is three years.
  • Fulfillment of retention duties under social welfare laws, as a rule 10 years.

What data privacy rights do I have?

Every person concerned has the right to information as per Article 15 GDPR, the right to rectification as per Article 16 GDPR, the right to deletion as per Article 17 GDPR, the right to restricted processing as per Article 18 GDPR, the right to objection as per Article 21 GDPR, and the right to data transferability as per Article 20 GDPR. In the case of rights of information and deletion, the limitations as per sections 34 and 35 of BDSG apply. Furthermore, there is a right to file complaints with a competent data protection supervision authority (Article 77 GDPR together with section 19 BDSG).

You can at any time revoke consent granted us to process personal data. This is also applies to revoking declarations of consent issued to us prior to GDPR coming into force, meaning before May 25, 2018. Please note that the revocation only applies to the future and does not affect the legality of the data processed prior to revocation.

Am I obliged to provide data?

As part of our business relationships you must provide those personal data that are necessary to initiate, carry out and terminate a business relationship and to fulfill the associated contractual duties or which we are obliged by law to gather. In the absence of these data, we will as a rule not conclude a contract with you, execute it or terminate it.

To what extent is automated decision-making involved?

To lay the foundations for and execute business relationships, we on principle do not use fully automated decision-making tools as per Article 22 GDPR. We inform you should we make use of such methods in individual cases, and we will inform you separately of your rights in this regard to the extent this is stipulated by law.

Information on your right of objection as per Article 21 GDPR

Right of objection on a case-by-case basis

You have the right for reasons that arise from your particular situation at any time to object at any time to the processing of the personal data concerning you such as occurs as per Article 6(1)e) GDPR (data processing in the public interest) and Article 6(1)f) GDPR (data processing on the basis of balancing interests); this is also for profiling based on this stipulation as per Article 4(4) GDPR.

Should you file an objection we will no longer process your personal data unless we can prove compelling, justified reasons for the processing and outweigh your interests, rights, and liberties, or the processing serves to bring, exercise, or defend legal claims.

Recipient of the objection

The objection can be sent without any form but with the reference line “Objection” and stating your name, address, and date of birth, and should be addressed to:

opseo Holding B.V.

Legally represented by its managing directors Holger Eden and Simon Faiss

Isarstrasse 4
65451 Kelsterbach
Germany

Tel.:  +49 6142 94 290-0
Fax:  +49 6142 94 290-28
info@opseo-intensivpflege.de