Data Protection

As a rule, we process your personal data only to the extent necessary to provide a functional website and our content and services.

Where we obtain your consent for the processing of your personal data, the legal basis for processing is Art. 6(1) sentence 1 lit. a) EU GDPR.

If your personal data is processed to perform a contract with you or in the context of initiating a contractual relationship, the legal basis for processing is Art. 6(1) sentence 1 lit. b) EU GDPR.

Where processing of personal data is necessary to comply with a legal obligation to which we are subject, the legal basis for processing is Art. 6(1) sentence 1 lit. c) EU GDPR.

If your personal data is processed to safeguard the legitimate interests of us or a third party, and your interests, fundamental rights and freedoms do not override the aforementioned interest, the legal basis for processing is Art. 6(1) sentence 1 lit. f) EU GDPR.

Your personal data will be deleted as soon as the purpose for storage no longer applies or, if you have a right of withdrawal, you declare the withdrawal of your consent. Storage may also take place if this has been stipulated by the European or national legislator in EU regulations, laws or other provisions to which we are subject. In this case, however, your personal data will be blocked.

If we provide links to external websites, this Privacy Policy does not apply to the processing of your personal data by the controller of the linked website. We therefore recommend that you read the privacy notices on the external website you visit. If this link requires a legal basis for the resulting processing of your personal data, this is your consent pursuant to Art. 6(1) sentence 1 lit. a) EU GDPR, which you give by clicking the link.

As a rule, clicking the link (hyperlink) results in the processing of the following personal data of yours:

• IP address
• Screen resolution
• Browser used
• Bandwidth
• Language settings

a. Provision of the website and creation of log files

(1) Description and scope

As part of providing our website, we process your personal data to enable error-free delivery of our website to your PC or mobile device. In some cases, your personal data must be stored for the duration of a session.

We also temporarily store your personal data in log files to ensure the functionality of our website and the security of our IT systems. Your personal data is not otherwise processed in log files.

The following personal data of yours is processed:

• IP address
• Date of access
• Time of access
• Previously visited website
• Browser used
• Operating system used

(2) Legal basis

Legitimate interest, Art. 6(1) sentence 1 lit. f) EU GDPR.

Purpose

The purpose of data processing is to provide the website, ensure the functionality of the website, and ensure the security of the IT systems used for this purpose. This purpose also constitutes our legitimate interest.

Storage period

Your personal data is stored in log files for a period of 7 days. In addition, your personal data is stored only for the duration of the session as part of providing the website.

Right to object and possibility of removal

The processing of your personal data and the storage of your personal data in log files is strictly necessary for providing the website, ensuring the functionality of the website, and ensuring the security of the IT systems used. You therefore have no right to object.

Description and scope

As part of technically necessary cookies, we process your personal data because many functions and services on our website that make it easier for you to use our website, or enable its use in the first place, do not function properly without cookies (so-called “technically necessary cookies”).

By means of these technically necessary cookies, we sometimes store personal data about you, but this is used only for the use of these functions and services. Your personal data is not otherwise processed.

The following personal data is processed:

• IP address
• Your browser’s language settings
• Browser used
• Shopping cart information

Legal basis

Legitimate interest, Section 25(2) TDDDG in conjunction with Art. 6(1) sentence 1 lit. f) EU GDPR.

Purpose

The purpose of data processing is to provide the functions and services of our website. This purpose also constitutes our legitimate interest.

Storage period

Generally for the duration of the respective session, unless otherwise stated in the detailed information in the list of technically necessary cookies we use.

Right to object and possibility of removal

Technically necessary cookies are stored on your PC or mobile device and transmitted from there to our website. You therefore have full control over the use of technically necessary cookies. You can deactivate or restrict the transmission of cookies by changing your browser settings. Cookies that have already been stored can be deleted at any time. If cookies are disabled for our website, it may no longer be possible to use all functions of the website to their full extent.

If technically non-essential cookies are used as part of the functions and services of our website, you will find a list of these cookies, their purpose, storage period and further information in our cookie banner.

Description and scope

As part of the contact form and when contacting us by email, the following personal data is processed:

• Salutation
• First name
• Last name
• Email address
• Interest in private practice/spa treatment/residence
• Interest in receiving information material by email/by post
• Postal address
• Message content

Legal basis

Legitimate interest, Art. 6(1) sentence 1 lit. f) EU GDPR.

Purpose

The purpose of data processing is to handle your enquiry.

Storage period

Your personal data will be stored until the purpose no longer applies. This usually occurs once your enquiry has been processed, unless longer retention periods apply.

Right to object and possibility of removal

You have the option at any time to object to the processing of your personal data in the context of contacting us for the future. In this case, however, we will not be able to process your enquiry further. All personal data stored in the course of contacting us will be deleted in this case, unless statutory retention periods prevent deletion.

Description and scope

As part of direct marketing activities, we process your personal data if the narrow scope of application of special laws allows us to contact you for advertising purposes without your consent. We also process your personal data if you have consented to being contacted for advertising purposes.

As part of direct marketing, the following personal data is processed:

• Salutation
• First name
• Last name
• Postal address
• Email address
• Phone number

Legal basis

Legitimate interest, Art. 6(1) sentence 1 lit. f) EU GDPR (post).

Consent, Art. 6(1) sentence 1 lit. a) EU GDPR (post, email, phone).

Legitimate interest, Section 7(3) UWG (email).

Purpose

The purpose of data processing is to carry out direct marketing activities and to send offers and supplementary information.

Storage period

Your personal data will be stored until you object to the processing.

Right to object and possibility of removal

You may object to the processing of your personal data in the context of direct marketing activities at any time with effect for the future.

Description and scope

As part of web analysis, we use the Google Analytics platform to collect metrics for our website and to analyse your browsing behaviour.

When individual pages of our website are accessed, the following data is stored:

• IP address
• Browser used
• Operating system used
• Screen resolution
• Mouse and keyboard behaviour

Legal basis

Consent, Section 25(1) TDDDG in conjunction with Art. 6(1) sentence 1 lit. a) EU GDPR.

Purpose

The purpose of data processing is to analyse your browsing behaviour. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness.

Storage period

You can find a detailed list of the storage period of each “tracking cookie” we use in our cookie banner.

Right to object and possibility of removal

You may revoke your consent at any time with effect for the future by changing the consent settings on our website or adjusting your browser settings.

Alternatively, you can install the browser add-on to deactivate Google Analytics.

Further information on terms of use and data protection can be found at:

http://www.google.com/analytics/terms/de.html

https://support.google.com/analytics/answer/6004245?hl=de

IP anonymisation is also activated on our website.

Description and scope

As part of processing data subject rights, we process your personal data. In doing so, we process the contact details you provide in this context exclusively for processing and responding to your message and the subsequent documentation.

Data processed: first name, last name, postal address, email address.

Legal basis

Legal obligation, Art. 6(1) sentence 1 lit. c) in conjunction with Art. 12 et seq. EU GDPR. Legitimate interest for subsequent documentation, Art. 6(1) sentence 1 lit. f) EU GDPR.

Storage period

3 years after completion of the processing of the respective matter, Section 41 BDSG in conjunction with Section 31(2) no. 1 OWiG.

We process your personal data if you assert legal claims against us or if we assert claims and rights against you.

Legal basis

Legitimate interest, Art. 6(1) sentence 1 lit. f) EU GDPR.

Purpose

Defence against unjustified claims and the legal enforcement and assertion of claims and rights.

Storage period

Your personal data will be stored until the purpose no longer applies. This is generally the case once the respective decision becomes final and binding.

As part of operating our Facebook fan page, we process your personal data in order to get in touch and interact with users and visitors of the social network “Facebook”.

With regard to Facebook Insights data, we are jointly responsible for data processing with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Further information: facebook.com/legal/controller_addendum

Legal basis:

Legitimate interest, Art. 6(1) sentence 1 lit. f) EU GDPR.

As part of operating our Instagram channel, we process your personal data in order to get in touch and interact with users and visitors of the social network “Instagram”.

With regard to Instagram Insights data, we are jointly responsible for data processing with Meta Platforms Ireland Limited.

Further information: privacycenter.instagram.com/policy

Legal basis:

Legitimate interest, Art. 6(1) sentence 1 lit. f) EU GDPR.

As part of operating our LinkedIn page, we process your personal data in order to get in touch and interact with users and visitors of the social job network “LinkedIn”.

With regard to Page Insights data, we are jointly responsible for data processing with LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

Further information: linkedin.com/legal/privacy-policy

Legal basis:

Legitimate interest, Art. 6(1) sentence 1 lit. f) EU GDPR.

As part of operating our Xing page, we process your personal data in order to get in touch and interact with users and visitors of the social network “Xing”.

Further information: privacy.xing.com/de/datenschutzerklaerung

Legal basis:

Legitimate interest, Art. 6(1) sentence 1 lit. f) EU GDPR.

When scheduling doctor’s appointments via Doctolib, we process the following personal data: appointment type, date, first name, last name, previous visit.

Legal basis:

Performance of a contract, Art. 6(1) sentence 1 lit. b) EU GDPR.

Purpose:

Scheduling your doctor’s appointment.

When scheduling doctor’s appointments by phone, we process the following personal data: appointment type, date, first name, last name, reason for the visit.

Legal basis:

Performance of a contract, Art. 6(1) sentence 1 lit. b) EU GDPR.