Privacy policy
1) Introduction and contact details of the responsible person
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data here are all data with which you can be personally identified. 1.2 Responsible for data processing on this website within the meaning of the General Data Protection Regulation (DSGVO) is:
Medical Institute for Aesthetics
Dr. med. Katharina Brüggemann and
Dr. med. (univ. Szeged) Larisa Pfahl GbR
Kurfürstendamm 188-189
D-10707 Berlin
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
2) Data collection when visiting our website
2.1 During the mere informational use of our website, i.e. if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to the page server (so-called “server log files”). When you call up our website, we collect the following data, which is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you reached the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymized form)
The processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website. A transfer or other use of the data does not take place. However, we reserve the right to check the server log files retrospectively, should concrete indications point to illegal use. 2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or requests to the person responsible). You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser line.
3) Cookies
In order to make visiting our website more attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your end device. In some cases, these cookies are automatically deleted again after closing the browser (so-called “session cookies”), in other cases, these cookies remain on your end device for longer and allow page settings to be saved (so-called “persistent cookies”). In the latter case, you can find the storage period in the overview of the cookie settings of your web browser. If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b DSGVO either for the performance of the contract, in accordance with Art. 6 para. 1 lit. a DSGVO in the case of consent given, or in accordance with Art. 6 para. 1 lit. f DSGVO to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit. You can set your browser in such a way that you are informed about the setting of cookies and can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. Please note that if you do not accept cookies, the functionality of our website may be limited.
4) Contacting
Personal data is collected when contacting us (e.g. via contact form or e-mail). Which data is collected in the case of the use of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f DSGVO. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DSGVO. Your data will be deleted after final processing of your request. This is the case when the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
5) Web analytics services
Google Analytics 4 This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which enables an analysis of your use of our website. By default, Google Analytics sets 4 cookies when you visit the website, which are stored as small text modules on your terminal device and collect certain information. The scope of this information also includes your IP address, which is, however, shortened by Google by the last digits in order to exclude a direct personal reference. The information is transferred to Google servers and processed there. In the process, transfers to Google LLC, based in the USA, are also possible. Google uses the collected information on our behalf to evaluate your use of the website, to compile reports on website activity for us and to provide other services related to website activity and internet usage. The IP address transmitted and shortened by your browser as part of Google Analytics will not be merged with other data from Google. The data collected in the context of the use of Google Analytics 4 will be stored for a period of two months and then deleted. All processing described above, in particular the setting of cookies on the end device used, will only take place if you have given us your express consent for this in accordance with Art. 6 Para. 1 lit. a DSGVO. Without your consent, Google Analytics 4 will not be used during your visit to the site. You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service via the “Cookie Consent Tool” provided on the website. We have concluded an order processing agreement with Google, which ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties. Further legal information on Google Analytics 4 can be found at https://policies.google.com
5.1) Facebook pixel
We use the Facebook pixel from Facebook on our website. We have implemented a code on our website for this purpose. The Facebook pixel is a snippet of JavaScript code that loads a collection of functions with which Facebook can track your user actions if you have come to our website via Facebook ads. For example, if you purchase a product on our website, the Facebook pixel is triggered and stores your actions on our website in one or more cookies. These cookies enable Facebook to match your user data (customer data such as IP address, user ID) with your Facebook account data. Facebook then deletes this data again. The data collected is anonymous and cannot be viewed by us and can only be used in the context of ad placements. If you are a Facebook user and are logged in, your visit to our website is automatically assigned to your Facebook user account.
We only want to show our services and products to people who are genuinely interested in them. With the help of Facebook pixels, our advertising measures can be better tailored to your wishes and interests. This means that Facebook users (provided they have allowed personalized advertising) see suitable advertising. Furthermore, Facebook uses the data collected for analysis purposes and its own advertisements.
If you are logged in to Facebook, you can change your settings for advertisements yourself at https://www.facebook.com/adpreferences/advertisers/. If you are not a Facebook user, you can manage your usage-based online advertising at https://www.youronlinechoices.com/de/praferenzmanagement/. There you have the option of deactivating or activating providers.
Facebook also processes your data in the USA, among other places. Facebook or Meta Platforms is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
Facebook also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Facebook undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among others: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Facebook data processing conditions, which refer to the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.
If you would like to find out more about Facebook’s data protection, we recommend that you read the company’s own data policy at https://www.facebook.com/privacy/policy.
Translated with DeepL.com (free version)
6) Page functionalities
6.1 Google reCAPTCHA On this website we use the CAPTCHA service of the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland Data may also be transmitted to: Google LLC, USA. For the visual design of the captcha window, the provider uses “Google Fonts”, i.e. fonts loaded from the Internet by Google. There is no processing of information other than that mentioned above, which is already transmitted to Google via the functionality of ReCaptcha. The service checks whether an input is made by a natural person or abusively by machine and automated processing, and blocks spam, DDoS attacks and similar automated malicious access. To ensure that an action is performed by a human and not by an automated bot, Cloudflare Turnstile collects the IP address of the end device used, recognition data of the browser and operating system type used, as well as the date and duration of the visit, and transmits these to servers of the provider for evaluation. The legal basis is our legitimate interest in determining individual ownership on the Internet and the prevention of abuse and spam in accordance with Art. 6 (1) lit. f DSGVO. We have concluded an order processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision of the European Commission 6.2 Google Customer Reviews (formerly Google Certified Merchant Program) We work with Google under the program “Google Customer Reviews”. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This program gives us the opportunity to collect customer reviews from users of our website. Here, after making a purchase on our website, you will be asked if you would like to participate in an email survey from Google. If you give your consent in accordance with Art. 6 (1) lit. a DSGVO, we will transmit your email address to Google. You will receive an email from Google Customer Reviews asking you to rate the purchase experience on our website. The rating you provide will then be aggregated with our other ratings and displayed in our Google Customer Reviews logo and in our Merchant Center dashboard. In addition, your review will be used for Google Seller Reviews. As part of the use of Google Customer Reviews, there may also be a transfer of personal data to the servers of Google LLC. in the USA. You can revoke your consent at any time by sending a message to the data controller or to Google. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision of the European Commission.
7) Tools and other
Cookie consent tool This website uses a cookie consent tool to obtain effective user consent for cookies and cookie-based applications that require consent. The “Cookie Consent Tool” is displayed to users in the form of an interactive user interface when they call up the page, on which consent for certain cookies and/or cookie-based applications can be given by ticking the appropriate box. By using the tool, all cookies/services requiring consent are only loaded if the respective user grants the corresponding consent by setting a check mark. This ensures that such cookies are only set on the respective user’s end device if consent has been granted. The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed in this context. If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 (1) f DSGVO on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website. Further legal basis for the processing is Art. 6 para. 1 lit. c DSGVO. As the responsible party, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent. To the extent necessary, we have concluded an order processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties. Further information on the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.
8) Rights of the data subject
8.1 The applicable data protection law grants you the following data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the stated legal basis for the respective exercise prerequisites:
- Right to information according to Art. 15 DSGVO;
- Right to rectification pursuant to Art. 16 DSGVO;
- Right to erasure pursuant to Art. 17 DSGVO;
- Right to restriction of processing pursuant to Art. 18 DSGVO;
- Right to information pursuant to Art. 19 GDPR;
- Right to data portability according to Art. 20 DSGVO;
- Right to revoke consent given in accordance with Art. 7 (3) DSGVO;
- Right to lodge a complaint pursuant to Art. 77 GDPR.
8.2 RIGHT OF OBJECTION IF WE PROCESS YOUR PERSONAL DATA WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS. IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSES OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH MARKETING. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
9) Duration of the storage of personal data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – if relevant – additionally by the respective legal retention period (e.g. retention periods under commercial and tax law). When processing personal data on the basis of explicit consent pursuant to Art. 6 (1) a DSGVO, the data concerned will be stored until you revoke your consent. If there are legal retention periods for data that is processed within the scope of legal or quasi-legal obligations on the basis of Art. 6 (1) (b) DSGVO, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for the fulfillment or initiation of a contract and/or there is no legitimate interest on our part to continue storing it. When personal data is processed on the basis of Art. 6(1)(f) DSGVO, this data is stored until you exercise your right to object pursuant to Art. 21(1) DSGVO, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. When processing personal data for the purpose of direct marketing on the basis of Article 6 (1) (f) DSGVO, this data will be stored until you exercise your right to object pursuant to Article 21 (2) DSGVO. Unless otherwise stated in the other information in this statement about specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.
Cookie overview
Miscellaneous
Purpose pending investigation
Miscellaneous
Purpose pending investigation
Usage
Sharing data
Sharing of data is pending investigation