Privacy Policy

• Bestandsdaten (z.B. Namen, Adressen)
• Kontaktdaten (z.B. E-Mail, Telefonnummern)
• Nutzungsdaten (z.B. besuchte Webseiten, Interesse an Inhalten, Zugriffszeiten)

Ihr Endgerät übermittelt bei der Nutzung des Service aus technischen Gründen automatisch Daten an unseren Webserver. Es handelt sich dabei unter anderem um

• Datum und Uhrzeit des letzten Zugriffs,
• Geräte-Anmeldedaten (insbesondere Geräte-Typ und Betriebssystem, App-Version)
• eine eindeutige Nutzer ID pro Gerät und App Installation sowie
• Ihre zuletzt verwendete IP-Adresse.

Die Daten, die beim Herunterladen bzw. Aufrufen der Services anfallen, erheben wir automatisiert. Wir erfassen und speichern zudem die Informationen, die Sie eingeben oder uns in anderer Weise übermitteln, sowie durch den Einsatz von Cookies und ähnlichen Technologien.

Bereitstellung der Inhalte

• Cookies und ähnliche Technologien
• technische Bereitstellung und Sicherheit
• Unbedingt erforderliche Technologie
• Anmeldung
• Push-Nachrichten

Produktoptimierung

• Weiterentwicklung der Nutzerfreundlichkeit
• Nutzungsanalyse

Kommunikation

• Kontakt und Kommunikation

If you have given your consent or we are otherwise legally authorized to do so, we will pass on your personal data to service providers (e.g., hosting, marketing, sales partners, payment service providers) for the above-mentioned purposes. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to protect your data.

We transfer personal data to other companies within our group of companies or grant them access to this data for administrative purposes. This transfer of data is based on our legitimate business and economic interests or takes place if it is necessary to fulfill our contractual obligations or if the consent of the data subjects or legal permission has been obtained.

In order to use our digital services, it may be necessary to transfer certain personal data to third countries, i.e. countries where the GDPR does not apply. However, we only allow your data to be processed in a third country if the specific requirements of Art. 44 ff. GDPR are met and thus an adequate level of data protection is guaranteed in that country. This means that the third country must either have an adequacy decision by the European Commission or suitable safeguards in accordance with Art. 46 GDPR or one of the conditions of Art. 49 GDPR. Unless otherwise stated below, we use the currently valid [standard contractual clauses](https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/? uri=CELEX:32021D0914&from=DE “current version of the standard contractual clauses”) for the transfer of personal data to processors in third countries.

In order to protect your privacy and ensure a level of protection appropriate to the risk, we take technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of threats to the rights and freedoms of natural persons. These measures ensure the confidentiality, integrity, availability, and resilience of your data. This includes, among other things, the use of recognized encryption methods (SSL or TLS) and pseudonymization.

However, we would like to point out that, due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions outside our area of responsibility. In particular, unencrypted data disclosed, e.g., by email, may be read by third parties. We have no technical influence on this.

• Information
• Deletion
• Correction
• Objection

You can contact the data protection officer with your request by mail or by email at swmh-datenschutz@atarax.de.

This privacy policy is updated from time to time. The date of the last update can be found at the beginning of this information.

Werden zur Verarbeitung Cookies, Gerätekennungen oder andere personenbezogene Daten auf Ihrem Endgerät gespeichert oder abgerufen, erfolgt dies auf einer der Rechtsgrundlagen von Art. 6 DSGVO.

Um den von Ihnen ausdrücklich gewünschten Telemediendienst erbringen zu können, berücksichtigen wir darüber hinaus die Regelungen des § 25 Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz (TDDDG), insbesondere die Erforderlichkeit nach § 25 Abs. 2 Nr. 2 TDDDG.

When our offer is used, we automatically employ essential technologies and process the following information:

• Information about the accessing device and the software used
• Date and time of access
• Websites from which the user accesses our website or which the user visits via our website
• IP address

The collection of these logs and their temporary storage and processing are necessary to ensure system security and integrity (in particular to ward off and defend against attempts at attack or damage) and are carried out in accordance with our legitimate interest (§ 25 (2) No. 2 TDDDG, Art. 6 (1) f GDPR).

The storage period for this log data is usually seven days; for reliable detection of AI bots, it is 30 days. From this point on, this specific server log data is anonymized based on our legitimate interest in statistical evaluation to assess AI bots and their impact on our content (Art. 6 (1) f GDPR).

The following tools and cookies are strictly necessary technologies, i.e., essential for providing our services as requested by the user.

Diese App kann auf folgende Funktionen Ihres Handys zugreifen:

• Authentifizierung
• Benutzerdatenabfrage
• Abonnement-Validierung
• Session-Management
• App-Performance-Optimierung
• Benutzererfahrung verbessern
• Fehleranalyse
• Nutzungsstatistiken
• Offline Verfügbarkeit

Wenn Sie sich mit Ihrem Benutzerkonto anmelden, verarbeiten wir Ihre Zugangsdaten (E-Mail-Adresse und Passwort) zur Vertragserfüllung (Art. 6 Abs. 1 lit. b) DSGVO).

Die Daten werden gelöscht, wenn Sie Ihr Konto löschen oder dieses zwei Jahre lang nicht verwendet haben.

Die Versendung von Push-Nachrichten erfolgt mit Hilfe eines von Ihrem genutzten Betriebssystem bzw. von dem entsprechenden Push-Dienst vergebenen pseudonymen Push-Token. Wir können über den Push-Token keinerlei personenbezogene Daten ableiten oder diesen einem Endgerät zuordnen.

The legal basis for data processing is your consent in accordance with Art. 6 para. 1 lit. a) GDPR.

Vor der ersten Nutzung der App wird die Berechtigung, Ihnen über Ihre Geräte-ID Push-Mitteilungen senden zu dürfen, abgefragt.

We use cookies and tracking tools to optimize our digital offerings based on your usage. To do this, we measure the development of reach and the use of content and functions, and use A/B testing to determine which variants users prefer.

We want to continuously develop and improve our products. To do this, we need to analyze usage. This serves to evaluate visitor traffic to our digital offerings and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With its help, we can see, for example, when our digital offerings are used most frequently or which functions are popular. This enables us to identify areas that need optimization.

In addition to usage analysis, we also use testing procedures to test different versions of our digital offerings or their components, for example, and to increase certain user actions or reactions if necessary.
For these purposes, profiles, i.e., data summarized for a usage process, are created and information is stored in a browser or on a terminal device and read from it. The information collected includes, in particular, websites visited and elements used there, as well as technical information such as the browser used, the computer system used, and information on usage times.

The IP addresses of users are also stored. We use an IP masking procedure (i.e., pseudonymization by shortening the IP address) for your protection. In general, no clear data of users (such as email addresses or names) is stored in the context of web analysis, A/B testing, and optimization, but rather pseudonyms, so that neither we nor the providers of the software used, who act as processors for us, know the actual identity of the users.

When you contact us, we only collect personal data (e.g. name, e-mail address, telephone number) if you provide it to us voluntarily. This information is expressly provided on a voluntary basis. The purpose of processing your data is to process and respond to your enquiry. This is also our legitimate interest in data processing in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR.

In the case of a telephone enquiry, your data will also be processed by telephone applications and in some cases also via a voice dialogue system in order to support us in the distribution and processing of enquiries.

We will delete your data that we have received in the course of contacting you as soon as your request has been fully processed and no further communication with you is required or requested by you.

Verantwortlicher im Sinne der DSGVO ist die

hcsb.digital GmbH
Schützenstr. 2, 98527 Suhl

atarax group of companies

Luitpold-Maier-Str. 7
D-91074 Herzogenaurach
Phone: 09132 79800
Email: swmh-datenschutz@atarax.de.

• In accordance with Art. 15 GDPR, you have the right to request information about your personal data processed by us. In this context, you also have the right to receive a copy of your personal data processed by us in accordance with Art. 15 para. 3-4 GDPR.
• In accordance with Art. 16 GDPR, you can immediately request the correction of incorrect or the completion of your personal data stored by us.
• In accordance with Art. 17 GDPR, you can request the erasure of your personal data stored by us.
• In accordance with Art. 18 GDPR, you can request the restriction of the processing of your personal data.
• In accordance with Art. 20 GDPR, you can request to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format and you can request the transfer to another controller.
• In accordance with Art. 7 para. 3 GDPR, you can revoke your consent once given to us at any time. This means that the processing carried out on the basis of the consent prior to the revocation was lawful and has the consequence that we may no longer continue the data processing based on this consent in the future.

Right to object

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR or Art. 6 para. 1 sentence 1 lit. e) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR. In the event of such an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
In the case of direct marketing, you have the right to object at any time to the processing of personal data concerning you. If you object to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

Right to lodge a complaint with the supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority against the processing of your personal data if you feel that your rights under the GDPR have been violated. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace or our company headquarters.

We link to websites of other providers or have integrated elements from them into our website. This data protection information does not apply to them - we have no influence on these sites and cannot check that others comply with the applicable data protection regulations.

We reserve the right to change or adapt this privacy policy at any time in compliance with the applicable data protection regulations.