Data Privacy Policy

in accordance with Art. 13 GDPR (as of 09/2025) Vita 34

We welcome you to our website and appreciate your interest. The protection of your personal data is important to us. That is why we conduct our activities in accordance with the applicable legal provisions on the protection of personal data and data security. Below, we would like to inform you about which data from your visit is used for which purposes.

Responsible body for processing in accordance with the GDPR

The responsible body within the meaning of the General Data Protection Regulation and other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature is:

Vita 34 Gesellschaft für Zelltransplantate mbH
Hartäckerstraße 28
1190 Vienna
vita34.at
info@vita34.at
+43 (0) 1 53394-43

Data Protection Officer

Nils Möllers
Keyed GmbH
Siemensstraße 12
48341 Altenberge, Westphalia
info@keyed.de
+49 (0) 2505 – 639797
https://keyed.de

What is personal data?

The term “personal data” is defined in the Federal Data Protection Act and in the EU GDPR. According to these definitions, personal data refers to individual details about the personal or factual circumstances of an identified or identifiable natural person. This includes, for example, your real name, your address, your telephone number, or your date of birth. Learn more about what data protection is exactly here.

Scope of anonymous data collection and data processing

Unless otherwise stated in the following sections, no personal data is collected, processed, or used when you use our websites. However, through the use of analysis and tracking tools, we obtain certain technical information based on the data transmitted by your browser (e.g., browser type/version, operating system used, websites visited on our site, including length of stay, previously visited website). We evaluate this information for statistical purposes only.

Legal basis for the processing of personal data

  • Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
  • When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
  • Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.
  • In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) lit. d) GDPR serves as the legal basis.
  • If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights, and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f) GDPR serves as the legal basis for processing.

Use of cookies

The Vita 34 GmbH website uses cookies. Cookies are data that are stored by the Internet browser on the user’s computer system. Cookies can be transmitted to a page when it is accessed, thus enabling the user to be identified. Cookies help to simplify the use of websites for users.

It is possible to object to the setting of cookies at any time by changing the settings in the Internet browser. Set cookies can be deleted. Please note that if cookies are deactivated, it may not be possible to use all the functions of our website to their full extent. The user data collected in this way is pseudonymized by technical measures. Therefore, it is no longer possible to assign the data to the user who accessed the website. The data is not stored together with other personal data of the users. When visiting our website, users are informed about the use of cookies for analysis purposes via an information banner and referred to this privacy policy. In this context, there is also a note on how to prevent the storage of cookies in the browser settings. The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) lit. f) GDPR. The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 (1) (a) GDPR, provided that the user has given their consent. Please refer to our cookie banner and our information in this privacy policy to find out whether and to what extent cookies are used on our website.

Meta pixel

Description and purpose

To recognize your user behavior, we use the so-called meta pixel from Meta Platforms Inc., 1 Hacker Way, Menlo Park, California 94025, USA. This is an analysis tool that can be used to measure the effectiveness of advertising. It is a code snippet for the website that can be used to measure, optimize, and build advertising campaign audiences. Conversion measurement allows us to track across devices (including mobile phones, tablets, and desktop computers) to see what actions people take after seeing our Facebook ads. By creating a Meta pixel and adding it to our pages where conversions take place (e.g., the purchase confirmation page), we can determine which people are converting as a result of our Facebook ads. The pixel continues to monitor the actions people take after clicking on our ads. We can determine on which device our customers saw the ad and on which devices they ultimately performed the conversion. According to Facebook, the data collected includes:

  • HTTP headers
    HTTP headers contain a range of information that is sent via a standard web protocol between any browser request and any server on the internet. HTTP headers contain information such as IP addresses (which in Germany can only be evaluated at the general country level), information about the web browser, page location, document, URI reference, and user agent of the web browser.
  • Pixel-specific data
    This includes the pixel ID and Facebook cookie data, which are used to link events to a specific Facebook advertising account and assign them to a person known to Facebook.
  • Optional values
    Developers and marketers can optionally send additional information about the visit via standard and custom data events. Typical custom data events include information about whether a purchase was made on a page, conversion value, and much more. For more information on custom data events, click here. With your consent, we use the “visitor action pixel” from Meta Platforms Inc., 1 Hacker Way, Menlo Park, California 94025, USA, or, if you are based in the EU, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, on our website. This conversion tool allows us to track your actions after you have seen or clicked on a Facebook ad. This is used to monitor and analyze the effectiveness of our Facebook ads for statistical and market research purposes. Although we can only recognize this data in anonymized form, it is also stored and processed by Facebook. We do not know exactly what Facebook does with this data, but it can be assumed that Facebook can and will link this data to your Facebook account. Facebook can use this information for advertising, market research, and the needs-based design of Facebook pages. To this end, Facebook and its partners create usage, interest, and relationship profiles, e.g., to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website, and to provide other services related to the use of Facebook. Cookies may also be stored on your PC for this purpose. For the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, please refer to Facebook’s privacy policy. The data may be merged with other Facebook services, such as Custom Audiences.

Advanced matching

Advertisers can optionally activate the advanced matching feature of the Meta Pixel by sending encrypted information such as email addresses or phone numbers to Facebook. Advertisers can send one or more of the following identifiers for matching: email address, phone number, first name, last name, city, state, zip code, date of birth, or gender.

Legal basis

The legal basis for the processing of your personal data is Art. 6 (1) (a) GDPR.

Recipient

The recipient of your personal data is Meta Platforms Inc. (1 Hacker Way, Menlo Park, California 94025, USA) and Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).

Transfer to third countries

The personal data is transferred to the USA. The transfer is subject to appropriate safeguards in accordance with Art. 46 GDPR. We have concluded standard contractual clauses pursuant to Art. 46 (2) (c) GDPR with the data importer. In addition, we are aware of our responsibility and, where necessary, take further measures to protect the rights and freedoms of natural persons, ensuring the protection of personal data.

Duration of data storage

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In addition, the data will be deleted if you exercise your right to erasure within the meaning of Art. 17 (1) GDPR.

Revocation

You have the right to withdraw your consent at any time, cf. Art. 7 (3) sentence 1 GDPR. This can be done informally and without giving reasons and takes effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Further information on this can be found above in our privacy policy under “Rights of data subjects.”

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further data protection information

Further information on the processing of your personal data can be found here: https://www.facebook.com/about/privacy

Further information on Meta Pixel can be found here: https://de-de.facebook.com/business/help/742478679120153?id=1205376682832142

Google Analytics 4

Description and purpose

This website uses the “Google Analytics 4” service offered by Google LLC to analyze how users use the website. The service uses “cookies” – text files that are stored on your device. First-party cookies are used for this purpose. With a first-party cookie, the user can only be recognized by the site from which the cookie originates, not across multiple domains. The information collected by the cookies is usually sent to a Google server in the USA and stored there. If necessary, Google Analytics is used on this website with the code “gat._anonymizeIp();” to ensure anonymous collection of IP addresses (so-called IP masking). Please also note the following information on the use of Google Analytics: The IP address of users is truncated within the member states of the EU and the European Economic Area. This truncation eliminates the personal reference of your IP address. For EU citizens, the IP address is also only used to derive location data and is then deleted again. You also have the option of activating or deactivating the collection of detailed location and device data for individual regions (tracking settings). As part of the agreement on order processing that the website operators have concluded with Google LLC, the latter uses the collected information to evaluate website usage and activity and to provide services related to internet usage.

Legal basis

The legal basis for the processing of your personal data is Art. 6 (1) (a) GDPR.

Recipient

The recipient of your personal data is Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).

Transfer to third countries

The personal data is transferred to the United States. The transfer is subject to appropriate safeguards in accordance with Art. 46 GDPR. We have concluded standard contractual clauses with the data importer for this purpose. In addition, we are aware of our responsibility and, where necessary, take further measures to protect the rights and freedoms of natural persons, ensuring the protection of personal data.

Duration of data storage

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In addition, the data will be deleted if you exercise your right to erasure within the meaning of Art. 17 (1) GDPR. The maximum storage period is 14 months.

Revocation

You have the right to withdraw your consent at any time, cf. Art. 7 (3) sentence 1 GDPR. This can be done informally and without giving reasons and takes effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Further information on this can be found above in our privacy policy under “Rights of data subjects.”

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further data protection information

Further information on the processing of your personal data can be found here:  https://support.google.com/analytics/answer/6004245?hl=de https://policies.google.com/privacy?hl=de&gl=en.

Google Adsense

Description and purpose

We have integrated Google AdSense from Google LLC (Google) into this website. Google AdSense is an online service that enables the placement of advertisements on third-party websites. Google AdSense is based on an algorithm that selects the advertisements displayed on third-party websites to match the content of the respective third-party website. Google AdSense allows interest-based targeting of the internet user, which is implemented by generating individual user profiles. The purpose of the Google AdSense component is to integrate advertisements on this website. Google AdSense places a cookie on the information technology system of the data subject. Each time one of the individual pages of this website operated by us and on which a Google AdSense component has been integrated is accessed, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Google AdSense component to transmit data to Google for the purpose of online advertising and commission settlement. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks and subsequently enable commission settlements. Google AdSense also uses so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in websites to enable log file recording and log file analysis, which allows statistical evaluation to be carried out. Using the embedded tracking pixel, Google can recognize whether and when a website was opened by a data subject and which links were clicked on by the data subject. Tracking pixels are used, among other things, to evaluate the visitor flow of a website. Google AdSense transmits personal data and information, including the IP address, to Google, which is necessary for recording and billing the advertisements displayed.

Legal basis

The legal basis for the processing of your personal data is consent in accordance with Art. 6 (1) (a) GDPR.

Recipient

The recipient of your personal data is Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).

Transfer to third countries

The personal data is transferred to the USA (server location). The transfer is subject to appropriate safeguards pursuant to Art. 46 GDPR. We have concluded standard contractual clauses with the data importer in accordance with Art. 46 (2) (c) GDPR. In addition, we are aware of our responsibility and, where necessary, take further measures to protect the rights and freedoms of natural persons, which ensure the protection of personal data.

Duration of data storage

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In addition, the data will be deleted if you exercise your right to erasure within the meaning of Art. 17 (1) GDPR.

Revocation

You have the right to withdraw your consent at any time, cf. Art. 7 (3) sentence 1 GDPR. This can be done informally and without giving reasons and takes effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Further information on this can be found above in our privacy policy under “Rights of data subjects.”

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further data protection information

Further information on the processing of your personal data can be found here: https://www.google.com/adsense/new/localized-terms?hl=de

Borlabs Cookie

Description and purpose

We use the functions of Borlabs Cookie (Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg, Germany) on our website. Borlabs Cookie provides a legally required cookie notice and enables us, as the operator, to manage opt-in and opt-out via a cookie consent manager. A technically necessary cookie is set to store your consent or revocation thereof.

Legal basis

The legal basis for the processing of your personal data is Art. 6 (1) lit. c GDPR (fulfillment of legal obligations).

Recipient

The recipient of your personal data is Borlabs GmbH (Hamburger Str. 11, 22083 Hamburg, Germany).

Transfer to third countries

Your personal data will not be transferred to a third country. Should this change in the future, we will update this information immediately.

Duration of data storage

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In addition, the data will be deleted if you exercise your right to erasure within the meaning of Art. 17 (1) GDPR.

Contractual and legal obligation

There is no contractual or legal obligation to provide the data. However, without the use of Borlabs Cookie, it is not possible to obtain and manage consent in a manner that complies with data protection regulations.

Further data protection information

Further information on the processing of your personal data by Borlabs can be found here:
https://de.borlabs.io/datenschutz/  

 

Creation of log files

Each time the website is accessed, Vita 34 GmbH collects data and information using an automated system. This data is stored in the server’s log files. The data is also stored in our system’s log files. This data is not stored together with other personal data relating to the user.
The following data may be collected:

(1) Information about the browser type and version used
(2) The user’s operating system
(3) The user’s Internet service provider
(4) The user’s IP address
(5) Date and time of access
(6) Websites from which the user’s system accesses our website (referrer)
(7) Websites accessed by the user’s system via our website

Duration of storage of personal data

Personal data is stored for the duration of the respective statutory retention period. After expiry of this period, the data is routinely deleted, unless it is necessary for the initiation or fulfillment of a contract.

Ways to contact us

The Vita 34 GmbH website features a contact form that can be used to contact us electronically. Alternatively, you can contact us via the email address provided. If the data subject contacts the controller via one of these channels, the personal data transmitted by the data subject will be stored automatically. The storage serves solely for the purpose of processing or contacting the data subject. The data will not be passed on to third parties. The legal basis for the processing of the data is Art. 6 (1) lit. a) GDPR if the user has given their consent. The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 (1) lit. f) GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) lit. b) GDPR. The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For personal data from the input mask of the contact form and that sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

Newsletter

If you subscribe to our company’s newsletter, the data in the respective input mask will be transmitted to the controller. Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary to prevent anyone from registering with someone else’s email address. When registering for the newsletter, the user’s IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the email address of the person concerned. The data will not be passed on to unauthorized third parties. However, data may be transferred to relevant service providers for the purpose of sending the newsletter. An exception to this is when there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter. The data subject can unsubscribe from the newsletter at any time. Consent to the storage of personal data can also be revoked at any time. For this purpose, a corresponding link is provided in each newsletter. The legal basis for the processing of data after the user has registered for the newsletter is Art. 6 (1) lit. a) GDPR, provided that the user has given their consent. The legal basis for sending the newsletter as a result of the sale of goods or services is § 7 (3) UWG (German Unfair Competition Act).

Online Shop

We use your personal data to process your online purchases (your orders and returns are handled via our online services) and to send you notifications about the delivery status or notifications in case of problems with the delivery of your items. We use your personal data to process your payments. We also use your data to handle complaints and product warranty claims . Your personal data is used to verify your identity, ensure that you are of legal age to make online purchases, and verify your address with external partners. We want to offer you multiple payment options and perform analyses to determine which payment options are available to you, including your payment history and credit checks.

Registration on our website

If the data subject chooses to register on the website of the controller by providing personal data, the data entered in the respective input mask will be transmitted to the controller. The data is stored exclusively for internal use by the controller. The data is deleted as soon as it is no longer required for the purpose for which it was collected. During registration, the user’s IP address and the date and time of registration are stored. This serves to prevent misuse of the services. The data is not passed on to third parties. An exception is made if there is a legal obligation to pass on the data. The registration of data is necessary for the provision of content or services. Registered persons have the option of having the stored data deleted or modified at any time. The data subject can obtain information about their stored personal data at any time.

Routine deletion and blocking of personal data

The controller processes and stores the personal data of the data subject only for as long as is necessary to achieve the purpose of storage. Storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws, or other provisions to which the controller is subject. As soon as the purpose of storage no longer applies or a storage period prescribed by the aforementioned provisions expires, the personal data is routinely blocked or deleted.

Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

Right of access pursuant to Art. 15 GDPR

You can request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request the following information from the controller:

  • the purposes for which the personal data is processed;
  • the categories of personal data that are being processed;
  • the recipients or categories of recipients to whom your personal data has been or will be disclosed;
  • the planned duration of storage of your personal data or, if specific information on this is not possible, criteria for determining the storage period;
  • the existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the controller, or a right to object to such processing;
  • the existence of a right to lodge a complaint with a supervisory authority;
  • any available information on the origin of the data if the personal data is not collected from the data subject;
  • the existence of automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information about whether your personal data is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

Right to rectification pursuant to Art. 16 GDPR

You have the right to rectification and/or completion vis-à-vis the controller if the personal data processed concerning you is inaccurate or incomplete. The controller must rectify the data without delay.

Right to erasure pursuant to Art. 17 GDPR

(1) You may request that the controller erase your personal data without undue delay, and the controller is obliged to erase such data without undue delay if one of the following reasons applies:

  • The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
  • You withdraw your consent on which the processing was based in accordance with Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and there is no other legal basis for the processing.
  • You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
  • The personal data concerning you has been processed unlawfully.
  • The erasure of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
  • The personal data concerning you has been collected in relation to the services offered by information society services pursuant to Art. 8 (1) GDPR.

(3) The right to erasure does not apply if processing is necessary

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • for the establishment, exercise, or defense of legal claims.

Right to restriction of processing pursuant to Art. 18 GDPR

You may request the restriction of the processing of your personal data under the following conditions:

  • if you dispute the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of processing, but you need it to assert, exercise, or defend legal claims, or
  • if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.

If the processing of your personal data has been restricted, this data may – apart from its storage – only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

Right to be informed pursuant to Art. 19 GDPR

If you have asserted your right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed by the controller about these recipients.

Right to data portability pursuant to Art. 20 GDPR

You have the right to receive your personal data that you have provided to the controller in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

  • the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and
  • the processing is carried out using automated means. In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another controller, where technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to object pursuant to Art. 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions. The controller shall no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes. In connection with the use of information society services, you have the option of exercising your right to object by means of automated procedures using technical specifications, irrespective of Directive 2002/58/EC.

Right to revoke the data protection consent declaration pursuant to Art. 7 (3) GDPR

You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

Automated decision-making in individual cases, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  • is necessary for entering into, or performance of, a contract between you and the controller,
  • is authorized by Union or Member State law to which the controller is subject and that law provides for appropriate measures to safeguard your rights and freedoms and legitimate interests, or
  • is based on your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

With regard to the cases referred to in a. and c., the controller shall take appropriate measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

Integration of other services and third-party content

Description and purpose

It may happen that third-party content, such as videos, fonts, or graphics from other websites, is integrated into this online offering. This always requires that the providers of this content (hereinafter referred to as “third-party providers”) perceive the IP address of the users. Without the IP address, they would not be able to send the content to the browser of the respective user. The IP address is therefore necessary for the display of this content. We endeavor to use only content whose respective providers use the IP address solely for the delivery of the content. However, we have no influence on whether third-party providers store the IP address for statistical purposes, for example. As far as we are aware of this, we inform users about it. We want to provide and improve our online offering through these integrations.

Legal basis

The legal basis for the integration of other third-party services and content is Art. 6 (1) lit. f) GDPR. Our overriding legitimate interest lies in the intention to present our online presence in an appropriate manner and to provide user-friendly and economically efficient services on our part. For further information, please refer to the respective data protection information of the providers.

Contractual or legal obligation to provide personal data

The provision of personal data is neither required by law nor contractually required, nor is it necessary for the conclusion of a contract. You are also not obliged to provide personal data. However, failure to provide such data may mean that you cannot use this function or cannot use it to its full extent.

Data transfer to third countries

The controller may transfer personal data to a third country. In principle, the controller can ensure an adequate level of protection for the processing by means of various appropriate safeguards. Data transfers may be carried out on the basis of an adequacy decision, internal data protection regulations, approved codes of conduct, standard data protection clauses, or an approved certification mechanism in accordance with Art. 46 (2) (a) – (f) GDPR.

If the controller transfers data to a third country on the legal basis of Art. 49 (1) (a) GDPR, you will be informed here about the possible risks of data transfer to a third country.

There is a risk that the third country receiving your personal data may not offer a level of protection equivalent to that of the European Union. This may be the case, for example, if the EU Commission has not issued an adequacy decision for the third country in question or if certain agreements between the European Union and the third country in question are declared invalid. Specifically, there are risks in some third countries with regard to the effective protection of EU fundamental rights through the use of surveillance laws (e.g., the US). In such cases, it is the responsibility of the controller and the recipient to assess whether the rights of data subjects in the third country enjoy an equivalent level of protection as in the Union and can also be effectively enforced.

However, the General Data Protection Regulation should not undermine the level of protection guaranteed throughout the Union for natural persons when personal data is transferred from the Union to controllers, processors, or other recipients in third countries or to international organizations, even if personal data are further transferred from a third country or an international organization to controllers or processors in the same or another third country or to the same or another international organization.

Other functions of the website

Applications (training & job offers)

By submitting their application to us, applicants consent to the processing of their data for the purposes of the application process in accordance with the manner and scope set out in this privacy policy. The legal basis for the processing of applicant data is Art. 88 GDPR, § 26 BDSG-neu (German Federal Data Protection Act) and Art. 9 (2) lit. b) GDPR. If special categories of personal data within the meaning of Art. 9 (1) GDPR are voluntarily disclosed as part of the application process, they will also be processed in accordance with Art. 9 (2) (b) GDPR (e.g., health data, such as severe disability or ethnic origin). If special categories of personal data within the meaning of Art. 9 (1) GDPR are requested from applicants as part of the application process, their processing is also carried out in accordance with Art. 9 (2) (a) GDPR (e.g., health data if this is necessary for the performance of the job). If provided, applicants can submit their applications to us using an online form on our website. The data is transmitted to us in encrypted form in accordance with the state of the art. Applicants can also send us their applications by email. However, please note that emails are generally not sent in encrypted form and applicants must ensure encryption themselves. We therefore cannot accept any responsibility for the transmission of the application between the sender and the receipt on our server and therefore recommend using an online form or postal mail. Instead of applying via the online form and email, applicants still have the option of sending us their application by post. If an application is successful, the data provided by applicants may be further processed by us for the purposes of the employment relationship. Otherwise, if the application for a job vacancy is unsuccessful, the applicant’s data will be deleted. Applicants’ data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. The deletion takes place after a period of six months so that we can answer any follow-up questions regarding the application and fulfill our obligations under the General Equal Treatment Act. Invoices for any travel expense reimbursements are archived in accordance with tax regulations.

Data recipients

To the extent permitted or required by law, or to the extent you have consented, we also share your personal data with other recipients who provide services to us. We limit the disclosure of your personal data to what is necessary. In some cases, our service providers receive your personal data as processors and are then strictly bound by our instructions when handling your personal data (processing agreement in accordance with Art. 28 GDPR). In some cases, the recipients act independently with the data we transfer to them. The following categories of service providers/recipients may receive your data:

  • Providers of email marketing via newsletters
  • Providers of hosting services for the operation of our servers
  • Service providers in the field of job applications to assist in the selection of applicants
  • Service providers for development work, including programming, development, maintenance, and support of software applications
  • Service providers for postal services
  • External legal advisors
  • Marketing agencies/website management
  • Other IT service providers (e.g., system houses)
  • Other services and tools

The service providers we commission must meet strict confidentiality requirements. They only receive the access to your data that is necessary to perform the tasks assigned to them.

In the event of a suspected criminal offense, data may be disclosed to law enforcement authorities.

Security

We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress. In addition, data protection is continuously ensured through constant auditing and optimization of the data protection organization.

Conclusion

Vita 34 GmbH reserves all rights to make changes and updates to this privacy policy. This privacy policy was created by the data protection management system as part of hellotrust, a brand of Keyed GmbH.