PRIVACY POLICY (Updated July, 2024)
I am pleased you have visited my website. I am serious about protecting your personal data and adhere to the rules of statutory requirements, particularly data protection laws. The wording used in this statement is meant to be gender-neutral and encompasses both feminine and masculine gender.
This privacy policy applies exclusively to the website-specific data processing procedures when visiting my website www.atlasoptimal.com. Even beyond these data processing procedures, I consider the protection of your personal data to be very important. In my “Information regarding data processing in accordance with Art. 13 GDPR”, I provide you with separate information about all data processing procedures in my practice that are not specific to the website.
1. INFORMATION REGARDING THE COLLECTION OF PERSONAL DATA
1.1. In this privacy policy I inform you in accordance with Art. 12 et seq. about the collection of personal data when using my website. The term personal data refers to all data relating to you personally, such as your name, your address or your e-mail address. More specifically, I explain what data I collect and what I use it for. Furthermore, I will provide you with information on how and for what purpose this is done.
1.2. The controller as defined in Art. 4 para. 7 of the EU General Data Protection Regulation (GDPR) is me,
Alternative Practitioner Heike Göring
Praxis für Atlaskorrektur
(Atlas Correction Practice)
Schweizer Platz 56
60594 Frankfurt am Main
Germany
E-mail: h.goering [at] atlasoptimal.com
You can find all the information about me under my Legal Information.
For individual functions of my website, I require the co-operation of external service providers. I will inform you about the respective processes further on in this policy.
2. Collection and storage of personal data when accessing my website (server log files)
2.1 In order to operate my website and make it available to you, I rely on hosting services from the company Strato AG. The hosting provider acts as my data processor in accordance with Art. 28 GDPR.
When using my website for informational purposes (i.e. simply to view information regarding my range of services), I (or my hosting provider) collect and process the personal data that your browser automatically transmits to the server of my website. This is necessary for technical reasons in order to be able to display my website in your browser.
This information is temporarily stored in a so-called log file and deleted or anonymised after the stated purposes have been achieved (after 7 days at the latest). The following information is recorded without any action on your part and stored until it is deleted or anonymised (log file data):
- IP address of the querying computer,
- date and time of the query or access,
- time zone difference from Greenwich Mean Time (GMT),
- content of the request (specific page),
- name and URL of the file called up,
- access status/HTTP status code,
- respective quantity of data transmitted,
- website from which the request or access originates (referrer URL),
- browser used,
- operating system of your computer and its surface and name of your access provider,
- language and version of the browser software.
2.2. I process the aforementioned data to display my website to you and to ensure stability and security in doing so – particularly in order to guarantee establishment of a smooth connection and comfortable use of my website as well as for analysis of system security and stability and for other administrative purposes.
2.3 The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. My legitimate interest derives from the data collection purposes listed above. Insofar as you visit my website to find out about my range of services, Art. 6 para. 1 sentence 1 lit. b GDPR also forms the legal basis for the temporary storage and processing of the aforementioned data. This stipulation permits the processing of data for the fulfilment of a contract or for the implementation of pre-contractual measures.
Data processing summary:
Data concerned: Log file data, meta/communication data (e.g. device information, IP addresses)
Data subject: Website visitors
Data recipient: Hosting provider as data processor
Purpose of the DP: Display of the website, stability and security, establishing a smooth connection, convenient use of my website, evaluation of system security and stability, as well as other administrative purposes.
Legal basis: Art. 6 para. 1 sentence 1 lit. f GDPR and Art. 6 para. 1 sentence 1 lit. b GDPR
3. Communication (electronic correspondence)
3.1 You can send me an e-mail to contact me. A valid e-mail address is required in order to answer your enquiry. Should you wish this, you can use an e-mail address that cannot be used to identify you personally.
3.2 The aforementioned web hosting services also include the sending, receiving and storage of e-mails. For these purposes, the addresses of the recipients and senders as well as other information relating to the sending of e-mails are processed. The aforementioned data may also be processed for the purpose of recognising spam emails.
3.3 Should you send me an e-mail, I will store the data you provide (e.g. your e-mail address, possibly your name and telephone number) in order to answer your questions. Once storage is no longer necessary, I will delete the personal data collected. In case of a legal obligation to retain data, I will restrict the processing. The legal basis for data processing for the purpose of contacting and communicating is Art. 6 para. 1 sentence 1 lit. f GDPR. Specifically, my legitimate interest lies in responding appropriately to your enquiry. In case of a legal obligation to retain data, Art. 6 para. 1 sentence 1 lit. c GDPR forms the legal basis.
3.4 Should the correspondence relate to the implementation of (pre-)contractual measures in response to your enquiry, Art. 6 para. 1 sentence 1 b) GDPR forms the legal basis for this data processing. This also applies if the correspondence relates to an existing contractual relationship, in particular if you are already my patient.
3.5 Please note that data transmission by e-mail may be subject to security vulnerabilities. Complete protection of the data against access by third parties is not possible in such cases. Therefore, I recommend that you do not send sensitive or health-related data by e-mail. Should you be interested in encrypted e-mail correspondence, please let me know.
Data processing summary:
Data concerned: Communication data, contact data, text entries
Data subject: Persons making enquiries,
communication partner
Data recipient: Hosting provider as data processor Purpose of the DP: Answering enquiries, communication
Legal basis: Art. 6 para. 1 sentence 1 lit. a, Art. 6 para. 1 sentence 1 lit. b GDPR, Art. 6 para. 1 sentence 1 lit. c GDPR and Art. 6 para. 1 sentence 1 lit. f GDPR
4. SHARING OF DATA/DATA TRANSFER
I transfer your personal data to third parties exclusively for the following purposes:
4.1 after you grant explicit consent in accordance with Art. 6 para. 1 sentence 1 lit. a of the GDPR,
4.2 the sharing is required under Art. 6 para. 1 sentence 1 lit. f of the GDPR for the assertion, exercise or defense of legal rights and there is no reason to assume that you have an overriding interest worthy of protection in your data not being shared,
4.3 if a legal obligation to share the data exists under Art. 6 para. 1 sentence 1 lit. c of the GDPR,
4.4 insofar as this is legally permitted and is required under Art. 6 para. 1 sentence 1 lit. b of the GDPR for the performance of a contractual relationship with you.
5. Your rights
Under the legal requirements, you have the following rights vis-à-vis me with regard to your personal data:
5.1 Right of access: You have the right to request confirmation from me at any time in accordance with Art. 15 GDPR as to whether I am processing personal data concerning you; should this be the case, you are also entitled in accordance with Art. 15 GDPR to receive information about this personal data and certain other information (including processing purposes, categories of personal data, categories of recipients, planned storage period, the origin of the data, the use of automated decision-making and, in the case of transfer to a third country, the appropriate guarantees) and a copy of your data. The restrictions of § 34 of the German Federal Data Protection Act apply.
5.2 Right to rectification: In accordance with Art. 16 GDPR, you are entitled to demand that I correct your stored personal data if it is inaccurate or incorrect.
5.3 Right to erasure: In accordance with Art. 17 GDPR, you are entitled to demand that I delete personal data concerning you immediately. The right to erasure does not apply, for example, if the processing of personal data is necessary, e.g. to fulfil a legal obligation (e.g. statutory retention obligations) or to assert, exercise or defend legal claims. Furthermore, the restrictions of § 35 of the German Federal Data Protection Act apply.
5.4 Right to restriction of processing: In accordance with Art. 18 GDPR, you are entitled to demand that I restrict the processing of your personal data.
5.5 Right to data portability: In accordance with Art. 20 GDPR, you are entitled to request that I provide you with your provided personal data in a structured, commonly used and machine-readable format.
5.6 Right to lodge a complaint with a supervisory authority: In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a relevant supervisory authority. Specifically, you can lodge a complaint with the supervisory authority responsible for me:
The Hessian Data Protection and Freedom of Information Commissioner (currently Prof. Dr Alexander Roßnagel), Press and Public Relations, Gustav Stresemann Ring 01, 65189 Wiesbaden, Germany. Telephone: 0611 1408-121, e-mail poststelle@datenschutz.hessen.de.
Postal address: The Hessian Data Protection and Freedom of Information Commissioner
P.O. Box 3163, 65021 Wiesbaden, Germany.
You can also contact any other relevant supervisory authority at any time. For information on the data protection supervisory authorities and their contact details, please click on the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right of withdrawal: In accordance with Art. 7 para. 3 GDPR, you can withdraw your consent to the processing of personal data at any time. A withdrawal of consent is only effective for the future. Processing that took place before the withdrawal of consent is not affected by this. An informal message, e.g. by e-mail to me, is sufficient to declare the withdrawal of consent.
6. Cookies
6.1 I use so-called “cookies” on my website in order to provide a more user-friendly, effective and secure website. Furthermore, cookies are used to enable the provision of certain functions.
Cookies are small text files that are stored on your end device (laptop, tablet, smartphone, etc.) and saved by your browser. I obtain certain information through cookies. A cookie includes a characteristic string of characters that allows your browser to be uniquely identified when you return to the website. Cookies enable information about a user of my website to be stored during or after their visit. The stored information may include items such as language settings, login status, a shopping basket or the point at which a video was viewed.
I do not obtain direct knowledge of your identity through cookies. Cookies cannot cause any damage to your end device; in particular, they cannot execute programmes or transmit viruses.
6.2 Generally speaking, there are different types of cookies:
Session cookies are only stored temporarily and are deleted at the latest when you leave the respective website and close your browser.
Permanent or persistent cookies remain stored after you have closed your browser or left the respective website. These cookies remain stored on your end device for a specified period of time or until you delete them. Persistent cookies enable the provider to recognise your browser on your next visit. This means that when you visit the respective website again, for instance, your login status can be recognised or your preferred content displayed directly.
First-party cookies are cookies that the provider sets itself. They are only visible from the domain you are currently visiting.
Third-party cookies are cookies that are set by third parties to process user information. They are visible across all domains.
Necessary or essential cookies are cookies that are absolutely necessary for the functionality of the respective website. This applies, for instance, to using the website as a registered visitor and accessing restricted areas of the online offering (login data).
Statistics cookies are used to measure the reach of the website. Marketing and personalisation cookies are used to store a user’s interests or behaviour (e.g. accessing certain content) in a user profile. This enables users to be shown content that is tailored to their interests.
6.3 The following applies to my online offering:
My website mainly uses session cookies. They store a so-called session ID, with which various requests from your browser can be assigned to the session. Session cookies can be used to identify whether you have already visited individual pages of my website. The session cookies are deleted at the latest when you leave my site and close your browser. You may also delete cookies at any time in the security settings of your browser.
Insofar as types of cookies other than those mentioned above are used on my website, I will inform you about this in the relevant individual explanations of the respective functions/technologies or the service; you will find these further on in this policy. You will also find further cookie-specific setting and deactivation options there. This also applies to cookies that are set by integrated services.
You may also visit my website without cookies. In order to do so, you must configure your browser so that cookies are not accepted. In this case, you may not be able to use all the functions of my website. You may also configure your browser so that you are informed about the setting of cookies, that cookies are only permitted in individual cases or that the acceptance of cookies is only permitted in certain cases. You may also activate the automatic deletion of cookies when closing the browser. You can find the procedure for deactivating cookies or a restriction via the “Help” function of your respective browser.
The legal basis for the cookie-based data processing described here is Art. 6 para. 1 sentence 1 lit. f GDPR. The data processed by cookies are necessary for the purposes mentioned to protect my legitimate interests and those of third parties in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. My legitimate interests in this respect include, in particular, providing you with a technically optimised, user-friendly and needs-based website and ensuring the security of my systems. Furthermore, I am committed to the business operation of my online offering and its improvement.
As a matter of principle, I only use essential cookies. Should I use cookies that are not absolutely necessary (e.g. analysis/marketing cookies), I will obtain your consent beforehand. You may accept or reject cookies that are not absolutely necessary. In such cases, I will provide separate information about the specific data processing and the purpose of the use in the course of the consent or in the description of the service further on in this policy. Insofar as you consent to the use of cookies, the legal basis for the processing of your data is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
Summary:
Data concerned: Cookies, usage data
Data subject: Website visitors
Data recipient: Cookie provider, if applicable
Purpose of the DP: Technically optimised, user-friendly and needs-based website, security of my systems, business operation of my online offering and its improvement
Legal basis: Art. 6 para. 1 sentence 1 lit. a, Art. 6 para. 1 sentence 1 lit. b GDPR and Art. 6 para. 1 sentence 1 lit. f GDPR
7. Other functions and offers of my website/integration of third-party services and content (plug-in providers)
7.1 Besides the purely informational (viewing) use of my website, I offer various services that you can actively use if you are interested. This initiates further data processing operations. You will generally have to provide further personal data; this will be used to provide the respective service. The use of the following services requires that the third-party providers know your IP address; without the IP address, the content cannot be transmitted to your browser.
Unless otherwise stated below, the data processing described below is necessary to protect my legitimate interests and those of third parties in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR (legal basis). Specifically, these include the optimisation and convenient use of my website and the design of my web presence. The integration is necessary in each case in order to be able to use the offers of the third-party providers on my website.
7.2 The following offers/services of third-party companies are integrated on my website.
7.2.1 Wordfence
On my website I use the Wordfence Security plug-in. It protects my website from unwanted access or malicious cyberattacks, such as brute force and DDoS attacks or comment spam. For this purpose, my website establishes a permanent connection to the Wordfence servers. Wordfence compares its databases with the accesses made to my website and blocks the access attempt if necessary. For this purpose, IP addresses are transmitted to the Wordfence servers and stored there. Wordfence Security secures my website and protects visitors to my website from viruses and malware.
In order to recognise whether a visitor to my website is a human or an automated access, Wordfence uses cookies. You can find information about which cookies are set here: https://www.wordfence.com/help/general-data-protection-regulation/.
The legal basis for the data processing described here is Art. 6 para. 1 sentence 1 lit. f GDPR. The data processed are necessary for the purposes mentioned to protect my legitimate interests and those of third parties in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. My legitimate interests in this respect include, in particular, protecting my website from unwanted access or malicious cyberattacks. This constitutes a legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.
An appropriate level of data protection is guaranteed by the conclusion of the so-called EU standard contractual clauses. This legitimises data transfer to the USA.
You can find details here: https://www.wordfence.com/help/general-data-protection-regulation/.
The live traffic view option (real-time live traffic) of the plug-in is switched off. (https://www.wordfence.com/help/dashboard/options/?utm_source=plugin&utm_medium=pluginUI&utm_campaign=docsIcon#disable-cookies)
Further information regarding the purpose and scope of data collection and its processing by Wordfence can be found in the privacy policy of this provider. You will also find further information on your rights in this regard and setting options to protect your privacy:
Terms of use: https://www.wordfence.com/terms-of-use/
Privacy policy: https://www.wordfence.com/privacy-policy/
Wordfence is a service of Defiant, Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA. (https://www.defiant.com/). This company acts as my data processor in accordance with Art. 28 GDPR.
Summary:
Data concerned: Cookies, IP address
Data subject: Website visitors
Data recipient: Defiant, Inc. as data processor
Purpose of the DP: Protection of the website against unwanted access or malicious cyberattacks
Legal basis: Art. 6 para. 1 sentence 1 lit. f GDPR
7.2.2 Yoast SEO:
On my website I use the Yoast SEO plug-in. This is an offer from Yoast BV, Don Emanuelstraat 3, 6602 GX Wijchen, Netherlands. The plug-in is used for the technical optimisation of my website for search engines and to support the development of content. You can find further information in Yoast BV’s privacy policy, available at https://yoast.com/privacy-policy/. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
The legal basis for the data processing described here is Art. 6 para. 1 sentence 1 lit. f GDPR. The data processed are necessary for the purposes mentioned to protect my legitimate interests and those of third parties in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. This constitutes a legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.
8. Duration of data storage
Unless specified otherwise, I will only process and store your personal data for as long as is necessary for the respective purpose of use. This may also include the duration of the initiation and fulfilment of a contract. Subsequently, personal data will be regularly deleted as part of the fulfilment of my contractual and/or legal obligations, unless their temporary further processing is necessary to fulfil legal retention obligations or to preserve evidence. I will provide the respective legal basis and further information when discussing the individual data processing.
9. Objection or withdrawal of consent to processing of your data
9.1. Insofar as I process your personal data based on legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you can lodge an objection to the processing of your personal data in accordance with Art. 21 GDPR. In this case, please let me know the grounds – arising from your particular situation – on account of which I should not process your personal data. After a review of your objection, I will either discontinue the data processing, adjust it or continue the processing. In the latter case, I will explain to you my compelling grounds worthy of protection.
9.2. You can object to the processing of your personal data for purposes of advertising and/or data analysis at any time without providing grounds. I will comply with your rightful objection in this respect; an indication of grounds is not required for this.
9.3. If you have given consent to the processing of your data, you can withdraw this consent at any time with effect for the future.
9.4. To exercise your right to withdraw consent or to object, please send an e-mail to the following address: h.goering [at] atlasoptimal.com.
You can also notify me of your objection or withdrawal of consent using the following contact information:
Alternative Practitioner Heike Göring
Praxis für Atlaskorrektur
(Atlas Correction Practice)
Schweizer Platz 56
60594 Frankfurt am Main
Germany
E-mail: h.goering [at] atlasoptimal.com
10. Encryption
To safeguard your data, I use SSL encryption on my website. I regularly renew certificates for use of SSL encryption.You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
11. Obligation to provide data
In principle, you are not obliged to provide me with your personal data. However, if you do not do this, you may not be able to use my website without restrictions. Furthermore, I may not be able to answer your enquiries.
12. Further question
Do you have a question that was not answered by my privacy policy? Would you like further information about a point? Please let me know! I will be happy to provide further information at any time. For all inquiries on data protection, please contact the following e-mail address:
h.goering [at] atlasoptimal.com
13. Updates and changes to my privacy policy
As a result of the further development of my website or due to changes in legal requirements, it may become necessary to amend this privacy policy. For this reason, I advise you to consult the policy again at regular intervals.
This privacy policy is updated as of July 2024.