Impressum

Privacy

I. General information

This notice applies to the use of the website of "HEDI - Pregnancy Care Digitally Supported and Coordinated" (hereinafter also "HEDI", "website", "us" or "we").

Privacy notices are required when personal data is processed. Personal data are in particular name, address, telephone number, e-mail address, social media identifier (profile name), bank details, date of birth, IP address, cookie identifiers and geotags.

Important abbreviations:

DSGVO: Datenschutz-Grundverordnung (VO EU 2016/679)
UWG: Gesetz gegen den unlauteren Wettbewerb
EWR: Europäischer Wirtschaftsraum
Art.: Artikel
Abs.: Absatz
lit.: letter

II. legal bases, purposes and duration of data processing

The following legal bases (Arabic numerals) and the purposes of data processing based on them (bullets) are to be understood as general information and examples. The presentation of further legal bases, in particular Art. 6 para. 1 lit. c, lit. d and lit. e DSGVO, has been deliberately omitted, as these are not relevant for the processing of personal data when using this website.

This privacy notice contains specific information on the processing procedures under the last heading "Processing procedures", e.g. with regard to the use of cookies, web analytics or the use of social (media) plug-ins. These concrete purposes of data processing can be assigned to the legal bases listed here.

  1. Data processing with consent, Art. 6 para. 1 lit. a u. Art. 9 para. 2 lit. a DSGVO

Data processing is always permissible if consent has been given.

  • Registration as a customer
  • Cooperation, e.g. redeeming voucher codes
  • Contact form / contact by e-mail
  • Comments on blog posts
  • Social(Media)PlugIns
  • Use of functional cookies (e.g. web analysis)
  • Use of marketing cookies
  • Newsletter dispatch; legal basis in the case of a contract for goods or services: Section 7 (3) of the German Unfair Competition Act (UWG).

 

  1. Data processing for the fulfillment of a contract, Art. 6 para. 1 lit. b. DSGVO

Data processing for the performance of a contract is permissible, e.g. the processing of name and address when ordering goods or services. Likewise, processing for the performance of pre-contractual measures at the request of the data subject is permissible.

  • Registration as a customer, if for the fulfillment of a contract
  • Contact by e-mail, directed towards the conclusion of a contract
  • Booking requests via a contact form
  • other processing, if necessary for the conclusion or performance of a contract

 

  1. Data processing for the protection of legitimate interests, Art. 6 para. 1 lit. f DSGVO

Data processing is also permitted if our legitimate interests or the interests of third parties must be safeguarded and these interests outweigh your interest in protecting your data. Your interest in protecting the data outweighs, for example, the impairment of your fundamental rights or freedoms.

  • Storage of IP addresses, completely or in the last two bytes anonymized or pseudonymized (e.g. 192.168.xxx.xxx)
  • Storage of further data in log files
  • Contact by e-mail, if necessary to protect legitimate interests
  • Use of support systems, e.g. live chat
  • Use of technically necessary cookies
  • Use of functional cookies (e.g. web analysis)
  • Use of 3rd party cookies

 

  1. Duration of data processing

A deletion of the personal data takes place,

  • if you assert your right to erasure against us

and there is no legal basis for further processing

  • if the data is no longer required to achieve the purpose for which it was collected
  • in the case of complete IP addresses in log files:

no later than seven days after their collection; if processed beyond this time, the IP addresses are anonymized or pseudonymized in the last two bytes (e.g. 192.168.xxx.xxx)

  • for "session cookies": after expiry of the respective session on our website or when you delete them
  • for "permanent cookies": when you delete them or when the cookies are no longer needed or when their programmed duration has expired (usually after two years).


 

III. responsible body

Contact details of the controller of personal data:

GWG Gesellschaft für Wirtschaftsförderung und Stadtentwicklung Göttingen mbH
Bahnhofsallee 1B
37081 Göttingen
Tel.: +49 (0)551 547 43 – 0
Fax: +49 (0)551 547 43 – 20
E-mail:

Commercial register entry: Göttingen Local Court - HRB 2086 Sales tax identification number (USt.-ID) gem. § 27a Umsatzsteuergesetz (UStG) : DE811384881

represented by the management: Ursula Haufe
info@gwg-online.de
Aufsichtsratvorsitzende: Lord Mayor Petra Broistedt

IV. Person in charge of data protection

Dr. Machunsky Datenschutz & Compliance GmbH
Dr. Jan N. Machunsky
Mittelbergring 61
37085 Göttingen
E-Mail: datenschutz@gwg-online.de
Tel.: 0551 3054 10 12

Contact information for the state data protection authority:

The State Commissioner for Data Protection of Niedersachsen
Postfach 221, 30002 Hannover
Prinzenstraße 5, 30159 Hanover

Tel.: +49 (0) 511 120-4500
Fax: +49 (0) 511 120-4599
E-mail: poststelle@lfd.niedersachsen.de

V. Rights of the data subjects

As a data subject, you can assert the following rights against the responsible body. For this purpose, please use the contact options indicated under the heading "Responsible entity".

  1. Right to confirmation and information, Art. 15 DSGVO

You may request confirmation that personal data concerning you is being processed. In the presence of a confirmation, you can then request information about:

  • the purposes of the data processing
  • the categories of personal data
  • the recipients or categories of recipients to whom the data will be disclosed
  • the planned duration of the storage or criteria for determining the duration
  • the existence of the rights of rectification or erasure
  • the existence of the right to restrict processing
  • the existence of the right to object
  • the existence of the right to lodge a complaint with a supervisory authority
  • any available information about the origin of the data, if the data was not collected directly from you
  • the existence of automated decision-making (including "profiling") pursuant to Art. 22(1) and (4) DSGVO
  • the existence of a data transfer to a third country and / or to an international organization
  • in the case of data transfer to a third country and / or an international organization: appropriate safeguards pursuant to Art. 46 GDPR


 

  1. Right to rectification and / or completion, Art. 16 DSGVO

If the personal data concerning you is incorrect or incomplete, you may request that it be corrected and/or completed. The controller must then carry out the correction / completion without delay and will inform you of this.

  1. Right to erasure ("right to be forgotten"), Art. 17 GDPR

In the following cases, you may request immediate deletion of the personal data concerning you:

  • the data are no longer required for the purposes for which they were collected or otherwise processed
  • a granted consent is revoked and there is no other legal basis for further processing
  • objection pursuant to Art. 21 (1) DSGVO without overriding legitimate grounds for processing
  • objection pursuant to Art. 21 (2) DSGVO
  • the data have been processed unlawfully
  • the controller is obliged to erase the data on the basis of Union law or the law of one of the Member States
  • there is a data collection and processing in accordance with Art. 8 para. 1 DSGVO

The right to erasure is excluded if the processing of the data is necessary:

  • to exercise the right to freedom of expression and information
  • to comply with a legal obligation under Union law or a law of one of the Member States
  • for the performance of a task in the public interest
  • for the exercise of official authority, insofar as this has been delegated to the controller
  • for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) DSGVO
  • if deletion of the data is likely to render impossible or seriously prejudice the achievement of the objectives of the following processing operations (Art. 89 (1) DGSVO):
  • archiving purposes in the public interest
  • scientific or historical research purposes
  • statistical purposes
  • to assert, exercise or defend legal claims

If there is an obligation to delete the data:

The controller will inform you about the deletion of the data. If the personal data concerning you has been made public by the responsible body, all responsible bodies that process this data will also be informed of your request for deletion. This then also concerns the deletion of all links to the data and / or copies and / or replications of the data.

Right to restriction of processing, Art. 18 DSGVO

Under the following conditions, the processing of personal data concerning you must be temporarily or permanently restricted at your request:

  • You have contested the accuracy of the data, Art. 16 DSGVO, and this is verified by the controller
  • the processing is unlawful, but you wish to restrict the processing instead of erasure
  • the data is no longer necessary for the purposes of processing, but you need the data to assert, exercise or defend legal claims
  • you have objected to the processing, Art. 21 (1) DSGVO, but it is not yet clear whether this is justified

After the restriction of processing has taken place, you will be informed of this by the controller, as well as before the restriction is lifted again. After the restriction, your data may continue to be stored, but only processed in the following cases:

  • consent has been given
  • legal claims are to be asserted, exercised or defended
  • for the protection of another person
  • there is an important public interest of the EU and / or a Member State before

 

Right to information, Art. 19 GDPR

If you have exercised your rights under Articles 16 to 18 of the GDPR (rectification, erasure, restriction of processing), the controller is obliged to inform all recipients to whom the data have been disclosed, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

Right to data portability, Art. 20 DSGVO

The controller must provide you with the personal data relating to you in a structured, common and machine-readable format. The unhindered transfer of this data to another controller must be ensured, provided that

  • the processing is based on consent (Art. 6 (1) a or Art. 9 (2) a DSGVO) and / or
  • the processing is carried out for the performance of a contract or pre-contractual measures (Art. 6 para. 1 lit. b DSGVO) and
  • the processing is carried out with the aid of automated procedures.

The freedoms and rights of other persons must not be affected. The right to data portability does not exist for data processing operations

  • for the performance of a task in the public interest
  • in the exercise of official authority, insofar as it is entrusted to the controller

You may request that the data be transferred directly to another controller, insofar as this is technically feasible.

Right of objection, Art. 21 DSGVO

You may object at any time if the data processing is

  • is based on Art. 6 (1) lit. f DGSVO or
  • serves direct advertising purposes or
  • is carried out for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) DSGVO

The same applies to corresponding profiling. The objection must be justified. It is sufficient if you state as a reason that you no longer wish the data to be processed. After the objection, the data will no longer be processed.

The controller may continue to process the data despite your objection if

  • there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or
  • the processing serves to assert, exercise or defend legal claims; or
  • in the case of processing pursuant to Article 89(1) of the GDPR: processing is necessary for the performance of a task carried out in the public interest.

In connection with the use of information society services, you can also exercise your objection by means of automated procedures using technical specifications.

Right of withdrawal, Art. 7 (3) DSGVO

You can revoke the data protection consent in its entirety for the future at any time. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

Automated decision in individual cases including profiling, Art. 22 DSGVO

You have the right to withdraw from a decision based on automated processing if this decision produces legal effects vis-à-vis you or similarly significantly affects you. The same applies to profiling.

This right is not subject to limitations if the decision is based on special categories of personal data as defined in Art. 9(1) GDPR, e.g. data concerning political opinions, religious or philosophical beliefs, genetic or biometric data, and health data or data concerning sex life or sexual orientation.

However, if you have consented to the automated processing and neither Union law nor the law of a Member State prohibits such consent (Article 9(2)(a) GDPR) or if the processing is necessary for a substantial public interest (Article 9(2)(g) GDPR), your right may be excluded as described below, even if special categories of personal data are processed.

This right does not exist if the decision based on automated processing is made

  • is necessary for the conclusion or performance of a contract between you and the controller, or
  • is permissible on the basis of legal provisions of the Union and / or one of the Member States and
  • your rights, freedoms and legitimate interests are adequately protected by these legal provisions or
  • with your express consent is made

In the aforementioned first and last case of exclusion of your right described here, the controller will take reasonable measures to protect your other rights, freedoms and legitimate interests. This includes, in particular, the right to intervene in the decision by the controller, to express your point of view and to contest the decision.

Right to complain to a supervisory authority, Art. 77 DSGVO

You have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of personal data concerning you violates data protection provisions. You will be informed by the supervisory authority to which the complaint was lodged about the status and the results of the complaint, including the possible legal remedies (esp. Art. 78 GDPR). Please contact for more detailed information about the responsibilities:

Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit

Husarenstraße 30

53117 Bonn

Tel.: 0228/997799-0

Fax: 0228/997799-550

E-mail:

poststelle@bfdi.bund.deWeb: http://www.bfdi.bund.de

VI. processing procedures

The following processing operations (purposes of data processing) can be assigned to the legal bases under Section II. of this data protection notice. Any data transfer to third countries (countries outside the EU / EEA) is shown in detail for each processing operation.

Tracking methods

1.1 Cookies

This website does not use cookies.

1.2 Other trackers

This website does not use any other trackers.

Web analytics

(1) We do not use invasive web tracking tools such as Google Analytics.

(2) We use the web analytics tool Plausible Analytics to understand the use of our website and to improve it. Plausible does not set cookies, does not store any information in the browser. No personal data is generally collected by Plausible. Here you can find more information about Plausible and the privacy policy of this tool. Service provider: Plausible Insights OÜ, Västriku tn 2, Tartu 50403, Estonia; website: https://plausible.io/, privacy policy: https://plausible.io/data-policy

Contact

If you use the contact form, your surname and first name as well as your e-mail address will be collected and used. If you click on an e-mail address there or elsewhere on the website, your standard e-mail program opens and you can write us a message. Your e-mail address will be used for this purpose.

Web hosting / log files

We collect and process the following information automatically transmitted by your browser in so-called log files:

  • IP address (anonymized or pseudonymized in the last byte)
  • Date and time of the server request
  • Method "GET" or "POST" (retrieve or send)
  • Files referred to (when retrieving or sending)
  • Protocol (e.g. HTTP/1.1)
  • Status code (error messages)
  • URL called up
  • Browser type / browser version
  • Operating system
  • Browser plugins like Flash, Java or Quicktime
  • Referrer URL (the previously visited website)
  • Search terms from e.g. Google
  • Country of origin

A personal reference cannot be established on the basis of this data. This data is also not merged with other data, user profiles are not created.