1. Home
  2. Data protection

Information on data protection

This Privacy Policy explains how we handle your personal data and outlines your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

This privacy policy applies to the GPR Group’s website. The GPR Group includes GPR Gesundheits- und Pflegezentrum Rüsselsheim gemeinnützige GmbH, consisting of the GPR Clinic, the GPR Senior Residence "Haus am Ostpark," and the GPR Outpatient Care Team (locations in Rüsselsheim and Mainz-Oppenheim), as well as the two subsidiaries GPR Service GmbH and GPR Medizinische Versorgungszentrum gemeinnützige GmbH (MVZ) with multiple locations.

 

Contents

  • I. General Information
    • 1. Contact
    • 2. Legal Basis
    • 3. Duration of Storage
    • 4. Categories of Data Recipients
    • 5. Data Transfer to Third Countries
    • 6. Processing in connection with the exercise of your rights
    • 7. Your rights
    • 8. Right to object
    • 9. Data Protection Officer
       
  • II. Data processing on our website
    • 1. Processing of server log files
    • 2. Contact Options and Inquiries
    • 3. Job Applications
    • 4. YouTube

I. General information

1. Contact

If you have any questions or suggestions regarding this information, or if you would like to contact us to exercise your rights, please direct your inquiry to

GPR Gesundheits- und Pflegezentrum Rüsselsheim gemeinnützige GmbH
August-Bebel-Straße 59, 65428 Rüsselsheim am Main
Phone: 06142 88-4004
Email: info@~@gp-ruesselsheim.de

 

2. Legal Basis

The data protection term “personal data” refers to all information relating to an identified or identifiable individual. We process personal data in compliance with applicable data protection regulations, in particular the GDPR and the BDSG. We process data only on the basis of legal authorization. We process personal data only with your consent (Section 25(1) TTDSG or Article 6(1)(a) GDPR), to fulfill a contract to which you are a party, or at your request to take pre-contractual measures (Article 6(1)(b) GDPR), to fulfill a legal obligation (Art. 6(1)(c) GDPR), or if processing is necessary to safeguard our legitimate interests or the legitimate interests of a third party, provided that your interests or fundamental rights and freedoms requiring the protection of personal data do not override those interests (Art. 6(1)(f) GDPR).

 

3. Duration of Storage

Unless otherwise specified in the following information, we store the data only for as long as is necessary to achieve the purpose of processing or to fulfill our contractual or legal obligations. Such legal retention obligations may arise in particular from commercial or tax law provisions.

 

4. Categories of data recipients

We engage processors in the context of processing your data. The processing operations carried out by such processors include, for example, hosting, email dispatch, maintenance and support of IT systems, customer and order management, or the destruction of files and data carriers. A processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes but carry out data processing exclusively on behalf of the data controller and are contractually obligated to ensure appropriate technical and organizational measures for data protection. In addition, we may transfer your personal data to entities such as postal and delivery services, our bank, tax advisors/auditors, or the tax authorities. Further recipients may be identified in the following notices.

 

5. Data Transfer to Third Countries

Our data processing activities may involve the transfer of certain personal data to third countries, i.e., countries where the GDPR is not applicable law. Such a transfer is permissible if the European Commission has determined that an adequate level of data protection is ensured in such a third country. If no such adequacy decision by the European Commission exists, the transfer of personal data to a third country will only take place if suitable safeguards are in place pursuant to Art. 46 GDPR or if one of the conditions of Art. 49 GDPR is met.

Unless otherwise specified below, we use the EU Standard Data Protection Clauses as appropriate safeguards for the transfer of personal data to third countries. You have the option to receive a copy of these EU Standard Data Protection Clauses or to review them. Please contact us at the address listed under “Contact” for this purpose. 

If you consent to the transfer of personal data to third countries, the transfer is based on the legal basis of Article 49(1)(a) of the GDPR.

 

6. Processing in Connection with the Exercise of Your Rights

When you exercise your rights pursuant to Articles 15 through 22 of the GDPR, we process the personal data provided for the purpose of implementing these rights and to be able to provide proof thereof. We will process data stored for the purpose of providing information and preparing such information solely for this purpose and for data protection monitoring purposes, and will otherwise restrict processing in accordance with Article 18 of the GDPR.

This processing is based on the legal basis of Article 6(1)(c) of the GDPR in conjunction with Articles 15 through 22 of the GDPR and Section 34(2) of the BDSG.

 

7. Your Rights

As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:

  • Pursuant to Article 15 of the GDPR and Section 34 of the BDSG, you have the right to request information regarding whether and, if so, to what extent we process personal data relating to you.
  • You have the right, in accordance with Article 16 of the GDPR, to request that we rectify your data.
  • You have the right, in accordance with Article 17 of the GDPR and Section 35 of the BDSG, to request that we erase your personal data.
  • You have the right to have the processing of your personal data restricted in accordance with Article 18 of the GDPR.
  • You have the right, in accordance with Article 20 of the GDPR, to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format and to transmit this data to another controller.
  • If you have given us separate consent to data processing, you may revoke this consent at any time in accordance with Article 7(3) of the GDPR. Such revocation does not affect the lawfulness of processing carried out prior to the revocation based on the consent.
  • If you believe that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Article 77 of the GDPR.

 

8. Right to Object

Pursuant to Article 21(1) of the GDPR, you have the right to object to processing based on the legal grounds of Article 6(1)(e) or (f) of the GDPR for reasons arising from your particular situation. If we process personal data about you for the purpose of direct marketing, you may object to such processing pursuant to Article 21(2) and (3) of the GDPR.

 

9. Data Protection Officer

You can contact our Data Protection Officer using the following contact information:
Email: datenschutz@~@gp-ruesselsheim.de

II Data processing on our website

When you use this website, we collect information that you provide yourself. In addition, during your visit to the website, we automatically collect certain information about your use of the site. Under data protection law, an IP address is generally considered personal data. An IP address is assigned to every device connected to the internet by the internet service provider so that it can send and receive data.

 

1. Processing of Server Log Files

When you use our website for purely informational purposes, general information transmitted by your browser to our server is initially stored automatically (i.e., not via registration). By default, this includes: browser type/version, operating system used, page accessed, previously visited page (referrer URL), IP address, date and time of the server request, and HTTP status code. This processing is carried out to safeguard our legitimate interests and is based on the legal basis of Art. 6(1)(f) GDPR. This processing serves the technical administration and security of the website. The stored data is deleted after sixty days, unless there are concrete indications of a legitimate suspicion of unlawful use, in which case further examination and processing of the information is necessary for this reason. We are unable to identify you as a data subject based on the stored information. Articles 15 through 22 of the GDPR therefore do not apply pursuant to Article 11(2) of the GDPR, unless you provide additional information that enables your identification in order to exercise your rights set forth in these articles.

 

2. Contact Options and Inquiries

Our website contains contact forms through which you can send us messages. Your data is transferred in encrypted form (indicated by “https” in the browser’s address bar). All data fields marked as required are necessary to process your request. Failure to provide this information means we cannot process your request. The provision of additional data is voluntary.

Alternatively, you can also send us a message via the email addresses provided.

We process the data for the purpose of responding to your inquiry. If your inquiry relates to the conclusion or performance of a contract with us, Article 6(1)(b) of the GDPR serves as the legal basis for data processing. Otherwise, we process the data based on our legitimate interest in contacting individuals who submit inquiries. The legal basis for data processing is then Article 6(1)(f) of the GDPR.

When you provide your email address in connection with a request for an appointment, you will receive an automatically generated confirmation of receipt from us via unencrypted email. Subsequent contact to schedule the appointment is generally made by phone.

 

3. Job Applications

You have the option to apply for an open position or submit a speculative application via the “Careers” section of our website. For this purpose, we collect personal data from you, including, in particular, your name, resume, cover letter, and other content you provide. For more information on data protection in our application process, please refer to the Data Protection for Applicants section.

4. YouTube

We use the YouTube service provided by Google Ireland Limited (Ireland/EU) on our website to embed videos. For such embedding, processing of your IP address is technically necessary so that the content can be sent to your browser. Your IP address is therefore transmitted to Google, and Google may set its own cookies. 

The use of YouTube is subject to your consent in accordance with Art. 6(1)(a) GDPR.

With YouTube, the transfer of data to Google Inc. and YouTube LLC in the United States cannot be ruled out. Please refer to the information in the section “Data Transfer to Third Countries.” Users can find further information on data protection at Google in Google’s Privacy Policy at https://www.google.com/policies/privacy.

III Data processing on our social media pages

We have a company page on several social media platforms. Through these, we aim to provide additional opportunities to learn about our company and engage with us. Our company has pages on the following social media platforms:

  • Facebook
  • Instagram
  • Twitter
  • YouTube
  • Xing

When you visit or interact with a profile on a social media platform, personal data about you may be processed. The information associated with a social media profile also regularly constitutes personal data. This includes messages and statements made while using the profile. Additionally, certain information about your visit to a social media profile is often automatically collected, which may also constitute personal data.

 

1. Visiting a social media page
 

a.) Facebook and Instagram Pages

When you visit our Facebook or Instagram page, through which we present our company or individual products from our range, certain information about you is processed. The sole controller responsible for this processing of personal data is Meta Platforms Ireland Limited (Ireland/EU – “Meta”). For further information on the processing of personal data by Meta, please visit https://www.facebook.com/privacy/explanation. Meta offers the option to object to certain data processing activities; relevant information and opt-out options can be found at https://www.facebook.com/settings?tab=ads.

Meta provides us with statistics and insights in anonymized form for our Facebook and Instagram pages, which help us gain insights into the types of actions people take on our page (so-called “Page Insights”). These Page Insights are generated based on specific information about people who have visited our page. This processing of personal data is carried out by Meta and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our page and improving our page based on these insights. The legal basis for this processing is Article 6(1)(f) of the GDPR. We cannot link the information obtained through Page Insights to individual user profiles that interact with our Facebook and Instagram pages. We have entered into a joint controller agreement with Meta that defines the allocation of data protection obligations between us and Meta. Details regarding the processing of personal data for the creation of Page Insights and the agreement concluded between us and Meta can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data. With regard to this data processing, you have the option to exercise your data subject rights (see “Your Rights”) against Meta as well. Further information on this can be found in Meta’s Privacy Policy at https://www.facebook.com/privacy/explanation.

Please note that, in accordance with Meta’s privacy policy, user data is also processed in the United States or other third countries. Meta transfers user data only to countries for which an adequacy decision by the European Commission pursuant to Art. 45 GDPR exists or on the basis of appropriate safeguards pursuant to Art. 46 GDPR.

 

b.) Twitter

Twitter Inc. (USA) is generally the sole controller responsible for the processing of personal data when you visit our Twitter profile. For further information on the processing of personal data by Twitter Inc., please visit https://twitter.com/de/privacy.

 

c.) Xing

New Work SE (Germany/EU) is generally the sole controller for the processing of personal data when you visit our Xing profile. For further information on the processing of personal data by New Work SE, please visit https://privacy.xing.com/de/datenschutzerklaerung.

 

d.) YouTube

Google Ireland Limited (Ireland/EU) is generally the sole controller responsible for the processing of personal data when you visit our YouTube channel. For further information regarding the processing of personal data by YouTube or Google Ireland Limited, please visit https://policies.google.com/privacy.

 

2. Comments and Direct Messages

We also process information that you have provided to us via our company page on the respective social media platform. Such information may include the username used, contact details, or a message sent to us. We act as the sole controller for this processing. We process this data based on our legitimate interest in contacting individuals who have made inquiries. The legal basis for data processing is Article 6(1)(f) of the GDPR. Further data processing may occur if you have given your consent (Article 6(1)(a) of the GDPR) or if this is necessary to fulfill a legal obligation (Article 6(1)(c) of the GDPR).

 

IV. Video surveillance

Video surveillance is in use at various locations on the GPR Clinic grounds, including at entrances with barriers. For more information, please see our information sheet.

 

 

 

As of March 2024