ARISTRA GmbH

Privacy policy

aristra.com
aristra.de
aristra.ch
aristra.nl
Table of contents

1. General information

For us, ARISTRA GmbH (in short "ARISTRA") as the responsible party under data protection law, the secure and transparent handling of your personal data is an important concern.

We hereby inform you about the collection and processing of your personal data (all information that directly or indirectly relates to you/identifies you or makes you identifiable) in the course of your visit to our website.

2. Data processing

We collect and process your personal data exclusively for the following purposes and in accordance with the GDPR (German: DSGVO).

2.1 Visit on our website

As soon as you open our website, we collect and store personal data (for example traffic data, such as internet browser version, time of request, IP address) in website protocol and log files that your internet browser automatically transmits to us. The legal basis for this processing is our overriding legitimate interest (Art. 6 paragraph 1 lit f DSGVO) in the form of the security and protection of our website, the evaluation of visitor statistics, and the optimisation of our website in connection with system performance, user-friendliness, and the provision of useful information about our products and services.

We do not combine this personal data with other personal data sources. However, we reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use.

There are also no fully automated evaluations. There is therefore no automated decision-making including profiling in accordance with Art. 22 DSGVO.

2.2 Cookies and social media plugins

Cookies are small text files that store and/or read various information on your computer when you visit our website. Necessary cookies are required and necessary for the operation of our website. We use all other cookies (non-essential cookies) to make our website more user-friendly, effective and secure, as well as to carry out statistical visitor evaluations and to better promote our products and services. In addition, we use cookies to recognise our website visitors and to enable related comfort features of our website.

Social media plugins from various social media providers (Facebook, Instagram, LinkedIn, etc.) allow content such as buttons, photos, links or videos, as well as a preview of content, to be displayed or embedded directly on our website. This allows visitors to our website to share displayed or embedded content within their networks, making it easier for their networks to become aware of our website as well as our social media channels. Insofar as you access this content, cookies of the social media providers that are not necessary are sometimes stored on your computer and data is transmitted to the respective social media provider, stored and processed. Social media plugins and non-essential cookies are subsequently collectively referred to as "non-essential cookies".

The legal basis for processing non-essential cookies is your voluntary consent (Art. 6 para. 1 lit. a DSGVO) by selecting the respective categories in our cookie banner and subsequent confirmation with "Allow selection" when calling up our website. Supplementary information on the non-essential cookies used by us (see cookie banner when calling up the website) can be found here:
Cookie Settings

2.2.1 Borlabs Cookie

We use a cookie set by us on our website to check whether the cookie pop-up for consent has already been displayed to you and to recognize your selected setting. In doing so, we only store your IP address and the information on whether the cookie pop-up is deactivated for you or not. We delete this cookie after 12 months.

2.2.2 AB Split Tests

We use cookies set by us on our website to optimally adapt our website's presentation and content to the user's needs. No data that can identify users is stored. No further data processing, merging with other user data, or transfer to third parties occurs. This cookie is deleted after 12 months.

2.2.3 Google

We use several cookies from Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA or, if you are a resident of the EU, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) on our website. YouTube is a Google company.
Analytics
"Google Analytics" cookies are used to analyze interaction with the website. Google Analytics collects data about the apps, browsers, and devices you use when accessing our website. This data also includes unique identifiers, the type, and settings of the browser, the type, and settings of the device, the operating system, information about the mobile network such as the name of the mobile provider and the telephone number, and the version number of the app.

YouTube

Cookies set by YouTube collect data to track user preferences for embedded YouTube videos. It may also collect whether the website visitor is using a new or old version of the YouTube interface. We use YouTube on our website to display and play content from YouTube on our website and to make it easier for you to share or bookmark content.
The information generated by Google cookies about your use of the website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymisation is activated on this website, your IP address will, however, be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Under the terms of the commissioned data agreement that we have concluded with Google Inc., the latter uses the information collected to compile an evaluation of website use and website activity and provides services associated with internet use.

You can use a browser plug-in to prevent the information collected by cookies (including your IP address) from being sent to and used by Google Inc. The following link will take you to the corresponding plugin:
GA OptOut (External Link)
Your personal data will be deleted or anonymized after 12 months.

For further information on data use and data processing by Google, setting and objection options, please refer to Google's data protection information:
The US Foreign Intelligence Surveillance Act (FIS Act) and other US laws provide that, among other things, US telecommunications companies and US internet service providers are obliged to provide information to the US authorities without a court order, which means that surveillance of users abroad (such as in the EU) is also possible. In the USA, there is therefore no effective protection of fundamental rights comparable to the European fundamental right to privacy. As a US company, Google is subject to these legal regulations.

2.2.4 Vimeo

We use cookies from Vimeo (Vimeo, Inc, 555 West 18th Street, New York, New York 10011, USA) on our website. Cookies from Vimeo collect data to track user preferences for Vimeo videos embedded in websites and store information such as the volume selected or the time of playback. We use Vimeo on our website to display and play content from Vimeo on our website and to make it easier for you to share or bookmark content. You can find more information on data use and data processing on Vimeo at:
Vimeo Privacy Policy (External Link)
The US Foreign Intelligence Surveillance Act (FIS Act) and other US laws provide that, among other things, US telecommunications companies and US internet service providers are obliged to provide information to the US authorities without a court order, which means that surveillance of users abroad (such as in the EU) is also possible. In the USA, there is therefore no effective protection of fundamental rights comparable to the European fundamental right to privacy. As a US company, Vimeo is subject to these legal regulations.

2.2.5 Polylang

We use the Polylang plugin to make our website available in different languages. Polylang uses cookies to save user preferences and thus display the desired page.
No personal data is transferred to Polylang. You can find more information about Polylang's data processing here:
Polylang Privacy Policy (External Link)

2.3 Social media channels

Our website uses various social media channels so that you can also follow us via these channels and share content within your network. Below you will find information about the social media channels we use. Regardless of the legal basis for the creation of the respective accounts on the various social media channels and processing by the social media channels, we process the data mentioned below based on our overriding legitimate interest (Art. 6 para. 1 lit. f DSGVO), which lies in increasing our marketing reach or our level of awareness.

2.3.1 Facebook

We use Facebook (Facebook Inc. 1601 S. California Ave, Palo Alto, CA 94304, USA or, if you are a resident of the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) to increase our reach and thus better reach potential customers and interested parties and to facilitate the sharing or bookmarking of content. Facebook provides us with so-called page insights as part of the ARISTRA pages on Facebook. With the help of this information, we obtain insights into how you interact with our pages and linked content. As we collect this data jointly with Facebook, we are jointly responsible with Facebook for the collection of this data. For an overview of the agreement we have with Facebook, please refer to:
Facebook Page Controller Addendum (External Link)
In this context, Facebook assumes the obligations under the GDPR for processing of Insight Data (including Articles 12 and 13 GDPR, Articles 15 to 21 GDPR, and Articles 33 and 34 GDPR). For more information on data use or data processing by Facebook, please see:
Facebook Privacy Policy (External Link)
The US Foreign Intelligence Surveillance Act (FIS Act) and other US laws provide that, among other things, US telecommunications companies and US internet service providers are obliged to provide information to the US authorities without a court order, which means that surveillance of users abroad (such as in the EU) is also possible. In the USA, there is therefore no effective protection of fundamental rights comparable to the European fundamental right to privacy. Facebook as a US company is subject to these legal regulations.

2.3.2 Instagram

We use Instagram (Facebook Inc. 1601 S. California Ave, Palo Alto, CA 94304, USA or if you are an EU resident, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland), which is part of the Facebook group of companies, to increase our reach and thus better reach potential customers and interested parties and to facilitate the sharing or bookmarking of content. Instagram provides us with so-called page insights as part of the Aristra pages on Instagram. With the help of this information, we obtain insights into how you interact with our pages and linked content. As with Facebook (see point 3.3.1.), we are also jointly responsible for the collection of this data in the case of Instagram use. In this context, Facebook assumes the obligations under the GDPR for the processing of Insight Data (including Articles 12 and 13 GDPR, Articles 15 to 21 GDPR, Articles 33 and 34 GDPR). Further information on data use or data processing by Instagram can be found at:
Instagram Privacy Policy (External Link)
The US Foreign Intelligence Surveillance Act (FIS Act) and other US laws provide that, among other things, US telecommunications companies and US internet service providers are obliged to provide information to the US authorities without a court order, which means that surveillance of users abroad (such as in the EU) is also possible. In the USA, there is therefore no effective protection of fundamental rights comparable to the European fundamental right to privacy. As a US company, Instagram is subject to these legal regulations.

2.3.3 LinkedIn

We use LinkedIn (LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA or if you are an EU resident, LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland) to increase our reach and thus better reach potential customers and interested parties and to facilitate the sharing or bookmarking of content. LinkedIn provides us with so-called page insights as part of the ARISTRA pages on LinkedIn. This information provides us with insights into how you interact with our pages and related content. As we collect this data jointly with LinkedIn, we are jointly responsible with LinkedIn for the collection of this data. For an overview of the agreement we have entered into with LinkedIn, please visit: https://legal.linkedin.com/pages-joint-controller-addendum. In this context, LinkedIn assumes the obligations under the GDPR for the processing of Insight Data (including Articles 12 to 22 and 32 to 34 GDPR). Further information on data use and data processing by LinkedIn can be found at:
LinkedIn Privacy Policy (External Link)
The US Foreign Intelligence Surveillance Act (FIS Act) and other US laws provide that, among other things, US telecommunications companies and US internet service providers are obliged to provide information to the US authorities without a court order, which means that surveillance of users abroad (such as in the EU) is also possible. In the USA, there is therefore no effective protection of fundamental rights comparable to the European fundamental right to privacy. LinkedIn as a US company is subject to these legal regulations.

2.3.4 Vimeo

We use Vimeo (Vimeo, Inc, 555 West 18th Street, New York, New York 10011, USA) to increase our reach and thus better reach potential customers and interested parties and to facilitate the sharing or bookmarking of content. Vimeo provides us with so-called page insights as part of the ARISTRA pages on Vimeo. This information provides us with insights into how you interact with our pages and related content. Because we collect this information jointly with Vimeo, we are jointly responsible with Vimeo for the collection of this information. Vimeo does not currently provide an Art 26 GDPR agreement. For more information on data use or data processing by Vimeo, please see:
Vimeo Privacy Policy (External Link)
The US Foreign Intelligence Surveillance Act (FIS Act) and other US laws provide that, among other things, US telecommunications companies and US internet service providers are obliged to provide information to the US authorities without a court order, which means that surveillance of users abroad (such as in the EU) is also possible. In the USA, there is therefore no effective protection of fundamental rights comparable to the European fundamental right to privacy. As a US company, Vimeo is subject to these legal regulations.

2.3.5 YouTube

We use YouTube (Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA or, if you are a resident of the EU, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), as part of the Google group of companies, to increase our reach and thus better reach potential customers and interested parties and to facilitate the sharing or bookmarking of content. YouTube provides us with so-called page insights as part of the ARISTRA pages on YouTube. This information provides us with insights into how you interact with our pages and related content. As we collect this data jointly with YouTube, we are jointly responsible with YouTube for the collection of this data. YouTube does not currently provide an Art 26 DSGVO agreement. For more information on data use or data processing by YouTube, please see:
YouTube Privacy Policy (External Link)
The US Foreign Intelligence Surveillance Act (FIS Act) and other US laws provide that, among other things, US telecommunications companies and US internet service providers are obliged to provide information to the US authorities without a court order, which means that surveillance of users abroad (such as in the EU) is also possible. In the USA, there is therefore no effective protection of fundamental rights comparable to the European fundamental right to privacy. As a US company, Google is subject to these legal regulations.

2.3.6 Twitter

We use Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 USA) to increase our reach and thus better reach potential customers and interested parties and to facilitate the sharing or bookmarking of content. Twitter provides us with so-called page insights as part of the ARISTRA pages on Twitter. With the help of this information, we obtain insights into how you interact with our pages and with the linked content. As we collect this data jointly with Twitter, we are jointly responsible with Twitter for the collection of this data. Twitter does not currently provide an Art 26 GDPR agreement. For more information on data use or data processing by Twitter, please see:
Twitter Privacy Policy (External Link)
The US Foreign Intelligence Surveillance Act (FIS Act) and other US laws provide that, among other things, US telecommunications companies and US internet service providers are obliged to provide information to the US authorities without a court order, which means that surveillance of users abroad (such as in the EU) is also possible. In the USA, there is therefore no effective protection of fundamental rights comparable to the European fundamental right to privacy. As a US company, Twitter is subject to these legal regulations.

2.4 General contact forms

If you contact us via one of the forms on our website, we process your personal data (contact details; all information you provide in the fields) to process the request. The legal basis for this processing is pre-contractual measures (Art. 6 para. 1 lit. b DSGVO).

2.5 Appointment forms

If you make an appointment via the patient form on our website, we process your personal data (contact details of the patient and/or doctor, patient and examination data; as well as all information you provide in the free text fields) to process and coordinate the request or to make an appointment. The legal basis for this processing is pre-contractual measures (Art. 6 para. 1 lit. b in conjunction with Art. 9 para. 2 lit h in conjunction with Art. 9 para. 3 DSGVO). The contact details are also used to confirm appointments via email, SMS, or telephone as well as to remind you of the respective appointment before it takes place.

If you make an appointment via our website, we process your personal data (doctor/patient, contact details; any information Sue provides to us in the comments field) to process the appointment request. In principle, we do not pass on the data from your appointment request to anyone, but under certain circumstances, if this is necessary for the execution of the appointment, to medneo GmbH, Hausvogteiplatz 12, 10117 Berlin, Germany (www.medneo.com) as the operator of the respective diagnostic center. The legal basis for this processing is pre-contractual measures (Art 6 para 1 lit b DSGVO).

2.6 ProvenExpert

We have integrated rating seals from ProvenExpert on this website. The provider is Expert Systems AG, Quedlinburger Str. 1, 10589 Berlin, Germany.
www.provenexpert.com
The ProvenExpert seal enables us to display customer ratings submitted to ProvenExpert about our company in a seal on our website. When you visit our website, a connection is established with ProvenExpert so that ProvenExpert can determine that you have visited our website. ProvenExpert also collects your language preferences to display the seal in your chosen language.

The use of ProvenExpert is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in displaying customer reviews as comprehensibly as possible. If a corresponding consent has been requested, the processing is carried out exclusively based on Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The visitor can revoke the consent at any time.

3. Transfer of data to third parties

The processing of personal data collected in the course of website use may be carried out by our processors. These processors are in particular IT service providers, software solution providers, and similar providers. We have concluded a processor agreement with each of our processors under Art 28 DSGVO.

Especially in connection with our social media channels, the processing is also carried out by the providers of these channels. Please refer to the information on the respective providers in point 2.3.

4. Duration of storage

Your personal data will only be stored for as long as necessary to fulfill the purposes outlined above and our contractual or legal obligations. As soon as we no longer need your personal data, we will irrevocably delete it or make it anonymous (so that it is irretrievably impossible to trace it back to you). Insofar as we process your data based on your consent, this will be done until you revoke it, whereby the revocation of your consent will not affect the lawfulness of the processing carried out based on the consent until revocation.

5. Data protection

We protect your personal data by taking appropriate organizational and technical precautions. These precautions relate in particular to protection against unauthorized, illegal, or even accidental access, processing, loss, use, and manipulation.

6. Your rights (data subject rights)

As a visitor to our website, you have the right at any time to request information about your personal data stored by us, its origin, any recipients, and the purpose of data processing, correction, data transmission, restriction of processing, blocking, or deletion of incorrect or unlawfully processed personal data, as well as to object to the lawfulness of the processing. In addition, you have the right to complain to the competent data protection supervisory authority.

If we process personal data based on your voluntarily given consent, you can revoke this consent at any time, whereby the lawfulness of the data processing up to that point remains unaffected.

The provision of your personal data is neither legally nor contractually required. Automated decision-making including profiling does not take place.

7. Contact details

Responsible under data protection law:
ARISTRA GmbH
www.aristra.de
Bornholmerstraße 90
10439 Berlin
Germany

Data Protection Officer:
RA Mag. Sascha Jung, LL.M. LL.M.
Jank Weiler Operenyi Rechtsanwälte GmbH | Deloitte Legal
Schottengasse 1
A-1010 Wien
Austria
E-Mail: