top of page

Datenschutzerklärung

The German version was translated using Google translate

1. Introduction

The protection of your personal data is our highest priority. This privacy policy explains the nature, scope, and purpose of the processing of personal data (hereinafter referred to as "data") in connection with the online offering. This includes the associated website, functions, and content, as well as external online presences, such as social media profiles (hereinafter collectively referred to as "online offering"). Your personal data will be treated confidentially and strictly in accordance with statutory data protection regulations and the provisions of this privacy policy. General information This privacy policy provides you with a comprehensive overview of what happens to your personal data when you visit this website. Personal data is all information that can be used to personally identify you. Detailed information on data protection can be found in this complete privacy policy. Responsible party Data processing on this website is carried out by the website operator. The contact details of the responsible party can be found in the "Responsible Party" section of this privacy policy. Collection of your data Personal data is collected, on the one hand, when you actively provide it, e.g., by filling out a contact form. Other data is collected automatically or with your consent when you visit the website by the controller's IT systems. This primarily concerns technical data (e.g., internet browser, operating system, or time of page access). This data collection occurs automatically as soon as you access the website. Use of your data Some of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior in order to optimize the service and adapt it to your needs. Data transfer to external parties In the course of the controller's business activities, it may be necessary to transfer personal data to external parties. This transfer only takes place under certain conditions: if the transfer is necessary to fulfill a contract, if there is a legal obligation, for example, to tax authorities, if there is a legitimate interest pursuant to Art. 6 (1) (f) GDPR, or if another legal basis permits the data transfer. When external service providers are used for data processing, personal data is transferred exclusively on the basis of a valid contract for order processing in accordance with Art. 28 GDPR. If data is processed jointly with other parties, a contract for joint processing is concluded in accordance with Art. 26 GDPR. Revocation of consent to data processing Certain data processing operations can only take place with your express consent. This consent can be revoked at any time. The legality of the data processing carried out up to the time of revocation remains unaffected by the revocation. Right to object to specific data processing and advertising measures (Art. 21 GDPR) If your personal data is processed on the basis of Art. 6 (1) (e) or (f) GDPR, you have the right to object to this processing at any time, provided you have reasons arising from your particular situation. This also applies to profiling based on these provisions. The specific legal basis for data processing can be found in this privacy policy. If you object, the controller will no longer process your personal data unless compelling legitimate grounds can be demonstrated that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims (objection pursuant to Art. 21 (1) GDPR). If your personal data is used for direct marketing purposes, you have the right to object to this processing at any time. This also applies to profiling if it is related to direct marketing. Following your objection, the controller will no longer use your personal data for these advertising purposes (objection pursuant to Art. 21 (2) GDPR). Rights under the General Data Protection Regulation You have the right to lodge a complaint with a competent supervisory authority in the event of violations of the GDPR. This right can be exercised, in particular, in the Member State of your habitual residence, place of work, or place of the alleged infringement. Other administrative or judicial remedies remain unaffected.

Personal data that is processed automatically based on consent or to fulfill a contract can be requested in a structured, common, and machine-readable format. Upon request, this data can also be transmitted directly to another controller, provided this is technically feasible. Every data subject has the right to receive information about their stored personal data, its origin, recipients, and the purpose of the data processing free of charge. Furthermore, they have the right to have this data rectified or erased, provided this is permitted by law. If they have further questions or concerns regarding personal data, they can contact the controller at any time. They have the right to request the restriction of the processing of personal data if the accuracy of the data is contested and verification is pending. Even in the case of unlawful processing, they can request restriction of data processing instead of erasure. Furthermore, they can request restriction of processing if the data is no longer needed but is required to assert, exercise, or defend legal claims. If you object to processing pursuant to Art. 21 (1) GDPR, you also have the right to restriction of processing until it has been clarified whose interests prevail. If the processing of personal data is restricted, it may, with the exception of storage, only be processed with the consent of the data subject or for the establishment, exercise, or defense of legal claims, to protect the rights of other natural or legal persons, or for reasons of important public interest of the EU or a Member State.


2. Responsible Party

The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is: Stephanie Schreiber Address: Jelinstr. 39, 70567 Stuttgart Website: www.stephysio.com Email: info@stephysio.com Telephone: +49 17657772992

 

3. Processors

We collaborate with various processors who process data on our behalf. These service providers are contractually obligated to treat the data confidentially and to use it exclusively within the scope of the respective service. In addition, there are cases in which responsibility for data processing is shared with other parties. In such cases, responsibilities are transparently regulated and documented to ensure compliance with data protection requirements.

 

4. Definitions

To ensure the transparency of this privacy policy and to make it understandable for everyone, this policy primarily uses terms that are also defined in the General Data Protection Regulation (GDPR). The complete legal definitions can be found in Art. 4 GDPR. The most important terms used in this privacy policy are explained below: Personal data: This includes all information relating to an identified or identifiable natural person (hereinafter "data subject"). A person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., a cookie), or one or more specific factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person. Processing: This term covers any action or set of actions performed on personal data, whether or not by automated means. This may include collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, comparing or linking, restricting, erasing, or destroying data. Controller: This is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, decides on the purposes and means of the processing of personal data. Processor: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller. Consent: Any freely given, specific, informed, and unambiguous indication of the data subject's wishes in the form of a statement or other unambiguous affirmative action by which they signify their agreement to the processing of personal data concerning them. Website: The website refers to the entire internet offering provided by the controller at a specific URL. This includes all content, information, functions, and services published by the controller that are made available to the user via this URL. The website serves as a digital platform for the provision of information, services, and interaction between the controller and users. End Device: An end device is an electronic device capable of accessing the internet and loading web pages. This includes computers, laptops, tablets, and smartphones. These definitions help you better understand the privacy policy and the meaning of the terms used.

5. Hosting

This website is hosted on the servers of an external service provider to ensure reliable and secure use of this online service. Data processing by the hosting provider is carried out in accordance with Art. 6 (1) (f) GDPR, as the controller has a legitimate interest in providing a stable and secure website. Should it be necessary to obtain the user's consent (for example, for the use of certain cookies or tracking technologies), data processing is based on the user's consent in accordance with Art. 6 (1) (a) GDPR and Section 25 (1) TTDSG. You can revoke your consent at any time with future effect. The hosting provider is: Wix.com Ltd. 40 Namal Tel Aviv Street, Tel Aviv, 6350671 Israel Details regarding data processing and data protection can be found in the hosting provider's privacy policy. You can find these here: https://de.wix.com/about/privacy

 

6. Legal Basis for Data Processing

The processing of your personal data is based on the General Data Protection Regulation (GDPR) and other relevant legal provisions. Different legal bases apply depending on the purpose of the data processing. If you have consented to the processing of your personal data, this is done on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. This applies in particular to the processing of special categories of personal data in accordance with Art. 9 (2) (a) GDPR and to the transfer of personal data to third countries in accordance with Art. 49 (1) (a) GDPR. Your consent can be revoked at any time. The processing of your data may be necessary to fulfill a contract or to take steps prior to entering into a contract and, in this case, is based on Art. 6 (1) (b) GDPR. Furthermore, processing may be necessary to comply with legal obligations, which then occurs in accordance with Art. 6 (1) (c) GDPR. In certain cases, processing is carried out to protect the legitimate interests of the controller or a third party, unless your interests or fundamental rights and freedoms prevail. This processing is based on Art. 6 (1) (f) GDPR. For certain processing operations, national regulations may also apply, such as Section 25 of the German Telemedia Act (TTDSG) regarding the storage of cookies or access to information on your device. The applicable legal bases are explained in detail in the specific sections of this privacy policy. If your data is necessary to fulfill a contract or to carry out pre-contractual measures, your data will be processed on the basis of Art. 6 (1) (b) GDPR. To fulfill a legal obligation, data processing is based on Art. 6 (1) (c) GDPR. Furthermore, data processing may be based on legitimate interests pursuant to Art. 6 (1) (f) GDPR. The specific legal bases in each individual case are explained in the following sections of this privacy policy.

 

7. Data transfer to unsafe third countries and non-DPF-certified US companies

If this website uses tools from companies based in third countries with unsafe data protection laws, or if US tools are used whose providers are not certified under the EU-US Data Privacy Framework (DPF), your personal data may be transferred to these countries and processed there. Please note that a level of data protection equivalent to that of the EU cannot be guaranteed in third countries with unsafe data protection laws. For the USA, as an unsafe third country, a level of data protection comparable to that of the EU is generally not guaranteed. Data transfer to the USA is therefore only permitted if the recipient is either certified under the EU-US Data Privacy Framework (DPF) or has appropriate additional guarantees. Detailed information on possible transfers to third countries, including the data recipients, can be found in this Privacy Policy.


8. Storage Period

Unless a more specific storage period is specified in this Privacy Policy, personal data will remain with the controller until the purpose for which it was processed no longer applies. If a legitimate request for deletion is made or consent to data processing is revoked, the data in question will be deleted unless other legally permissible reasons for storing the personal data exist (e.g., retention periods under tax or commercial law). In these cases, deletion will occur once these reasons no longer apply. The controller will only store personal data for as long as necessary to fulfill the respective purposes for which the data was collected. This includes, in particular, the fulfillment of contractual obligations, compliance with statutory retention periods, and the protection of the controller's legitimate interests, such as IT security and protection against misuse. If the processing of personal data is based on consent, the data will be stored until this consent is revoked by the data subject. Such revocation is possible at any time with future effect. The data will then be deleted immediately, unless there are statutory retention obligations or other overriding legal reasons that require continued storage. In summary, personal data will be deleted once the purpose has been fulfilled or the legal basis for storage no longer applies, unless legal obligations or legitimate interests continue to exist that justify continued storage.

 

9. Security Measures and Data Minimization

Comprehensive technical and organizational measures are taken to effectively protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access. Care is taken to ensure that only the data absolutely necessary for the respective purpose is collected and processed. This data minimization strategy helps to significantly reduce the risk of misuse and unauthorized access. Security measures are continuously adapted to the state of the art to ensure that your data is permanently protected at a high level.

 

10. Storage of User Information in Log Files

Each time you access the website, general information is automatically collected and transmitted by your browser to the server. This information is stored in so-called log files and typically includes: a) IP address of the requesting computer b) Date and time of access c) Name and URL of the retrieved file d) Website from which access is made (referrer URL) e) Browser used and user agent string f) Operating system g) Name of your access provider h) HTTP status code This data is stored for security reasons, to ensure a smooth connection to the website, for convenient use of the website, to evaluate system security and stability, and for other administrative purposes. The legal basis for data processing is Art. 6 (1) (f) GDPR. The legitimate interest arises from the stated purposes for data collection. Under no circumstances will the collected data be used to draw conclusions about you personally. The stored data will be anonymized or deleted unless there are legal retention obligations.


11. Cookies

This website uses cookies. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit the site. Cookies do not cause any damage to your device and do not contain viruses, Trojans, or other malware. Information is stored in the cookie that is related to the specific device used. However, this does not mean that the controller thereby directly obtains knowledge of your identity. The use of cookies serves, on the one hand, to make using the service more pleasant for you. For example, the controller uses so-called session cookies to recognize that you have already visited individual pages of the website. These are automatically deleted after you leave the site. In addition, the controller also uses temporary cookies to optimize user-friendliness, which are stored on your device for a specific period of time. If you visit the site again to use the services, it will automatically recognize that you have already been there and which entries and settings you have made so that you do not have to enter them again. On the other hand, the controller uses cookies to statistically record website usage and evaluate it for the purpose of optimizing the service for you. These cookies enable the controller to automatically recognize that you have already been there when you visit the site again. These cookies are automatically deleted after a defined period of time. The data processed by cookies are necessary for the aforementioned purposes to protect the legitimate interests of the controller and third parties in accordance with Art. 6 (1) (f) GDPR. Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a warning always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all of the website's functions.

 

12. Use of the contact form

For questions of any kind, you can contact the controller using a form provided on this website. In order to know who sent the inquiry and to be able to answer it, the following information is required: first name, last name, email address, telephone number. Data processing for the purpose of contacting the controller is carried out in accordance with Art. 6 (1) (a) GDPR on the basis of your voluntarily granted consent. The personal data collected for the use of the contact form is regularly deleted after the inquiry has been processed.

​

13. Inquiries by email or telephone

You can send inquiries to the controller by email or telephone. The personal data transmitted in this way (e.g., name, email address, telephone number, and the inquiry itself) will be processed and stored by the controller exclusively for the purpose of processing the inquiry and any follow-up questions. The legal basis for this data processing is Art. 6 (1) (b) GDPR, as the processing is necessary to fulfill a contract or to take steps prior to entering into a contract. If the processing is not related to a contract, it is based on Art. 6 (1) (f) GDPR, as the controller has a legitimate interest in processing and responding to inquiries.


14. Inquiries via WhatsApp

You have the option of sending inquiries to the controller via WhatsApp. Please note that WhatsApp stores the transmitted data on servers in the USA. Therefore, no sensitive information should be transmitted via this channel. The personal data you submit (e.g., name, telephone number, and the inquiry itself) will be processed and stored by the controller exclusively for the purpose of processing your inquiry and any follow-up questions. The legal basis for this data processing is Art. 6 (1) (b) GDPR, as the processing is necessary to fulfill a contract or to implement pre-contractual measures. If the processing is not related to a contract, it is based on Art. 6 (1) (f) GDPR, as the controller has a legitimate interest in processing and responding to inquiries. Additional information on the processing of your personal data by WhatsApp can be found in their privacy policy at: https://www.whatsapp.com/legal/.

 

15. Prohibition of sending advertising emails

The use of the contact details published in the imprint to send unsolicited advertising and information materials is hereby prohibited. Any unauthorized use of contact details for advertising purposes constitutes a violation of the rights of the operator of this website and will not be tolerated. The operator of this website expressly reserves the right to take legal action in the event of violations, particularly in the case of unsolicited sending of advertising information such as spam emails. Sending to existing customers without consent Newsletters will be sent to existing customers even without their express consent under certain conditions. This is permitted under Art. 6 (1) (f) GDPR if the following conditions are met: a) Existing customer status: The customer has provided their email address in connection with the sale of a product or service. b) Direct advertising for our own similar products or services: The newsletter only contains advertising for our own similar products or services. c) Notice of right of objection: The customer was clearly informed when the email address was collected and in each newsletter that they can object to the use of their email address at any time without incurring any costs other than the transmission costs according to the basic rates. d) No objection by the customer: The customer has not objected to the use of their email address. This type of newsletter distribution is based on the legitimate interest of the controller to inform existing customers about similar products or services and to maintain the business relationship. The data is processed in accordance with Art. 6 (1) (f) GDPR. Customers can, of course, object to the use of their email address for this purpose at any time. To do so, simply send an informal email to the controller or use the "unsubscribe" link in the respective newsletter.

© 2024 by Stephanie Schreiber

bottom of page