This Personal Data Protection Policy establishes the common principles and procedures of the personal data processing by the Company. In addition, it is intended to inform you about your rights to the protection of your personal data.
1. The responsible person to contact in case you have any questions:
SIBERIAN HEALTH GmbH
Tel. +49 (0)30 2840 6980
Fax +49 (0)30 2840 6978
Director: Luiza Goryanskaya
2. Principles for the Collecting and Processing of Data
We collect and use personal data that we receive as part of the establishment or performance of business relationships with customers (for example, IT service providers or other service providers whom we engage to perform our tasks) or as part of the establishment or performance of employment relationships.
In addition, we use – if it is necessary to provide the services – personal data that we have appropriately received from third parties (for example, in order to execute orders, perform contract obligations or on the basis of your consent). Namely: third-party suppliers, contractors, third parties in the procurement and purchase of materials, representatives of government agencies and organizations, tax advisers, auditors, lawyers, if necessary, third parties for claims recovery, banks.
Also, we use personal data that we legitimately obtain from public sources (for example, debtor registers, cadastral books, trade registers and associations registers, the press, the media, the Internet) and that the Company is entitled to process.
Personal data that is requested upon registration, placing an order and its processing, may include: name, address and other contact information (phone number, email address), date and place of birth, gender, citizenship, marital status, capacity, residence status (rented or own property), social insurance data, health data (including significant data in terms of social legislation) data on bank accounts, payment transactions, life insurance and pension insurance, disability insurance and the inability to work in specialty, as well as care insurance, private and public data on medical insurance, numbers of insurance contracts.
When using digital processes (for example, email correspondence, data processing through the Company's websites), the data may be processed by the contractor at the instruction of the Company under the data-processing agreements.
3. Why do we process your data (processing purpose / legal basis)?
The above-mentioned personal data are processed by the Company in accordance with the provisions of the General Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG):
a. In order to execute the contract concluded with you (Article 6, paragraph 1b, DSGVO)
The processing of personal data is carried out to execute Company's services as part of the execution of the concluded contract or preparation for the contract conclusion with you.
Processing of third parties' personal data is carried out for the execution and settlement of contractual relations with such third parties as service providers or contract partners from whom we purchase production facilities or their services required for conducting and maintaining Company's business activities; solely for the establishment, justification or performance of relevant contractual relationships.
The purpose of data processing depends on the content of each individual instruction.
The purpose may also relate to the performance of other contractual relations by third parties whose services are acquired for business activities.
b. To comply with legitimate interests (Article 6, paragraph 1f, DSGVO)
To the extent necessary, we process your data in order to comply with the terms of contracts, as well as legitimate interests of the Company or third parties. Examples:
4. Who has the access to my data?
Within the Company, the access to your data is given to departments and people who come into contact with them, who are due to necessity engaged in the fulfillment of contractual and statutory obligations. Thus, these data can also be processed by Company's service providers or implementation assistants, if such processing is required in accordance with legislative requirements.
In all other respects, we transfer your data when it is an obligatory measure provided by the current legislation, or if you gave a valid consent. The data processing contractors hired by you or the Company, also guarantee compliance with the requirements of the main EU Directive on Data Protection / Federal Law on Data Protection as much as we do. We also transfer your data if it is necessary for the performance of the contract or pre-contract actions carried out at your request, or for the fulfillment of a legal obligation, or for compliance with the Company's legitimate interests.
In these circumstances, the personal data can be received by:
5. Are the data transferred to third countries or to international organizations?
The transfer of personal data to countries outside the EU or EEC (the so-called third states) occurs only if it is provided by law, or if it is required in order to fulfill the Company's contractual obligations, or you have given the consent to such transfer, or the recipient is the so-called "recognized third state" or if the Agreement with the standard terms of the EU contract obliges to comply with the requirements of the European level of data protection, which is also applied for the orders execution.
If we work with service providers in third countries, we agree to comply with the provisions of the EU personal data protection regulations (for example, the EU standard contractual clauses).
6. How long will my data be stored?
We process and store your personal data as much as it is required for fulfillment of the Company's obligations in accordance with the contract and applicable law. The storage period may vary depending on the type of obligation under the contract. For example, in the case of long-term contractual relationships, the personal data will be stored during the entire period of such relationships. In this regard, the storage period ends only after termination of long-term contractual relations.
If the data are no longer required to fulfill obligations under contracts or the law, they are deleted, except when they are needed – if necessary limited in time – further processing for the following purposes:
– Compliance with the terms of storage for trade and tax legislation under the Commercial Code (HGB), the Regulations on taxes and fees (AO), if applicable – the anti-money laundering law and the legislative requirements in the field of social insurance. The prescribed storage periods for documentation are from 2 to 10 years.
– The preservation of evidences and documentation for protection against liability and compliance with legal requirements within the requirements of the limitation of actions. According to §§ 196 and onwards the German Civil Code (BGB), these limitation periods may be up to 30 years, with 3 years for a common limitation of actions.
7. What data protection rights do I have?
As an interested party (that is, a person whose data is processed), you are entitled to:
– obtain information according to art. 15 DSGVO
– correct information according to art. 16 DSGVO
– delete information according to art. 17 DSGVO
– limit the processing according to art. 18 DSGVO
– objection according to Art. 21 DSGVO
– transfer data according to art. 20 DSGVO
– submit a complaint to the data protection supervision authorities (Article 77 DSGVO in conjunction with § 19BDSG)
However, the right to receive and delete information is subject to restrictions in accordance with §§ 34 and 35 of the BDSG.
You have right to withdraw your consent to the processing of your personal data at any moment. It also applies to the notice of consent provided to the Company before the General Regulation on Data Protection (DSGVO) enters into effect that is until 25.05.2018. The withdrawal is applicable to exclusively future processing. The withdrawal of consent shall not affect the lawfulness of processing that was realized by the Company before the withdrawal.
8. Do you use profiling (automated processing of personal data)?
We have made a principled decision not to use fully automatic systems for processing personal data in accordance with Article 22 of the DSGVO. If we use such techniques in individual cases, we will notify you separately if this is required by applicable law.