The protection of your personal data and your privacy is extremely important to us. That is why we want to offer you comprehensive transparency regarding the processing of your personal data (GDPR) as well as regarding the storage of information on your device and access to information (TTDSG). Only when the processing of personal data and information is transparent to you as the data subject will you be sufficiently informed about the scope, purposes, and benefits of the processing. This privacy policy applies to all processing of personal data carried out by us, as well as to the storage of information on your end devices and access to such information. This applies both to the provision of our services and to external online presences, such as our social media fan pages.
The responsible party within the meaning of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and other data protection regulations is
Bloom Healthtech GmbH
Charlottenstraße 4
10969 Berlin
hello@ginione.de
Hereinafter referred to as "controller" or "we."
The data protection officer is
heyDataGmbH
Schützenstraße 5
10117 Berlin
datenschutz@heydata.eu
www.heydata.eu
Personal data is individual information about the personal or factual circumstances of an identified or identifiable natural person.
Examples of specific information about personal or factual circumstances include:
We process personal data within the legally permissible limits. This means that data processing operations are based on a legal basis. These are standardized in Art. 6 (1) GDPR. Most data processing is based on a legitimate interest on our part (Article 6(1)(f) GDPR), on processing operations necessary for the performance of a contract (Article 6(1)(b) GDPR), or on your consent (Article 6(1)(a) GDPR). In the latter case, you will be notified separately (e.g., via a cookie banner) about the consent process.
We only process personal data for specific purposes (Art. 5 (1) (b) GDPR). Once the purpose of processing no longer applies, your personal data will be deleted or protected by technical and organizational measures (e.g., pseudonymization).
The same applies to the expiry of a prescribed storage period, except in cases where further storage is necessary for the conclusion or fulfillment of a contract. In addition, there may be a legal obligation to store data for a longer period or to disclose it to third parties (in particular to law enforcement authorities). In other cases, the storage period and type of data collected, as well as the type of data processing, depend on which functions you use in each individual case. We will be happy to provide you with information on this in individual cases, in accordance with Art. 15 GDPR.
Data categories include the following data in particular:
In accordance with legal requirements and taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of threats to your rights and freedoms, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.
The measures include, in particular, ensuring that your data is stored and processed confidentially, with integrity, and is available at all times. Furthermore, controls on access to your data, as well as access, input, transfer, securing availability, and separation from data belonging to other natural persons are among the security measures we implement. Furthermore, we have established procedures that guarantee the exercise of data subject rights (see section 5), the deletion of data, and responses in the event of a threat to your data. We also take the protection of personal data into account during the development of our software and through procedures that comply with the principle of data protection through technology design and data protection-friendly default settings.
As part of our processing of your personal data, this data may be transferred or disclosed to other bodies, companies, legally independent organizational units, or individuals. These third parties may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks, or providers of services and content that we have integrated into our website. If we transfer or disclose your personal data to third parties, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to protect your data.
If this privacy policy states that we transfer your personal data to a third country, i.e., a country outside the EU or EEA, the following applies.
If we process your data in a third country or if the processing takes place in a third country in connection with the use of third-party services, this will only be done in accordance with the legal requirements.
Furthermore, data will generally only be transferred to third countries with your express consent. Regardless of whether this consent has been given or not, we guarantee that we have contractual or legal authorization to transfer and process your data in the third country in question. In addition, we only allow your data to be processed by service providers in third countries that, in our opinion, have a recognized level of data protection. This means that there is, for example, an adequacy decision between the EU and the country to which we transfer your personal data. An "adequacy decision" is a decision adopted by the European Commission in accordance with Article 45 of the GDPR, which determines that a third country (i.e., a country that is not bound by the GDPR) or an international organization offers an adequate level of protection for personal data. Alternatively, for example if there is no adequacy decision, a transfer to a third country will only take place if, for example, contractual obligations between us and the service provider in the third country exist in the form of so-called standard contractual clauses of the EU Commission and further technical security measures have been taken which guarantee a level of protection equivalent to that in the EU, or if the service provider in the third country has data protectioncertifications and your data is only processed in accordance with internal data protection regulations (Articles 44 to 49 GDPR. Information page of the EU Commission:https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).
According to the European Court of Justice and some data protection supervisory authorities in the federal states of Germany, there is currently no adequate level of protection for data transfers to the US. By integrating external services into our services, we have attempted to meet the highest legal and technical requirements currently possible. Nevertheless, we cannot guarantee that this will satisfy the requirements of European institutions or the German data protection supervisory authority, among others. Therefore, it remains your decision whether or not to use our services with the integrated services.
In individual cases, we are obliged to carry out an assessment of the data transfer to a third country – the so-called Transfer Impact Assessment (TIA). We have done this where we deem it necessary. We also only provide you with services where we consider the risk of third-country processing to be low and therefore consider the processing to be permissible.
Cookies are small text files that contain data from visited websites or domains and are stored on your device (computer, tablet, or smartphone). When you access a website, the cookie stored on your device sends information to the party that placed the cookie.
Our Services may set third-party cookies and allow third parties to place cookies on your device. The difference between a first-party cookie and a third-party cookie is the control over the placement of the cookie. First-party cookies are specific to the Services that created them. Their use allows us to provide an efficient service. Third-party cookies are placed on your device by third parties (i.e., not by us). Although we may allow third parties to access our services, we have no control over the information provided by the cookies. This information is processed entirely by the third parties in accordance with their respective privacy policies.
In practical terms, we distinguish between:
We want you to make an informed decision for or against the use of cookies and services that are not strictly necessary for the technical characteristics of our services. Therefore, we allow you to choose which categories of cookies and services you allow when you first visit our services via a consent banner. Necessary cookies are always active, as the website cannot function properly without them.
Statistics and marketing cookies are optional. You can consent to their use by selecting the appropriate option in the banner. Please note that even if you reject marketing cookies, you may still see advertisements, but these will be less tailored to your interests. You can continue to use the full functionality of our services.
Unless we provide you with explicit information about the storage period of cookies, you can find the exact storage period of each cookie at any time in the detailed information in our consent banner. If cookies have been set based on your consent, you can change or revoke this consent at any time. You can access our consent banner again via the icon at the bottom left of our website to adjust your settings.
The use of our services with all their functions involves the processing of personal data. We explain exactly how this works here.
Simply accessing our services for informational purposes requires the processing of the following personal data and information: browser type and version, operating system used, address of previously visited websites, address of the device you are using to access our services (IP address), and the time at which you accessed our services. All this information is automatically transmitted by your browser unless you have configured it to suppress the transmission of this information.
This personal data is processed for the purpose of ensuring the functionality and optimization of our services, as well as to guarantee the security of our information technology systems. These purposes are also legitimate interests pursuant to Art. 6 (1) (f) GDPR, meaning that the processing is carried out on legal grounds.
We process the personal data you provide us with when contacting us for the purpose of responding to your inquiry, email, or callback request. The categories of data processed in this context are master data, contact data, content data, usage data (if applicable), connection data, and contract data (if applicable). In individual cases, we forward this data to affiliated companies or third parties that we commission to process orders. The legal basis for processing depends on the purpose of the contact.
For demo bookings and contact requests from interested parties on our website, we use HubSpot (HubSpot Ireland Limited, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland) to provide the forms and manage the data you submit (e.g., name, company, email, phone number, content of your request). The processing serves to handle your inquiry, arrange or conduct the demo, and, if applicable, initiate business relationships. The legal basis for this is Art. 6 (1) (b) GDPR (your inquiry) and our legitimate interest in efficient processing in accordance with Art. 6 (1) (f) GDPR.
A data processing agreement (DPA) has been concluded with HubSpot in accordance with Art. 28 GDPR. Data may be processed by HubSpot or its subcontractors (including in third countries such as the USA, e.g., the parent company HubSpot, Inc.). Such transfers are based on appropriate safeguards, such as standard contractual clauses, supplemented by further measures where necessary (for details, see section 2.6 of this privacy policy).
Following your request, you will receive personalized emails. You can object to any further proactive contact at any time by responding to an email or by contacting us at the email address specified in section 1 or in the legal notice. Your request will then be processed immediately.
When you subscribe to our newsletter, we process the data you enter (e.g., email address, your name, your company) for the purpose of sending you information about our offers. You can subscribe as part of our social media campaigns (e.g., on LinkedIn) or directly via our website. We use Brevo (Brevo GmbH, Köpenicker Str. 126, 10179 Berlin, Germany) to send and manage our newsletter. The legal basis for this processing is your consent in accordance with Art. 6 (1) (a) GDPR, which you give by subscribing.
A data processing agreement (DPA) has been concluded with Brevo in accordance with Art. 28 GDPR. Data may be processed by Brevo or its subcontractors. Data processing takes place exclusively within the EU. Such transfers are based on appropriate safeguards, such as standard contractual clauses, supplemented by further measures where necessary (for details, see section 2.6 of this privacy policy).
You can revoke your consent to receive the newsletter at any time by using the unsubscribe link in each newsletter email or by sending us an informal email to the email address specified in section 1 or in the legal notice.
We offer various payment methods for processing payment claims. To this end, we use the payment service providers described below. We do this for the purpose of providing our services in a proper and needs-based manner. In this context, the data processed includes usage data, connection data, master data, payment data, contact data, and contract data, such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as contract, sum, and recipient-related information. This information is necessary to carry out the transactions. The data entered is only processed and stored by the payment service providers. We do not receive any account or credit card-related information, but only information about the confirmation or rejection of the payment. Under certain circumstances, your data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to verify your identity and creditworthiness. For more information, please refer to the terms and conditions and privacy policy of the payment service providers. The legal basis for the use of payment service providers is Art. 6 (1) (b) GDPR. We can only provide the services promised to you with our services and thus fulfill our contractual obligations if we use third parties, such as payment service providers, to process payment transactions. We have concluded a data processing agreement with each of the payment service providers to ensure that the security of your data is guaranteed at all times.
Stripe
If you choose a payment method offered by the payment service provider Stripe, payment processing will be handled by the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to which we will pass on the information you provided during the ordering process together with the information about your order (name, address, account number, bank code, credit card number if applicable, invoice amount, currency, and transaction number) in accordance with Art. 6 (1) (b) GDPR. For more information on Stripe's data protection policy, please visithttps://stripe.com/de/privacy#translation.
Stripe reserves the right to perform a credit check based on mathematical-statistical methods in order to protect its legitimate interest in determining the user's solvency. Stripe may transfer the personal data necessary for a credit check and obtained in the course of payment processing to selected credit agencies, which Stripe will disclose to users upon request. The credit report may contain probability values (so-called score values). Insofar as score values are included in the credit report, these are based on a scientifically recognized mathematical-statistical method. Address data, among other things, but not exclusively, is included in the calculation of the score values. Stripe uses the result of the credit check in relation to the statistical probability of default for the purpose of deciding on the eligibility to use the selected payment method.
You may object to this processing of your data at any time by sending a message to Stripe or the credit agencies commissioned.
However, Stripe may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
3.5.1. Host Kinsta
Our website is hosted by the hosting service provider Kinsta Inc. The server location for our website is in Frankfurt am Main, Germany.
As part of hosting services, Kinsta processes personal data on our behalf. This includes, in particular:
Hosting of the website, storage and evaluation of technical log files, and measures to ensure IT security (e.g., protection against attacks).
IP addresses, technical log data (e.g., browser type, operating system, access times, pages viewed).
Processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR (legitimate interest). Our legitimate interest lies in the secure, stable, and efficient provision of our website.
Kinsta has a data processing agreement (DPA) in accordance with Art. 28 GDPR. This is part of the Data Processing Addendum (DPA) provided by Kinsta and ensures that personal data is processed exclusively in accordance with our instructions and in compliance with the applicable data protection regulations.
The data is processed exclusively on servers in Germany.
3.5.1.1. WordPress content management system
We use the WordPress content management system to operate our website and provide content.
WordPress processes technically necessary data, such as your IP address, in order to deliver pages or perform security functions.
WordPress also sets technically necessary cookies that are required for the operation and display of the website. These cookies are not used for analysis or marketing purposes.
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in the modern, secure, and efficient provision of our website).
3.5.1.2. Page Builder / Theme "Breakdance"
We use the Page Builder Breakdance to design and technically implement our website.
Breakdance processes technically necessary data to display pages correctly, load scripts, and provide design elements.
Breakdance may use external services such as Google Fonts to display fonts. This involves transferring your IP address to Google servers (USA). Legal basis: Art. 6 (1) (f) GDPR.
When using this service, data may be transferred to the USA; standard contractual clauses (SCC) are used.
In addition, Breakdance can deliver individual files via a CDN or the host, e.g., CSS and JavaScript assets. In doing so, your IP address may need to be transmitted to our host's servers for technical reasons. Legal basis: Art. 6 para. 1 lit. f GDPR.
The web hosting services we use may also include the sending, receiving, and storage of emails. For these purposes, the addresses of the recipients of your emails and the senders, as well as other information relating to the sending of emails (e.g., the providers involved) and the content of the respective emails, are processed. The aforementioned data is processed for purposes including the detection of spam. Emails are generally not sent in encrypted form on the internet. As a rule, emails are encrypted during transmission, but (unless end-to-end encryption is used) not on the servers from which they are sent and received. We therefore cannot accept any responsibility for the transmission of emails between the sender and the recipient on our server. Our legal basis for using a web hosting provider to receive and send emails is Art. 6 (1) (f) GDPR (legitimate interest).
We ourselves (or our web hosting provider) collect data on every access to the server (server log files). The server log files may include the address and name of the services and files accessed, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, your operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider.
The server log files can be used for security purposes, e.g., to prevent server overload (especially in the case of malicious attacks, known as DDoS attacks), and to ensure server utilization and stability. Our legal basis for using a web hosting provider to collect access data and log files is Art. 6 (1) (f) GDPR (legitimate interest).
To ensure smooth technical operation and optimal user-friendly use of our services, we use the following services:
We use the consent management platform Cookiebot to obtain and manage your consent for the storage of and access to information on your device. The provider is Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark.
Cookiebot allows you to give informed consent to the use of technically non-essential cookies and services or to reject them. You can also change or revoke your consent at any time using a widget available on our website. Cookiebot stores your decision in a technically necessary cookie (CookieConsent) to take your preferences into account during future visits.
The legal basis for using Cookiebot to obtain the legally required consents is our legal obligation pursuant to Art. 6 (1) (c) GDPR in conjunction with § 25 TTDSG.
We use Google Tag Manager on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a support service and only processes personal data (e.g., IP address) for technical purposes. The service is used to control other services (so-called "tags") that collect data themselves. Google Tag Manager does not access this data. It is purely an administrative tool that triggers the tags we have integrated according to the rules we have defined and the consents you have given.
The legal basis for the use of Google Tag Manager is your consent in accordance with Art. 6 (1) (a) GDPR, as it is used to deliver marketing and analysis services that require consent. For more information about Google Tag Manager, please refer toGoogle's Terms of Service.
This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).
Google Analytics is used exclusively with your consent (Art. 6 (1) (a) GDPR). Data is only collected after you have given your consent via our cookie banner. No analytics cookies are set without your consent.
Google Analytics uses cookies to collect information about the use of this website. The IP address is not stored in full (IP anonymization).
Data transfer to the USA cannot be ruled out. Google is certified under the EU-US Data Privacy Framework.
You can revoke your consent at any time via the cookie settings.
Further information:https://policies.google.com/privacy
We use the "Insight Tag" from the social network LinkedIn on our website. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
The LinkedIn Insight Tag enables us to measure the effectiveness of our advertising campaigns on LinkedIn (conversion tracking), create target groups for ads based on website visitors (retargeting), and gain additional insights into the demographic characteristics of our website visitors.
Once you have consented to use, a connection to the LinkedIn servers is established. The following data may be processed: IP address, device and browser properties, timestamps, and page events (e.g., page views). This data is encrypted by LinkedIn, anonymized within seven days, and the anonymized data is deleted within 180 days. LinkedIn does not share any personal data with us, but only provides aggregated reports on target groups and ad performance.
The legal basis for the processing of your data by the LinkedIn Insight Tag is your consent pursuant to Art. 6 (1) (a) GDPR, which you give via our consent banner. You can revoke your consent at any time for the future via the settings in our consent banner.
Data may also be transferred to the USA via LinkedIn. The security of the transfer is guaranteed by standard contractual clauses of the EU Commission. Further information can be found inLinkedIn's privacy policy.
For the purpose of continuously optimizing the Google ranking of our services, we use Google Search Console, a web analysis service provided by Google. Google Search Console enables us to perform search analyses that provide us with information about how often our services appear in Google search results. This allows us to monitor and manage our services in the search index. When using Google Search Console, no personal user or tracking data is processed or transmitted to Google.
We use the HubSpot service, provided by HubSpot Ireland Limited, for our website. HubSpot helps us manage contact requests, forms, newsletter sign-ups, and automate marketing processes. When you fill out a form on our website, the data you enter (e.g., name, email address, company details) is processed by HubSpot and stored in our CRM to process your request.
After you have given your consent via our cookie banner, HubSpot also uses cookies to analyze website activity and recognize returning visitors. Technical data such as IP address, device type, visit duration, or interactions on our pages may be processed in the process.
HubSpot stores some data on servers in the United States. The EU Commission's Standard Contractual Clauses (SCC) are used as the basis for data transfer in compliance with data protection regulations.
The legal basis is Art. 6 (1) (b) GDPR (processing of inquiries), Art. 6 (1) (a) GDPR (consent to tracking), and Art. 6 (1) (f) GDPR (legitimate interest in efficient communication).
We use the "Google Marketing Platform" (and services such as "Google Ad Manager") to place ads on the Google advertising network (e.g., in search results, in videos, on websites, etc.). The Google Marketing Platform allows ads to be displayed in real time based on the presumed interests of users. This allows us to display ads in a more targeted manner, so that we only show you ads that correspond to your potential interests. The data processed is usage data and connection data. The recipient of the data is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. The legal basis for the use of Google Ad Manager is your consent in accordance with Art. 6 (1) (a) GDPR, provided that you have given us your consent when visiting our services. Cookies are stored on your device on the basis of your consent. If you have not given us your consent, we will not use Google Ad Manager when you visit our services.
We use Google Ads Conversion Tracking to measure the success of our Google Ads advertising campaigns. First, ads are placed in the Google advertising network so that they are displayed to users who are likely to be interested in the ads. We then measure the conversion of the ads. The only feedback we receive is the anonymous total number of users who clicked on our ad and were redirected to a page tagged with a "conversion tracking tag." We ourselves do not receive any information that could be used to identify users. The data processed is usage data and connection data. The recipient of the data is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. The legal basis for the use of Google Ads Conversion Tracking is your consent in accordance with Art. 6 (1) (a) GDPR, which you gave us during your visit to our services. Cookies are stored on your device on the basis of your consent. If you have not given us your consent, we do not use Google Ads Conversion Tracking during your visits to our services.
We maintain company presences on social networking websites and process personal data in this context in order to communicate with users active there or to provide information about us. Please note that when you visit our company profiles, your data may be processed outside the European Union. The operators of the respective social networks are responsible for this. A detailed description of the respective forms of processing and the options for objection (e.g., opt-out) can be found in the privacy policies of the operators of the respective social networks.
We operate a LinkedIn company presence for our company on LinkedIn. When you visit and use the LinkedIn company presence, LinkedIn may evaluate your usage behavior and share the information obtained from this with us. This information is used for the purposes of economic optimization and the needs-based design of our website/services. The categories of data processed here are master data, contact data, content data, usage data, and connection data. The recipient of the data is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, as joint controller pursuant to Art. 26 GDPR. The legal basis for processing the data in accordance with the provisions set out here results from our legitimate interest and thus from Art. 6 (1) lit. f GDPR.
In our services, we use plugins to integrate content such as videos, buttons, social media icons, etc. from social networks and other websites. This integration always works in such a way that the social networks learn and process your IP address via these plugins. The IP address is necessary for displaying the content of the plugins, as it is required so that the social networks whose plugins we have integrated can send information to your browser. Some social networks use pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" allow information such as visitor traffic to our services to be evaluated. Further information may also be stored in cookies on your device and may include technical information about your browser and operating system, the time of your visit to our services, and other information about your use of our services, which may be linked to information from other sources.
If we use external service providers to process your data, we carefully select and commission them. If the services provided by these service providers constitute order processing within the meaning of Art. 28 GDPR, the service providers are bound by our instructions and are regularly monitored. Our order processing agreements comply with the strict requirements of Art. 28 GDPR and the specifications of the German data protection authorities.
If your personal data is processed, you are a data subject within the meaning of the GDPR and, as a user, you have the following rights vis-à-vis the controller:
You may request confirmation from the controller as to whether personal data concerning you is being processed by us.
If such processing takes place, you may request the following information from the controller:
You have the right to request information about whether personal data concerning you is being transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
You have the right to request the controller to correct and/or complete your personal data if it is inaccurate or incomplete. The controller must make the correction immediately.
You may request the restriction of the processing of personal data concerning you under the following conditions:
If the processing of personal data concerning you has been restricted, such data may—apart from its storage—only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
You may request that the controller delete your personal data without delay, and the controller is obliged to delete this data without delay if one of the following reasons applies:
If the controller has made the personal data concerning you public and is obliged to delete it in accordance with Art. 17 (1) GDPR, it shall take reasonable measures, including technical measures, taking into account the available technology and implementation costs, to inform data processors who process the personal data that you, as the data subject, have requested them to erase all links to this personal data or copies or replications of this personal data.
The right to erasure does not apply if processing is necessary
If you have exercised your right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort.
You have the right to be informed by the controller about these recipients.
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that
In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another, where technically feasible. This must not adversely affect the freedoms and rights of other persons.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions.
The controller will no longer process your personal data unless they can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the option, in connection with the use of information society services, to exercise your right to object by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.
You have the right to revoke your declaration of consent under data protection law at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent prior to revocation.
The processing is lawful until you revoke your consent – the revocation therefore only affects processing after your revocation has been received. You can declare your revocation informally by mail or email. The processing of your personal data will then no longer take place, subject to permission being granted on another legal basis. If this is not the case, your data must be deleted immediately after revocation in accordance with Art. 17 (2) GDPR. Your right to revoke your consent, subject to the above conditions, is guaranteed.
Your revocation must be sent to:
Bloom Healthtech GmbH
Charlottenstraße 4
10969 Berlin
hello@ginione.de
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
Automated decisions in individual cases, including profiling, are not made.
If your personal data has been disclosed to other recipients (third parties) on legal grounds, we will notify them of any correction, deletion, or restriction of the processing of your personal data (Art. 16, Art. 17 (1), and Art. 18 GDPR). The notification obligation does not apply if it involves disproportionate effort or is impossible. We will also inform you about the recipients upon request.
