sober means trusting its customers a lotThat's why we respect everyone's privacy - and protect it with strong encryption technology and strict guidelines for handling all dataIn order to make the handling of our website, the shop and other offers as easy as possible, we store data ourselves or transmit it to companies with which we work
This website explains how we handle our customers' personal data, which we query and which we do not and why we do this
Basically, the sober care GmbH website can be used without providing any personal dataIf a data subject wishes to use our company's special services via our website, processing of personal data may be necessaryIf the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.
The processing of personal data, for example the name, address, email address or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to sober care GmbHWith this data protection declaration, our company would like to inform the public about the type, scope and purpose of the personal data we collect, use and processFurthermore, data subjects are informed about their rights by means of this data protection declaration.
The data protection declaration of sober care GmbH is based on the terminology used by the European directors and regulators when issuing the General Data Protection Regulation (GDPR)Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partnersTo ensure this, we would like to explain the terms used in advance.
We use the following terms in this data protection declaration:
• a) personal data
Personal data is all information that relates to an identified or identifiable natural person (hereinafter "data subject")A natural person is considered to be identifiable if, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics, the expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person can be identified.
• b) data subject
Affected person is any identified or identifiable natural person whose personal data are processed by the controller.
• c) processing
Processing is any operation or series of operations carried out with or without the help of automated processes in connection with personal data such as the collection, collection, organization, organization, storage, adaptation or modification, reading, querying, use, the disclosure by transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.
• d) restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.
• e) Profiling
Profiling is any type of automated processing of personal data, which consists in the fact that this personal data is used to evaluate certain personal aspects that relate to a natural person, in particular to aspects related to work performance, economic situation, health, personal Analyze or predict the preferences, interests, reliability, behavior, location or relocation of this natural person.
• f) pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.
• g) Controller or controller
The person responsible or responsible for processing is the natural or legal person, public authority, agency or other body that alone or together with others decides on the purposes and means of processing personal dataIf the purposes and means of this processing are specified by Union law or the law of the Member States, the person responsible or the specific criteria for his naming can be provided according to Union law or the law of the Member States.
• h) processor
The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the person responsible.
• i) Receiver
The recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, regardless of whether it is a third party or notHowever, authorities that may receive personal data as part of a specific investigation mandate under Union law or the law of the Member States are not considered recipients.
• j) third party
A third party is a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or processor.
• k) Consent
Consent is any expression of will voluntarily given by the data subject for the specific case in an informed manner and unequivocally in the form of a declaration or other clear confirmatory act with which the data subject indicates that they consent to the processing of their personal data is.
2Relevant legal bases
In accordance with Art13 GDPR, we will inform you of the legal basis for our data processingUnless the legal basis is mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is Art6 para1 lit.a and Art7 GDPR, the legal basis for processing for the performance of our services and implementation of contractual measures as well as answering inquiries is Art6 para1 lit.b GDPR, the legal basis for processing to fulfill our legal obligations is Art6 para1 lit.c GDPR, and the legal basis for processing to protect our legitimate interests is Art6 para1 lit.f GDPRIn the event that vital interests of the data subject or another natural person require the processing of personal data, Art6 para1 lit.d GDPR serves as the legal basis.
We meet in accordance with Art32 GDPR, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of processing, as well as the different probability and severity of the risk to the rights and freedoms of natural persons, suitable technical and organizational measures to ensure that Ensure adequate level of protection.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling the physical access to the data, as well as the access, input, transfer, securing availability and their separationFurthermore, we have set up procedures that guarantee the exercise of data subject rights, deletion of data and reaction to data threatsFurthermore, we take the protection of personal data into account during development, orSelection of hardware, software and processes in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art25 GDPR).
Cooperation with processors and third parties
If we disclose data to other people and companies (processors or third parties) as part of our processing, transmit them to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g.if a transfer of the data to third parties, such as payment service providers, acckind6 para1 lit.b GDPR is required to fulfill the contract), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g.when using agents, web hosts, etc.)
If we have third parties processing data on the basis of a so-calledIf you commission an "order processing contract", this is done on the basis of Art28 GDPR.
Transfers to third countries
If we have data in a third country (i.e.process outside the European Union (EU) or the European Economic Area (EEA)) or as part of the use of third-party services or disclosure, orIf data is transferred to third parties, this will only take place if it happens to fulfill our (pre) contractual obligations, based on your consent, on the basis of a legal obligation or on the basis of our legitimate interestsSubject to legal or contractual permits, we process or leave the data in a third country only if the special requirements of Art44 ffProcess GDPRiethe processing takes place, for exampleon the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU (e.g.for the USA through the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
4Name and address of the controller, type and purpose of processing data
Responsible within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions with data protection character is:
sober care GmbH
Poplar avenue 78/79
Tel .: 030-22334470
Types of data processed:
- Inventory data (e.g., names, addresses).
- Contact details (e.g., email, telephone numbers).
- Content data (e.g. text input, photographs, videos).
- Usage data (e.g., websites visited, interest in content, access times).
- Meta / communication data (e.g., device information, IP addresses).
Purpose of processing
- Providing the online offer, its functions and content.
- Answering contact inquiries and communicating with users.
- Safety measures.
- Range measurement / marketing
By using cookies, sober care GmbH can provide users of this website with more user-friendly services that would not be possible without the cookie setting.
The data subject can prevent the setting of cookies by our website at any time by making the appropriate setting in the internet browser used and thus permanently object to the setting of cookiesFurthermore, cookies that have already been set can be deleted at any time using an Internet browser or other software programsThis is possible in all common internet browsersIf the person concerned deactivates the setting of cookies in the internet browser used, under certain circumstances not all functions of our website can be used to their full extent.
6Collection of general data and information
The website of sober care GmbH collects a series of general data and information each time the website is accessed by a data subject or an automated systemThis general data and information is stored in the log files of the serverThe following can be recorded: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites that use an accessing system on our website can be controlled, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information that serves to avert risks in the event of attacks on our information technology systems.
When using this general data and information, sober care GmbH does not draw any conclusions about the person concernedRather, this information is required to (1) deliver the content of our website correctly, (2) optimize the content of our website and the advertising for it, (3) to ensure the long-term functionality of our information technology systems and the technology of our website and ( 4) to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attackThis anonymously collected data and information is therefore statistically evaluated by sober care GmbH on the one hand and also with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by usThe anonymous data of the server log files are stored separately from all personal data provided by a data subject.
7Registration on our website
The data subject has the option of registering on the website of the data controller by providing personal dataWhich personal data are transmitted to the person responsible for processing results from the respective input mask used for registrationThe personal data entered by the data subject are collected and stored exclusively for internal use by the controller and for their own purposesThe controller can arrange for the transfer to one or more processors, for example a parcel service provider, who also uses the personal data exclusively for internal use, which is attributable to the controller.
By registering on the website of the controller, the IP address assigned by the data subject's Internet service provider (ISP), the date and time of registration are also savedThis data is stored against the background that this is the only way to prevent the misuse of our services, and if necessary, this data makes it possible to investigate crimes committedIn this respect, the storage of this data is necessary to secure the data controllerIn principle, this data will not be passed on to third parties unless there is a legal obligation to pass it on or the passing on is used for criminal prosecution.
The registration of the data subject with the voluntary provision of personal data serves the data controller to offer the data subject content or services that, due to the nature of the matter, can only be offered to registered usersRegistered persons are free to change the personal data provided during registration at any time or to have them completely deleted from the data base of the controller.
The data controller will provide each data subject with information on what personal data about the data subject is stored at any time on requestFurthermore, the person responsible for the processing corrects or deletes the personal data at the request or advice of the data subject, provided that there are no statutory retention requirementsThe entire staff of the controller is available to the data subject as a contact person in this context.
8thSubscribe to our newsletter
On the sober care GmbH website, users are given the opportunity to subscribe to our company's newsletterWhich personal data are transmitted to the person responsible for processing when you order the newsletter is determined from the input mask used for this purpose.
Sober care GmbH informs its customers and business partners at regular intervals in a newsletter about offers from the companyThe newsletter of our company can only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject registers to send the newsletterFor legal reasons, a confirmation email will be sent to the email address entered by the data subject for the first time for sending the newsletter in a double opt-in procedureThis confirmation email is used to check whether the owner of the email address as the person concerned has authorized the receipt of the newsletter.
When registering for the newsletter, we also save the IP address assigned by the internet service provider (ISP) of the computer system used by the person concerned at the time of registration, as well as the date and time of registrationThe collection of this data is necessary in order to be able to understand the (possible) misuse of the e-mail address of a data subject at a later point in time and therefore serves to provide legal protection for the controller.
The personal data collected when you register for the newsletter will only be used to send our newsletterIn addition, subscribers to the newsletter could be informed by email if this is necessary for the operation of the newsletter service or for a registration in this regard, as could be the case in the event of changes to the newsletter offer or changes in the technical circumstancesThe personal data collected as part of the newsletter service is not passed on to third partiesThe person concerned can cancel the subscription to our newsletter at any timeThe consent to the storage of personal data that the data subject has given us for sending the newsletter can be revoked at any timeFor the purpose of revoking consent, there is a corresponding link in every newsletterYou can also unsubscribe from the newsletter at any time directly on the website of the controller or notify the controller in another way.
The sober care GmbH newsletters contain so-called tracking pixelsA tracking pixel is a miniature graphic that is embedded in emails that are sent in HTML format to enable log file recording and log file analysisThis enables a statistical evaluation of the success or failure of online marketing campaigns to be carried outBased on the embedded tracking pixel, sober care GmbH can recognize whether and when an email was opened by a data subject and which links in the email were called up by the data subject.
Such personal data collected via the tracking pixels contained in the newsletters are stored and evaluated by the data controller in order to optimize the sending of the newsletter and to adapt the content of future newsletters even better to the interests of the data subjectThis personal data will not be passed on to third partiesAffected persons are entitled at any time to revoke the separate declaration of consent relating to this, which is made using the double opt-in procedureAfter revocation, this personal data will be deleted by the controllerUnsubscribing from receiving the newsletter automatically interprets sober care GmbH as a revocation.
10Contact options via the website
Due to legal regulations, the website of sober care GmbH contains information that enables a quick electronic contact to our company as well as direct communication with us, which also includes a general address of the so-called electronic mail (email address)If a data subject contacts the data controller by email or via a contact form, the personal data transmitted by the data subject will be automatically savedSuch personal data transmitted by a data subject to the data controller on a voluntary basis are stored for the purposes of processing or contacting the data subjectThis personal data is not passed on to third parties.
11Comment function in the blog on the website
Sober care GmbH offers users the opportunity to leave individual comments on individual blog posts on a blog located on the website of the controllerA blog is a portal that is usually listed on a website and can be viewed publicly, in which one or more people, called bloggers or web bloggers, can post articles or write down thoughts in so-called blog postsThe blog posts can usually be commented on by third parties.
If a data subject leaves a comment on the blog published on this website, in addition to the comments left by the data subject, information on the time the comment was entered and the user name (pseudonym) chosen by the data subject are saved and publishedFurthermore, the IP address assigned by the data subject's Internet service provider (ISP) is also loggedThis IP address is saved for security reasons and in the event that the data subject violates the rights of third parties or posts illegal content by making a commentThe storage of this personal data is therefore in the own interest of the person responsible for the processing, so that the latter could possibly exculpate himself in the event of an infringementThe personal data collected will not be passed on to third parties, unless such transfer is required by law or serves to defend the data controller.
12Subscription to comments in the blog on the website
The comments made on the sober care GmbH blog can generally be subscribed to by third partiesIn particular, it is possible for a commentator to subscribe to the comments following a comment on a specific blog post.
If a data subject chooses the option to subscribe to comments, the controller sends an automatic confirmation email to double-check whether the owner of the email address provided really is for them Option has decidedThe option to subscribe to comments can be terminated at any time.
13Routine deletion and blocking of personal data
The data controller processes and stores personal data of the data subject only for the period of time necessary to achieve the storage purpose or if this is done by the European legislator or other legislator in laws or regulations, which of the data controllers subject, was provided.
If the storage purpose ceases to apply or if a storage period prescribed by the European directive and regulation provider or another responsible legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
14Rights of the data subject
• a) Right to confirmation
Every data subject has the right granted by the European directive and regulation giver to ask the data controller to confirm whether they are processing personal dataIf a data subject wishes to exercise this right of confirmation, they can contact an employee of the controller at any time.
• b) Right to information
Any person affected by the processing of personal data has the right granted by the European directive and regulation giver to receive free of charge information about the personal data stored about him and a copy of this information from the controller at any timeFurthermore, the European guideline and regulatory authority has given the data subject access to the following information:
o the processing purposes
o The categories of personal data that are processed
o the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations
o If possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
o The existence of a right to correction or deletion of the personal data concerning them or to restriction of processing by the person responsible or a right to object to this processing
o the right to lodge a complaint with a supervisory authority
o if the personal data is not collected from the data subject: all available information about the origin of the data
o The existence of automated decision-making, including profiling, in accordance with Article 22 Paragraph 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject
The data subject also has the right to information as to whether personal data has been transferred to a third country or to an international organizationIf this is the case, the data subject also has the right to receive information about the appropriate guarantees in connection with the transfer.
If a data subject wishes to exercise this right to information, they can contact an employee of the controller at any time.
• c) Right to rectification
Any person affected by the processing of personal data has the right granted by the European directive and regulation giver to request the immediate correction of incorrect personal data concerning themFurthermore, the data subject has the right, taking into account the purposes of the processing, to request the completion of incomplete personal data - also by means of a supplementary statement.
If a data subject wishes to exercise this right of correction, they can contact an employee of the controller at any time.
• d) Right to erasure (right to be forgotten)
Any person affected by the processing of personal data has the right granted by the European directive and regulation giver to demand from the responsible person that the personal data concerning them be deleted immediately if one of the following reasons applies and if the processing is not necessary:
o The personal data was collected for such purposes or otherwise processed for which it is no longer necessary.
o The data subject withdraws their consent on which the processing was based in accordance with Art6 para1 letter a GDPR or Art9 para2 letter a GDPR, and there is no other legal basis for the processing.
o In accordance with Art21 para1 GDPR and there is no overriding legitimate reason for the processing, or the data subject objects to the processing pursuant to Art21 para2 GDPR to object to processing.
o The personal data was processed illegally.
o The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the controller is subject.
o The personal data were collected in relation to information society services offered in accordance with Art8 para1 GDPR.
If one of the above reasons applies and a data subject wishes to have personal data stored at sober care GmbH deleted, they can contact an employee of the controller at any timeThe employee of sober care GmbH will arrange for the request for deletion to be complied with immediately.
If the personal data were made public by sober care GmbH and our company is the person responsible according to Art17 para1 GDPR obliged to delete the personal data, sober care GmbH takes appropriate measures, including technical ones, taking into account the available technology and the implementation costs, in order to inform other data controllers who process the published personal data set that the data subject has asked these other data controllers to delete all links to this personal data or copies or replications of this personal data, unless the processing is necessaryThe employee of sober care GmbH will arrange the necessary in individual cases.
• e) Right to restriction of processing
Any person affected by the processing of personal data has the right granted by the European directive and regulation giver to request the controller to restrict processing if one of the following conditions is met:
o The correctness of the personal data is contested by the data subject, for a period that enables the person responsible to check the correctness of the personal data.
o The processing is unlawful, the data subject refuses to delete the personal data and instead requests that the use of the personal data be restricted.
o The controller no longer needs the personal data for the purposes of processing, but the data subject needs them to assert, exercise or defend legal claims.
o The data subject has objected to processing in accordance withkind21 para1 GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh those of the data subject.
If one of the above requirements is met and a data subject wishes to restrict the personal data stored at sober care GmbH, they can contact an employee of the controller at any timeThe employee of sober care GmbH will arrange for the processing to be restricted.
• f) Right to data portability
Every person affected by the processing of personal data has the right granted by the European directive and regulation giver to receive the personal data concerning them, which were provided to a responsible person by the data subject, in a structured, common and machine-readable formatYou also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that the processing is based on consent in accordance with Art6 para1 letter a GDPR or Art9 para2 letter a GDPR or on a contract in accordance with Art6 para1 letter b GDPR and the processing is carried out using automated processes, unless the processing is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible.
Furthermore, when exercising their right to data portability in accordance with Art20 para1 DS-GVO the right to have the personal data transferred directly from one responsible person to another responsible person, insofar as this is technically feasible and provided that this does not affect the rights and freedoms of other people.
To assert the right to data portability, the data subject can contact an employee of sober care GmbH at any time.
• g) Right to object
Any person affected by the processing of personal data has the right granted by the European directive and regulation giver, for reasons arising from their particular situation, at any time against the processing of personal data concerning them, which is based on Art6 para1 letter e or f DS-GVO takes place to objectThis also applies to profiling based on these provisions.
Sober care GmbH will no longer process the personal data in the event of an objection, unless we can demonstrate compelling reasons for the processing worthy of protection that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or Defense of legal claims.
If sober care GmbH processes personal data in order to operate direct mail, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertisingThis also applies to profiling insofar as it is related to such direct advertisingIf the data subject objects to sober care GmbH's processing for direct marketing purposes, sober care GmbH will no longer process the personal data for these purposes.
In addition, the person concerned has the right, for reasons that arise from their particular situation, against the processing of personal data relating to them that is used by sober care GmbH for scientific or historical research purposes or for statistical purposes in accordance with Art89 para1 GDPR, to object, unless such processing is necessary to fulfill a task in the public interest. To exercise the right to object, the data subject can dire