As the operator of this website and as a company, we come into contact with your personal data. This refers to all data that says something about you and with which you can be identified. In this privacy policy, we would like to explain to you how, for what purpose and on what legal basis we process your data.

We are responsible for data processing on this website and in our company:

Nawroth Healthcare Law & Litigation
Dr Claudia Nawroth, Attorney at Law
Girardet Haus
Königsallee 27
40212 Düsseldorf
Germany
T +49 211 23855-200
cn@nawroth-legal.com

General information

SSL or TLS encryption
When you enter your data on websites, place online orders or send e-mails over the Internet, you must always be prepared for unauthorised third parties to access your data. There is no complete protection against such access. However, we do everything we can to protect your data as well as possible and to close security gaps as far as we can.
An important protection mechanism is the SSL or TLS encryption of our website, which ensures that data that you transmit to us cannot be read by third parties. You can recognise the encryption by the lock icon in front of the Internet address entered in your browser and by the fact that our Internet address begins with https:// and not with http://.

How long do we store your data?
In some places in this privacy policy, we inform you about how long we or the companies that process your data on our behalf store your data. If no such information is provided, we will store your data until the purpose of the data processing no longer applies, you object to the data processing or you withdraw your consent to the data processing.
However, in the event of an objection or cancellation, we may continue to process your data if at least one of the following conditions is met:

• We have compelling legitimate grounds for continuing the data processing that outweigh your interests, rights and freedoms (only if you object to the data processing; if the objection is directed against direct marketing, we cannot provide any legitimate grounds).
• Data processing is necessary in order to assert, exercise or defend legal claims (does not apply if your objection is directed against direct advertising).
• In this case, we will delete your data as soon as the requirement(s) cease(s) to apply.

Data transfer to the USA
We also use tools on our website from companies that transfer your data to the USA and store and, if necessary, process it there. This is particularly important for you because your data does not enjoy the same protection in the USA as it does within the EU, where the General Data Protection Regulation (GDPR) applies. For example, US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It is therefore possible that US authorities (e.g. intelligence agencies) may process, analyse and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.

Your rights

Objection to data processing
If you read in this privacy policy that we have legitimate interests for the processing of your data and therefore base this on Art. 6 para. 1 sentence 1 lit. f) GDPR, you have the right to object to this in accordance with Art. 21 GDPR. This also applies to profiling based on the aforementioned provision. The prerequisite is that they state reasons for the objection that arise from their particular situation. No justification is required if the objection is directed against the use of your data for direct marketing.
The consequence of the objection is that we may no longer process your data. This only does not apply if one of the following conditions applies:

• We can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.
• The processing serves the assertion, exercise or defence of legal claims.
• The exceptions do not apply if your objection is directed against direct advertising or against profiling in connection with this.

Further rights

Use of cookies
Our website places cookies on your device. These are small text files that are used for different purposes. Some cookies are technically necessary for the website to function at all (necessary cookies). Others are required to perform certain actions or functions on the site (functional cookies). For example, without cookies it would not be possible to use the benefits of a shopping basket in an online shop. Other cookies are used to analyse user behaviour or to optimise advertising measures. If we use third-party services on our website, e.g. to process payment transactions, these companies may also leave cookies on your device when you access the website (so-called third-party cookies).

How do we process your data?
Session cookies are only stored on your device for the duration of a session. As soon as you close the browser, they disappear automatically. Permanent cookies, on the other hand, remain on your device if you do not delete them yourself. This can lead, for example, to your user behaviour being permanently analysed. You can use the settings in your browser to influence how it handles cookies:

• Do you want to be informed when cookies are set?
• Do you want to exclude cookies in general or for certain cases?
• Do you want cookies to be deleted automatically when you close your browser?

If you deactivate or do not allow cookies, the functionality of the website may be restricted.
If we use cookies from other companies or for analysis purposes, we will inform you about this in this privacy policy. We also ask for your consent in this regard when you visit our website.

On what legal basis do we process your data?
We have a legitimate interest in ensuring that our online services can be used by visitors without technical problems and that all desired functions are available to them. The storage of necessary and functional cookies on your device is therefore based on Art. 6 para. 1 lit. f) GDPR. We use all other cookies on the basis of Art. 6 para. 1 lit. a) GDPR, provided that you give us your consent to do so. You can revoke this consent at any time with effect for the future. If you have consented to the placement of necessary and functional cookies when your consent was requested, these cookies will also be stored exclusively on the basis of your consent. Server log files
Server log files record all requests and access to our website and record error messages. They also contain personal data, in particular your IP address. However, this is anonymised by the provider after a short time so that we cannot attribute the data to you personally. The data is automatically transmitted from your browser to our provider.

How do we process your data?
Our provider stores the server log files in order to be able to track the activities on our website and detect errors. The files contain the following data:

• Browser type and version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address (anonymized if necessary)

We do not merge this data with other data, but only use it for statistical analysis and to improve our website.

On what legal basis do we process your data?
We have a legitimate interest in ensuring that our website runs smoothly. It is also in our legitimate interest to obtain an anonymised overview of access to our website. Data processing is therefore lawful in accordance with Art. 6 para. 1 lit. f) GDPR.

Data acquisition

Withdrawal of your consent to data processing
Many data processing operations are carried out on the basis of your consent. You give this consent, for example, by ticking the appropriate box on online forms before you send the form or by allowing certain cookies when you visit our website. You can withdraw your consent at any time without giving reasons (Art. 7 para. 3 GDPR). We may then no longer process your data from the time you withdraw your consent. The only exception: We are legally obliged to retain the data for a certain period of time. Such retention periods exist in particular in tax and commercial law. Right to lodge a complaint with the competent supervisory authority
If you believe that we are in breach of the General Data Protection Regulation (GDPR), you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. You can contact a supervisory authority in the member state of your place of residence, your place of work or the place where the alleged infringement took place. The right to lodge a complaint exists in addition to administrative or judicial remedies. Right to data portability
Data that we process automatically on the basis of your consent or in fulfillment of a contract must be provided to you or a third party in a commonly used, machine-readable format if you request this. We can only transfer the data to another controller if this is technically possible. Right to data access, erasure and rectification
In accordance with Art. 15 GDPR, you have the right to receive information free of charge about what personal data we have stored about you, where the data comes from, to whom we transfer the data and for what purpose it is stored. If the data is incorrect, you have the right to rectification (Art. 16 GDPR); under the conditions of Art. 17 GDPR, you may request that we erase the data. Right to restriction of processing
In certain situations, you can request that we restrict the processing of your data in accordance with Art. 18 GDPR. The data may then – apart from being stored – only be processed as follows

• with your consent
• for the assertion, exercise or defense of legal claims
• to protect the rights of another natural or legal person
• for reasons of important public interest of the European Union or a Member State

The right to restriction of processing exists in the following situations:

• You have disputed the accuracy of your personal data stored by us and we need time to check this. Here you have the right for the duration of the review
• The processing of your personal data is unlawful or was unlawful in the past. In this case, you have the alternative right to erasure of the data.
• We no longer need your personal data, but you need it for the exercise, defence or assertion of legal claims. Alternatively, you have the right to have the data erased.
• You have lodged an objection in accordance with Art. 21 (1) GDPR and now your interests and ours must be weighed against each other. You have the right to do so as long as the outcome of the balancing process has not yet been determined.

EN     DE