"
CONTACT US

Schoen Clinic UK Group Privacy Policy

Data Protection Laws set out the obligations Schoen Clinic has to you for the processing of your Personal Data. When we use or disclose your personal data we will comply with these Laws. 

Your Personal Data is data which by itself or with other data available to Schoen Clinic can be used to identify you as an individual. Schoen Clinic is the Data Controller. This Privacy Notice sets out how Schoen Clinic will use your personal data. The responsible person under article 4 paragraph 7 of the EU General Data Protection Regulation (GDPR) is Schoen Clinic UK Group. You can reach our Data Protection Officer at SCHOENUKDPO@schoen-clinic.co.uk or at our postal addresses with the words “to the Data Protection Officer ”.

Notice for patients of Schoen Clinic London

Schoen Clinic London Limited (Schoen Clinic and we, us or our) has transferred its hospital and clinic business to Fortius Group Limited, with registered offices located at 17 Fitzhardinge Street, London, W1H 6EQ (Fortius), on 26 May 2023.

Fortius is an established provider of healthcare in London and its current services are all rated good or outstanding by the Care Quality Commission. Fortius will continue to operate the healthcare business of the Schoen Clinic in London, under the name of Fortius Clinic London.

As part of this business transfer to Fortius, Fortius will become the controller for our previous Schoen Clinic London patients’ personal data, including medical records, where Fortius is required to use that personal data and under applicable laws allowed to do so, for example to allow a patient to continue to receive ongoing medical care or treatment, or where required under law for healthcare or regulatory reasons. The transfer of patient personal data will be made in accordance with data protection laws to ensure that our previous patients’ privacy is protected at all times. Fortius is bound by the same data protection principles and regulations as we are. The legal basis for the transfer is Article 6(1)(f) UK GDPR and Article 9(2)(h) UK GDPR because of our interest to enable Fortius to continue our patients’ treatment and to comply with applicable laws.

Schoen Clinic will continue processing our previous patients’ personal data as controller after the business transfer in order (i) to fulfil our purposes relating to legal and/or regulatory proceedings, claims or complaints, and (ii) to comply with our legal and regulatory obligations under applicable laws.

During a short transition period, our previous patients’ personal data will still be stored and retained by us. This means that during this period Schoen will act as a processor for Fortius regarding all of our patients’ personal data which Fortius will process in its capacity of controller. After this period, all personal data will be stored and retained by Fortius and Fortius will, accordingly, assume the role of the controller for our previous patients’ personal data, provided they have a legal basis. In cases where we are the controller, Fortius will act as a processor on our behalf.

Our updated privacy notice, including information on how you can exercise your data protection rights, can be found below on this page.

The privacy notice of Fortius can be found here: https://www.fortiusclinic.com/privacy-policy.

1. COVID–19 data protection statement

Schoen Clinic’s priority is the health and safety of our patients, colleagues and the wider community and we will continue to offer our ongoing support to the NHS following the COVID-19 pandemic.  

As a result of such unique circumstances, Schoen Clinic may need to share personal data with the NHS and other regulatory and government bodies for the purpose of supporting the response to the COVID-19 pandemic. Schoen Clinic Group works in collaboration with local NHS trusts to ensure we can provide the right help, exactly where and when it is needed and this may involve personal data being shared with us by the local NHS Trusts. This will be done in accordance with data protection laws and will include any amendments to legislation made by the Secretary of State. We will also consider any guidance provided by the Information Commissioner’s Office.

When the NHS and its healthcare professionals provide healthcare services at a Schoen Clinic UK Group hospital, the privacy notice of the relevant NHS Trust may also apply.

If you are a patient at a Schoen Clinic hospital, the healthcare services you receive at the hospital may be provided by Schoen Clinic or the NHS or, in some cases, a mix of both. As part of this we may need to share your personal data with the NHS and other regulatory and government bodies.

2. Patients

This Privacy Notice sets out what personal information we may collect from you and how that information may be used.

In particular, this Privacy Notice:

  • explains how we will manage your personal information, from the time we collect it and onwards;
  • explains how we use your personal information and who we share it with;
  • how we will comply with any relevant laws; and
  • explains your rights in relation to your personal data, and how you can exercise them.

This Privacy Notice does not cover any links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave our websites, we encourage you to read the privacy policy of any website you visit.

We have a separate Privacy Notice written with children in mind. If you are under 13 and wish to ask a question or use our website in a way that requires you to submit any personal information, please ask your parents or guardian to do it on your behalf.

About us

Schoen Clinic is an independent provider of private healthcare, offering treatment to private patients and NHS patients. In order to provide healthcare services and receive payment for those services, Schoen Clinic need to collect and process certain information about you ("personal data").  Schoen Clinic is a 'data controller' for the information that it collects and processes about you, and you are the 'data subject'.  Our Data Protection Officer can be contacted at SCHOENUKDPO@schoen-clinic.co.uk.

Schoen Clinic is committed to protecting and respecting your personal information. This Privacy Notice explains what personal information we may collect from you and how that information may be used. Please take your time to read this Privacy Notice carefully.

Schoen Clinic companies and facilities in the UK:

  • Schoen Clinic Newbridge
  • Schoen Clinic York
  • Schoen Clinic Chelsea
  • Formerly Schoen Clinic London

We may share data between these companies and facilities where it is appropriate to facilitate the provision of your care. 

What personal information do we collect from you and how do we use it?

We will use your personal data for the reasons set out below.  The personal data we collect and use may include:

  • your name, address and contact details, including email address and home and mobile telephone numbers.  If you provide these details, we may use them to contact you unless you ask us not to.  This could include emails, text or voicemail messages;
  • date of birth and gender; 
  • contractual and financial information
  • the terms and conditions of your contract with us for the provision of healthcare and related services;
  • your bank account and national insurance number if you are a ‘self-pay’ patient or the financial information of the company or individual who is responsible for the payment of invoices/bills relating to your care (e.g. insurer, sponsor, guarantor or employer);
  • we will take a swipe of your debit or credit card.  We will let you know if we intend to take a payment from this card before we do so;
  • information about your marital status, next of kin, dependants nominated and/or emergency contacts;
  • information about your nationality and entitlement to treatment in the UK; and
  • equal opportunity monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief, genetic data.

Health related data

  • your previous and current medical health records whether provided by Schoen Clinic or other third parties; 
  • information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments; 
  • information about medical or health conditions of your family; 

Performance improvement

  • information about how you use our website.
  • information received in response to any surveys, complaints or claims

CCTV

The data we collect may also include visual images, personal appearance and behaviour e.g. where CCTV is used as part of our building security measures.

Other Schoen Clinic privacy notices

If you are employed or may be employed by Schoen Clinic we will also hold and process other information relating to your recruitment and employment.  

If you are a Consultant/Doctor or other healthcare provider you are not employed by Schoen Clinic but we will also hold and process other information relating to you and the clinical services you carry out. (See the Privacy Notice for Consultants and Doctors).

How Schoen Clinic collect this information

Schoen Clinic may collect this information in a variety of ways. We will collect most of this information directly during the registration and/or admission process but we may also obtain data from your passport or other identity documents such as your driving licence; from pre-admission forms, online web forms; from correspondence with you; through interviews and surveys, meetings or other assessments.

We will collect data if you have a remote consultation with a healthcare professional either virtually or by telephone.

We will collect data if you make a clinical enquiry. If we ask you to provide copies of your medical records, your records will be held in accordance with our normal retention policy.

In some cases, Schoen Clinic may collect personal data about you from third parties, such as your GP, the NHS, mental health providers, insurance providers, referral agencies, sponsors, credit and other checks permitted by law.

Where information is obtained from a third party not involved in your care or employment we will let you know.  

We will tell you if providing some personal data is optional, including if we need to ask for your consent to process it. In all other cases, we need you to provide your personal data so we can provide care and treatment to you and receive payment for these services. 

How do we use your data?

We use your personal data to support the provision of your healthcare in the following ways:

  • to decide how best to provide treatment to you; 
  • as necessary to support the healthcare contract with you and to allow us to receive full payment for those services;
  • to take steps at your request during the course of your treatment;
  • to keep your records up to date; 

We use your data for the following purposes, to maintain the high standards of service that we provide to you:

  • for good governance, accounting, and managing and auditing our clinical and business operations both internally and by third parties;
  • for surveys of patient experience and quality of care;
  • to monitor emails, calls, other communications, and activities on Schoen Clinic networks and systems;
  • for market research, other surveys and analysis and developing statistics for improving clinical performance; and

We may process your data to ensure the security of our systems and to prevent crime and ensure compliance with all laws and regulations that are applicable to our services.

We may monitor and record telephone calls, emails, text messages, social media messages and other communications in relation to our dealings with you.  We will do this to ensure an appropriate standard of care, for regulatory compliance, self-regulatory practices, crime prevention and detection, to protect the security of our communications networks and systems, to check for unlawful content, obscene or profane content, for quality control and staff training, and when we need to see a record of what has been said. We may also monitor activities on our network and systems where necessary for these reasons and this is for our legitimate interests or other legal obligations.

We use your data to ensure we can comply with our legal obligations:

  • when you exercise your rights under data protection law and make requests;
  • for compliance with legal and regulatory requirements and related disclosures;
  • for establishment and defence of legal rights;
  • for activities relating to the prevention, detection and investigation of crime;
  • to verify your identity, credit fraud prevention and anti-money laundering checks; and
  • to investigate complaints, legal claims and data protection or clinical incidents.

Based on your consent we may also share your data:

  •  with your next of kin or other nominated contact;
  •  if you ask us to disclose your personal data to other people or organisations such as a company handling a claim on your behalf or otherwise agree to disclosures;
  •  when we process any special categories of personal data about you at your request (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health, sex life or sexual orientation).

You are free at any time to change your mind and withdraw your consent, where we have only relied on your consent, to share your data. We will advise you if the consequence of doing so is that we cannot continue to provide full healthcare services to you.

Who do we share your personal information with?

We may share your personal data with:

  • providers or those who help us provide care to you;
  • Consultants/Doctors and other healthcare professionals who provide treatment to you at our clinics;
  • other healthcare providers including your General Practitioner (GP) where we believe this will enhance the quality of your care. Let us know if you do not wish us to share information with your GP;
  • the Schoen Clinic group of companies and associated companies including entities in the Germany;
  • sub-contractors and other persons who help us to provide healthcare products and services to you;
  • companies and other persons including interpreters providing services to you as part of your extended care and post care follow-up;

Advisors, Legal, Government and regulatory bodies

  • our legal and other professional advisors, including our auditors;
  • fraud prevention agencies, credit reference agencies, and debt collection agencies;
  • Government bodies and agencies in the UK and overseas (e.g. HMRC who may in turn share it with relevant overseas tax authorities and with regulators including the Information Commissioner's Office and Care Quality Commission (CQC) https://www.cqc.org.uk/about-us/our-policies/privacy-statement;
  • General Medical Council and other professional bodies;
  • courts, to comply with legal requirements, and for the administration of justice;

Others

  • in an emergency or to otherwise protect your vital interests;
  • third parties who help us to protect the security or integrity of our business operations and other patients;
  • when we restructure or buy or sell our business or its assets or have a merger or re-organisation;
  • payment systems and providers; and
  • anyone else where we have your consent or as required by law.

Sharing of your personal data in order to receive payment for your treatment from your Insurer, sponsor or guarantor

We will contact the individual or company including your insurer and provide them with the information necessary to support our invoices for payment and to ensure that we receive full payment for your care.  We may also contact them prior to your care to confirm that the treatment you are about to receive is covered by them and they are willing to pay for your care.  We will also provide information necessary to support any audits carried out by insurers and sponsors.

What marketing activities do we carry out?

Subject to obtaining your consent and in accordance with your communications preferences we may use your contact details to send you newsletters and other information on new facilities, services and treatments which we think may be of interest to you. We will not sell your personal data to a third party without your written consent.

You are free at any time to change your mind and withdraw consent for marketing activities. Please contact SCHOENUKDPO@schoen-clinic.co.uk.  This will not affect the healthcare services we provide to you.

International transfers

Your personal data may be transferred outside the UK and the European Economic Area.  While some countries have adequate protections for personal data under applicable laws, in other countries steps will be necessary to ensure appropriate safeguards apply to it.  These include imposing contractual obligations of adequacy or requiring the recipient to subscribe or be certified with an 'international framework' of protection.

How long do we keep your data?

Information will be kept in accordance with the retention periods outlined in the Information Governance Alliance (IGA) Records Management Code of Practice for Health and Social Care (2016). Information may be held for longer periods where the following apply: 

  • retention in case of queries. We will retain your personal data as long as necessary to deal with any queries you may have;
  • retention in case of claims. We will retain your personal data for as long as you might legally bring claims against us; and
  • retention in accordance with legal and regulatory requirements.

We will retain your personal data after you have received healthcare services at our clinics based on our legal and regulatory requirements and obligations.

Your rights under applicable data protection law

Your rights, under the data protection laws, are as follows (noting that these rights do not apply in all circumstances):

  • the right to be informed about processing of your personal data;
  • the right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed;
  • the right to object to processing of your personal data;
  • the right to restrict processing of your personal data;
  • the right to have your personal data erased (the "right to be forgotten”);
  • the right to request access to your personal data and information about how we process it;
  • the right to move, copy or transfer your personal data ("data portability") ; and
  • rights in relation to automated decision-making including profiling

You may exercise these rights by contacting us on SCHOENUKDPO@schoen-clinic.co.uk.

You have the right to complain to the Information Commissioner's Office (ICO). It has enforcement powers and can investigate compliance with data protection law. Contact the ICO on www.ico.org.uk.

How to contact us

Further information can be provided from our Data Protection Officer on SCHOENUKDPO@schoen-clinic.co.uk.

3. Consultants and GPs

This Privacy Notice sets out what personal information we may collect from you and how that information may be used.

In particular, this Privacy Notice:

  • explains how we will manage your personal information, from the time we collect it and onwards;
  • explains how we use your information and who we share it with;
  • how we will comply with any relevant laws; and
  • explains your rights in relation to your personal data, and how you can exercise them.

This Privacy Notice does not cover any links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave our websites, we encourage you to read the privacy policy of any website you visit.

About us

Schoen Clinic is an independent provider of private healthcare, offering treatment to private patients and NHS patients. In order to provide healthcare services and receive payment for those services, Schoen Clinic need to collect and process certain information about you ("personal data").

Schoen Clinic is a 'data controller' for the information that it collects and processes about you, and you the 'data subject'. Our Data Protection Officer can be contacted at SCHOENUKDPO@schoen-clinic.co.uk.

Schoen Clinic is committed to protecting and respecting your personal information. This Privacy Notice explains what personal information we may collect from you and how that information may be used. Please take your time to read this Privacy Notice carefully.

About Consultants and Doctors

Care for patients of Schoen Clinic may be provided by a healthcare professional who is a medical practitioner including consultants, doctors, nurses, and other clinical support professionals. In this Privacy Notice, we refer to all such individuals as "healthcare professionals". As a healthcare professional you may make decisions about what personal data you need to collect about patients and you may maintain your own set of medical records in relation to your care. You are an independent Data Controller of this personal data and must also comply with the data protection legislation (including any necessary registrations) and relevant guidance when handling this personal data.

It is the responsibility of the healthcare professional to ensure that their use of patient personal data is lawful and to inform them as to exactly how it will be used and to provide patients with their own Privacy Notice setting this out.

Some healthcare professionals who work with Schoen Clinic are supported by a medical secretary who will use patient personal data only as instructed by the healthcare professional. In some circumstances, that medical secretary will be employed by Schoen Clinic and they will handle your personal data in accordance with this Privacy Notice. It is the healthcare professional’s responsibility to inform patients if their medical secretary is employed by a third party and the manner in which they will use your personal data (including where they are based). Schoen Clinic is not responsible for any use of patient personal data by third parties, e.g. medical secretaries who are not employed by Schoen Clinic.

Healthcare professionals who work with Schoen Clinic (including their medical secretaries) may process patient personal data at a non-Schoen Clinic site (medical or non-medical).

Schoen Clinic companies and facilities in the UK include:

  • Schoen Clinic Newbridge
  • Schoen Clinic York
  • Schoen Clinic Chelsea
  • formerly Schoen Clinic London

We may share data between these companies and facilities where is it necessary to facilitate the provision of care to our patients. 

What personal information do we collect from you and how do we use it?

We will use your personal data for the reasons set out below. The personal data we collect and use may include:

  • your name, address and contact details, including email address and home and mobile telephone numbers. If you provide these details, we may use them to contact you unless you ask us not to.  This could include emails, text or voicemail messages;
  • date of birth and gender; 
  • information about your marital status, next of kin, dependants nominated and/or emergency contacts;
  • equal opportunity monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief; and
  • contractual and financial
  • the terms and conditions of your Agreement with us for the provision of healthcare and related services to our patients;
  • your bank account and national insurance number;
  • information relating to your provision of healthcare to our patients
  • information about your nationality and entitlement to practice in the UK;
  • information about medical or health conditions, and vaccinations including information about your COVID-19 vaccination status;
  • whether or not you have a disability for which the organisation needs to make reasonable adjustments; 
  • information about the systems and services you will use to provide care to our patients;
  • information received in response to any complaints or claims;

Other

  • information about how you use our website.
  • the data we collect may also include visual images, personal appearance and behaviour e.g. where CCTV is used as part of our building security measures.
  • if you are employed or may be employed by Schoen Clinic we will also hold and process other information relating to your employment.

You should refer to the Staff Privacy Notice for further information.

How Schoen Clinic collect this information

Schoen Clinic may collect this information in a variety of ways. We will collect most of this information directly during the credentialling and contracting process but we may also obtain data from your passport or other identity documents such as your driving licence; from pre-admission forms, online web forms; from correspondence with you; through interviews and surveys, meetings or other assessments.

In some cases, the organisation may collect personal data about you from third parties, such as insurance providers, referral agencies, sponsors, credit, Disclosure and Barring Service (DBS) service and other checks permitted by law, professional bodies and public registries.

Where information is obtained from a third party not involved in your current or previous employment we will let you know.  

We will tell you if providing some personal data is optional, including if we need to ask for your consent to process it. In all other cases, we need you to provide your personal data so we can work with you to provide care and treatment to our patients and for you and us to receive payment for these services.

How do we use your data?

We use your personal data to support the provision of healthcare to our patients in the following ways:

  • as necessary to support any contractual agreements with you and to allow us and you to receive payment for any services provided by you and to you;
  • to keep your records up to date; 
  • for compliance with the Health and Social Care Act and in considering how staff will be deployed.
  • we use your data for the following purposes, to maintain the high standards of service that we provide to our patients:
  • for good governance, accounting, and managing and auditing our clinical and business operations both internally and by third parties;
  • for surveys of patient experience and quality of care;
  • to monitor emails, calls, other communications, and activities on Schoen Clinic networks and systems;
  • for market research, other surveys and analysis and developing statistics for improving clinical performance; and
  • we may process your data to ensure the security of our systems and to prevent crime and ensure compliance with all laws and regulations that are applicable to our services.

We may monitor and record telephone calls, emails, text messages, social media messages and other communications in relation to our dealings with you. We will do this to ensure an appropriate standard of care, for regulatory compliance, self-regulatory practices, crime prevention and detection, to protect the security of our communications networks and systems, to check for unlawful content, obscene or profane content, for quality control and staff training, and when we need to see a record of what has been said. We may also monitor activities on our network and systems where necessary for these reasons and this is for our legitimate interests or other legal obligations.

We use your data to ensure we can comply with our legal obligations:

  • when you exercise your rights under data protection law and make requests;
  • for compliance with legal and regulatory requirements and related disclosures;
  • for establishment and defence of legal rights;
  • for activities relating to the prevention, detection and investigation of crime;
  • to verify your identity, make credit fraud prevention and anti-money laundering checks; and
  • to investigate complaints, legal claims and data protection or clinical incidents.

Based on your consent we may also use your data:

  • if you ask us to disclose your personal data to other people or organisations such as a company handling a claim on your behalf; or otherwise agree to disclosures;
  • when we process any special categories of personal data about you at your request (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health, sex life or sexual orientation).

You are free at any time to change your mind and withdraw this consent where we have specifically relied on your consent to share your data.

Who do we share your personal information with?

We may share your personal data with:

  • other Consultants/Doctors and other healthcare professionals who provide treatment to patients at our clinics;
  • the Schoen Clinic group of companies and associated companies including entities in Germany;
  • sub-contractors and other persons who help us to provide healthcare products and services to patients;
  • companies and other persons including interpreters providing services to you;
  • our legal and other professional advisors, including our auditors;
  • fraud prevention agencies, credit reference agencies, and debt collection agencies;
  • government bodies and agencies in the UK and overseas (e.g. HMRC who may in turn share it with relevant overseas tax authorities and with regulators including the Information Commissioner's Office and Care Quality Commission (CQC) https://www.cqc.org.uk/about-us/our-policies/privacy-statement
  • General Medical Council and other professional bodies;
  • courts, to comply with legal requirements, and for the administration of justice;
  • in an emergency or to otherwise protect vital interests of yourself or others;
  • third parties who help us to protect the security or integrity of our business operations and patients;
  • when we restructure or buy or sell our business or its assets or have a merger or re-organisation;
  • payment systems and providers; and
  • anyone else where we have your consent or as required by law.

Sharing of your personal data in order to receive payment for treatment of our patients from Insurers, sponsors or guarantors

We will contact the individual or company and provide them with the information necessary to support our invoices for payment and to ensure that we receive full payment for patient’s care. We may also contact them prior to a patient’s care to confirm that the treatment they are about to receive is covered by them and they are willing to pay for the patient’s care. We will also provide information necessary to support any audits carried out by insurers and sponsors.

What marketing activities do we carry out?

We may use your contact details to send you newsletters and other information on new Schoen Clinic facilities, services and treatments and training opportunities so you know where and how your patients may be treated.  We will not sell your personal data to a third party without your written consent.

You are free at any time to ask us to stop sending this information. Please contact SCHOENUKDPO@schoen-clinic.co.uk.  

International data transfers

Your personal data may be transferred outside the UK and the European Economic Area.  While some countries have adequate protections for personal data under applicable laws, in other countries steps will be necessary to ensure appropriate safeguards apply to it.  These include imposing contractual obligations of adequacy or requiring the recipient to subscribe or be certified with an 'international framework' of protection.

How long do we keep your data?

Information will be kept in accordance with the retention periods outlined in the Information Governance Alliance (IGA) Records Management Code of Practice for Health and Social Care (2016). Information may be held for longer periods where the following apply: 

  • retention in case of queries. We will retain your personal data as long as necessary to deal with any queries you may have;
  • retention in case of claims. We will retain your personal data for as long as you might legally bring claims against us; and
  • retention in accordance with legal and regulatory requirements. We will retain your personal data after you have received healthcare services at our Facilities based on our legal and regulatory requirements and obligations.

Your rights under applicable data protection law

Your rights, under the data protection laws, are as follows (noting that these rights do not apply in all circumstances):

  • the right to be informed about processing of your personal data;
  • the right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed;
  • the right to object to processing of your personal data;
  • the right to restrict processing of your personal data;
  • the right to have your personal data erased (the "right to be forgotten”);
  • the right to request access to your personal data and information about how we process it;
  • the right to move, copy or transfer your personal data ("data portability") ; and
  • rights in relation to automated decision-making including profiling

You may exercise these rights by contacting us on SCHOENUKDPO@schoen-clinic.co.uk.

You have the right to complain to the Information Commissioner's Office (ICO). It has enforcement powers and can investigate compliance with data protection law. Contact the ICO on www.ico.org.uk.

How to contact us

Further information can be provided from our Data Protection Officer on SCHOENUKDPO@schoen-clinic.co.uk. 

4. Recruitment and staff

Your Personal Data is data which by itself or with other data available to Schoen Clinic can be used to identify you as an individual.  Under data protection law, individuals have a right to be informed about how organisations use any personal data that they hold about them. We comply with this right by providing ‘Privacy Notices’ (sometimes called ‘fair processing notices’) to individuals where we are processing their personal data.

This Privacy Notice sets out how Schoen Clinic will use your personal data.  Schoen Clinic is the Data Controller for the information that it collects and processes about you, and you are the 'data subject'. Our Data Protection Officer can be contacted at SCHOENUKDPO@schoen-clinic.co.uk if you have any questions. Please contact this email for any queries about data subject’s rights or if you wish to submit a Subject Access Request (SAR).

What personal data we collect and use?

Whether or not you become an employee, we will use your personal data for the reasons set out below and if you become an employee we will continue to use it to manage the recruitment and on boarding process and your employment with us. We will collect most of this directly during the application journey but there may be sources of personal data collected indirectly, as set out later in this Policy.

The personal data we use may include:

  • your name, address and contact details, including email address and home and mobile telephone numbers, date of birth and gender;
  • equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief*;
  • the terms and conditions of your employment; 
  • details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers and with the organisation; and
  • information about your remuneration, including entitlement to benefits such as pensions or insurance cover; 
  • information about your COVID-19 vaccination status; and
  • publically available information.

*this information is not available to Hiring Managers during the recruitment process

If you are employed by Schoen Clinic: 

  • details of your bank account and national insurance number; 
  • information about your marital status, next of kin, dependants and emergency contacts; 
  • information about your nationality and entitlement to work in the UK; 
  • details of your schedule (days of work and working hours) and attendance at work; 
  • details of periods of leave taken by you, including holiday, sickness absence, family leave and sabbaticals, and the reasons for the leave; 
  • details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence; 
  • assessments of your performance, including appraisals, performance reviews and ratings, performance improvement plans and related correspondence; 
  • information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments;
  • information about any criminal record; and
  • information about you or anyone in your household’s COVID-19 status, your vaccination status and any COVID-19 symptoms.

Schoen Clinic may collect this information in a variety of ways. For example, data might be collected through application and other forms, CVs or resumes; obtained from your passport or other identity documents such as your driving licence; from on-boarding forms, online HR systems completed by you at the start of or during employment (such as benefit nomination forms); from correspondence with you; or through interviews, meetings or other assessments.

In some cases, the organisation may collect personal data about you from third parties, such as references supplied by former employers, information from employment background check providers, information from credit reference agencies and information from criminal records checks permitted by law. 

Providing your personal data

We will tell you if providing some personal data is optional, including if we ask for your consent to process it. In all other cases, we expect you to provide your personal data so we can process your application and manage your employment with us.   

Monitoring of communications

Subject to applicable laws, we may monitor and record calls, emails, text messages, social media messages and other communications in relation to our dealings with you.  We will do this for regulatory compliance, self-regulatory practices, crime prevention and detection, to protect the security of our communications systems and procedures, to check for unlawful content, obscene or profane content, for quality control and staff training, and when we need to see a record of what has been said. We may also monitor activities on your network and systems’ accounts where necessary for these reasons and this is for our legitimate interests or other legal obligations. 

How we use your personal data and the legal basis for processing

We will process your personal data: 

  • to decide whether to employ you;
  • as necessary to support the employment contract with you and to pay you for your services;
  • to manage your benefits and pension arrangements;
  • to take steps at your request during the course of your employment;
  • to keep your records up to date;
  • as necessary for our own legitimate interests or those of other persons and organisations, e.g. for good governance, accounting, and managing and auditing our business operations; 
  • to monitor emails, calls, other communications, and activities on Schoen Clinic networks and systems; 
  • for market research, analysis and developing statistics;
  • as necessary to comply with a legal obligation, e.g.: When you exercise your rights under data protection law and make requests;
  • for compliance with legal and regulatory requirements and related disclosures; 
  • for compliance with the Health and Social Care Act and in considering how staff will be deployed;
  • for establishment and defence of legal rights; 
  • for activities relating to the prevention, detection and investigation of crime; 
  • to verify your identity and make credit fraud prevention and anti-money laundering checks; and 
  • to monitor your emails, calls, other communications, and activities on your Schoen Clinic and related providers networks. 

Based on your consent, e.g.

  • if you ask us to disclose your personal data to other people or organisations such as a company handling a claim on your behalf or an application for a mortgage; or otherwise agree to disclosures;
  • when we process any special categories of personal data about you at your request (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health, sex life or sexual orientation). 

You are free at any time to change your mind and withdraw your consent where we are relying on your consent to process your personal data. The consequence might be that we cannot continue to assist you with these activities. 

Our lawful basis for using your data

We only collect and use personal information about you when the law allows us to.  Most commonly we use it where we need to: 

  • fulfil a contract we have entered into with you;
  • comply with a legal obligation.  This will include any changes in the law in response to the pandemic;
  • carry out a task in the public interest e.g. providing information to the NHS to support management of colleagues and patients with or at risk of COVID-19;
  • protect your (or someone else’s vital interests (e.g. the processing is necessary to protect someone’s life).

We may also use personal information about you where:

  • you have given us consent to use it in a certain way;
  • we have legitimate interests in processing the data – for example, where you have applied for another position and references are required as part of the recruitment process.
  • if we are processing special category data e.g. health related data we may do this for purposes relating to:
  • employment, social security and social protection;
  • provision of health or social care to you or others;
  • public health such as protecting against serious cross border threats to health such as the COVID-19 Pandemic.

Some of the reasons listed above for collecting and using personal information about you overlap, and there may be several grounds which justify Schoen Clinic’s use of your data.

Who do we share your personal information with?

Subject to applicable data protection laws we may share your personal data with:

  • internally, your line managers, HR personnel, occupational health providers;
  • the Schoen Clinic group of companies and associated companies including entities in Germany;
  • sub-contractors and other persons who help us to provide products and services as part of your benefits package;
  • companies and other persons providing services to you as part of your employment including external testing laboratories;
  • our legal and other professional advisors, including our auditors;
  • fraud prevention agencies, credit reference agencies, and debt collection agencies;
  • government bodies and agencies in the UK and overseas (e.g. HMRC who may in turn share it with relevant overseas tax authorities) and with regulators e.g. the Financial Conduct Authority, the Information Commissioner's Office;
  • courts, to comply with legal requirements, and for the administration of justice;
  • in an emergency or to otherwise protect your vital interests;
  • to protect the security or integrity of our business operations;
  • when we restructure or sell our business or its assets or have a merger or re-organisation;
  • payment systems and payroll providers; and;
  • anyone else where we have your consent or as required by law.

Your rights under applicable data protection law

Your rights, under the data protection laws, are as follows (noting that these rights do not apply in all circumstances):

  • the right to be informed about processing of your personal data;
  • the right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed;
  • the right to object to processing of your personal data;
  • the right to restrict processing of your personal data;
  • the right to have your personal data erased (the "right to be forgotten”);
  • the right to request access to your personal data and information about how we process it;
  • the right to move, copy or transfer your personal data ("data portability") ; and
  • rights in relation to automated decision-making including profiling

You may exercise these rights by contacting us on SCHOENUKDPO@schoen-clinic.co.uk.

You have the right to complain to the Information Commissioner's Office (ICO). It has enforcement powers and can investigate compliance with data protection law. Contact the ICO on www.ico.org.uk.

Criteria used to determine retention periods

The following criteria are used to determine data retention periods for your personal data: 

  • retention in case of queries. We will retain your personal data as long as necessary to deal with any queries you may have (e.g. if your application is unsuccessful);
  • retention in case of claims. We will retain your personal data for as long as you may legally bring claims against us; and 
  • retention in accordance with legal and regulatory requirements. We will retain your personal data after you have left the organisation based on our legal and regulatory requirements. 

International transfers

Your personal data may be transferred outside the UK and the European Economic Area.  While some countries have adequate protections for personal data under applicable laws, in other countries steps will be necessary to ensure appropriate safeguards apply to it.  These include imposing contractual obligations of adequacy or requiring the recipient to subscribe or be certified with an 'international framework' of protection.

How to contact us

For more details on all the above you can contact our DPO at SCHOENUKDPO@schoen-clinic.co.uk.

Additional information for applicants (recruitment)

The purpose behind PeopleHR (a HR software system) is to simplify the employer's recruitment process and to enable efficient assessments of and communication with the candidates in this regard. As part of making use of PeopleHR the employer receives personal data from the candidates, and processes such personal data as part of the assessment of the skills and abilities of the candidates and whether he/she is suited for the announced position.

The legal basis for processing personal data is the candidates consent to such processing as part of applying for the position, where the candidate chooses what kind of personal data he/she decides to share with the employer in this regard, for instance by using the upload functionality from Google or Dropbox. Please note that candidates are entitled to withdraw this  consent at any time.

The employer is the data controller for the processing of personal data about candidates and all questions regarding privacy can be directed to the employer through the dedicated communication channels provided by PeopleHR. The personal data is processed for the purpose of providing, executing and developing the services.

PeopleHR has been independently audited, and meets the requirements for ISO 27001 registration. The scope covers how we manage information security in providing online Human Resource Management software and services to our customers. This means that the way we own, store, transfer, access, back up, monitor, test and review our security procedures, has been independently verified to an internationally recognised standard.

Personal data about candidates is processed in PeopleHR during the recruitment process and to the extent this is necessary to fulfil any legal requirements.

Candidates may at any time reach out to the employer in order to exercise the right to access, rectification or erasure of personal data, or to restrict the processing related to the candidate, or to object to the processing, as well as the right to data portability. In addition, candidates have a right to file a complaint to the data protection authorities with regards to the processing of their personal data.

For more information on how PeopleHR process your data please see the following link https://www.peoplehr.com/en-gb/security/

Should you wish to have your data removed from our database please send an email to our HR team.

5. Children

Who we are

We are Schoen Clinic, an independent provider of private healthcare, offering treatment to private patients and NHS patients. In order to provide healthcare services and receive payment for those services, Schoen Clinic need to collect and process certain information about you.

Here at Schoen Clinic, protecting and respecting your personal information is very important to us. This Privacy Notice explains what personal information we may collect from you and how that information may be used.

Get in touch

If you want to know more about the personal information we have of yours, or if you want to raise a question with us then email us. If you are under 13 your parent or carer would need to do this. If you are over 13 then you can write to our data protection officer at SCHOENUKDPO@schoen-clinic.co.uk.

We think it would be best if you discussed this with your parent or carer first, and that you copied them into any emails you send.

Personal data – what’s that?

What we mean is any information that could be used to identify you. This could be just your name and address; or, it could include a telephone number, email address, a picture or recording of you. As we might be giving you medical care there are things our healthcare professionals would need to know to help them do that. This could be quite sensitive and includes personal information about what treatment you have had in the past and how you are doing.

Where we get your personal data from

Basically, we get it from you or your previous medical records. If you are under 13 then your parent or carer has to give it to us on your behalf. If you are being treated by us then we might also take information from, for example, your GP or others involved in your care. This helps us to give you the best treatment. It is really important to know that we are really careful with this information.

When you are being treated by us we will sometimes ask you for personal information. Personal information means things like your name, your age, where you live and how we can contact you.

But that’s only if you are over 13. The first thing we would want to know, and check, is how old you are.

Are you Under 13?

If you are under 13 then we have to ask a parent or carer, or another adult who looks after you to give us that information for you. We tell them how we keep that information safe in our other ‘Privacy Notice’ – it is a bit longer than this one. They can ask to see any of that information, any time. You can also have a look at this if you want more information.

Are you over 13?

If you are over 13 and getting treatment from us then your healthcare professional will sit down with you and explain all of this and check that you understand what we do with your personal information – it is yours after all and that you know what your rights are.  Again have a look at our other Privacy Notice if you want more details.

Everyone here is trained in safeguarding which means that we know how to keep you safe and that includes how we keep your information safe. We don’t share it unless you tell us we can (unless we are really worried about you), and we store it safely.

We will process your data to make sure you get the best possible care but also to make sure we can protect it from anyone who shouldn’t see it and to make sure we are following all the laws and regulations.

How long we keep your data for?

We have thought a lot about how long we should hold on to personal data. We believe it is only as long as you would consider reasonable, or where we have to because of the law. We have a list of how long we keep all information and what we do with it (delete or archive) when its time is up. We keep it very safe on our systems, just like you would expect us too.

Your rights

You have all the same ‘rights’ with regard to your personal information as adults do. The main ones are that you can get a copy of all the data we hold about you; you can get any incorrect information put right; and you can complain to the Information Commissioner's Office (ICO).  They will check that we have complied with the data protection laws and will take action if we haven’t.  Contact the ICO on www.ico.org.uk

There are some other rights and you can see the rest of them in the full Patient Privacy Notice.

Who can see your information?

Most of your personal data is processed by staff in the UK although occasionally we may need to share it outside the UK with companies who help us to provide your treatment.  Sometimes we also share it with Cloud-based data storage providers like Microsoft; tax authorities like HMRC or external agencies like CQC who help to make sure that healthcare providers, like us, do things right

We may also share your data with law enforcement agencies (that’s the police) or statutory agencies (that’s the Court) if the law tells us we have to.

A word about ‘Cookies’

When anyone visits our website, their IP address, browser and version, operating system and the site they came from are stored in a log file. This information is only used for statistical purposes to help improve this site. Log files do not contain any personal information. We do not use cookies for collecting personal information and we will not collect any information about you except that required for administration of the web server.

If you have a concern about how we have handled or processed your data, or are unsatisfied with our response to a complaint you have raised with us then please contact the ICO – https://ico.org.uk/concerns

For parents

We use the data we gather from children, young people and families we are supporting for the sole purpose of providing the best care and support that we can to them. This might also include being able to evaluate the quality of support we have given and audit our practices. Where we believe sharing the information we have been given with other agencies is in the best interests of supporting the child or young person then we would do that.

We take our responsibility to safeguard the welfare of children, young people and vulnerable adults very seriously. We are legally obliged to pass on personal information to the relevant authority if we think a child, young person or vulnerable adult is at risk.

6. Research

Audits

Your personal data may be used by Schoen Clinic to carry out audits of clinical outcomes and support performance and process improvements. Where-ever possible we will use anonymised data. Where data that identifies you is used this is restricted to specialist teams.

PHIN

Sharing of your personal data to contribute to the review and publishing of information about the quality and cost of privately funded healthcare.

Schoen Clinic is required to provide hospital performance data to the Private Information Network (PHIN), which publishes information on the quality and cost of privately funded healthcare.  PHIN’s goal is to help patients make more informed choices about where to go for treatment.

The Private Information Network (PHIN) is the independent, government-mandated source of information about private healthcare. PHIN operates with a legal mandate to work with all hospitals and consultants providing private healthcare across the whole of the UK. That mandate comes from the Competition and Markets Authority (CMA) and imposes a legal duty on hospitals and consultants to submit data to PHIN as the official Information Organisation (IO) for private healthcare. 

The CMA’s Order is issued under the Enterprise Act 2002 and specifies 11 performance measures for PHIN to publish, by procedure, at both hospital and consultant level. These performance measures are also listed on PHIN’s website at https://media.phin.org.uk/about/our-mandate/. Section 167(2) of the Enterprise Act provides that, “Any person to whom such an undertaking or order relates shall have a duty to comply with it”.

On this basis. PHIN’s lawful bases for processing private patient data is Article 6(1)(c) of the GDPR: as due to the obligations under the CMA Order the lawful basis for the processing of personal data is “necessary for compliance with a legal obligation”. The same lawful basis applies to providers who have obligations under the CMA Order to disclose patient data to PHIN

Publication will be made via the PHIN website in a format that will allow patients requiring hospital treatment and their doctors to search for local private hospitals by procedure and to compare how they perform in terms of quality and safety based on treatment data. Individuals are then able to make informed choices; which Consultant to see, which treatment option to follow, and at which hospital to be treated.  This information will not be in a form where individuals can be identified.

The PHIN Privacy Notice can be found at https://www.phin.org.uk/about/our-privacy-policy

Sharing NHS numbers

Your NHS number may be shared with PHIN as part of the process above.  An additional reason for obtaining the NHS Number relates to Schoen Clinic’s intention to access the UK Child Protection Information Sharing (CP-IS) system in order to facilitate the sharing of information between health and local authorities where a child may be at risk of being neglected, maltreated or abused.

Schoen Clinic ensures all the information it holds is kept safe and confidential.

Sharing of your personal data for scientific research purposes

Schoen Clinic will only share your personal data for research purposes if:

  • it is fully anonymised and you cannot be re-identified from the anonymised information;
  • it is being shared for one of the purposes above; or
  • we have obtained your explicit written consent.

Any data sharing will always be subject to applicable data protection laws.

7. Visitors to website

How we use cookies

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

Content management and responsibility

Schoen Clinic UK Limited, "Schoen Clinic", and the hosts of this website, accept no responsibility for, and exclude all liability in connection with browsing this website, use of information on this website and downloading any material from it, including, but not limited to, any liability for errors, inaccuracies, omissions or misleading or defamatory statements.

Downloads

Although every reasonable effort is made to ensure that files are free of defects and viruses, there are no guarantees that they are free from defects or computer viruses. Therefore, no warranty or guarantee is given by Schoen Clinic, regarding files downloaded or accessed through Schoen Clinic's website or through a link accessed via Schoen Clinic's website.

Website contents

This website is intended to enable information relevant to the work of Schoen Clinic, to be freely available on the World Wide Web. Whilst Schoen Clinic hopes you find this website interesting and informative, the contents are for general information only. Schoen Clinic believes the contents to be true and accurate as at the date of writing, but can give no assurances or warranties regarding the accuracy, currency or applicability of any of this website's contents. As such, the contents of this website should not be relied upon. In addition, none of the content of this website will form any contract between Schoen Clinic and any user of the website, nor constitute any offer by Schoen Clinic. The use of and access to pages of the Schoen Clinic website is subject to the foregoing disclaimer, and the terms and conditions set out below. By using or accessing this website, you agree to be bound by these terms and conditions.

Schoen Clinic shall not be liable for any loss or damage howsoever arising in connection with the content of the website. Schoen Clinic does not guarantee that the website will be error-free, omission-free, uninterrupted or without delay.

Website security

Whilst Schoen Clinic makes all reasonable attempts to exclude viruses from the website, we cannot guarantee that the website will be virus free and accept no liability in the unlikely event that the website is not virus free.

Users are recommended to take appropriate safeguards before downloading information from this website. 

Access to information

Schoen Clinic will not share your confidential information with anyone outside of Schoen Clinic. You are prohibited from posting or transmitting, to and from, the website any unlawful, threatening, defamatory, obscene, and pornographic or other material which would violate any law.

Unless otherwise specified, the materials on this website are directed solely at those who access this website from the United Kingdom mainland. Schoen Clinic makes no representation that any information, product or services referred to in the materials on this website are appropriate for use, or available, in other locations. Those who choose to access this website from other locations are responsible for compliance with local laws if and to the extent local laws are applicable.

Website availability

Although the website has been tested and should work correctly under normal circumstances, there are many factors both within and outside of the control of Schoen Clinic, which may prevent the website from being available.

No responsibility is accepted by Schoen Clinic, for any losses howsoever caused that may arise from an inability to access or to access resources through its website. If you find any errors within the Schoen Clinic website, including links that do not work, pages linked to the wrong document and out of date information, please email the Schoen Clinic digital team.


Lawful basis for processing

Why we need to process your personal information

8. Legal references

In most circumstances, Schoen Clinic will rely on Article 6 (1) (b) and Article 9 (2) (h) of the General Data Protection Regulations (GDPR) for the processing of your personal data. The GDPR has been incorporated into UK law as part of the Data Protection Act 2018. In addition Schoen Clinic may rely one or more of the following basis including when sharing personal data.

            • Legal obligation: the processing is necessary for compliance with a legal obligation Article 6 (1)(c) *
            • Vital interests: the processing is necessary to protect someone’s life. Article 6 (1) (d)
            • Public interest: the processing is necessary to perform a task in the public interest. Article 6 (e)
            • Legitimate interests: the processing is necessary for an organisation’s legitimate interests or the legitimate interests of a
               third party Article 6 (1) (f)

When processing special category data Schoen Clinic may rely on;
            • Employment, social security and social protection Article 9 (2)(b)
            • Vital interests of the Data Subject Article 9 (2) (c)
            • Substantial public interest Article 9 (2) (g)
            • Provision of health or social care Article 9 (2) (h)
            • Public interest in the area of public health such as protecting against serious cross border threats to health Article 9 (2) (i)
            • Consent Article 9 (2)(a)

* This includes the Notice by Secretary of State under Reg 3(4) of Health Service Control of Patient Information Regulations issued 1st April 2020 allowing healthcare providers to share personal data and any other such notice that may be issued to support efforts against COVID-19.

Lawful basis

Why we need to process your personal information

1 Our ground to process your personal information

2 Additional ground to Additional lawful basis for Special category data e.g. health records

Contacting you following an enquiry from you through our website, by email, by phone line or social media

Necessary steps for us to enter into a contract with you

    • For the provision of health or social care or treatment
    • Necessary to protect vital interests
    • Necessary for defense of legal claims

    Establishing a patient record

    Necessary steps for us to enter into a contract with you.

    Legitimate interests and appropriate business need to use your information which does not overly prejudice your rights.

    • For the provision of health or social care or treatment
    • Necessary to protect your vital interest or the vital interests of another person where you or they are not capable of giving consent

    To provide you with healthcare and related services

    Fulfilling our contract with you for
    the provision of health care and/or treatment.

    To protect your vital interest of the vital interests of another person where you or they are not capable of giving consent.

    Necessary for task carried out in the public interests

    • For the provision of health or social care or treatment
    • Necessary to protect your vital interest or the vital interests of another person where you or they are not capable of giving consent
    • Necessary for task carried out in the public interests

    To ensure that your account and billing is fully accurate and up-to-date

    Fulfilling our contract with you for the provision of health care and/or treatment.

    Legitimate interests and appropriate business need to use your information which does not overly prejudice your rights.

    • For the provision of health or social care or treatment
    • The use is necessary in order for us to establish, exercise or defend our legal rights

    Maintaining improved quality of service, training including conducting post treatment surveys, but excluding marketing

    Legitimate interests and appropriate business need to use your information which does not overly prejudice your rights

    • Necessary to manage health or social care systems or services

    Maintaining accounting and financial records, internal and external audit requirements

    Legitimate interests and appropriate business need to use your information which does not overly prejudice your rights.

    For compliance with legal obligations.

    • N/A

    Disclose information to regulatory bodies (see exception with PHIN below)

    To comply with a legal or regulatory obligation.

      • Necessary for reasons of substantial public interest
      • Necessary to protect against serious cross-border threats to public health

      Disclose information to regulatory bodies or information organisations, including the Private Health Care Information Network” (PHIN).

      To comply with a legal or regulatory obligation.

        • Necessary for reasons of substantial public interest

        To answer any complaint or legal claim from you

        Legitimate interests and appropriate business need to use your information which does not overly prejudice your rights.

        For compliance with legal obligations

        To establish, exercise or defend our legal rights

        • Necessary for the establishment, exercise, or defence of legal claims

        Communicating with third party, share updates about your care (e.g. insurance companies) and updating other healthcare professionals about your care (e.g. NHS)

        Fulfilling our contract with you for the provision of health care and/or treatment

        Legitimate interests and appropriate business need to use your information which does not overly prejudice your rights

        • Necessary for the provision of health care or treatment or the management of health care systems pursuant to contract with a health professional
        • Necessary for reasons of public interests in the area of public health and ensuring high standards of quality and safety of health care

        Use of closed-circuit television (CCTV) for security purposes

        Legitimate interests and appropriate business need to use your information which does not overly prejudice your rights

        • N/A

        We may provide your personal information to our third party survey provider

        Legitimate interests and appropriate business need to use your information which does not overly prejudice your rights

        • Your consent

        Provide marketing information to you

        Your explicit consent

        • N/A

        9. National data opt-out policy (NHS patients)

        Schoen Clinic UK Group is one of many organisations aiming to enhance patient and public care in the health and care system.

        When you access a health or care service, such as going to a hospital or receiving Community Care, important information about you is documented in a patient record for that service. Gathering this information will assist you in receiving the best possible care and treatment.

        You have the option of allowing your sensitive patient data to be used in this way.

        10. Special products and services on the website

        10.1. Use of social media plug-ins

        (1) We currently use the following social media plug-ins: Meta (Facebook and Instagram).

        (2) We do not have any influence on the data collected or the data processing procedures nor are we aware of the full extent of the data collection, purposes of processing or storage periods by the plug-in provider. We also have no information regarding deletion of the data collected by the plug-in provider.

        (3) The plug-in provider stores the data collected about you as a user profile and uses this for the purposes of marketing, market research and/or the needs-based design of their website. This analysis is performed (even for users who are not logged in) in particular for the purpose of displaying relevant advertisements and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this right, you must contact the relevant plug-in provider. We offer you the opportunity to interact with the social networks and other users via the plug-ins, so that we can improve our products and services and continue to develop them in a way that is interesting for you as a user. The legal basis for the use of the plug-ins is article 6 paragraph 1 page 1 of GDPR.

        (4) Data will be passed on regardless of whether you have an account with the plug-in provider and are logged in. If you are logged in with the plug-in provider, the data we have collected about you will be directly matched to your existing account with the plug-in provider. If you press the activated button and link to the site, for example, the plug-in provider will store this information in your user account as well and will share it publicly with your contacts. We recommend logging out of social networks regularly after using them, but especially before using the button, in order to avoid being matched to your profile by the plug-in provider in this way.

        (5) You can find more information on the purpose and extent of data collection and its processing by the plug-in provider in the data protection declarations from these providers linked below. You can also find more information there on your rights relating to this and the settings available to you to protect your privacy.

        (6) Address for the plug-in provider and URLs with data protection information:

        Meta Inc., 1601 S California Ave, Palo Alto, California 94304, USA; www.facebook.com/policy.php
        www.facebook.com/help/186325668085084
        www.facebook.com/about/privacy/your-info-on-other#applications

        www.facebook.com/about/privacy/your-info#everyoneinfo.
        Meta has signed up to the EU-US Privacy Shield; www.privacyshield.gov/EU-US-Framework.

        10.2. Incorporation of YouTube videos

        (1) We have incorporated YouTube videos in our online services, which are stored on www.youtube.com and can be played directly on our website. These are all incorporated in “expanded data protection mode”, i.e. no data about you as a user is transferred to YouTube if you do not play the videos. The data listed in paragraph 2 is transferred only if you play the videos. We have no influence over this data transfer.

        (2) When you visit the website, YouTube will be informed that you have requested the corresponding page on our website. In addition, the data listed under section 3 of this declaration will be transferred. This will occur regardless of whether YouTube has provided a user account and you have logged into it or if you do not have an account. If you are logged into Google, your data will be matched directly to your account. If you would not like your data to be matched to your profile with YouTube, you must log out before activating the button. YouTube stores your data as a user profile and uses this for the purposes of marketing, market research and/or the needs-based design of their website. This analysis is performed (even for users who are not logged in) in particular for the purpose of serving relevant advertisements and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this right, you must contact YouTube.

        (3) You can find more information on the extent and purpose of data collection and its processing by YouTube in the data protection declaration. You can also find more information there on your rights relating to this and the settings available to you to protect your privacy:
        www.google.de/intl/de/policies/privacy. Google processes your personal data in the USA as well and has signed up to the EU-US Privacy Shield; www.privacyshield.gov/EU-US-Framework.

        10.3. Incorporation of Google Maps

        (1) We use Google Maps on this website. This allows us to display interactive maps directly on the website and allows you to use the map function easily.

        (2) When you visit the website, Google will be informed that you have requested the corresponding page on our website. In addition, the data listed under section 3 of this declaration will be transferred. This will occur regardless of whether Google has provided a user account and you have logged into it or if you do not have an account. If you are logged into Google, your data will be matched directly to your account. If you would not like your data to be matched to your profile with Google, you must log out before activating the button. Google stores your data as a user profile and uses this for the purposes of marketing, market research and/or the needs-based design of their website. This analysis is performed (even for users who are not logged in) in particular for the purpose of serving relevant advertisements and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this right, you must contact Google.

        (3) You can find more information on the purpose and extent of data collection and its processing by the plug-in provider in the data protection declarations from the providers. You can also find more information there on your rights and the settings available to you to protect your privacy: www.google.de/intl/de/policies/privacy. Google processes your personal data in the USA as well and has signed up to the EU-US Privacy Shield: www.privacyshield.gov/EU-US-Framework.

        10.4. Online marketing

        4.1 Use of Google Adwords conversion

        (1) We use the Google Adwords product to advertise our products and services on external websites using advertising media (‘Google Adwords’). We can determine in relation to the advertising campaign data how successful the specific advertising campaigns are. We are interested in using this to show you advertisements that are interesting to you, to design our website in a more interesting way for you and to achieve a fair calculation of advertising costs.

        (2) The advertising media are delivered by Google via an ‘ad server’. For this purpose, we use ad server cookies, which can be used to monitor specific parameters for measuring success, such as the display of advertisements or clicks by the user. If you are brought to our website by a Google advertisement, Google Adwords will store a cookie on your PC. These cookies usually expire after 30 days and should not then be able to identify you personally. The Unique Cookie ID, number of Ad Impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (a marker that the user no longer wants to be contacted) are usually saved to this cookie as analysis values.

        (3) These cookies allow Google to recognise your internet browser if you return. If a user visits specific pages on the website of an Adwords customer and the cookie on their computer has not yet expired, Google and the customer can determine that the user has clicked on the advertisement and been forwarded to this page. Each Adwords customer is assigned a different cookie. Cookies cannot be traced back via the websites of Adwords customers. We ourselves do not collect any personal data in the advertising media named above. We are provided only with statistical analysis by Google. We can use this analysis to determine which of the advertising media we use are particularly effective. We do not receive any more data on the use of the advertising media, and in particular we cannot identify users using this information.

        (4) Because of the marketing tools used, your browser automatically makes a direct connection to Google's server. We have no influence on the extent and further use of the data collected by Google through the use of this tool and therefore advise you of our understanding of the process: the incorporation of Adwords conversion means that Google is informed that you have requested part of our website or have clicked on one of our advertisements. If you are registered with one of Google's services, Google can match the visit to your account. Even if you are not registered or logged in with a Google service, there is a possibility that the provider might find out and store your IP address.

        (5) You can prevent involvement in this tracking process in various ways: a) using the appropriate setting in your browser software; rejecting third-party cookies in particular should mean that you do not receive any advertisements from third-party companies; b) deactivating the cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”, www.google.de/settings/ads; this setting will be erased when you delete your cookies; c) by deactivating interest-based advertising from a provider who is part of the “About Ads” self-regulation campaign via the link www.aboutads.info/choices; this setting will be erased when you delete your cookies; d) by permanently deactivating it in your browsers, Firefox, Internet Explorer or Google Chrome at the link www.google.com/settings/ads/plugin. Please be advised that you may not be able to use all the functions of the products and services if you do this.

        (6) The legal basis for the processing of your data is article 6 paragraph 1 page 1 of GDPR. You can find more information on data protection at Google here:
        www.google.com/intl/de/policies/privacy and services.google.com/sitestats/de.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at www.networkadvertising.org. Google has signed up to the EU-US Privacy Shield; www.privacyshield.gov/EU-US-Framework.

        4.2 Remarketing

        In addition to Adwords conversion, we use the Google Remarketing application. This is a process we would like to use to address you. This application can be used to show you our advertisements on other websites after you have visited our website. This is done using cookies stored in your browser that are used by Google to determine and analyse your user behaviour when you visit various websites. Google can use this information to determine that you visited our website in the past. According to statements made by Google, they do not combine data collected as part of Remarketing with any personal data relating to you that has been stored by Google. In particular, according to Google, pseudonymisation is used for Remarketing.

        4.3 Google Marketing Platform

        This website uses Display & Video 360, an advertising product at the Google Marketing Platform. Display & Video 360 uses cookies to serve ads relevant to users, improve campaign performance reports, or prevent a user from seeing the same ads more than once. Google uses a cookie ID to track which ads are displayed in which browser and to prevent them from being displayed more than once. In addition, Display & Video 360 may use cookie IDs to capture conversions related to ad inquiries. According to Google, DoubleClick cookies do not contain any personal information. In addition, user profiles are created, which are used for own market research purposes - in particular on the basis of the identified interests.

        Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the extent and the further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge: By integrating Display & Video 360, Google receives the information that you have opened the corresponding part of our Website or clicked on our ads. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.

        In addition, the DoubleClick Floodlight cookies help us understand whether you perform certain actions on our website after you have viewed or clicked on one of our display/video ads on Google or another platform (conversion tracking). Display & Video 360 uses this cookie to understand the content with which you have interacted on our websites in order to be able to send you targeted advertising later.

        You can prevent this tracking in various ways:

        • by setting your browser accordingly, in particular the blocking of third party cookies means that you will not receive any ads from third party providers;
        • by disabling cookies for conversion tracking by setting your browser to block cookies from the "googleadservices.com" domain, www.google.de/settings/ads. However this setting will be deleted when you delete your cookies; Google uses different types of cookies. An overview can be found here: policies.google.com/technologies/types?hl=EN
        • by deactivating the interest-based ads of the providers that are part of the "About Ads" self-regulation campaign via the link www.aboutads.info/choices, this setting being deleted if you delete your cookies;
        • by permanent deactivation in your browsers Firefox, Internet Explorer or Google Chrome under the link www.google.com/settings/ads/plugin.

        Please note that in this case you may not be able to use all functions of this website to the full extent. Further information on Display & Video 360 by Google is available at marketingplatform.google.com/about/display-video-360/ and support.google.com/displayvideo/answer/9059464?hl=en, and on data protection at Google in general: policies.google.com/privacy?hl=en&gl=en

         

        10.5 EnquiryBot

        We utilise the services of EnquiryBot to ensure that our clients and potential clients can access all of the information they need about our services, and receive responses in a timely manner.  Please see the EnquiryBot Privacy Notice here