Name and contact details of the data controller in accordance with Art. 4 para. 7 GDPR
P&N – PRICING & NEGOTIATIONS IN HEALTH CARE LTD.
STE 2701, 145 KING ST W
TORONTO, ON M5H 1J8
Further details on parties responsible can be found in the legal notice.
Security and protection of your personal data
We consider it our primary task to maintain the confidentiality of the personal data you provide and to protect them from unauthorised access. That is why we take the utmost care and apply the latest security standards to ensure maximum protection of your personal data.
As a company under private law, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the provisions of the German Federal Data Protection Act (BDSG). We have adopted technical and organisational measures to ensure that data protection regulations are observed both by us and by our external service providers.
- Personal data
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
“Processing” is any process carried out, with or without the aid of automated processes, or any such series of processes in connection with personal data, such as collecting, recording, organising, ordering, storing, adapting or changing, reading out, retrieval, use, disclosure by transmission, distribution or any other form of making available, matching or linking, restriction, deletion or destruction.
- Restriction of the processing of your data
Restriction of the processing of your data is the identification of stored personal data in order to limit its processing in the future.
“Profiling” is any type of automated processing of personal data consisting of using these personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning said natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation is the processing of personal data in such a way that they can no longer be attributed to a specific data subject without additional information, provided that this additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data cannot be attributed to an identified or identifiable natural person.
- File system
A “file system” is any structured collection of personal data that is accessible according to certain criteria, whether that collection is centralised, decentralised, or organised according to functional or geographical considerations.
- Responsible party
A “data controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the data controller or the specific criteria for its nomination may be provided for by Union or Member State law.
a. Data processor
A “data processor” is a natural or legal person, public authority, institution or other body that processes personal data on behalf of the data controller.
The “recipient” is a natural or legal person, public authority, institution or other body to whom or to which personal data are disclosed, whether or not they are third parties. Authorities which may receive personal data under Union or national law in connection with a particular investigation mandate are not considered to be recipients; the processing of such data by said authorities shall be in accordance with the applicable data protection rules in accordance with the purposes of the processing;
- Third party
A “third party” is a natural or legal person, public authority, institution or other body other than the data subject, the data controller, the data processor and the persons authorised to process the personal data under the direct responsibility of the data controller or data processor.
“Consent” of the data subject means any freely given, specific, informed and unambiguous declaration of intent made by the data subject for the specific case, in which the data subject indicates that they agree to the processing of their personal data.
Lawfulness of processing
The processing of personal data is only lawful if there is a legal basis for the processing. In accordance with Art. 6 para. 1 lit. a – f GDPR, the legal bases for data processing can specifically include:
- The data subject has given consent to the processing of their personal data for one or more specific purposes;
- the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- the processing is necessary for compliance with a legal obligation to which the controller is subject;
- the processing is required to protect the vital interests of the data subject, or another natural person;
- the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- the processing is necessary to safeguard the legitimate interests of the data controller or a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail, in particular where the data subject is a child.
Information about the collection of personal data
Below, we provide information on the collection of personal data when using this website.
“Personal data” include any data that personally relate to you, e.g. name, address, email addresses, user behaviour.
When you contact us via email or by means of a contact form, the information you provide (your email address, your name and telephone number if applicable) shall be stored by us in order to answer your questions. We shall delete the data collected in this context after their storage is no longer required, or otherwise limit their further processing insofar as legal storage requirements exist.
Collection of personal data when visiting our website
If you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data which your browser transmits to our server. If you wish to view our website, we collect the following data which are technically necessary for us to display our website to you and to guarantee stability and security (legal basis is Article 6 Para. 1 S. 1 lit. f GDPR.
- IP address
- Date and time of request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Request status/HTTP status code
- Amount of data transmitted
- Website making the request
- Operating system and device
- The language and version of the browser software
Our websites use so-called “cookies” in several places. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files which are stored on your computer and saved by your browser. Most of the cookies we use are known as “session-cookies”. They are automatically deleted after your visit. Besides these cookies, there are some persistent cookies which we use to recognise you as visitor. Cookies do not harm your computer and do not contain any viruses.
You can set up your browser so that you are informed if the website contains a cookie or if the storage of cookies has been suppressed. In individual cases, however, this may result in you not being able to use all the functions of our website to their full extent.
Additional features and offers of our website
Aside from the purely informational use of our website, we offer various services that you can make use of if you are interested. For this purpose, you must provide further personal data which we use to provide the respective service and to which the aforementioned data processing principles apply.
We sometimes use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly audited.
Furthermore, we may disclose your personal data to third parties if we offer special deals, competitions, or conclude contracts or similar services in collaboration with partner firms. For more information, please provide your personal data or see the description of the offer below.
If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.
By providing us with your consent, you can subscribe to our newsletter, in which we will regularly provide you with information about our current interesting offers. The advertised goods and services are named in the declaration of consent.
To subscribe to our newsletter, we use the double opt-in procedure. This means that after your registration we will send an email to the email address you provide. This email will ask you to confirm that you would like the newsletter to be sent. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we will store your IP address and the time of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
The only information required to receive the newsletter is your email address. The provision of further, separately marked data is voluntary and is used to be able to address you personally. After your confirmation, we will save your email address for the purpose of sending you the newsletter. The legal basis is Article 6 para. 1 sent. 1 lit. a) GDPR.
You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in each newsletter email – via this website form – by email to email@example.com or by sending a message to the contact details provided in the imprint.
We would like to point out that we evaluate how you interact with our newsletter. For this analysis, the emails sent contain so-called web beacons or tracking pixels, which are one-pixel files, which are stored on our website. For the evaluations, we link the data mentioned in § 3 and the web beacons with your email address and an individual ID. The data are exclusively collected pseudonymised, so the IDs are not linked to your personal data and are not directly linked to you personally. You can object to this tracking at any time by clicking on the separate link provided in each e-mail or by informing us via another contact method. The information is stored for as long as you have subscribed to the newsletter. After cancelation we store the data purely statistically and anonymously.
Rights of the data subject
Revocation of consent
Insofar as the processing of your personal data is based on your consent, you have the right to revoke your consent at any time. Revocation of consent does not affect the legality of processing carried out on the basis of the consent up to the point of revocation.
You can contact us at any time to exercise your right of revocation.
Right of confirmation
You have the right to request confirmation from the data controller as to whether we are processing personal data relating to you. You can request confirmation at any time using the aforementioned contact details.
Right to information
If your personal data are being processed, you can request information about these personal data and the following points at any time:
- the processing purposes:
- the categories of personal data being processed;
- the recipients or categories of recipients to whom the personal data have been or are still being disclosed, in particular recipients in third countries or international organisations;
- if possible, the planned duration for which the personal data shall be stored, or, if this is not possible, the criteria for determining this duration;
- the existence of a right of rectification or deletion of personal data concerning you or of a restriction on processing by the data controller or of a right to oppose such processing;
- the existence of a right to appeal to a supervisory authority;
- if the personal data has not been obtained from the person in question, all available information on the origin of the data;
- the existence of automated decision-making including profiling in accordance with Art. 22 paras. 1 and 4 GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
If personal data are transferred to a third country or to an international organisation, in accordance with Art. 46 GDPR you have the right to be informed of the appropriate guarantees in relation to the transfer. We provide a copy of the personal data that are subject to processing. For any additional copies you request, we may charge a reasonable fee based on administrative costs. If you submit the application electronically, the information must be made available in a common electronic format, unless otherwise specified. The right to receive a copy in accordance with para. 3 shall not affect the rights and freedoms of any other person.
Right to correction
You have the right to request us to rectify any incorrect personal data concerning you without delay. Taking into account the purpose of the data processing, you also have the right to demand the completion of your incomplete personal data – also by means of a supplementary declaration.
Right to deletion (Right to be forgotten)
You have the right to request that the data controller delete personal data concerning you immediately, and we are obliged to delete personal data immediately if one of the following reasons applies:
- The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
- The data subject revokes his or her consent concerning the basis for the processing pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal basis for the processing.
- The data subject objects to the processing in accordance with Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in accordance with Art. 21. para. 2 GDPR.
- The personal data has been unlawfully processed.
- Deletion of the personal data is necessary to fulfil a legal obligation under Union or Member State law to which the data controller is subject.
- The personal data was collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
In the event that the data controller has made personal data public and is obliged to delete such personal data in accordance with Art. 1 para. 1 GDPR, then the data controller will take the appropriate measures to inform other data processors involved in processing the disclosed personal data that a request has been made to delete all links to the personal data, as well as to delete all copies or replications of the personal data. Such measures include measures of a technical nature, taking into account the available technology and the implementation costs.
The right to deletion (“right to be forgotten”) does not exist if data processing is necessary:
- To exercise the right to freedom of expression and information;
- To fulfil a legal obligation requiring the data to be processed under the law of the Union or the Member States to which the data controller is subject, or to perform a task in the public interest, or in the exercise of official authority delegated to the controller;
- For reasons of public interest in the field of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
- For archival purposes in the public interest, for scientific or historical research purposes, or for statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the law referred to in para. 1 is likely to render impossible or seriously prejudice the achievement of the objectives of such processing, or
- To assert, exercise or defend legal claims;
Right to restriction of processing
You have the right to request us to restrict processing if one of the following conditions is met:
- the data subject disputes the correctness of the personal data, and the data controller is granted sufficient time to verify whether the data is correct or not;
- the processing is unlawful, and the data subject refuses to have the personal data deleted and instead requests that their use be restricted;
- the data controller no longer needs the personal data for the purposes of processing, but the data subject needs them to assert, exercise or defend legal claims, or
- the data subject has lodged an objection to the processing in accordance with Art. 21 para. 1 GDPR and it is not yet clear whether the legitimate grounds of the data controller override those of the data subject.
If the processing of personal data has been restricted in accordance with the above conditions, such data, with the exception of storage, may only be processed with the consent of the data subject or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
In order to assert the right to restrict processing, the data subject can contact us at any time using the contact details provided above.
Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, current and machine-readable format, and you have the right to transmit these data to another data controller without our interference, provided that:
- the processing is based on consent granted in accordance with Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a or on a contract in accordance with Art. 6 para. 1 lit. b GDPR and
- the processing is performed by automated means.
Furthermore, when exercising your right to data portability, according to Paragraph 1, you have the right to have the personal data transmitted directly from one data controller to another, where technically feasible. Exercising your right to data portability does not affect your right to deletion (“right to be forgotten”). This right does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority that has been delegated to the data controller.
Right to object
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data based on Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. The data controller shall no longer process personal data unless they can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes, including profiling in so far as it is related to direct marketing of this type. If you object to the processing of your personal data for direct marketing purposes, we shall no longer process your personal data for these purposes.
In relation to the use of services provided by the Information Society and notwithstanding Directive 2002/58/EC, you also have the opportunity to exercise your right to object by means of automated procedures using technical specifications.
You have the right, for reasons arising from your particular situation, to object to the processing of your personal data for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR, unless the processing is necessary to fulfil a task in the public interest.
You can exercise your right to object at any time by contacting the data controller.
Automated individual decision-making, including profiling
You have the right not to be subjected to a decision based solely on automated processing – including profiling – that will have a legal effect on you or similarly impact upon you in a considerable manner. This does not apply if the decision:
- is necessary for the conclusion or performance of a contract between the data subject and the data controller,
- is permitted by Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard the rights and freedoms and legitimate interests of a data subject, or
- is carried out with the express consent of the data subject.
The data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express a point of view and to contest the decision.
The data subject can exercise this right to object at any time by contacting the data controller.
Right to lodge a complaint with a supervisory authority
As the data subject you also have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of your personal data infringes this regulation.
Right to an effective judicial remedy
You have the right to an effective judicial remedy, without prejudice to any available administrative or extrajudicial remedy, including the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR, if you believe that the rights to which you are entitled under this regulation have been infringed as a result of the processing of your personal data not being in accordance with this regulation.
Use of social media plug-ins
We currently use the following social media plug-ins: [Xing, LinkedIn]. We use the so-called two-click solution. This means that if you visit our site, initially no personal data will be passed on to the providers of these plug-ins. You can recognise the provider of the plug-in by the marking on the box above its initial letter or the logo. We offer you the option to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it, will the plug-in provider receive the information that you have accessed the corresponding website via our online offer. In addition, the data mentioned in § 3 of this policy are transmitted. In the case of Facebook, according to the respective providers in Germany, the IP address is anonymised immediately after collection. By activating the plug-in, data are automatically transmitted to the respective plug-in provider and stored there (US providers in the USA). Since the plug-in provider collects data mainly via cookies, we recommend that you delete all cookies using your browser’s security settings before clicking on the greyed-out box.
We have no influence on the data collected and data processing processes, nor are we aware of the full extent of data collection, the purposes of processing, the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.
The plug-in provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or demand oriented design of its website. Such evaluation is carried out in particular (also for users who are not logged in) to display customised advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles. You must contact the respective plug-in provider to exercise this right. Through the plug-ins we offer you the option to interact with social networks and other users, so that we can improve our offering and make it more interesting for you as a user. The legal basis for the use of plug-ins is Article 6 Para. 1 S. 1 lit. f GDPR.
The data are passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, the data we collect about you will be directly assigned to your existing account with the plug-in provider. When activating the activated button and linking the page, for example, the plug-in provider also stores this information in your user account and communicates this to your contacts in public. We recommend that you log out regularly after using a social network, especially before activating the button, so as to avoid mapping to your profile with the plug-in provider.
For more information on the purpose and extent of the data collection and their processing by the plug-in provider, please refer to the privacy policies of these providers shown below. Here, you will also find further information on your rights and settings options for protecting your privacy.
Addresses of plug-in providers and URL with their privacy policies:
- LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA;
LinkedIn has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Integration of YouTube plugins (Videos)
Integration of Captivate Podcast Player
Captivate also processes the following data for statistical purposes: Type of end device and name of the app that you are using, referrer URL, IP address for geolocation and fraud prevention, date and time of retrieval, name of the file and information, whether retrieved fully or only partially. Captivate deletes this data after 26 months. We receive aggregated reports, e.g. the total number of retrievals, from Captivate, which cannot be traced back to individual users.
In the event of integration, it cannot be excluded that the data will be transmitted to the United Kingdom. This transmission takes place on the basis of the arrangement pursuant to Art. 45 GDPR, which was issued by the European Commission for the United Kingdom: https://ec.europa.eu/info/sites/default/files/decision_on_the_adequate_protection_of_personal_data_by_the_united_kingdom_-_general_data_protection_regulation_en.pdf