Privacy Policy

(hereinafter "Privacy Policy")

Welcome to our website. We appreciate your interest in our company and services. We are committed to safeguarding your privacy when you use our website. As the controller and service provider of the website

dental-visionist.com

(hereinafter also "website")

we,

VITA Zahnfabrik H. Rauter GmbH & Co. KG
Spitalgasse 3
79713 Bad Säckingen
(Legal Information)

(hereinafter also "we" or "VITA")

would like to inform you about how we process your personal data and explain your rights as a data subject when you use our website.

Your personal data is processed solely in accordance with the provisions of the data protection laws of the European Union, in particular, the EU General Data Protection Regulation (hereinafter "GDPR") and supplementary to the Federal Data Protection Act (hereinafter "BDSG") as well as other statutory provisions on data protection (together "privacy laws").

If you would like to review the GDPR, you can find it on the Internet at: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.

This Privacy Policy applies solely to the website accessible at the domain dental-visionist.com, including all subdomains. The following notices do not apply to other websites of VITA or third-party websites to which this website links. The terms used in this policy, such as "personal data" or its "processing", correspond to the definitions in Article 4 of the GDPR.

1. Subject matter of data protection and legal bases

The subject matter of data protection is personal data. Personal data means any information relating to an identified or identifiable natural person ('data subject'). Your personal data therefore includes any data that can be used to identify you, such as your name, address, telephone number or e-mail address. Personal data also includes information arising from the use of our website, such as the beginning, end and scope of use, or your IP address.

We process your data only where permitted under an applicable law. We base the processing of your data on the following legal bases, among others:

- Consent (Article 6 (1), sentence 1 (a) of the GDPR):
We will process certain data only with your prior explicit and voluntary consent. You have the right to withdraw your consent to future processing at any time.

- Performance of a contract or in order to take steps prior to entering into a contract (Article 6 (1), sentence 1 (b) of the GDPR): We require certain data from you to initiate or fulfill your contractual relationship with VITA.

- Compliance with a legal obligation (Article 6 (1), sentence 1 (c) GDPR): In addition, we process your personal data in order to fulfill legal obligations, regulatory requirements or commercial and tax-related retention requirements.

- Safeguarding of legitimate interests (Article 6 (1), sentence 1 (f) GDPR): VITA will process certain data in order to safeguard its interests or those of third parties. However, this does not apply if such interests are overridden by your interests.

Please note that this is not a complete or exhaustive list of possible legal bases. These are merely examples designed to make the legal bases for data protection more transparent. For details on the legal basis for individual data processing activities on our website, please refer to the explanations in the following sections.

2. Server log data

You can visit the public part of our website, which is accessible without prior registration, without providing any personal information. The following information about your access can be collected when you visit our website:

- The IP address of the requesting device

- Pages and files viewed

- The http response code

- The size of pages and files viewed, in bytes

- The website from which you accessed our website (referrer URL)

- Date, time and time zone of the server request

- Browser type and version

- Operating system of the requesting device

We process this data on the basis of Article 6 (1), sentence 1 (f) of the GDPR for the purpose of providing the website as well as ensuring the technical operation and security of our IT systems. In doing so, we pursue the interest of enabling and sustaining the use of our website and its technical functions. This data is automatically processed when you visit our website. You cannot use our website without providing this data. We do not use this data for the purpose of identifying you.

Data that is collected automatically is usually deleted after 11 weeks, unless we are required to retain it longer for the above purposes under exceptional circumstances. In such cases, we will delete the data as soon as it is no longer needed for the specific purpose.

You cannot object to the collection and storage of your server log data because this information is essential for the smooth operation of the website.

3. Communication via contact form or e-mail

If you contact us via contact form or e-mail, the contact details (such as name, e-mail address) you provide voluntarily are collected, processed or used only for the specific purpose, either for recording or responding to your inquiry (or inquiries) or for technical administration purposes.The information you provide on our contact forms is encrypted using Transport Layer Security (TLS) protocol, widely known by its predecessor's name, Secure Socket Layer (SSL), for secure communication.

Data that is transmitted during communication via a contact form or by e-mail is processed on the basis of Article 6 (1), sentence 1 (b) of the GDPR, where required for steps before entering into a contract, or on the basis of Article 6 (1), sentence 1 (f) of the GDPR. In the latter case, we have a legitimate interest in processing contact requests voluntarily sent to us.

We will delete the data you provide as soon as the purpose for collection ceases completely, subject to the fulfillment of ongoing statutory retention requirements.

Where your data is processed on the basis of legitimate interests, you can object at any time to the storage of your personal data. In this case, we will no longer process your data unless we can demonstrate that we have a legitimate interest or are otherwise required by law to store it. To exercise your right to object to storage, please contact us in writing, by fax or by e-mail.

Please note, however, that if you communicate with us via contact form, we cannot guarantee complete data security and e-mails are not transmitted via a secure data connection. Therefore, please refrain from sending confidential information, such as bank or credit card information, etc. via these means of communication. For confidential information, we recommend that you use a secure means of communication, such as postal mail.

4. Cookies

The website uses cookies and similar technologies, such as HTML5 storage (hereafter referred to as "cookies"), in order to optimize the website. Among other things, cookies help us to make the website easy to navigate and more user-friendly.

Cookies are small identifiers that our web server sends to your browser and stores on your device, provided your default settings are configured accordingly. Cookies can be used to determine if your device has already communicated with us. In this way, they serve to improve the user experience for you and optimize our website. We distinguish between cookies that are technically strictly necessary, and those that are stored by our website or by third parties. Please refer to the policies below for further details on the type, function, purposes of, legal basis for, and opt-out options for data processing in relation to cookies.

When you use our website, we will inform you about the use of cookies and you can consent to the use and storage of cookies on your device. You can object to the storage of cookies at any time by disabling the cookie settings of this website, described below, or by selecting "Do not accept cookies" in your browser settings. Please refer to your browser's help feature for information about managing and deleting cookies in your browser settings. You can also disable all cookies by using free browser extensions such as "Adblock Plus" (adblockplus.org/de) in combination with the "EasyPrivacy List" (easylist.to). However, if you do not accept cookies, the features of the website may be restricted.

a) Strictly necessary cookies

Our website uses the following strictly necessary cookies for which we have a legitimate interest in storing and without which we would not be able to offer certain basic features on our website (for example, you would have to log in every time you open a new page):

Designation, Function/purpose, Duration of storage:

PHPSESSID, Initializes the user session for use of the website, Session

vita-zahnfabrik.com, Saves the user's cookie acceptance status in the current domain, 1 year

This data is processed to safeguard our legitimate interests on the basis of Article 6 (1), sentence 1 (f) of the GDPR. Therefore, our legitimate interest is based on the processing purposes described above.

b) Third-party cookies

In order to integrate third-party content and features (see following sections), we use third-party cookies that allow third parties to be notified that you have viewed this website. Please visit the third-party website for more information on their use of cookies. We use the following third-party cookies:

Designation, Function/purpose, Third party, Duration of storage:

_ga, Anonymized user analysis of website views, Google Inc., 14 months

_gid, Registers a unique ID that is used to generate statistical information about how the visitor uses the site, Google Inc., 1 day

For further details and opt-out options for use of cookies by third-party providers, please refer to the following descriptions of the individual functions, which are based on the use of such cookies or cookie-like technologies.

5. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses third-party cookies to identify the frequency of use of certain areas of our website as well as preferences. The information generated by the cookie regarding how you use our website (including your truncated IP address) is transferred to a Google server in the United States where it is saved. This data is processed on the basis of our legitimate interests pursuant to Article 6 (1) (f) of the GDPR, namely our interest in the analysis, optimization and efficient operation of our website. Google complies with the Privacy Shield Framework, which guarantees compliance with European data protection laws.

Google uses this information on our behalf and on the basis of a contract for order processing to analyze your use of our website, to compile reports on website activities for us, and to provide other services relating to the use of the website and Internet usage.

IP anonymization is always enabled when we use Google Analytics. This means that the IP addresses of the users are truncated by Google within member states of the European Union (EU) or in other contracting states of the Agreement on the European Economic Area (EEA). Only in exceptional cases will the full IP address be sent to a Google server in the US and truncated. The IP address transmitted by your browser will not be merged with other data provided by Google.

The data is deleted as soon as it is no longer needed for our collection purposes. In our case, data is usually deleted after 14 months.

You can prevent the storage of cookies by disabling "third-party cookies" (see section 7) or by configuring your browser settings accordingly or by using browser extensions. However, please be advised that you may not be able to use all the features of our website in that case. You can also prevent the collection of the data generated by cookies and of data related to your usage of the website (including your IP address), and the transfer of this data to Google as well as the processing of this data by Google, by downloading and installing the browser plugin available here: https://tools.google.com/dlpage/gaoptout?hl=de.

For more information about how Google uses data as well as settings and opt-out options, visit Google's websites here:

- https://www.google.com/intl/de/policies/privacy/partners ("How Google uses information from sites or apps that use our services“),

- https://www.google.com/policies/technologies/ads ("Use of information for advertising purposes")

- https://www.google.de/settings/ads ("Managing information that Google uses to show you ads")

6. Recipients of personal data

We will only share your personal data with external recipients where it is necessary for fulfilling or processing your request, where you have given us your consent to do so, or where another form of legal permission applies.

External recipients include:

- Processors: These are service providers that we use for the provision of services, for example for the technical infrastructure and maintenance of our website. These processors are carefully selected and regularly reviewed by us to ensure that your privacy is safeguarded. These service providers may only use your data for the purposes specified by us and according to our instructions. We are entitled to use such processors according to the provisions of Article 28 of the GDPR.

- Public authorities: These include regulators, government institutions and other public-sector entities, such as supervisory authorities, courts, prosecutors or tax authorities. Personal data will only be transferred to such public authorities for legally compelling reasons. The legal basis for such a transfer may be Article 6 (1), sentence 1 (c) of the GDPR.

- Private entities: Service providers and assistants, such as accountants or auditors, to whom data is transferred on the basis of a legal obligation or to protect legitimate interests. In this case, the legal basis for transfer is Article 6 (1), sentence 1 (c) and/or (f) DSGVO.

7. Data processing in third countries

Prior to transferring your data to third countries outside the EU or the EEA as described above, we ensure that, except where permitted by law in exceptional circumstances, the recipient has an adequate level of privacy or that you give consent to the transfer of data. An appropriate level of data protection is ensured, for example, if the recipient has an EU-US Privacy Shield certification, if EU standard contractual clauses have been concluded or binding corporate rules (BCR) exist.

8. Duration of storage

We only store your personal data for as long as necessary to fulfill the purpose or until you withdraw your consent, provided you have given consent. If you withdraw your consent, we will no longer process your personal data, unless its processing is permitted or even strictly required by the relevant statutory provisions (for example, in order to meet commercial and tax-related retention requirements). We also delete your personal data if we are obligated to do so for legal reasons.

In addition, please refer to the details about the duration of storage of your personal data in the individual explanations in the previous sections.

9. Your rights

As a data subject, you have many rights with regard to the processing of your data. These are:

- Right of access (Art. 15 GDPR): You have the right to obtain information about the data we have stored concerning you.

- Right to rectification and erasure (Articles 16 and 17 GDPR): You may ask us to rectify inaccurate data and, insofar as the legal requirements are met, delete your data.

- Right to restriction of processing (Art. 18 GDPR): Provided legal requirements are met, you may request that we restrict the processing of your data.

- Right to data portability (Art. 20 GDPR): If you have provided us with data based on a contract or consent, insofar as legal requirements are met, you have the right to receive the data you have provided to us in a structured, commonly used format or ask us to transfer it to another controller.

- Right to object to data processing based on legitimate interests (Art. 21 GDPR): You have the right to object, on grounds relating to your particular situation, at any time to the processing of your data by us, insofar as your objection is based on legitimate interests pursuant to Article 6 (1), sentence 1 (f) of the GDPR. If you exercise your right to object, we will cease to process your data, unless we can demonstrate compelling legitimate grounds for further processing that override your rights.

- Right to object to cookies: You can also object to the use of cookies at any time. If you want to object to the use of certain cookies, please see our comments in Section 4.

- Withdrawal of consent (Art. 7 GDPR): If you have given us consent to process your data, you can withdraw your consent to future processing at any time. This does not affect the lawfulness of the processing of your data up until you withdraw your consent.

- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): You can also lodge a complaint with the competent supervisory authority if you believe that the processing of your data violates applicable law. You may choose to contact either the data protection authority responsible for your location, place of work, or location of the alleged breach; or you may contact our own data protection authority. The data protection supervisory authority responsible for us is the State Data Protection Commissioner for Baden-Württemberg (www.baden-wuerttemberg.datenschutz.de).

If you have any questions about the processing of your personal data, your rights as a data subject or any consent that you have given, please contact our data protection officer using the contact details provided in Section 14. Please also contact our data protection officer directly to exercise your data protection rights.

10. Our data protection officer

We have appointed a company data protection officer. You can reach him or her as follows:

VITA Zahnfabrik H. Rauter GmbH & Co. KG
Spitalgasse 3
79713 Bad Säckingen, Germany
Phone: +49 (0) 7761-562-0

Fax: +49 (0) 7761-562-299

E-mail: datenschutz@vita-zahnfabrik.com

11. Security

We take technical and organizational security measures to protect your personal data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. These security measures are adapted to the latest technologies.

The personal data you provide when you use our website is transferred via a secure, encrypted connection. We use Transport Layer Security (TLS) encryption protocol, which is more widely known by its predecessor's name, Secure Socket Layer (SSL).

Our employees are committed to data secrecy.

12. Changes

Occasionally, it may be necessary to revise the content of this Privacy Policy. We therefore reserve the right to change it at any time. If your consent is required for a change, we will ask for it. We will also publish the amended version of the privacy policy here. You should therefore re-read the privacy policy when you visit our website again.

Date: May 2018