Privacy Policy

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data includes all data that can personally identify you. For detailed information on data protection, please refer to our privacy policy listed below this text.

Data Collection on this Website

Who is responsible for data collection on this website?
‍
The data processing on this website is carried out by the website operator. You can find the contact details in the section "Information about the Data Controller" in this privacy policy.

How do we collect your data?
‍
Your data is collected when you provide it to us. This can be, for example, data that you enter into a contact form. Other data is automatically or after your consent collected by our IT systems when you visit the website. These are primarily technical data (e.g., internet browser, operating system, or time of page access). The collection of this data occurs automatically as soon as you enter this website.

What do we use your data for?
‍
Some of the data is collected to ensure the proper functioning of the website. Other data may be used for analyzing your user behavior.

What rights do you have regarding your data?
‍
You have the right to obtain information about the origin, recipients, and purpose of your stored personal data at any time, free of charge. You also have the right to request the correction or deletion of this data. If you have given consent for data processing, you can revoke this consent at any time for the future. Furthermore, under certain circumstances, you have the right to request the restriction of the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority. For this and other questions regarding data protection, you can contact us at any time.

Analysis tools and third-party tools

When you visit this website, your surfing behavior may be statistically evaluated. This is mainly done with so-called analysis programs. Detailed information on these analysis programs can be found in the following privacy policy.

We host the content of our website with the following provider:

Webflow

The provider is Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter referred to as "Webflow"). When you visit our website, Webflow collects various log files, including your IP addresses.Webflow is a tool for creating and hosting websites. Webflow stores cookies or other recognition technologies that are necessary for the display of the site, the provision of certain website functions, and ensuring security (essential cookies).

Details can be found within Webflow`s Privacy Policy:
https://webflow.com/legal/eu-privacy-policy

The use of Webflow is based on Art. 6(1)(f) of the GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website. If appropriate consent has been obtained, the processing is carried out solely on the basis of Art. 6(1)(a) of the GDPR and § 25(1) of the TTDSG, to the extent that the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.The data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found here:
https://webflow.com/legal/eu-privacy-policy

Das Unternehmen verfügt über eine Zertifizierung nach dem „EU-US Data Privacy Framework“ (DPF). DerDPF ist ein Übereinkommen zwischen der Europäischen Union und den USA, der die Einhaltungeuropäischer Datenschutzstandards bei Datenverarbeitungen in den USA gewährleisten soll. Jedes nachdem DPF zertifizierte Unternehmen verpflichtet sich, diese Datenschutzstandards einzuhalten. WeitereInformationen hierzu erhalten Sie vom Anbieter unter folgendem Link:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000TT9jAAG&status=Active

Data Processing Agreement (DPA)
‍
We have entered into a Data Processing Agreement (DPA) for the use of the service mentioned above. This is a legally required contract that ensures that the service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy.When you use this website, various personal data is collected. Personal data is information that can be used to personally identify you. This privacy policy explains what data we collect and how we use it. It also explains how and for what purpose this happens.We would like to point out that data transmission over the internet (e.g., communication via email) may have security vulnerabilities. A complete protection of the data from access by third parties is not possible.

Information about the Controller

The controller for the data processing on this website is:

Caona Health
GmbHPastor-Lambertz-Str. 23
41747 Viersen

E-Mail: hi@caona.eu

The responsible entity is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (such as names, email addresses, etc.).

Storage Period

Unless a more specific storage period is mentioned in this privacy policy, your personal data will be retained by us until the purpose for data processing ceases. If you submit a legitimate request for deletion or revoke your consent for data processing, your data will be deleted, provided we have no other legally permissible reasons to store your personal data (e.g., tax or commercial retention periods). In the latter case, deletion will occur after the expiration of these reasons.

General Information on the Legal Bases of Data Processing on this Website

If you have given your consent to the data processing, we process your personal data based on Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data according to Art. 9(1) GDPR are processed. In the case of an explicit consent to the transfer of personal data to third countries, the data processing also takes place based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), the data processing additionally takes place based on § 25(1) TTDSG. The consent can be revoked at any time.

If your data is necessary for the fulfillment of a contract or for the implementation of pre-contractual measures, we process your data based on Art. 6(1)(b) GDPR. Furthermore, we process your data if required to fulfill a legal obligation based on Art. 6(1)(c) GDPR.

Data processing may also occur based on our legitimate interest according to Art. 6(1)(f) GDPR. The relevant legal bases applicable in each specific case are provided in the following paragraphs of this privacy policy.

Recipients of Personal Data

As part of our business activities, we collaborate with various external entities. In some cases, it is necessary to transmit personal data to these external entities. We only disclose personal data to external entities when it is necessary for contract fulfillment, when we are legally obligated to do so (e.g., sharing data with tax authorities), when we have a legitimate interest according to Art. 6(1)(f) GDPR in the disclosure, or when another legal basis allows data transfer. When using processors for data processing, we only share personal data of our customers based on a valid data processing agreement. In the case of joint data processing, a joint processing agreement will be concluded.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA aimed at ensuring compliance with European data protection standards in data processing activities in the USA. Every company certified under the DPF commits to adhering to these data protection standards. For further information on this, you can contact the provider via the following link:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000TT9jAAG&status=Active

Revocation of Your Consent for Data Processing

Many data processing operations are only possible with your explicit consent. You can revoke a previously given consent at any time. The lawfulness of data processing carried out before the revocation remains unaffected by the revocation.

Right to Object to Data Collection in Special Cases and Direct Marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, INCLUDING PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS FOR PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING, INCLUDING PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, their place of work, or the place of the alleged infringement. This right to lodge a complaint is without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to receive the data that we process automatically based on your consent or for the performance of a contract, in a commonly used and machine-readable format, and have the right to transmit those data to another controller. Where technically feasible, and if you request the direct transfer of the data to another controller, it will be done accordingly.

Information, Correction, and Deletion

You have the right, in accordance with the applicable legal provisions, to obtain free information about your stored personal data, its origin, recipients, and the purpose of data processing, as well as, if applicable, the right to correction or deletion of this data. For this and other questions regarding personal data, you can contact us at any time.

Right to Restriction of Processing

You have the right to request the restriction of processing of your personal data. For this, you can contact us at any time. The right to restriction of processing exists in the following cases:

If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. During the verification period, you have the right to request the restriction of processing of your personal data.

If the processing of your personal data was/were done unlawfully, you can request the restriction of data processing instead of deletion.

If we no longer need your personal data but you require them for the exercise, defense, or establishment of legal claims, you have the right to request the restriction of processing of your personal data instead of deletion.

If you have objected pursuant to Art. 21(1) GDPR, a balance must be struck between your interests and ours. As long as it is not yet determined whose interests prevail, you have the right to request the restriction of processing of your personal data.

If you have restricted the processing of your personal data, except for storage, these data may only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.

‍SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this page uses SSL or TLS encryption. You can recognize an encrypted connection by the change in the address line of your browser from "http://" to "https://" and by the lock symbol in your browser line.When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Objection to Promotional Emails

We hereby object to the use of contact data published in the context of the legal notice requirements for sending unsolicited advertising and informational materials. The operators of this website expressly reserve the right to take legal action against unsolicited sending of promotional information, such as spam emails.operations are only possible with your explicit consent. You can revoke a previously given consent at any time. The lawfulness of data processing carried out before the revocation remains unaffected by the revocation.

Cookies

Our websites use so-called "cookies." Cookies are small data packets that do not cause any harm to your device. They are either temporarily stored for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after the end of your visit. Persistent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser.Cookies can be either set by us (first-party cookies) or by third-party companies (so-called third-party cookies). Third-party cookies allow the integration of certain services from third-party companies within websites (e.g., cookies for processing payment services).Cookies serve various functions. Numerous cookies are technically necessary as certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies may be used for evaluating user behavior or for advertising purposes.

Cookies that are necessary for the electronic communication process, the provision of certain functions requested by you (e.g., for the shopping cart function), or for optimizing the website (e.g., cookies for measuring web traffic) are stored based on Art. 6(1)(f) GDPR, unless another legal basis is specified.The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent has been obtained for the storage of cookies and similar recognition technologies, the processing will be based solely on this consent (Art. 6(1)(a) GDPR and § 25(1) TTDSG); the consent can be revoked at any time.

You can configure your browser settings to be informed about the placement of cookies and allow cookies on a case-by-case basis, block the acceptance of cookies for specific cases, or generally block them. You can also enable automatic deletion of cookies when closing your browser. However, please note that disabling cookies may limit the functionality of this website.

You can find out which cookies and services are used on this website in this privacy policy.

Contact Form

If you send us inquiries via the contact form, your information from the inquiry form, including the contact details you provided, will be stored by us for the purpose of processing the inquiry and for follow-up questions. We will not disclose this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in effectively processing the inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if it has been requested; the consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after completing the processing of your inquiry). Mandatory legal provisions - especially retention periods - remain unaffected.

If you wish to subscribe to the newsletter offered on the website, we require your email address and information that allows us to verify that you are the owner of the provided email address and consent to receiving the newsletter. Further data will not be collected or will be collected on a voluntary basis. We use this data exclusively for sending the requested information and do not disclose it to third parties.
The data you provide when registering for the newsletter is used for the technical processing of the service and will not be passed on to third parties. We use Brevo, a service of the Berlin-based company Sendinblue GmbH, Köpenicker Str. 126, 10178 Berlin, Germany, and Mailchimp, represented by Intuit France SAS, 7 Rue de la Paix 75002 Paris, France, for data management and sending the newsletter. The storage and processing of your personal data for our newsletter is based on your consent (Article 6 (1) GDPR). After registering on our website, you will receive an email with a confirmation link. This link is active for 72 hours. You will only receive our newsletter once you have clicked on this link. If you ignore the link, your data will be deleted after this period.  Information and options for unsubscribing at a later date can be found at the bottom of each newsletter.
The data you provide to us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter. After unsubscribing from the newsletter or when the purpose no longer applies, your data will be deleted from the newsletter distribution list. We reserve the right to delete or block email addresses from our newsletter distribution list at our discretion, based on our legitimate interest according to Art. 6(1)(f) GDPR. Other data stored by us for other purposes will not be affected. After you have unsubscribed from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider, if necessary, to prevent future mailings. The data in the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements for newsletter mailings (legitimate interest according to Art. 6(1)(f) GDPR). The storage in the blacklist is not time-limited. You can object to this storage if your interests outweigh our legitimate interest. The legality of the data processing operations already carried out remains unaffected by the revocation.

Google reCAPTCHA

We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on this website. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.reCAPTCHA is used to check whether data input on this website (e.g., in a contact form) is done by a human or an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g., IP address, duration of the website visit, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.The reCAPTCHA analysis runs entirely in the background. Website visitors are not informed that an analysis is taking place.The storage and analysis of data are based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and spam. If consent has been requested, the processing is based exclusively on Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting). The consent can be revoked at any time.For more information about Google reCAPTCHA, please refer to Google's privacy policy and terms of service using the following links:
‍Google Privacy Policy andGoogle Terms of Service

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. For more information on this, you can visit the following link provided by the provider:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

Facebook

The official Caona Health Facebook Social-Media-Page is:
‍https://www.facebook.com/caona.health/
‍We use facebook.com or the mobile app by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, or Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. On our Facebook pages, the Page Insights function to process statistical data from users is used - see also the agreement at: https://www.facebook.com/legal/terms/page_controller_addendum
‍This involves the processing of Personal Data in the form of so-called ‘page insights’ by Caona Health and Facebook,
which are described in more detail at: https://www.facebook.com/business/a/page/page-insights
‍For information about the processing of Personal Data by Facebook, please refer to https://www.facebook.com/policy.php
‍Facebook also uses cookies and storage technologies. More information can be found here: https://www.facebook.com/policies/cookies/
‍Evaluations and statistics are generated in the form of page insights from the usage data of the Facebook pages, which support us in improving our marketing activities and our external presence. We may also learn about users and their behavior who interact with or use our Facebook-Social-Media-Page to display relevant content and develop features that may be of interest to them. These page statistics show us, for example, which people from certain target groups interact most with our Facebook Page or which content on the Facebook Page was visited, shared, or liked when and how often. When classifying people into target groups, demographic data, or data about the location of a person is also included in order to place targeted advertisements with these people. If you use Facebook on several end devices, a cross-device analysis of the data can take place. The data collected in this way is statistically processed and usually anonymous, i.e., we cannot establish any reference to the individual person.

‍Managing your preferences on Facebook: As a Facebook user, you can influence how your user behavior is recorded when you visit Facebook pages. You can manage the settings for advertising preferences in your Facebook account or at https://www.facebook.com/ads/preferences, or the Facebook settings in your account or at https://www.facebook.com/settings
‍Facebook also provides opportunities to contact or exercise rights at https://www.facebook.com/help/contact/2061665240770586 or https://www.facebook.com/help/contact/308592359910928

LinkedIn
‍The official Caona Health Social-Media-Page is:
https://www.linkedin.com/company/caona-health/

We use linkedin.com or LinkedIn mobile app by LinkedIn Corporation, Legal Department – Privacy, 1000 W. Maude Ave, Sunnyvale, CA 94085, USA / LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

On our LinkedIn pages, LinkedIn and Caona Health may use your Personal Data for careers and recruiting services
(see also the data processing agreement: https://legal.linkedin.com/dpa)
‍Data on how you use LinkedIn may be shared with us and certain third parties, as described in detail here: https://www.linkedin.com/legal/privacy-policy#share
For information about the processing of Personal Data by LinkedIn, please refer to
https://www.linkedin.com/legal/privacy-policy / https://www.linkedin.com/psettings/privacy
‍LinkedIn also uses cookies and similar technologies as set forth here: https://www.linkedin.com/legal/cookie_policy.
You can find further information with respect to the processing of Personal Data regarding career and recruiting services in our Recruitment Privacy Notice. Managing your preferences on LinkedIn: As a LinkedIn user, you can influence how your user behavior is recorded when you visit LinkedIn pages. You can manage the advertising and general settings in your account under https://www.linkedin.com/psettings/privacyLinkedIn also provides opportunities to contact and exercise rights under https://www.linkedin.com/legal/privacy-policyhttps://www.linkedin.com/legal/cookie-policyand for individual messages online via https://www.linkedin.com/help/linkedin/ask/TSO-DPO

Instagram

The official Caona Health Instagram Social-Media-Page is:
‍https://www.instagram.com/caona.health/
‍We use instagram.com or the mobile app by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. When using Instagram, if you have an account there, Instagram can assign your activities to your profiles there. On our Instagram pages the Instagram Insights function to process statistical data from users is used (see also for Facebook that is connected to the provider of Instagram the agreement at:https://www.facebook.com/legal/terms/page_controller_addendum)
This involves the processing of data in the form of so-called ‘Instagram Insights’ by Instagram and Caona Health,
described in more detail at:https://help.instagram.com/788388387972460?helpref=faq_content
‍Evaluations and statistics are generated in the form of Instagram Insights from the usage data of the Instagram pages, which support us in improving our marketing activities and our external presence. Instagram Insights lets us learn more about our users and the performance of our Website. For this purpose, Instagram provides us with statistics on specific posts and stories created to find out how users interacted with them. When classifying people into target groups, demographic data, or data about the location of a person is also included in order to place targeted advertisements with these people. If you use Instagram on several end devices, a cross-device analysis of the data can take place. The data collected in this way is statistically processed and usually anonymous, i.e., we cannot establish any reference to the individual person. Instagram also uses cookies and similar technologies.

For information about the processing of Personal Data by Instagram, please refer to: http://instagram.com/about/legal/privacy/
‍Managing your preferences on Instagram: As an Instagram user, you can influence how your user behavior is recorded when you visit Instagram pages. You can manage the settings for advertising preferences in your Instagram account or under https://www.instagram.com/accounts/privacy_and_security/
‍Instagram also provides opportunities to contact or exercise rights at https://help.instagram.com/contact/1845713985721890or http://instagram.com/about/legal/privacy/

Startnext
On our website we use a so-called widget of Startnext GmbH, Grundstraße 1, 01326 Dresden (hereinafter referred to as "Startnext"). The widget acts as a link to our project-related Startnext page. Startnext is an online platform on which natural and legal persons as well as legal entities can present projects to the public, finance them through third parties and support them themselves. Startnext does not collect any personal data from you via our website simply by using the widget, nor are cookies set on your end device. However, if you use the functions of the widget, you will be redirected to startnext.comThe Startnext privacy policy applicable to the linked website can be found at https://www.startnext.com/info/agb/datenschutz.html