1. Information on data protection
The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified. For detailed information on the subject of data protection, please refer to our data protection declaration listed below this text.
Data collection on this website
Firstly, your data is collected by you providing it to us. This can be, for example, data that you enter into a contact form.
Other data is collected automatically or after your consent by out IT systems when visiting the website. This is mainly technical data (e.g. Internet browser, operating systems, or time of page view). The collection takes place automatically as soon as you enter this website.
What do we use your data for?
2. Responsible Party
The party responsible for the processing of your personal data on our website is
sanoctua GmbH & Co. KG
D-89522 Heidenheim a. d. Brenz
Phone: +49 7321 757 8150
Amtsgericht Ulm | HRA 726 293
VAT ID: DE 321 684 648
Personally liable partner of sanoctua GmbH & Co. KG:
sanoctua Management GmbH
Wildstraße 20 | 89522 Heidenheim a. d. Brenz | Germany
Amtsgericht Ulm | HRB 743 523
Managing Directors: Tanja Reischl-Stenske, Christian Stenske, Michael Flach
3. General notes and obligatory information
We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible.
If you assert a legitimate request for deletion or if you revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law). If such reasons exist, the deletion will take place after they cease to exist.
General information on the legal basis for data processing on this website
If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR, if special categories of data are processed according to Art. 9 (1) GDPR. In the case of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 (1) lit. a. GDPR. If you have consented to the storage of cookies or to the access to information in your terminal (e.g. via device fingerprinting), the data processing is additionally carried out on the basis of Section 25 (1) TTDSG. The consent can be revoked at any time.
If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 (1) lit. b GDPR.
In addition, we process your data, insofar as this is necessary for the fulfillment of a legal obligation, on the basis of Art. 6 (1) lit. c GDPR.
Note on data transfer to the USA and other third countries
Among other things, we use tools from companies based in the USA or other third countries that are unsafe according to the GDPR. If these tools are activated, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to the one in the EU can be guaranteed in these countries.
For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate, and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
4. Technical implementation
The web server for the operation of our website is operated technically by Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany ("Strato"). When you visit our website, Strato collects various log files including your IP address. All Strato products are hosted exclusively at Strato data centres in Germany (https://www.strato.de/sicherheit/).
The use of Strato is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in the most reliable presentation of our website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.
We have concluded a data processing agreement with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as the hosting of the website or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol on your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
5. Data collection and use
Visit to this website
You can visit our website without giving any details about your person. When you visit our web pages, you transmit data via your Internet browser to the Strato AG web server for technical reasons. This data includes:
- Date and time of the request
- Name of the requested file
- Page from which the file was requested
- Web browser and operating system used
- IP address of the requesting computer
- Transferred data volume
This data is only used to provide the online service.
When visiting a website, the website may place a cookie on the website visitor's terminal, which is stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal.
If the user visits a website again later, the website can read the data from previously stored permanent cookies and thus determine, for example, whether the user has visited the website before and which areas of the website the user was particularly interested in. Permanent cookies remain stored on your terminal until you delete them yourself or until they are automatically deleted by your web browser.
More information about cookies can be found on Wikipedia.
In some cases, cookies from third-party companies may also be stored on your terminal when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company.
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the display of videos). Other cookies are used to evaluate user behavior or display advertising.
Cookies that are necessary to carry out the electronic communication process, to provide certain functions requested by you, or to optimize the website are stored on the basis of Art. 6 (1) lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimal availability of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG). The consent can be revoked at any time.
Cookies on our website
Our website uses the following providers:
- Insofar as further cookies from third-party providers or for analysis purposes are used, we will inform you separately within the scope of this data protection declaration and, if necessary, request your consent.
Changing cookie settings
How the web browser handles cookies, which cookies are allowed or rejected, can be defined by the user in the web browser settings. Where exactly these settings are located depends on the respective web browser. Detailed information on this can be accessed via the help function of the respective web browser.
Links to other websites
If we refer to or link to the websites of third parties through our website, we cannot assume any responsibility or liability for the accuracy or completeness of the contents and the data security of these sites. Since we have no influence on the compliance of third parties with data protection regulations, you should check the privacy policies of each site separately.
Request by email, fax, or phone
If you contact us by email, fax, or telephone, we will collect, process, and use your personal data solely for the purpose of processing your inquiry. We will not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 (1) lit. f GDPR) or on your consent (para. 6 (1) lit. a GDPR), if this has been requested. This consent can be revoked at any time.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after your request has been processed). Legal provisions, in particular statutory retention periods, remain unaffected.
Communication via Microsoft Teams
We use Microsoft Teams, a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("MS Teams"), for internal and external communication. This includes the integrated chat program, telephony and video conferencing, online training and file sharing.
In the process, data, including personal data, is processed and stored by MS Teams. Depending on the settings, this can be:
- User details, e.g. display name, email address, phone number, profile picture, department.
- Company details, e.g. company name, address
- Presence/absence status
- Audio and video data, provided that the devices (microphone and camera) are enabled
- Meeting metadata, e.g. participants, IP addresses, device/hardware information, title and description, call duration
- For recordings: MP4 file of all video, audio, and presentation recordings, M4A file of all audio recordings, text file of the chat.
- If the screen is shared: all content of the corresponding shared screen or application
- When dialing in by phone: additional information about the line, e.g. information about the phone number, country name, further connection data if necessary
- When using additional functions: e.g. shared files and content, answers to surveys, calendar entries, status of tasks, technical usage data for providing the functionalities
The type and amount of personal data processed also depends on your own entries and settings. In the case of guest access, these are the personal details you provide prior to participation; in the case of accounts and in particular company accounts, the data depend both on your personal settings and on your administrator-controlled tenant settings.
The legal basis for the processing of personal data in this case is Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR. Recordings of an online meeting are only made with the consent of all participants and thus on the basis of Art. 6 (1) a) GDPR. For employees, Section 26 BDSG applies additionally as the basis for processing.
Personal data that is processed when using MS Teams is generally not passed on to third parties by us, unless it is explicitly designated or approved for passing on. In addition, Microsoft as the provider processes the aforementioned personal data insofar as this is necessary for the supply of the service and/or the associated support.
In principle, data collected via our MS Teams account is stored by Microsoft within the European Union. Since Microsoft also operates sites in the USA, personal data ( in particular diagnostic data) may also be transferred there. American authorities, such as intelligence agencies, may be able to access personal data exchanged with Microsoft when using this service due to American laws such as the Cloud Act.
7. Plugins and Tools
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
This website uses the function "Activation of IP anonymization". This means that your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
According to Google, Google will store and use the collected data for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage. It is possible that Google will use the data for further purposes of its own (e.g. profiling and cross-platform tracking). Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Authorities of the US states also have access to this personal data.
Deactivating Google Analytics
- You can generally prevent Google Analytics from collecting your user data on all websites by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en
- You can prevent Google Analytics from collecting your user data only on this website by enabling the following checkbox. An opt-out cookie is set which prevents the collection of your data on future visits to this website:
This site uses the map service Google Maps via an API (application programming interface). The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. If Google Maps is activated, Google may use Google Fonts for the purpose of uniform display of fonts. When calling up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) lit. a DSGVO and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find more details here:
Google Ads and Google Conversion Tracking
This website uses Google Ads. Google Ads is an online advertising service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
With Google Ads, we use the so-called conversion tracking. When you click on an ad placed by Google, a cookie is set for conversion tracking. These cookies lose their validity after 30 days and are not used to personally identify the user. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page.
Google Fonts (local hosting)
This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. Google Fonts are installed locally. A connection to Google servers does not take place.
Font Awesome (local hosting)
This site uses Font Awesome, provided by Font Awesome Team, for the uniform display of fonts and symbols. Font Awesome is installed locally. There is no connection to the servers of Font Awesome.
This website embeds videos from the website YouTube. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of our websites on which YouTube is embedded, a connection to the YouTube servers is established, provided that you have activated the corresponding cookies. This tells the YouTube server which of our pages you have visited. For a correct display, YouTube also uses Google Font in this context, for which your IP address is sent to Google.
Furthermore, YouTube may store various cookies on your terminal or use comparable technologies for recognition (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts.
If you are logged into your YouTube account, you enable YouTube to assign your browsing behavior directly to your personal profile. You could prevent this by logging out of your YouTube account.
YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art.6 (1) lit. a DSGVO and §25 ( 1 ) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Our website uses the "Meta Pixel" of Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereafter "Facebook", though other platforms of the Meta universe, such as Instagram, may be included). This allows the behavior of site visitors to be tracked after they have been redirected to our website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.
The collected data is anonymous for us as the operator of this website. We can not draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes.
This allows Facebook to enable the placement of advertisements on pages of Facebook as well as outside of Facebook. Facebook may also store a cookie on your terminal device for this purpose. The data processed within Facebook and linked to cookies are automatically deleted after 90 days.
You can also disable the Custom Audiences remarketing feature in the Ads Settings section. To do this, you must be logged in to Facebook. If you don't have a Facebook account, you can disable usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: https://www.youronlinechoices.com/ (may vary depending on your location; please select your location accordingly).
Google Tag Manager
We use Google Tag Manager on our website. Google Tag Manager is a service of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). It is an auxiliary service that processes personal data itself only for technically necessary purposes. It takes care of loading other components, which in turn may collect data. Google Tag Manager does not access this data. We have concluded the data processing addendum for companies within the European Economic Area with Google.
When Google Tag Manager is accessed, the user's IP address may be transmitted to Google, some of whose servers are also located in the USA.
Please note that due to American laws such as the Cloud Act, American authorities, such as intelligence agencies, could possibly gain access to personal data that is inevitably exchanged with Google due to the Internet Protocol (TCP) when this service is integrated.
8. Newsletter subscription
We offer you a free newsletter in which we inform you about current offers and promotions, as well as information about us, our products and everything related to health and well-being. If you would like to subscribe to the newsletter, you must provide a valid email address.
By subscribing to the newsletter, you agree to receive the newsletter and the explained procedures. We thus process your personal data on the basis of Art. 6 (1) lit. a DSGVO. The data you enter (at least your e-mail address) will only be used to personalize the newsletter and will not be passed on to third parties.
The newsletter dispatch is carried out by the dispatch service provider CleverReach®, a dispatch platform of CleverReach GmbH & Co. KK, Schafjückenweg 2, 26180 Rastede, Germany ("CleverReach").
Revocation and cancellation
You can revoke your consent to receive the newsletter at any time by sending an e-mail to firstname.lastname@example.org or by clicking on the link at the end of each newsletter and thus cancel the newsletter subscription. This will void your consent to receive the newsletter. After your cancellation, your personal data will be deleted, provided that the deletion does not conflict with any legal retention obligations.
We use the service reCAPTCHA to determine whether a human or computer makes a certain entry in our newsletter form. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
We use the Google service reCaptcha to determine whether a human or a computer makes a certain entry in our contact or newsletter form. Google uses the following data to check whether you are a human or a computer:
- IP address of the terminal device used
- the website you visit with us on which the captcha is embedded
- the date and duration of the visit
- the recognition data of the browser and operating system type used
- Google account if you are logged in to Google
- mouse movements on the reCaptcha areas and tasks that require you to identify images.
By using reCAPTCHA, your data is transferred to the Google server. The location of these servers may also be in the U.S.
There are several reCAPTCHA variants that can be used:
- No CAPTCHA reCAPTCHA: The user places a checkmark in a checkbox labeled "I am not a robot."
- Image reCAPTCHA: The user is shown 9 image sections, some of which have the same content (e.g. traffic lights) and must be marked accordingly.
- Text reCAPTCHA: The user must enter a superimposed text in a field.
- Invisible reCAPTCHA: The user does not have to perform any action themselves. Google checks in the background of the website whether the user is a human or a bot. To do this, Google tracks, among other things, cursor movements and the IP address of the user.
In addition, reCAPTCHA also checks whether a cookie has already been created in the user's browser. If this is not the case, Google sets a cookie. Google thus creates a kind of fingerprint of the user for reCPATCHA, which is also recognized on other pages. This makes it possible for Google to track users across pages.
Legal basis for the described data processing is Art. 6 (1) lit. f DSGVO. There is a legitimate interest on our part in this data processing to ensure the security of our website and to protect us from automated entries (attacks).
9. Social Media Profiles
Our online presence on Facebook, Instagram, YouTube, and LinkedIn
Our presence on social networks and platforms serves to improve active communication with our customers and interested parties. We provide information about our company and our products there.
When visiting our online presences on social media, your data may be automatically collected and stored for market research and advertising purposes. So-called usage profiles are created from this data using pseudonyms.
These can be used, for example, to display advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used on your terminal for this purpose. In these cookies, the visitor behavior and the interests of the users are stored. This serves according to Art. 6 (1) lit. f. GDPR to protect our legitimate interests in an optimized presentation of our offer and effective communication with customers and interested parties, which prevail in the context of a balancing of interests. If you are asked by the respective social media platform operators for consent (agreement) to the data processing, e.g. by means of a checkbox, the legal basis for the data processing is Art. 6 (1) lit. a GDPR.
For detailed information on the processing and use of data by the providers on their sites, as well as a contact option and your rights and setting options in this regard to protect your privacy, in particular objection options (opt-out), please refer to the privacy notices of the providers linked below. If you still need help in this regard, you can contact us.
- Facebook/Meta: https://www.facebook.com/about/privacy/ as well as https://www.facebook.com/settings?tab=ads
- Instagram/Meta: https://help.instagram.com/519522125107875
- LinkedIn: https://www.linkedin.com/legal/privacy-policy
- XING: https://privacy.xing.com/en/privacy-policy
- YouTube: https://policies.google.com/privacy?hl=en
The data processing is carried out on the basis of an agreement between jointly responsible parties pursuant to Art. 26 GDPR.
For Facebook/Meta, you can look up the specific agreement here: https://www.facebook.com/legal/terms/page_controller_addendum.
10. Your rights
Right to revoke your consent to data processing
Many data processing operations are only possible with your explicit consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to object to the collection of data in special cases and in the case of direct marketing (Art. 21 GDPR)
If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection under Art. 21 (1) GDPR).
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing. This also applies to profiling, insofar as it is associated with such direct advertising. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) GDPR).
Right to information, deletion, and correction</6>
Within the scope of the applicable legal provisions, you have the right to information, correction, and deletion of the processing of your stored personal data at any time. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time. If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person, or for reasons of an important public interest of the European Union or a member state.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
Right of appeal to the competent supervisory authority
You also have the right of appeal to a competent supervisory authority. The authority responsible for us is the "Landesbeauftragte für Datenschutz und Informationsfreiheit Baden-Württemberg", available at https://www.baden-wuerttemberg.datenschutz.de/