Data protection information according to Art. 13, 14 DSGVO

Status: September 2021

We, Start Medicare GmbH, (hereinafter: “the company”, “we” or “us”) would like to inform you at this point about data protection in our company.

Within the scope of our responsibility under data protection law, additional obligations have been imposed on us by the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: “GDPR”) in order to ensure the protection of personal data of the person affected by a processing operation (we also address you as data subject with “customer”, “user”, “you”, “you” or “data subject” hereinafter*).

*For reasons of better readability, the simultaneous use of the language forms male, female and diverse (m/f/d) is waived. All personal terms apply equally to all genders.

Insofar as we decide either alone or jointly with others on the purposes and means of data processing, this includes above all the obligation to inform you transparently about the nature, scope, purpose, duration and legal basis of the processing (cf. Art. 13 and 14 DS-GVO). With this statement (hereinafter: “data protection information” or “data protection information”), we inform you about the manner in which your personal data is processed by us.

Our data protection information has a modular structure. They consist of a general part for any processing of personal data and processing situations by us and special parts, the contents of which relate in each case only to the processing situation specified there with the designation of the respective offer or product.

In order to find the parts that are relevant to you, please refer to the following overview for the breakdown of the privacy notices:

1. General
2. definitions

Following the example of Article 4 of the GDPR, this data protection notice is based in particular on the following definitions:

“Personal data” (Art. 4 No. 1 GDPR) means any information relating to an identified or identifiable natural person (“data subject”). A person is identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data or by means of information relating to his or her physical, physiological, genetic, mental, economic, cultural or social identity characteristics. The identifiability can also be given by means of a linkage of such information or other additional knowledge. The origin, form or embodiment of the information is irrelevant (photographs, video or audio recordings may also contain personal data).

“Processing” (Art. 4 No. 2 GDPR) means any operation which involves the handling of personal data, whether or not by automated (i.e. technology-based) means. This includes, in particular, the collection (i.e. acquisition), recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction of personal data, as well as the change of a purpose or intended use on which a data processing was originally based.

“Controller” (Art. 4 No. 7 DS-GVO) means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

“Third party” (Art. 4 No. 10 GDPR) means any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or processor, are authorised to process the personal data; it also includes other group-affiliated legal entities.

“Processor” (Art. 4 No. 8 DS-GVO) is a natural or legal person, authority, institution or other body that processes personal data on behalf of the controller, in particular in accordance with the controller’s instructions (e.g. IT service provider). In terms of data protection law, a processor is in particular not a third party.

“Consent” (Art. 4 No. 11 GDPR) of the data subject means any freely given specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

1. responsible person

The person responsible under data protection law within the meaning of Art. 4 No. 7 DS-GVO for the processing of personal data on www. Start-medicare.com (in short the “Website”) is us, i.e. the

Start Medicare Ltd,

Forster Str. 57

D – 10999 Berlin.

Phone +49 30 99 21 19 30

Email: info@start-medicare.com

For further information about our company, please refer to the imprint details on our website.

III Legal basis for data processing

By law, any processing of personal data is in principle prohibited and only allowed if the data processing falls under one of the following justifications:

 

6(1)(a) GDPR (“consent”): where the data subject has freely given his or her unambiguous and informed indication, by means of a declaration or other unambiguous affirmative act, that he or she consents to the processing of personal data relating to him or her for one or more specified purposes;

6 (1) b) DS-GVO: If the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject;

6 (1) c) DS-GVO: Where processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. a legal obligation to preserve records);

6 (1) d) DS-GVO: Where processing is necessary in order to protect the vital interests of the data subject or of another natural person;

6 (1) e) DS-GVO: Where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or

6 (1) f) DS-GVO (“Legitimate Interests”): if the processing is necessary to safeguard legitimate (in particular legal or economic) interests of the controller or a third party, unless the conflicting interests or rights of the data subject prevail (in particular if the data subject is a minor).

For the processing operations carried out by us, we indicate below the applicable legal basis in each case. A processing operation may also be based on several legal bases.

1. Data deletion and storage period

For the processing operations carried out by us, we indicate below in each case how long the data will be stored by us and when it will be deleted or blocked. Unless an explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer applies, unless you have given us your consent for further storage (e.g. for a regular customer file for service optimisation).

It should be noted that our business relationships with our customers are also based on continuing obligations that are established for an indefinite period of time.

However, storage may take place beyond the specified time in the event of a (threatened) legal dispute with you for the preservation of evidence within the framework of the statute of limitations (according to §§ 195 ff. of the German Civil Code (BGB), these statutes of limitations can be up to 30 years, whereby the regular statute of limitations is three years) or other legal proceedings, or if storage is provided for by legal regulations to which we are subject as the responsible party (e.g. § 257 HGB, § 147 AO).

 

If the storage period prescribed by legal regulations expires, the personal data will be blocked, anonymised or deleted, unless further storage by us is necessary and there is a legal basis for this.

1. Data security

We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties, taking into account the state of the art, the implementation costs and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments.

We use the TLS (Transport Layer Security) procedure within your website visit in conjunction with the highest encryption level supported by your browser. As a rule, this is a 128 bit encryption. You can tell whether an individual page of our website is encrypted when you see the closed key or lock symbol in the lower status bar of your browser.

Unfortunately, the transmission of information over the Internet is not completely secure, and we cannot guarantee the security of any information transmitted over the Internet to our website.

1. Cooperation with processors and other service providers

As with any larger company, we also use external domestic and foreign service providers (e.g. for the areas of IT, logistics, telecommunications, sales and marketing) to process our business transactions. These service providers are only active according to our instructions and are contractually obligated to comply with the data protection provisions in accordance with Article 28 of the Data Protection Regulation, insofar as these service providers are not themselves responsible parties within the meaning of Article 4 No. 7 of the Data Protection Regulation.

VII. Transfer of personal data to third countries

In the course of our business relationships, your personal data may be passed on or disclosed to service providers and other recipients who may also be located outside the European Economic Area (EEA), i.e. in third countries. We will inform you about the respective details of the transfer in the following at the relevant points.

Some third countries are certified by the European Commission as having data protection levels comparable to the EEA standard through so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html).

However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is sufficiently guaranteed. This is possible, for example, through binding company regulations, standard data protection clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct.

Thus, we only transfer data to third countries if this is necessary for the execution of your inquiry and the execution of your order, if this is done within the framework of order processing (Art. 28 DS-GVO), otherwise only if you have given us your consent or if this is necessary for the fulfilment of our legal or contractual obligations or for the protection of legitimate interests of us or of third parties.

If a data transfer to a third country (country outside the EU/EEA) is carried out under the aforementioned conditions and this third country ensures an adequate level of data protection according to the assessment of the European Commission (Art. 45 DS-GVO), the transfer of your personal data may take place on this basis.

In the case of transfers to third countries for whose data protection level no such adequacy decision exists, the protection of your personal data is ensured as far as possible by appropriate safeguards within the meaning of Art. 46 DS-GVO, in particular by the standard data protection clauses issued by the EU Commission pursuant to Art. 46 (2) b) DS-GVO and any additional safeguards. Please note, however, that in the case of processing data in the USA, an adequate level of data protection cannot currently be guaranteed across the board because the level of data protection in the USA does not correspond to that in the EU, after the risk exists that your data could be processed by US authorities for control and monitoring purposes without you always having sufficient legal remedies against this.

Apart from that, we will only transfer your data to a third country if the data transfer can be based on Art. 49 DS-GVO, in particular if

you have given your explicit consent to the proposed data transfer, after having been informed of the potential risks to you of such data transfers,

the transfer is necessary for the performance of a contract between you and us or to carry out pre-contractual measures at your request,

the transfer is necessary for the conclusion or performance of a contract concluded in your interest by us with another natural or legal person,

the transfer is necessary for the assertion, exercise or defence of legal claims.

VIII. On automated decision making (including profiling)

As a matter of principle, we do not intend to use personal data collected from you for a procedure for automated decision-making (including profiling) within the meaning of Art. 22 DS-GVO.

We would point out any exceptions to this principle in the following information at the appropriate place.

1. On the obligation to provide personal data

In principle, we do not make the conclusion of contracts with us dependent on you providing us with personal data in advance. There is also no legal or contractual obligation for you to provide us with your personal data.

However, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data:

In this context, it should be noted that Start Medicare GmbH operates as a management and personnel consultancy, personnel and management developer, recruitment agency and relocation service provider. Among other things, we recruit, qualify and place skilled workers and talents on a national and international level, in particular of certified healthcare and nursing staff for the purpose of permanent work-related migration to Germany. We provide comprehensive support to the placed applicants (“participants”), from career planning to interview training, accompaniment in the application process, participation in specialist further training and language qualifications, fulfilment of the (official) requirements for relocation and its implementation, right through to taking up employment in hospitals or other inpatient or outpatient (medical) care facilities.

As a (potential) customer, you would therefore have to provide those personal data that are necessary for the establishment, implementation and termination of a business relationship and the fulfilment of the associated contractual or other obligations under the law of obligations or which we are legally obliged to collect. In order for us to fulfil our obligations, you must provide us with the necessary information and documents and notify us without delay of any changes arising in the course of the business relationship.

If you do not provide us with the necessary information, we or your other contractual partners may not be able to fulfil the obligations resulting from the business relationship. Without this data, we or your other contractual partners will therefore usually have to refuse the conclusion of a contract or the execution of another order or will no longer be able to perform an existing contract.

1. Legal obligation to transmit certain data

We may be subject to a specific legal or statutory obligation to provide lawfully processed personal data to third parties, in particular public authorities (Art. 6(1)(c) DS-GVO).

1. Your rights

You can assert your rights as a data subject regarding your processed personal data against us at any time. You have the right as a data subject under the legal conditions:

in accordance with Art. 15 DS-GVO to request information about your data processed by us. In particular, you can request information about the processing purposes, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making, including profiling and, if applicable, meaningful information about its details;

in accordance with Art. 16 DS-GVO to demand the correction of incorrect or the completion of your data stored by us without delay;

in accordance with Art. 17 DS-GVO to request the deletion of your data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;

to demand the restriction of the processing of your data in accordance with Art. 18 DS-GVO, insofar as the correctness of the data is disputed by you or the processing is unlawful;

pursuant to Art. 20 DS-GVO to receive your data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller (“data portability”);

object to the processing pursuant to Art. 21 DS-GVO, provided that the processing is carried out on the basis of Art. 6 (1) e) or f) DS-GVO. This is particularly the case if the processing is not necessary for the performance of a contract with you. Unless it is an objection to direct marketing, when exercising such an objection, we ask you to explain the reasons why we should not process your data as we have done. In the event of your justified objection, we will review the merits of the case and either cease or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing;

in accordance with Art. 7 (3) of the GDPR, to revoke your consent given once (also before the GDPR came into force, i.e. before 25.5.2018) – i.e. your voluntary will, made understandable in an informed manner and unambiguously by means of a declaration or other unambiguous confirming action, that you agree to the processing of the personal data in question for one or more specific purposes – at any time vis-à-vis us, if you have given such consent. This has the consequence that we may no longer continue the data processing based on this consent in the future. You can therefore revoke your consent at any time without formality with effect for the future, e.g. by sending an e-mail to info@start-medicare.com or by notifying us at any point mentioned in A.II.

complain to a data protection supervisory authority about the processing of your personal data in our company pursuant to Art. 77 DS-GVO, e.g. to the supervisory authority responsible for us: Bavarian State Office for Data Protection Supervision, Promenade 27, 91522 Ansbach.

XII. Changes to the data protection notice

In the context of the further development of data protection law as well as technological or organisational changes, our data protection information is regularly reviewed for the need to adapt or supplement it. We reserve the right to change these data protection provisions at any time with effect for the future.

You will be informed of any changes, in particular on our website.

1. Website
2. Explanation of the function of the website

You can obtain information about our company and the services we offer in particular by clicking on the following link together with the associated sub-pages (hereinafter collectively referred to as the “Website”).

When you visit our website, personal data may be processed:

1. personal data processed

During the informative use of the website, the following categories of personal data are collected, stored and processed by us:

1. log data

When you visit our website, a so-called log data record (so-called server log files) is stored temporarily and anonymously on our web server. This may consist of the following data:

Website/application from which the website was requested (so-called referrer URL)

Name and URL of the requested page

Date and time of your access to the website

Description of the type, language and version of the web browser used

IP address of your requesting Internet-enabled device

Your Internet Service Provider

files downloaded from our website (e.g. PDF or Word documents)

data volume transferred

Operating system of your requesting Internet-capable device

Message whether the call was successful (access status/http status code)

GMT time zone difference

2. inquiry, contact, application form; other inquiries

When using our enquiry, contact and application forms, the “form data” (e.g. first name, last name, e-mail address, address, telephone, your message, time of transmission) which is evident from the respective form, entered by you or “attached” to your message and thereby transmitted, is processed.

If you contact us by e-mail, telephone or fax, the personal data you provide (e.g. name, telephone number) will be processed.

III Purpose and legal basis of the data processing

We process the personal data described in more detail above in accordance with the provisions of the GDPR, the other relevant data protection regulations and only to the extent necessary. Insofar as the processing of personal data is based on Art. 6 (1) f) DS-GVO, the aforementioned purposes also represent our legitimate interests.

1. log data

The processing of the log data serves statistical purposes and the improvement of the quality of our website, in particular the stability and security of the connection. The legal basis is Art. 6 para. 1 f) DS-GVO.

2. form data; requests by e-mail, telephone, fax

The processing of “form data” is carried out for the processing of inquiries from interested parties and customers. The legal basis is Art. 6 (1) a), b) and/or f) DS-GVO. The same applies to the processing of data for other enquiries by e-mail, telephone and/or fax.

1. Duration of the data processing

Your data will only be processed for as long as is necessary to achieve the processing purposes mentioned above; the legal bases indicated in the context of the processing purposes apply accordingly.

The deletion of the log data takes place after 14 days at the latest. If technically possible and reasonable, the IP addresses are anonymized after 24 hours.

With regard to the use and storage duration of cookies, please refer to point B.VI.

Third parties engaged by us will store your data on their systems for as long as is necessary in connection with the provision of services for us in accordance with the respective order.

You will find more details on the storage period under A.IV.

1. Other (categories of) recipient(s) and transfer to third countries

The following additional (categories of) recipient(s), which are usually processors (see A.VI.), may receive access to your personal data:

Service providers for the operation of our website and the processing of data stored or transmitted by the IT systems (e.g. for data centre services, customer care, IT security). The legal basis for the transfer is Art. 6 (1) a), b) and/or f) DS-GVO (if applicable in conjunction with Art. 49 (1) a), b), c), e) DS-GVO), insofar as these are not anyway order processors;

Translators, (company) doctors, education and training providers, (potential) employers. The legal basis for the disclosure is § 26 BDSG, Art. 6 para. 1 a), b) and/or f) DS-GVO (if applicable in conjunction with Art. 49 para. 1 a), b), c), e) DS-GVO), insofar as it does not involve order processors anyway;

Public bodies and institutions such as recognition/financial/foreigner/registration authorities, embassies, social insurance institutions, employment agency. The legal basis for the disclosure is § 26 BDSG, Art. 6 para. 1 b), c) DS-GVO;

other state agencies/authorities, insofar as this is necessary for the fulfilment of a contractual and/or legal obligation. The legal basis for the disclosure is Art. 6 para. 1 b), c) DS-GVO;

persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors). The legal basis for the disclosure is Art. 6 (1) b) or f) DS-GVO.

our respective cooperation partners in the areas of sourcing and recruitment, personnel consulting/development/placement and relocation. The legal basis for the disclosure is § 26 BDSG, Art. 6 para. 1 a), b) and/or f) DS-GVO (if applicable in conjunction with Art. 49 para. 1 a), b), c), e) DS-GVO), insofar as it does not involve order processors anyway;

our partner company Start Medicare GmbH. The legal basis for the transfer is Art. 6 (1) a), b) DS-GVO.

For the guarantees of an adequate level of data protection in case of transfer of data to third countries, see A.VII.

Furthermore, we will only pass on your personal data to third parties if you have given your express consent to do so in accordance with Art. 6 (1) a) DS-GVO (possibly in conjunction with Art. 49 (1) a) DS-GVO).

In addition, the following should be noted:

1. data transfer to processors and other service providers

We have carefully selected the service providers who process data on our behalf in accordance with instructions as processors and are thus recipients of personal data, provide sufficient guarantees for suitable technical and organisational measures and are contractually obligated by us in accordance with Art. 28 DS-GVO.

We regularly transfer your personal data to the following order processors and other service providers:

 

Type of processing activityProcessor/Service providerHead office            ; server locationFurther               data protection information

Website,

 

Host

dogado GmbHD               ; Dhttps://www.dogado.de/faq/artikel/fragen-zum-datenschutz-und-dsgvo/

https://www.dogado.de/server/colocation

Mail Provider, Microsoft Office 365Microsoft     CorporationUSA               ; Dhttps://privacy.microsoft.com/de-de/privacystatement

Cloud, Autotask WorkplaceDatto             IncUSA  ; DKhttps://www.datto.com/de/datto-brexit-statement

2. data transfer to third parties

We also present and arrange services from third-party providers on our website.

 

If you wish to order or use these products and services from third-party providers, it is necessary for the possible conclusion of a contract with the respective third-party provider that you provide your personal data, which we require for the mediation of your inquiry or order.

We process the data you provide for the purpose of processing your inquiry or order. In particular, we transmit to the respective third-party provider the data required for the possible establishment of the contractual relationship with the respective third-party provider and the processing of this contractual relationship. The legal basis for this is Art. 6 (1) b) DS-GVO.

Under these conditions, the following companies, for example, come into question as providers of services arranged by us or of services presented by third-party providers without obligation on our part and thus as recipients of your personal data:

German Agency for Health and Care Professionals (DeFa), Bismarckstraße 128, 66121 Saarbrücken, e-mail: info@defa-agentur.de; information on data protection in the footer at https://www.defa-agentur.de/de.

1. use of cookies, plugins and other services on our website
2. cookies

We use cookies on our website. Cookies are data records that are assigned to the browser you are using and stored on your data carrier by means of a characteristic character string and through which certain information flows to the body that sets the cookie. A cookie usually contains the name of the domain from which the cookie data was sent, information about the age of the cookie and an alphanumeric identifier.

Cookies cannot execute programs or transfer viruses to your computer and therefore cannot cause any damage. They are used to recognise the user’s device, to make any preferences immediately available and to make our website as a whole more user-friendly and effective, i.e. more pleasant for you, by offering you a better service tailored to your needs. They allow us to recognize your terminal device when you return to our website and thereby:

• store information about your preferred activities on the website and thus tailor our website to your individual interests. This includes, for example, advertising that matches your personal interests.
• speed up the processing of your requests.

Cookies can therefore contain data that make it possible to recognise the device used. In some cases, however, cookies only contain information about certain settings that are not personally identifiable. However, cookies cannot directly identify a user.

A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session.

In the cookies we use, only the data explained above about your use of the website is stored. This is not done by assigning it to you personally, but by assigning an identification number to the cookie (“cookie ID”). A combination of the cookie ID with your name, your IP address or with similar data, which would enable an assignment of the cookie to you, does not take place.

If you do not wish to use browser cookies, you can set your browser so that cookies are not accepted. Please note that in this case you may only be able to use our website to a limited extent or not at all. If you only want to accept our own cookies, but not the cookies of our service providers and partners, you can select the setting in your browser “Block third-party cookies”.

Any use of cookies that is not absolutely technically necessary constitutes data processing that is only permitted with your consent – which may be revoked at any time with effect for the future – pursuant to Art. 6 (1) a) DS-GVO.

Furthermore, we will only pass on your personal data processed by cookies to third parties if you have given your consent to do so in accordance with Art. 6 (1) a) DS-GVO GVO (possibly in conjunction with Art. 49 (1) a) DS-GVO).

3. social media

We do not use any social media plugins on our website. If our websites contain symbols from social media providers (e.g. from “Facebook”), we only use these for passive linking to the pages of the respective providers.

Our website contains the following links to websites that are operated jointly with or by third parties: https://www.facebook.com/startmedicare/.

This data protection declaration applies to the processing of personal data by such third-party providers in addition to the data protection declarations of these third-party providers. Please note that we cannot accept responsibility for the content of third-party websites or for compliance with data protection requirements there.

We give you the opportunity to communicate directly with Facebook via the link and to interact with other users, so that we can improve our offer and make it more interesting for you as a user.

The legal basis for the linking and the resulting processing of your data is Art. 6 (1) f) DS-GVO.

We would like to point out that Facebook may also transfer personal data to third countries with (possibly) inadequate data protection levels and process it there, especially in the USA, where the US security authorities have far-reaching access possibilities to (personal) data of the data subjects that are not limited to the necessary extent and against which there are no effective legal protection options.

Only if you click on the link and thus give the corresponding consent, Facebook receives the information that you have called up the corresponding website of our online offer. In addition, the log data is transmitted. By activating the link, personal data is therefore transmitted from you to Facebook and stored there (in the case of US providers in the USA). Since these third-party providers collect data in particular via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on one of the aforementioned links, unless you wish to consent to the data transfer anyway.

Further information on the purpose and scope of data collection and processing by these third-party providers can be found below in the information on our social media presences (C.) and in their data protection declarations. There you will also receive further information about your rights and setting options to protect your privacy.

4. data protection and third party websites

Our website may contain hyperlinks to and from third party websites. If you follow a hyperlink to one of these websites, please note that we cannot accept any responsibility or warranty for third-party content or data protection conditions. Please make sure you are aware of the applicable data protection conditions before submitting personal data to these websites.

5. fonts, graphics

We use a font from Google Fonts on our website. We have downloaded this font and stored it on our web server, i.e. integrated it locally. When loading and displaying the font, there is therefore no data exchange with “Google” (Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, and, for services directed at consumers in the European Economic Area (EEA), Google Ireland Limited, Gordon House, Barrow Street, Dublin4, Ireland).

1. Social media
2. general

We maintain a publicly accessible profile on the social network “Facebook” (https://www.facebook.com/startmedicare/).

Your visit to this profile initiates a variety of data processing operations. In the following, we provide you with an overview of which of your personal data is collected, used and stored by us when you visit our profile.

You are not obliged to provide us with your personal data. However, this may be necessary for individual functionalities of our profile on Facebook. These functionalities will not be available to you or only to a limited extent if you do not provide us with your personal data.

When you visit our profile, your personal data is collected, used and stored not only by us, but also by the operator of the social network. This happens even if you yourself do not have a profile in the social network. The individual data processing operations and their scope are not necessarily traceable for us.

We would like to point out that Facebook may also transfer personal data to third countries with (possibly) inadequate data protection levels and process it there, especially in the USA, where the US security authorities have far-reaching access possibilities to (personal) data of the data subjects that are not limited to the necessary extent and against which there are no effective legal protection options.

For example, when you visit our website, Facebook places cookies on your device with the third-party provider, which remain effective for up to two years unless they are deleted beforehand. The purpose of these cookies is to store information in the web browser. Facebook processes the information stored in the cookies, stores the data collected about you as a usage profile and uses it for the purposes of advertising, market research and/or designing the website to meet your needs. Such an evaluation is carried out in particular (also for non-logged-in users) for the display of needs-based advertising and to inform other users of the social network about your activities on our website.

You have the right to object to the creation of these user profiles, and you must contact Facebook to exercise this right.

The data transfer takes place regardless of whether you have an account with Facebook and are logged in there. If you are logged in to this provider, your data collected by us will be directly assigned to your account with this provider. We recommend that you log out regularly after using a social network.

If you use our profile on the social network to contact us (e.g. by creating your own posts, responding to one of our posts or by sending us private messages), the data you provide us with will be processed by us solely for the purpose of contacting you. Legal bases for the data collection are thus § 6 para 1 a) and b) DS-GVO.

We delete stored data as soon as their storage is no longer necessary or you request us to delete them; in the case of statutory retention obligations, we limit the processing of the stored data accordingly.

Otherwise, we have no influence on the collected data and data processing operations, nor are we aware of the full extent of the data collection, the purposes of the processing and the storage periods. We also have no binding information on the deletion of the collected data by Facebook.

1. Information on the collection of personal data

As the operator of a Facebook fan page, we can only view the information stored in your public Facebook profile, and only if you have such a profile and are logged into it when you access our fan page.

Furthermore, Facebook automatically provides us with statistics of the visitors to our Facebook fan page in anonymous form based on the visits to our Facebook fan page according to parameters defined by us (so-called page insights, see https://www.facebook.com/legal/terms/information_about_page_insights_data), which we can use for the purposes of advertising, market research and/or demand-oriented design of our website. We do not have access to the usage data that Facebook collects to create these statistics.

Facebook has committed to us to assume primary responsibility under the GDPR for the processing of this data, to comply with all obligations under the GDPR with respect to this data, and to provide data subjects with the substance of this commitment. We, as the operator of the Start Medicare Fanpage, do not make any decisions regarding the processing of Insights data and all other information resulting from Art. 13 of the GDPR, including legal basis, identity of the controller and storage period of cookies on user devices.

This data processing serves our (and your) legitimate interest in improving the user experience when visiting our fan page according to the target group. The legal basis for the data processing is therefore Art. 6 (1) f) DS-GVO.

Facebook Ireland Ltd. processes (personal) data when you use Facebook products, including when you visit our Facebook page, even if you are not registered with any of the Facebook services. Which (personal) data this is in detail, how, for which purposes and on which legal basis it is processed, is described by Facebook in its data policy (https://de-de.facebook.com/policy.php), which applies to all Facebook products. There you will also find information on how to contact Facebook as well as on the settings options for advertisements, cookies, etc.

Facebook also processes your data in the U.S. or other third countries, uses standard contractual clauses approved by the EU Commission in accordance with the information provided at https://de-de.facebook.com/policy.php under “How do we process and transfer data as part of our global services?” and invokes adequacy decisions issued by the EU Commission with respect to certain countries.

For more information about the cookies Facebook sets when having a Facebook account, using Facebook products (including the Website and Apps), or visiting other websites and apps that use Facebook products, Facebook provides the Cookie Policy (https://www.facebook.com/policies/cookies/).

Information on how to manage information about you can also be found at this link: https://www.facebook.com/policies/cookies/

For more information on the purpose and scope of data collection and processing by Facebook, please refer to the privacy policy. There you will also find further information about your rights and setting options to protect your privacy:

Facebook Inc: 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data processing by Facebook: http://www.facebook.com/help/186325668085084, and http://www.facebook.com/about/privacy/your-info#everyoneinfo.

The privacy policy for the social network Facebook, which is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, commercial register number 462932, can be viewed at https://www.facebook.com/about/privacy/update?ref=old_policy, and the Facebook Page Insights Supplement can be viewed at https://www.facebook.com/legal/terms/page_controller_addendum.

1. Data protection information for (former/potential) applicants (“participants”)
2. General information on the processing of data of (potential) participants

Start Medicare GmbH is a management and personnel consultancy, personnel and management developer, recruitment agency and relocation service provider. Among other things, we recruit, qualify and place professionals and talents on a national and international level, especially of certified health and nursing staff for the purpose of permanent work-related migration to Germany.

(Potential) participants are therefore all persons interested in an employment relationship and applicants as well as the (former) participants of the personnel recruitment, training and placement of Start Medicare, in particular (potential) employees, trainees, interns and other employees of our contractual partners.

Under the following link, we offer potential participants the opportunity to send us a speculative application using a form. You can also send us your application by e-mail or by post.

The placed applicants (“participants”) are comprehensively supported by us, from career planning to interview training, support in the application process, participation in professional further training and language qualifications, fulfilment of the (official) requirements for relocation and its implementation, right up to taking up employment in hospitals or other in-patient or out-patient (medical) care facilities.

For this purpose, we also process personal data in order to fulfil our legal and contractual obligations or other obligations under the law of obligations towards, among others, our customers (the applicants/participants), the (potential) employers, our service providers, our other contractual partners, towards public authorities and other third parties.

1. sources of data; data (categories)

In the case of an application and as part of the applicant selection process, personal data is collected which is required in particular to identify you as an applicant, to conduct correspondence with you, to make a decision on the possible establishment of an employment relationship, and which is necessary for us to fulfil legal obligations.

We process personal data that we receive from interested parties, applicants and our (former) participants themselves. In addition, we process personal data that we permissibly receive from third parties, e.g. from our service providers and cooperation partners as well as from public authorities such as the Federal Employment Agency, tax offices, registration authorities, embassies and competent immigration authorities. We also process personal data that we are permitted to obtain and process from publicly accessible sources.

In particular, it may involve the following personal data:

Personal details, e.g. name, date/place of birth, nationality, address, religious denomination, disability;

Driver’s license data, criminal record, health data;

Data on education/training and professional career;

Employment data (e.g. company, start/end);

Emergency contacts (phone number, name);

Financial data, e.g. remuneration, social benefits, bank details, tax number;

Social security data such as insurance numbers, statutory health insurance, sick leave;

IT Usage Data.

III. purposes and legal bases of data processing

We process your personal data in accordance with the provisions of the DS-GVO, the German Federal Data Protection Act (BDSG) and other relevant laws on the basis of your consent, Art. 6 (1) a) DS-GVO, for pre-contractual measures and for the fulfilment of (pre-) contractual obligations, Art. 6 (1) b) DS-GVO, for the fulfilment of legal obligations, Art. 6 (1) c) DS-GVO and within the framework of the balancing of interests, Art. 6 (1) f) DS-GVO, for the protection of legitimate interests of us or of third parties.

The collection and processing of data is based for the application procedure (in addition) on § 26 BDSG, Art. 88 DS-GVO, Art. 6 para. 1 b) and Art. 9 para. 2 b) DSGVO.

The processing of special categories of personal data, Art. 9 (2) DS-GVO, (e.g. health data) is carried out on the basis of your explicit consent or a legal permission, see Art. 9 (2) DS-GVO.

1. Other (categories of) recipients

We will only pass on your personal data to third parties if the requirements of one of the aforementioned legal bases are met. Under this condition, the following recipients of your personal data come into question for the establishment and implementation of the business relationship with you:

Processors and other service providers, e.g. translators, service providers for IT, telephone, payment transactions;

(Company) Doctors;

Education and training providers;

public bodies and institutions such as recognition/financial/foreigner/registration authorities, embassies, social security institutions, employment agency;

Your (potential) employers;

Our respective cooperation partners in the areas of sourcing and recruitment, personnel consulting/development/placement and relocation;

Our partner company Talentscoutry TM GmbH

1. On the transfer of data to a third country

Your personal data may also be processed outside the EEA in third countries, namely the companies Microsoft Corporation (mail provider Microsoft Office 365), Datto, Inc (Cloud) and Evenly Odd, Inc. (“Knack”, applicant data platform).

Please note that when processing in third countries with possibly inadequate levels of data protection, there is a risk that your data may be processed by government agencies of the third country for control and monitoring purposes, without you always having adequate legal remedies against this.

1. storage period

We process your personal data as long as it is necessary for the fulfilment of our obligations under the law of obligations and the law or to protect the legitimate interests of us or of third parties. If the data is no longer required for the aforementioned purposes, it will be regularly deleted, unless you have given us your consent for further storage.

If we are unable to make you an offer, if you reject an offer from us or a potential employer, or if you withdraw your application, we reserve the right to store the data you have provided on the basis of our legitimate interests (Art. 6 (1) f) DS-GVO) for up to three months from the end of the application process (rejection or withdrawal of the application). Afterwards, the data will be deleted and the physical application documents destroyed.

The retention of data serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the expiry of the 3-month period (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for continued storage no longer applies.

A longer storage can also take place if you have given a corresponding consent (Art. 6 para. 1 a) DS-GVO) or if legal storage obligations oppose the deletion.

VII Are you obliged to provide us with your data?

As an interested party, applicant and (potential) participant, you must provide such personal data as is required for the fulfilment of our legal and contractual or other obligations under the law of obligations and notify us without delay of any changes arising in the course of the business relationship.

If you do not provide us with the necessary data, we may not be able to fulfil our obligations resulting from the business relationship. Without this data, we will therefore usually have to refuse to conclude a contract with you or will no longer be able to perform an existing contract.

VIII Online meetings/trainings

In addition, your data may be processed during audio/video conferences, webinars, online meetings and online training courses such as language courses (in short “online meetings”, in each case closed groups without recordings). We use the following services for this purpose:

“BigBlueButton”, an open source software tool.

possibly another service requested by you, in which case you will be the data controller for the online meeting.

When using BigBlueButton for online meetings, various data are processed, also depending on the information you provide before and during participation in an online meeting. As a rule, the following personal data is processed, whereby optional information is marked accordingly in the application:

User details: first name, last name, nickname (pseudonym) if applicable, user ID, e-mail address, password, profile picture if applicable;

Sound and image of the user;

Meeting/Device Data: Topic, description, lesson attended; attendee IP addresses, hardware/software information;

Meeting content data: Audio, video, and, if applicable, text data of what you might say during an online meeting.

The purpose of processing your personal data is to be able to provide you with BigBlueButton as a tool for conducting online meetings and to be able to conduct said meetings using BigBlueButton.

The legal basis for data processing when conducting online meetings is Art. 6 (1) a) DS-GVO (your consent), Art. 6 (1) b) DS-GVO, insofar as the online meetings are conducted for the purpose of establishing or implementing contractual relationships, otherwise Art. 6 (1) f) DS-GVO, because we have a legitimate interest in the effective conduct of online meetings.

Personal data processed in an online meeting is generally not disclosed to third parties unless it is intended for disclosure. Please note that content from online meetings, as well as face-to-face meetings, is often used to communicate information with customers, prospects or third parties and is therefore intended for disclosure.

1. Applicant database

If we are unable to find you an offer, we may be able to include you in our applicant database. In the event of inclusion, all documents and details from the application will be transferred to the applicant database in order to contact you in the event of suitable vacancies.

Inclusion in the applicant database takes place exclusively on the basis of your consent (Art. 6 para. 1 a) DS-GVO). The submission of the consent is voluntary and is not related to the current application process.

You can revoke your consent at any time with effect for the future. In this case, the data will be irrevocably deleted from the applicant database, unless there are legal reasons for retention.

The data from the applicant database will be irrevocably deleted no later than two years after consent has been given.

Please contact us if you have any questions.

Your team from Start Medicare GmbH