Privacy Policy

At Embea, we are committed to protecting the privacy of our users and handling personal data with care. In this privacy policy, we will inform you about the collection of personal data when using our services and our website. Personal data includes any information that can be directly or indirectly linked to you as an individual, such as your name, address, email address, and user behavior.

1. Responsible Processor

The responsible data processor regarding this privacy notice is:
Embea GmbH 
Friedrichstraße 114A 
10117 Berlin 
Germany

Authorised Representatives: Dr. Johannes Becher, Dmitry Muzhikov, Leopold Jedina 
Email: impressum@embea.com

2. Data Protection Officer

You can contact our data protection officer at the following address:
Dr. Arnt Glienke
CLARIUS.LEGAL Law Firm
Neuer Wall 77
20354 Hamburg

datenschutz.embea@clarius.legal

3. Scope of Processing of Personal Data

We understand the importance of privacy and protecting personal data. As such, we only collect and process personal data to the extent necessary to provide you with the services you have requested, improve our services, and ensure the functionality and security of our website. We will only process personal data with your consent, except in cases where we are legally permitted to do so without obtaining prior consent. We will ensure that any personal data collected is handled in accordance with applicable data protection regulations, including the General Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG).

4. General information on data processing

a. Scope & Purpose of Processing Personal Data

We only collect and process your personal data to the extent that it is necessary to provide you with a functional website and our content and services. We will only process your personal data after obtaining your consent for the specific purpose unless data processing is permitted by law without obtaining prior consent. Our processing activities and objectives are described in detail below.

b. Legal Basis for Processing Personal Data

We process personal data based on your explicit consent, in which case Art. 6 para. 1 a) GDPR serves as the legal basis. If the processing is necessary for the performance of a contract in which you are a party or for pre-contractual measures, Art. 6 para. 1 b) GDPR applies. In case of legal obligation, Art. 6 para. 1 c) GDPR serves as the legal basis for the processing. When processing is necessary to protect the vital interests of the data subject or another natural person, Art. 6 para. 1 d) GDPR serves as the legal basis. If the processing is necessary for the legitimate interest of our company or a third party, we process data based on Art. 6 para. 1 f) GDPR.

c. Data Deletion and Storage Period

We will delete or block your data as soon as the purpose for which it was stored no longer applies. We may also store your data if required by law or other legal provisions binding on us. Blocking or deletion of your data will also occur when a storage period prescribed by the statutory provisions expires unless there is a need for further storage of your data for the conclusion or fulfilment of a contract.

d. Types of Data Processed

We process the following types of data:

  • Customer data (e.g., name, address)
  • Contact details (e.g., email address, telephone number)
  • Contract data
  • Health data (e.g., body-mass-index, health related habits, diseases, periods of sick leave)
  • Usage data (e.g., website visits, access times, personal interests)
  • Communication and metadata (Name and URL of the retrieved file, date and time of retrieval, amount of data transferred, message about successful retrieval (HTTP response code), browser type and browser version, Operating system, referer URL (i.e., the previously visited page), websites accessed by the user's system via our website, the user's Internet service provider, IP address and the requesting provider)

We use this log data without assigning it to you personally or otherwise profiling it for statistical evaluations for the purpose of operating, securing and optimizing our website, but also to anonymously record the number of visitors to our website (traffic) and the extent and type of use of our website and services, as well as for billing purposes to measure the number of clicks received from cooperation partners. Based on this information, we can provide personalized and location-based content and analyze traffic, search for and fix errors, and improve our services.

This is also our legitimate interest according to Art. 6 para. 1 f) GDPR.

We reserve the right to subsequently review the log data if there is a justified suspicion of unlawful use based on specific indications. We store IP addresses in the log files for a limited period of time if this is required for security purposes or necessary for the provision of services or the billing of a service, e.g. if you use one of our offers. After cancellation of the order process or after receipt of payment, we delete the IP address if it is no longer necessary for security purposes. We also store IP addresses if we have a concrete suspicion of a criminal offense in connection with the use of our website. In addition, as part of your account, we store the date of your last visit (e.g. when registering, logging in, clicking links, etc.).

e. Purposes of Processing

We process your personal data for the following purposes:

  • Providing our online services, their functions, and contents
  • Responding to your inquiries and communicating with you
  • Implementing security measures
  • Measuring the reach of our services and marketing
  • Fulfilment of contractual services, especially with respect to insurance contracts
  • Assessment of contractual risks

f. Categories of Concerned Persons

Customers and persons (from now on referred to as "users") who access and use our online services.

5. Server and Log Files

When you visit our website for informational purposes, we only collect personal data that your browser sends to our server, without providing us with information through registration or otherwise. This data is technically necessary to display our website, ensure stability and security, and improve our services, and its collection is permitted under Art. 6 (1)(f) GDPR. The data we collect includes the date and time of access, the name of the pages accessed, the referrer URL, the amount of data transferred, loading time, browser type, language and version, name of the visitor's access provider, operating system, and interface.

We make every effort to anonymize your IP address to the greatest extent possible, and we store it for a maximum of 7 days for security reasons.

Hosting

We use a third-party hosting provider to offer certain services related to the operation of this website, including IT infrastructure, computing and database services, email transmission, security, server storage, and technical maintenance services. The hosting provider processes the personal data of our website visitors, including inventory data, contact data, content data, usage data, meta, and communication data, on our behalf as part of a data processing agreement based on Art. 28 GDPR. Our legitimate interest in providing a professional and secure website under Art. 6 (1)(f) GDPR serves as the legal basis for this data processing.

6. Use of cookies

This website uses cookies which are small text files that are stored on your computer by the browser you use when you access our website. These cookies allow us to receive specific information, which helps us to make our website more user-friendly and effective.We use two types of cookies:

a. Temporary cookies which are automatically deleted when you close the browser. These include session cookies that store a session ID. This ID allows your computer to be recognized when you return to our website, and the session cookies are deleted when you log out or close the browser.

b. Persistent cookies will be automatically deleted after a specified period, which may vary depending on the cookie. You can delete these cookies in the security settings of your browser at any time. If these cookies or the information they contain are considered personal data, the legal basis for data processing is your consent under Art. 6(1)(a) GDPR.You can configure your browser settings to refuse cookies for analysis or advertising purposes, and we use the tool Cookiebot of Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark to enable this. For more information on Cookiebot, please refer to section 11(b) "Third-Party Content & Tools" below. Please note that you may not be able to use all functions of our website if you do not accept cookies, and you can object to the use of cookies for online marketing purposes at http://www.youronlinechoices.com.

7. Contacting us

If you contact us, (e.g. via contact form or e-mail), we process your data to process the request and in the event that follow-up questions arise.

If the data processing is carried out for the implementation of pre-contractual measures, which are carried out on your request, or, if you are already our customer, for the implementation of the contract, the legal basis for this data processing is Art. 6 para. 1 b) GDPR.

We only process further personal data if you consent to this (Art. 6 para. 1 a) GDPR) or we have a legitimate interest in processing your data (Art. 6 para. 1 f) GDPR). A legitimate interest is, for example, to respond to your email.

8. Website optimization, reach measurement and online marketing

Google Analytics

We use Google Analytics, a web analysis service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) on our website for the purpose of optimizing and measuring our website's reach, as well as for online marketing, based on our legitimate interests under Article 6(1)(f) GDPR. Google Analytics uses cookies to collect information on website usage, which is then transferred to and stored on Google's servers in the United States. This information includes the user's browser type and version, operating system, referrer URL, the hostname of the accessing computer (IP address), and time of server request. However, we have enabled the "anonymizeIP" feature within Google Analytics, which shortens and anonymizes the user's IP address in certain situations. Google uses this information on our behalf to evaluate website usage and provide us with reports on user activities and may create pseudonymous user profiles from the data collected. Users can prevent the storage of cookies and the collection of data generated by the cookie concerning the online offer by downloading and installing a browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de

More information on Google's data use, settings, and objection options can be found in the Google privacy policy (https://policies.google.com/technologies/ads) and the settings for the display of advertising on Google (https://adssettings.google.com/authenticated). User data will be deleted or anonymized after 14 months.

9. Disclosure of data

Data will only be disclosed to data processors in accordance with the provisions of Art. 28 GDPR. Data will be disclosed to affiliated companies or group companies either on the basis of your consent, in which case the legal basis is Art. 6(1)(a)  GDPR, or on the basis of our legitimate interest in compliance with group guidelines and ensuring adequate IT security within the group, in which case the legal basis is Art. 6(1)(f) GDPR.

With the exception of the processing operations described above, (Section 8, Google Ananytics), we do not transfer your data to recipients outside the European Union or the European Economic Area.

We only disclose your data to third parties if you have expressly consented to the disclosure in accordance with Art. 6(1)(a) GDPR, or the disclosure is necessary under 6(1)(f) GDPR for the establishment, exercise, or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data or there is a legal obligation to disclose the data in accordance with 6(1)(c) GDPR, or this is legally permissible and necessary under 6(1)(b) GDPR for the performance of contractual relationships with you.

10. Social media, third-party content & tools

a. Our social media pages

We maintain additional websites on social networks or social platforms to inform users, interested parties, and customers about our services. We also use this channel to communicate with them if necessary. User data is processed for market research and advertising purposes by creating profiles based on their behavior, which is used to place interest-specific advertising and other marketing measures. Cookies are usually stored on the user's computer, where their usage behavior and interests are stored. These user profiles created can also be used on different devices independently of the device, especially for logged-in users. However, the processing of users' data is based on legitimate interests in the provision of information and communication with users by Art. (1)(f) GDPR. Data may also be processed by providers outside of the European Economic Area (EEA), which may result in risks because it is more difficult to enforce (data protection) claims. However, we only use operators of such networks who have committed themselves to ensure an appropriate level of data protection. If you have any questions or want to exercise your rights as a data subject, we recommend that you contact the relevant provider, as they have access to the data. Nevertheless, we are available to provide assistance if needed.

For the declaration of an objection, the respective provider offers the possibility of objection in the form of an opt-out under the following links:

LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) -data protection declaration at www.linkedin.com/legal/privacy-policy -opt-out at www.linkedin.com/psettings/guest-controls/retargeting-opt-out 

b. Integration of third-party services and content

We may use third-party services to enhance the user experience on our website, such as integrating videos or fonts ("content"). The use of such content may require the collection of your IP address by the third-party provider to deliver and display the content on your browser. We may use pixel tags, which are invisible graphic files, to analyze user behavior on our website for statistical or marketing purposes. The information collected by pixel tags is pseudonymous and may be stored in cookies on your device. This information may include technical data on the time of the visit, browser and operating system, and previous website visits. We do not link this information with similar data from other sources. The processing of personal data for these purposes is based on your consent under Art. 6 (1)(a) GDPR, or on our legitimate interests to evaluate and improve our website under Art. 6 (1)(f) GDPR. You have the right to object to the collection of data through pixel tags at any time by notifying us.

Google Tag Manager

Google Tag Manager is a tool provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) that allows us to manage website tags through a single interface, without having to modify the website's code. This tool allows us to integrate various tracking and optimization tools, such as Google Analytics, into our website. The use of Google Tag Manager on our website does not involve the processing of any personal user data by the Tag Manager itself, which only implements the tags. However, in relation to the processing of users' personal data by the tags, we refer to our privacy policy regarding Google Analytics (or other services used with the Tag Manager) for more information. 

Cookiebot

We use the Cookiebot tool of Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark, to manage your consent or refusal to place cookies.The following data is logged:
- The IP address in anonymized form (the last three digits anonymized);
- Date and time of consent;browser user agent;
- URL from which the consent was sent;
- Anonymous, random, and encrypted key;
- Consent status, which serves us as proof of consent.

The consent(s) will be stored as a cookie for a period of 12 months. Further information on the provider's data protection can be found at https://www.cookiebot.com/de/privacy-policy/

AWIN Partner Programme

We use the affiliate programme of the company AWIN on our website. AWIN is a German affiliate network and serves as an interface between merchants and affiliates. The operating company of AWIN is AWIN AG, Landsberger Allee 104 BC, 10249 Berlin, Germany.

Affiliate marketing is an Internet-based form of distribution that enables commercial operators of websites, so-called merchants or advertisers, to display advertisements, which are usually remunerated via click or sale commissions, on websites of third parties, i.e. distribution partners, also called affiliates or publishers. The merchant provides an advertising medium via the affiliate network, i.e. an advertising banner or other suitable means of Internet advertising, which is subsequently integrated by an affiliate on its own Internet pages or advertised via other channels, such as keyword advertising or e-mail marketing.

AWIN sets a tracking cookie on the information technology system of the data subject. The data is stored on European servers and as AWIN only processes pseudonymous data, in some cases no information can be provided about, for example, personal data such as IP address. The identification number of the affiliate, i.e. the partner referring the potential customer, as well as the order number of the visitor to a website are stored there.

The purpose of storing this data is to process commission payments between a merchant and the affiliate, which are processed through the affiliate network of AWIN. In some cases, AWIN may maintain a restricted profile that relates to you. However, this will not reveal your identity, online behaviour or other personal characteristics. The sole purpose of this profile is to track whether a referral has been started on one device and completed on another. 

The legal basis of the processing is consent in accordance with Art. 6 para. 1 (1a) GDPR. The consent given for the storage of the data as well as its use can be revoked at any time. The legality of the data processing operations already carried out remains unaffected by the revocation. We also have a legitimate interest in using the AWIN partner programme to optimize our online service and our marketing measures. The corresponding legal basis for this is the legitimate interest pursuant to Art. 6 para. 1 (1f) GDPR.

The data subject can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent AWIN from setting a cookie on the information technology system of the data subject. In addition, cookies already set by AWIN can be deleted at any time via an internet browser or other software programs.

The data is only stored until the purpose is fulfilled. Insofar as retention periods under commercial and tax law must be observed, the duration of the storage of certain data may be up to 10 years.

For further information, please see AWIN's privacy policy at https://www.awin.com/gb/privacy.

Trustpilot

We use Trustpilot, a feedback and review service provided by Trustpilot A/S, Pilestraede 58, 5th Floor, DK-1112 Copenhagen (“Trustpilot”). With your consent, we will contact you via Trustpilot by email to gather your feedback and improve our service. For this purpose, we will share your name, email address, policy data, and reference number with Trustpilot. Trustpilot acts as our data processor following Article 28 of the GDPR when sending these emails.

The processing of your data is based on your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR, provided you have given us such consent. To submit a review on Trustpilot, you can create a Trustpilot account. Trustpilot provides a form for submitting feedback about our website and the quality of our service. Your information, including the policy data provided, may be published by Trustpilot.

Trustpilot is solely responsible for the processing of personal data in connection with your Trustpilot account and the publication of reviews. For more information on how Trustpilot processes your data, please visit https://de.legal.trustpilot.com/for-reviewers/end-user-privacy-terms.

11. Changes in Privacy Policy

We reserve the right to update or modify our privacy policy in response to technical or legal developments that may affect the security and privacy of our users' data. In such cases, we will update our policy accordingly to reflect the latest changes. Therefore, we advise our users to regularly review our privacy policy to stay up-to-date with any changes made to it. The most recent version of our privacy policy will always be available on our website.

12. Your rights as a person affected by data processing

According to the applicable laws, you have various rights regarding your personal data. If you wish to exercise these rights, please send your request by e-mail or by postal mail, clearly identifying yourself, to the address mentioned section 1 or the Imprint section of our website.

Below you will find an overview of your rights.

Right to confirmation and information

You have the right to receive clear information about the processing of your personal data. You have the right to receive confirmation from us at any time as to whether personal data relating to you is being processed. If this is the case, you have the right to request from us free information about the personal data stored about you, together with a copy of this data.

Furthermore, you have the right to the following information:

  • the purposes of processing;
  • the categories of personal data processed;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations;
  • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
  • the existence of a right to obtain the rectification or erasure of personal data concerning you, or to obtain the restriction of processing by the controller, or a right to object to such processing;
  • The existence of a right of appeal to a supervisory authority;
    if the personal data is not collected from you, any available information about the origin of the data;
  • the existence of automated decision-making including profiling pursuant to Art. 22 para. 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for you.
  • If personal data are transferred to a third country or to an international organization, you have the right to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

Right to rectification

You have the right to request us to correct and, if necessary, complete personal data concerning you. 

You have the right to request that we correct any inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

Right to erasure ("right to be forgotten")

In a number of cases, we are obliged to delete personal data relating to you.

Pursuant to Art. 17 para. 1 of the GDPR, you have the right to request that we delete personal data concerning you without undue delay, and we are obliged to delete personal data without undue delay if one of the following reasons applies:

The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.

You withdraw your consent on which the processing was based pursuant to Art. 6 para 1 a) GDPR or Art. 9 para 2 a) GDPR and there is no other legal basis for the processing.

You object to the processing pursuant to Art. 21 para GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para 2 GDPR.

The personal data has been processed unlawfully.

The deletion of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.

The personal data has been collected in relation to information society services offered in accordance with Art. 8 para 1 of the GDPR.

If we have made the personal data public and we are obliged to erase it pursuant to Art. 17 para. 1 GDPR, we shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers who process the personal data that you have requested that they erase all links to or copies or replications of that personal data

Right to restrict processing

In a number of cases, you have the right to request us to restrict the processing of your personal data.

You have the right to request us to restrict processing if one of the following conditions is met:

  • the accuracy of the personal data is contested by you for a period enabling us to verify the accuracy of the personal data,
  • the processing is unlawful and you have refused to erase the personal data and have instead requested the restriction of the use of the personal data;
  • we no longer need the personal data for the purposes of processing, but you need the data to assert, exercise or defend legal claims; or
  • you have objected to the processing pursuant to Art. 21 para. 1 GDPR, as long as it has not yet been determined whether the legitimate reasons of our company outweigh yours.

Right to data portability

You have the right to receive, transmit, or have us transmit personal data concerning you in machine-readable form.

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transfer this data to another controller without hindrance from us, provided that

  • the processing is based on consent pursuant to Art. 6 para. 1 (a) GDPR or Art. 9 para 2 (a) GDPR or on a contract pursuant to Art. 6 para. 1 (b) GDPR and
  • the processing is carried out with the help of automated procedures.

When exercising your right to data portability, you have the right to obtain that the personal data be transferred directly from us to another controller, to the extent that this is technically feasible.

Right to object

You have the right to object from a lawful processing of your personal data by us, if this is based on your particular situation and our interests in the processing do not prevail.

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 para 1 e) or f) GDPR; this also applies to profiling based on these provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If we process personal data for the purpose of direct marketing, you have the right to object at any time to processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Article 89 para. 1 GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.

Automated decisions including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you.

Automated decision-making based on the personal data collected will not take place.

Right to withdraw a data protection consent

You have the right to withdraw consent to the processing of personal data at any time.

Right to complain to a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you believe that the processing of personal data concerning you is unlawful.The supervisory authorities for our registered office are:

The responsible data processor regarding this privacy notice is:

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Graurheindorfer Str. 153 / 53117 Bonn
poststelle@bfdi.bund.de / telephone: 0228-997799-0

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59-61 / 10555 Berlin
mailbox@datenschutz-berlin.de / telephone: 030-13889-0