Home » Privacy Statement

Curalie GmbH Privacy Statement

Last Updated: 05.09.2023

For CURALIE GMBH, responsible handling of personal data is a high priority. We want you as a user to know what data is collected and processed by us. Our company processes this data on the basis of the provisions of the European General Data Protection Regulation (GDPR) and the German Data Protection Act (BDSG). Below you will find a description of what data is processed as part of our general business relationship and during your visit to our website.

Please note the following: what data is collected during your use of our website and, if applicable, processed by us or third parties depends on the services you request or use. This means for you:


The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States including other data protection provisions for the processing of your data is CURALIE GMBH.


Curalie GmbH

Leipziger Straße 61A, 10117 Berlin

e-Mail: info@curalie.com

Tel.:+49 (0) 30 549 071 27

Responsibilities arising from exceptions within this context are explained in detail later in this privacy policy.

Contacting the data protection officer

Should any questions arise on your part regarding the processing of your personal data, or should you have any suggestions or complaints, you can contact our data protection officer. We recommend that you send confidential information exclusively by post. 

For example, you can send questions to our data protection officer via the following e-mail address: (datenschutz@curalie.com).

Riscreen GmbH

Türltorstrasse 4 

85276 Pfaffenhofen 

I Reasons for collecting data 

CURALIE GMBH collects personal data exclusively for the purposes described in section 3. Insofar as personal data is collected via the CURALIE GMBH’S website, CURALIE GMBH processes and uses this data for the intended purpose and in accordance with the statutory provisions. If personal data is collected with reference to customers, this is done exclusively within the framework of an agreement that complies with data protection law.

When you visit our website, for example, our web servers temporarily store the connection data of the requesting computer, the pages you visit on our site, the date and duration of your visit, the identification data of the browser and operating system type used and the website from which you visit us (so-called server log data) as standard for the purpose of system security. Additional personal data such as your name, address, telephone number or e-mail address are not collected. In addition, the server log data is not linked to personal data. The above-mentioned data will be processed by us for the following purposes:

II Data processing

The following passages explain in more detail all categories, as well as their legal basis and the purpose of the data we collect.

1. Personal data in principle and specifically

1.1 What is personal data?

Personal data is data that contains information about the personal or factual circumstances of an identified or identifiable natural person. Examples include IP address, name, home address, telephone numbers or date of birth.
Information regarding frequently visited homepages or the number of users of a site does not allow any direct conclusions to be drawn about identities and is therefore not to be classified as personal data.

1.2 What data is processed?

In the course of using our homepage as well as the basic processes of our business relationship, the following categories of data are processed:

2.1 Contractual basis according to Art. 6 para. 1 lit. b GDPR

In the process of creating a contract, we go through various processes that require data processing operations. This also applies to processing operations necessary for the implementation of pre-contractual measures. Art. 6 para. 1 lit. b) GDPR serves as the legal basis here.

2.2 Legal obligation pursuant to Art. 6 para. 1 lit. c GDPR        

There is a possibility that processing of personal data is necessary for the fulfillment of a legal obligation to which CURALIE GMBH is subject, pursuant to Art. 6 para. 1 lit. c) GDPR.

2.3 Legitimate corporate interest according to Art. 6 para. 1 lit. f GDPR

If processing is necessary to protect a legitimate interest of CURALIE GMBH or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis. The collected data can be used for the purpose of optimizing our customer relationship for the following topics:

2.4 Consent pursuant to Art. 6 para. 1 lit. a GDPR

Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 para. 1 lit. a) GDPR serves as the legal basis. In case of consent, the following purposes of use and processing are fulfilled:

2.5 Consent pursuant to Art. 6 para. 1 lit. d GDPR

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

3. Purpose of the processing

3.1. Provision of contractually required services to customers and employees

For the processing and execution of a contract with you, we process the personal data required for this purpose. Without processing personal data, we cannot conclude an effective contract with you. Within the context of the processing and execution of a contract conclusion, the processing of personal data is also required by law (e.g. by tax regulations).

3.2 Marketing Purposes

There is a legitimate economic interest in informing the customers of CURALIE GMBH about further offers of our own in order to establish and maintain a long-term customer relationship.

3.3 Statistical purposes/evaluation of data

For the continuous optimization of our website, a statistical evaluation of relevant information takes place. Its usage data as well as a range measurement help us to conduct effective market research and thus to make our website as user-friendly as possible.

We do not change the purpose without your consent. As soon as the purpose has been fulfilled (i.e. the data is no longer required to achieve the purpose for which it was collected), the deletion of your personal data is governed by the respective statutory retention periods. For more information, see also point 13. Data retention.

3.4 Offers of products from Curalie

Curalie GmbH is a provider of health services based on technical applications. We therefore refer to the specific product and service-related data protection declarations for the individual product and service offerings:

Privacy Policy, Curalie Apphttps://curalie.de/app-datenschutzerklaerung/
Privacy Policy, Curalie Portalhttps://curalie.de/portal-datenschutzerklaerung/

4. Collaboration and provision of data

Unless the processing of personal data through the use of our website leads to or is required for the initiation, implementation or termination of a contractual relationship, the fulfillment of contractual obligations or the fulfillment of legal obligations, the provision of personal data is voluntary. If necessary, the non-provision of certain data can lead to limited usability of the website and, if applicable, any additional services.

Within the context of the initiation, commencement, implementation, termination of a contractual relationship, the fulfillment of contractual obligations or the fulfillment of legal obligations between us and you, it is necessary to collect and process certain data required for the aforementioned purposes. Failure to provide such data may result in impairment on the basis of which contractual collaboration is prevented, restricted and/or unfeasible.

5. Passing on of data

Your personal data will only be disclosed if this is necessary for the purpose of processing the contract, if you have given your express consent, if this is required by law or if we have a legitimate interest in disclosing the data.          

Within our company, access to your data is only granted to those departments that require it in order to fulfill our contractual and legal obligations. Service providers employed by us who have a processing relationship with our company or are vicarious agents may also come into contact with the data collected.

Within the context of data transfer to external recipients, it is ensured that only necessary personal data is transferred in compliance with the applicable data protection regulations. In addition, data may only be passed on if this is done within the context of fulfilling a contract, if this is required by legal provisions, if you have given your personal consent, or if we as a company are authorized to provide information.       

Given these conditions, recipients of personal data may be, for instance:

•    Public bodies and institutions (e.g. tax authorities, judicial and law enforcement agencies) if there is a legal or official obligation to do so, such as social security and pension insurance institutions

•    Auditors, tax consultants, lawyers

•    Service providers that we use within the context of processing relationships, e.g. payment service providers, payroll accounting, personnel management, social media

In the case of an external assignment, however, we assure that the service providers used are subject to a careful selection process and are obligated to comply with all data protection regulations in accordance with Art. 28 GDPR. We also check, as part of a regular data protection review of the service providers commissioned by us, that they have taken appropriate data protection measures to protect personal data, such as the existence of appropriate technical and organizational measures, and can ensure compliance with them.

The transfer of data only takes place on the basis of agreements for the transfer of data in accordance with Art. 28 GDPR (commissioned processing), Art. 26 GDPR (joint responsibility) and, if applicable, in the case of third country transfers, additionally in accordance with the requirements in accordance with Art. 44 ff GDPR (see section 5.1).


If data is to be transferred to so-called third countries, i.e., bodies in countries outside the European Union or the European Economic Area, this can only take place on the basis of the fulfillment of certain conditions. In addition to a contractual or legal obligation, so-called suitable guarantees for the protection of personal data are mandatory for this. Data transfer to third countries will therefore only take place if, for example:

Data may only be transferred to third countries if an adequate level of data protection has been recognized for the third country by decision of the European Commission. If such a decision is not available, data transfer to third countries can only be considered if “appropriate safeguards” – such as standard data protection clauses or binding internal data protection regulations (Binding Corporate Rules/BCR/Codes of Conduct and/or certifications) – are used or an exceptional circumstance such as consent applies.

CURALIE GMBH only processes data or has data processed by a third country subject to legal or contractual permissions only if the special requirements of Art. 44 et seq. GDPR are met. This means that the processing takes place, for example, on the basis of officially recognized special contractual obligations (so-called “standard contractual clauses”). Due to the current case law of the ECJ (ECJ, judgment Schrems II dated 16.07.2020; ref. C-311/18), the legal basis of data transfer for our users has changed. Additional measures may be required as part of compliance with obligations arising from the recommendations 1/2020 of the European Data Protection Board (EDPB) on measures to supplement transfer tools to ensure the level of protection of personal data under Union law. Please note that the use of our offer of Google AdWords, analytics services may result in data transfers and subsequent processing of usage data of the respective services in the USA and other third countries where a service provider is located.

The basis for any processing activities is the declaration of consent that you have explicitly given us via our cookie banner. In this case, your declaration of consent justifies such data processing on an exceptional and case-by-case basis pursuant to Art. 49 para. 1 lit. a) GDPR. We hereby inform you that in the USA and other countries without an adequacy decision by the European Commission, there is no comparable level of data protection as in the EU and the EEA. It is therefore possible that government agencies in these countries access your personal data on the basis of legal authorizations without us or you knowing about it. Comparable possibilities for your own legal enforcement may not currently exist in these countries, so these do not appear promising. 

6. Cookies

6.1 Explanation

We use cookies on our pages. Cookies are small text files that are stored on your computer each time you visit our website. We use cookies, for example, to guarantee a functioning website, to design target group-oriented marketing, or for individual website optimization and IT security.

As soon as you access our homepage for the first time, a so-called “cookie banner” is displayed, where you give your consent to the use of cookies on this page by confirming it. Here, you are given the choice between cookies of the following types: “Necessary”, “Preferences”, “Statistics” and “Marketing”. In the course of this, it is possible for you to make a selection as to which types of cookies you wish to allow in the future. This selection will also be saved for future visits to the website. Only after “selecting” the cookies you want, can you continue to navigate our website.

Should you wish to change your mind about the use of cookies at a later date, it is possible for you to change the settings you have made both on our website and in your web browser’s cookie management settings at any time. In particular, the deletion of cookies already set can be initiated in the web browser, but also the future setting of cookies can be prevented. The settings can vary here, however, depending on the browser you are using.

“You may revoke your consent at any time with effect for the future. Please contact our data protection officer at mailto: datenschutz@curalie.com and delete the corresponding cookies in your Browser.”

6.2 Types of cookies used

Only after giving your voluntary consent (proactive submission) for one or more of the listed types of cookies is it possible to continue navigating our website without restrictions. The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. a GDPR since the proactive consent of the user is a prerequisite here.    Only for the setting of the “necessary” cookies is the legal basis of Art. 6 para. 1 lit. f GDPR decisive. All other cookies that serve the fulfillment of all other purposes, such as individual website optimization, marketing purposes, or statistical evaluation processes of your website activities, require your personal consent.

Below, you will find a list of the cookies used on our website, some of which may also be placed there by third parties:

Cookie type / categoryNameProviderPurposeThe processType
NecessaryCookie consentCookiebootStores the user’s consent status for cookies on the current domain.1 yearHTTP
Statistics_utm.gifGoogleThis cookie is used to determine what type of device or browser software the visitor is using – this allows the website to be formatted accordingly.SessionPixel
Statistics__utmaGoogleCollects data on how many times a user has visited a website, as well as data for the first and last visit. Used by Google Analytics.2 yearshttp
Statistics__utmbGoogleRegisters a timestamp with the exact time the user accesses the website. Used by Google Analytics to calculate the duration of a website visit.1 dayhttp
Statistics__utmcGoogleRegisters a timestamp with the exact time the user leaves the website. Used by Google Analytics to calculate the duration of a website visit.Sessionhttp
Statistics__utmtGoogleUsed to throttle the speed of requests to the server. 1 dayHTTP
Statistics__utmzGoogleCollects data on where the user came from, what search engine was used, what link was clicked, and what search terms were used. Used by Google Analytics.6 monthsHTTP
Statistics_gaGoogleRegisters a unique ID that is used to generate statistical data about how the visitor uses the website.2 yearsHTTP
Statistics_gatGoogleIs used by Google Analytics to restrict the request rate1 dayHTTP
Statistics_gidGoogleRegisters a unique ID that is used to generate statistical data about how the visitor uses the website.1 dayHTTP
 UnclassifiedUnclassified cookies are cookies that we are currently trying to classify, along with providers of individual cookies. We don’t use these types of cookies.

We would like to expressly point out that there is a regular check of the cookies set and that this list on the website may differ from the current checklist (see cookie listing in the cookie banner).

6.3 Basic information on the use of Google services and other third-party providers to whose pages links are provided

We have no influence on the further processing and use of data by Google on their pages and can therefore not assume any responsibility for this. For the purpose and scope of the data collection and the further processing and use of the data by Google, as well as your rights in this regard and setting options for protecting your privacy, please refer to Google’s privacy policy (https://policies.google.com/privacy?hl=de).

We also have no influence on the further processing and use of data by other third-party web services on their pages and can therefore accept no responsibility for this. For the purpose and scope of the data collection and the further processing and use of the data by this service provider, as well as your rights in this regard and setting options for protecting your privacy, please refer to service provider’s privacy on their website.


We use Google Analytics on our website to analyze the surfing behavior of our customers. Google Analytics is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). We collect your consent to use it when you first visit our website, provided that you give your consent to the setting of certain cookies. We use Google Analytics with the additional function offered by Google to anonymize IP addresses. In this case, the IP address is usually already shortened by Google within the EU and only in exceptional cases in the USA and in any case only stored in shortened form.

For information on the use of user data by Google Analytics, please refer to Google’s privacy policy on Google Analytics at the following link: https://support.google.com/analytics/answer/6004245?hl=de.

If you wish to withdraw your consent, you can object to the collection or analysis of your data by this tool by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de. A cookie will then be set that prevents the collection of data during future visits to the site.

6.3.1 Further explanations on the use of Google Tag Manager

CURALIE GMBH uses the Google Tag Manager on its website. Google Tag Manager is a solution that allows us to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personal information. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If disabled at the domain or cookie level, it will remain disabled for all tracking tags implemented with Google Tag Manager.

6.3.2 Further explanations on the use of Google Ads

CURALIE GMBH uses the Google Ads service (formerly Adwords) on its website. Google Ads is the online advertising program from Google. Via Google Ads, companies can create online ads to reach users at the exact moment when they show interest in the company’s products or services. The ads are mainly based on the search results when the company’s own services are used.

(i)           Google Ads remarketing and similar segments features

We use the remarketing and similar segments feature within the Google Ads service. The remarketing function allows us to present users of our website with advertisements based on their interests on other websites within the Google advertising network (in Google Search or on YouTube, so-called “Google Ads” or on other websites). For this purpose, the interaction of the users on our website is analyzed, e.g. which pages the user was interested in, in order to be able to display targeted advertising to the users on other sites even after they have visited our website. For this purpose, Google stores a number in the browsers of users who visit certain Google services or websites in the Google display network. This number, known as a “cookie”, is used to record the visits of these users. This number is used to uniquely identify a web browser on a particular end device and not to identify a person; personal data is not stored.

 You can prevent participation in this tracking procedure in various ways:

a. by adjusting your browser software accordingly; in particular, the suppression of third-party cookies will result in you not receiving ads from third-party providers;

b. by installing the plug-in provided by Google at the following link: https://www.google.com/settings/ads/plugin;

c. by disabling the interest-based ads of the providers that are part of the “About Ads” self-regulatory campaign at the link http://www.aboutads.info/choices, with this setting being deleted when you delete your cookies;

d. by permanent deactivation in your browsers Firefox, Internetexplorer or Google Chrome at the link http://www.google.com/settings/ads/plugin,

e. by means of appropriate cookies setting. We would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

For more information about Google’s privacy policy, please visit: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html.

Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org.

Lifetime of cookies: up to 1 month (this applies only to cookies set through this website).

(ii)          Conversion tracking functionality

CURALIE GMBH uses conversion tracking within the Google Ads service to measure on which web pages Riscreen’s advertisements perform best. The conversion tracking cookie is set when a user clicks an ad placed by Google or one of its partners. The cookies set thereupon lose their validity after 30 days and is not used for personal identification. This cookie allows us and Google to identify which ad you visited our website from. Each visitor who came to our site through Google Ads receives a different cookie. The information collected using the conversion cookie is used to determine which visitors triggered a specific action on our website via ads. We learn the total number of users who clicked our ads and which clicks resulted in an action. We will not receive any information with which a user can be personally identified. Users who do not wish to participate in tracking can prevent the setting of a cookie by not giving consent for it or by deleting or deactivating the Google conversion tracking cookie via their web internet browser under user settings. This user then won’t be included in the conversion tracking statistics.

For more information about Google’s privacy policy, please visit: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html.

Our website is always working to optimize customer satisfaction and the existing online presence. Therefore, our site may contain links that refer to third-party websites. After actively clicking these links, we withdraw from the responsibility regarding subsequent data processing, as the behavior of third parties is beyond our control. Our company then has neither insight into nor influence on the collection, processing and use of personal data that may be transferred to the third party when the link is clicked.

Data can be accessed here, for example, via the IP address or the URL of the page, as the behavior of third parties is naturally beyond our control. We assume no responsibility for the processing of such personal data by third parties.

8. Social media

8.1 Basic information on social media plugins

On our website, we resort to the use of social plugins from various social networks, which are described in more detail below. Plugins are basically understood to be an independent extension of social network providers. Thus, these plugins are merely a reference to further services or networks and are thus beyond our control. Therefore, CURALIE GMBH has no influence on the type and scope of the data collected and stored via this. When using social media services, depending on the type and scope, the processing is carried out on the basis of:  

The following references to social networks and services can be found on our website:


We use components of the LinkedIn network on our site. LinkedIn is a service provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time someone accesses our website whose browser is equipped with such a component, this component causes the browser they are using to download a corresponding representation of the component from LinkedIn.

This process informs LinkedIn which specific page of our website is currently being visited. If you click the recommend button while logged into your LinkedIn account, you can link the content of our sites with your LinkedIn profile. This enables LinkedIn to allocate the visit to our pages to your LinkedIn user account.

We have no influence on the data that LinkedIn collects through this, nor on the scope of this data collected by LinkedIn. We also have no knowledge of the content of the data transmitted to LinkedIn. Details on data collection by LinkedIn as well as your rights and setting options can be found in LinkedIn’s privacy policy. This information can be found at http://www.linkedin.com/legal/privacy-policy

If you do not want your data to be collected, stored and potentially further used by the respective providers, please do not use the respective plugins. Furthermore, we apply a so-called “2-click solution”, in which we protect you from having your data collected by the providers of the plugins by default when you visit our website.

[If the 2-click solution has not been implemented on the website, it must be checked whether the social plugins are used in compliance with the GDPR. An alternative is, for example, the Shariff solution. The data protection information under item 11 must then be adapted if necessary.]


We link from our website to the website of Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). If you access the page and are logged into your Instagram account at the same time, Instagram can directly assign the visit to our website to your Instagram account. Please note that we have no knowledge of how Instagram processes this data. If you do not want Instagram to assign your data to your account, you must log out of Instagram before visiting our website. You can find more information on this in Instagram’s privacy policy. If you use our Instagram channel, please note the following: We use the technical platform and services of Instagram LLC, represented by Kevin Systrom and Mike Krieger, 1601 Willow Road Menlo Park, CA 94025 (hereinafter “Instagram”) for the Instagram service offered there (hereinafter “service”).

We operate an Instagram channel at: https://www.instagram.com/curaliehealth/


We link from our website to the YouTube page operated by Google (YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA). If you open the page while simultaneously being logged into your YouTube account, YouTube can directly associate your visit to our website with your YouTube account. Please note that we have no knowledge of how YouTube processes this data. If you do not want YouTube to assign your data to your account, you must log out of YouTube before visiting our website. Further information on the handling of user data can be found in the YouTube privacy policy at https://policies.google.com/privacy?hl=de&gl=de


To increase our reach, we operate publicly accessible profiles on social networks. Social networks such as Facebook can generally analyze your user behavior extensively as soon as you visit their website. Visiting our social media pages also triggers numerous processing operations relevant to data protection.

Within this context, we process your data in order to be able to contact you in response to your inquiries or posts, as well as to recognize usage preferences (e.g. number of followers, number of views of each page section, user statistics by age, geography, and language) and to be able to adapt and improve our social media page to make it more suitable for the target group. This is a legitimate interest.(Art. 6 para. 1 lit. f) GDPR) The analysis processes initiated by the social networks may be based on different legal bases, which are to be specified by the operators of the social networks.

If you are logged into your account of a social media platform and visit our social media page, the operator of the social media portal can allocate this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective network portal. In this case, this data is collected, for example, by recording your IP address or via cookies that are stored on your device. With the help of the data collected in this way, the operators of the network portals can create user profiles in which your preferences and interests are stored.

Please note that we cannot track all processing on the network portals. Depending on the provider, further processing operations may be carried out by the operators of the social network portals. For example, interest-related advertising may be displayed to you on the social network portal but also on other sites. Details on this can be found in the terms of use and privacy statements of the respective social network portals.

When visiting our social media page, both we and the platform operator are jointly responsible for certain processing operations (see ‎14. Rights of the data subjects) concerning our specific presence. You can therefore assert your rights as a data subject both vis-à-vis our company and the platform operator (e.g. LinkedIn, Xing, …). Please note that despite the joint responsibility in some cases, we do not have full influence on the data processing operations of the network portals. Our options are largely determined by the corporate policy of the respective provider. This also applies, for example, to the retention of personal data. While we delete this directly collected data after the purpose of the processing no longer applies, the revocation of consent to a request to delete data or the discontinuation of the legal basis for data storage, we have no influence on the storage of your data the platform operators have collected and process for their own purposes. In this regard, we refer to the operators of the social networks.

9. Recruiting and applicant management

On the basis of Art. 88 GDPR, §26 para. 1 in conjunction with para. 8 BDSG, we process your personal data in order to check your suitability for a position (or, if applicable, another open position in our company) and to carry out the application process. This check is only carried out insofar as it is necessary for the decision on the establishment of an employment relationship with us. For the exclusive purpose of processing applications, your personal data will always be treated confidentially, i.e. it will only be used for staff recruitment, hiring, and drawing up an employment contract as well as for supporting the internal allocation of positions. In the course of this, it is imperative that employees of the HR department and the department concerned have access to your personal data. If the data should be required for legal prosecution after completion of the application process, if applicable, data processing may take place on the basis of the requirements of Art. 6 GDPR, in particular for the exercise of legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. Our interest then lies in asserting or defending claims. The data of your application to a job advertisement will be deleted after 6 months at the latest in the event of rejection.

In the event that you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted no later than two (2) years after the last contact. You have the right to revoke your consent at any time with effect for the future.

If you are awarded a position during the application process, the data will be transferred to a personnel file.

As a matter of principle, we do not pass on any of your applicant data to external service providers. However, there may be a legal obligation to pass on the data in accordance with Art. 6 para. 1 p.1 lit. c) GDPR.

In exceptional cases, (e.g. to reimburse the costs of the application process) we will only pass on your data on the basis of your consent (e.g. to our bank).

After receiving your application, your applicant data will be viewed by the responsible HR representative. Suitable applications are then forwarded internally to the department managers responsible for the respective vacancy. The subsequent procedure is then coordinated. Within CURALIE GMBH, only those persons have access to your data who require this for the proper course of our application process.

10. Contact form

On our website, we offer contact forms with which you can contact us electronically. If you use a contact form, the data you enter will be transmitted to us and processed and stored to the extent necessary. If a user makes use of this option, the data entered in the input window will be transmitted to us and part of the data will be stored. Within this context, the data will not be passed on to third parties outside CURALIE GMBH. The data is used exclusively for processing correspondence.

As a rule, the contact form is used to contact us within the context of initiating a contract (Art. 6 para. 1 lit. b) or another legitimate concern (legitimate interest Art. 6 para. 1 lit. f).

If the purpose of the processing is fulfilled, the data will be deleted, provided that no other legal basis is opposed to this. Your right to deletion as well as your other data subject rights remain valid.

11. Automated processing

No automated processing of personal data is carried out by us in such a way that your rights and freedoms are significantly impaired in such a case or in any other form that has a legal effect on you.

12. Data security/TOMs

To ensure that personal data within the scope of processing by us and our service providers, technical and organizational measures have been implemented in accordance with Art. 32 GDPR. All of our employees, as well as the service companies we have carefully selected, are obligated without exception to maintain confidentiality and to comply with the provisions of the applicable data protection laws. Furthermore, our company takes appropriate and state of the art technical and organizational security measures to protect your personal data from loss, alteration, destruction or unauthorized access and disclosure. This includes among others

a) pseudonymisation and encryption of personal data;

b) procedures to ensure the confidentiality, integrity, availability and resilience of the systems and services in connection with the processing on a permanent basis;

c) quickly restoring the availability of and access to personal data in the event of a physical or technical incident;

d) procedures for regularly reviewing, assessing and evaluating the effectiveness of the technical and organizational measures to ensure the security of the processing.

13. Data storage

Your data will generally be stored for the duration of the contractual relationship existing with you or with your employer, or as required for the provision of our website and the associated services.
Your personal data may be stored beyond this period if we have a legitimate interest (e.g. postal marketing even after a contract has been fulfilled) in continuing to store it.     
A guaranteed deletion takes place after the expiry of the legal or contractual periods – for example, fiscal or commercial retention periods or periods resulting from other legal or statutory reasons. Other data that is not subject to the retention obligation will be deleted after the described purpose ceases to apply.

14. Rights of the data subject

14.1 Right to information, correction or deletion of data

The General Data Protection Regulation grants the right to obtain written information about what data is stored about you (e.g. name, address, …) at any time upon request and free of charge (pursuant to Art. 15 GDPR). Likewise, the GDPR grants a correction (according to Article 16 GDPR) or deletion (according to Article 17 GDPR) of the corresponding data within the scope of the legal requirements.

In the case of stored data relating to business processes, for example, the right to deletion expires and this data is subject to the legal obligation to retain it.

14.2 Right to restrict data processing

You have the right to restrict the processing of your personal data (in accordance with Article 18 GDPR).

14.3 Right to object

Furthermore, for reasons of a special situation, you may have the right to object at any time to data processing that we carry out to protect a legitimate interest.

The further processing of your data will then be discontinued, unless there is evidence of legally regulated compelling reasons worthy of protection for the further processing.  

14.4 Right to object to direct marketing

Likewise, a so-called “advertising objection”, i.e. an objection to the processing of your personal data for commercial purposes, is possible at any time. In this regard, it should be noted that for organizational reasons there may be an overlap between (advertising) campaigns already in progress and your objection. Such an objection always applies with effect for the future.

14.5 Right to data transferability

Upon request, transferability of the personal data transmitted by you is also guaranteed by means of provision in a common and machine-readable data format (in accordance with Article 20 GDPR).

14.6 Revocation of consent

The GDPR also grants you the right to revoke your consent to the processing of your personal data, which you have given us for one or more specific purposes, at any time, retroactively.
Due to the explicit effect exclusively in the future, the permission and thus the lawfulness of the processing of your data remains unaffected until the revocation.

14.7 Complaint

You have the right to contact us or the competent supervisory authorities in the event of complaints regarding the processing of your personal data. It is up to you to decide whether to do so by contacting the data protection authority responsible for your place of residence or your federal state or the data protection authority responsible for us:

Berlin Commissioner for Data Protection and Freedom of Information

Alt-Moabit 59-61

10555 Berlin

Tel.: 030 13889-0

Fax: 030 2155050

E-Mail: mailbox@datenschutz-berlin.de