Privacy Policy

1. An Overview of Data Protection

General Information

The following information will provide you with an easy-to-navigate overview of what will happen with your personal data when you visit this website. The term “personal data” comprises all data that can be used to personally identify you. For detailed information about data protection, please consult our Data Protection Declaration set out below.

Data Recording on This Website

Who is the responsible party for the recording of data on this website (i.e., the “controller”)?
The data on this website is processed by the operator of the website, whose contact information is available under the section “Information about the Responsible Party (referred to as the ‘controller’ in the GDPR)” in this Privacy Policy.

How do we record your data?
We collect your data when you share it with us - for instance, by entering information into our contact form. Other data is recorded automatically by our IT systems, or with your consent, when you visit the website. This data primarily consists of technical information (e.g., web browser, operating system, or time the site was accessed) and is recorded automatically when you access this website.

For which purposes do we use your data?
A portion of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze user patterns.

What rights do you have regarding your data?
You have the right to receive information about the source, recipients, and purposes of your archived personal data at any time, free of charge. You also have the right to request that your data be rectified or erased. If you have consented to data processing, you may revoke this consent at any time, with effect for all future processing. You also have the right to request that the processing of your data be restricted under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

Please do not hesitate to contact us at any time if you have questions regarding this or any other data protection matter.

2. General Information and Mandatory Information

Data Protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with applicable statutory data protection regulations and this Data Protection Declaration.

Whenever you use this website, various types of personal information may be collected. Personal data comprises any data that can be used to personally identify you. This Data Protection Declaration explains what data we collect, the purposes for which we use it, and how the information is collected.

We hereby advise you that the transmission of data via the Internet (e.g., through email communications) may be subject to security gaps. Complete protection of data against third-party access is not possible.

Information about the Responsible Party (referred to as the “controller” in the GDPR)

The data controller for this website is:

NBit Nagl Business IT
Pierre Nagl-Weichselbaum
Hinterer Berg 14
92360 Mühlhausen

Phone: 01759999103
Email: admin@subrosa.health

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).

Revocation of Your Consent to Data Processing

A wide range of data processing operations are only possible with your express consent. You may revoke any consent you have already given at any time. This shall not affect the lawfulness of any data collection that occurred prior to your revocation.

Right to Object to the Collection of Data in Specific Cases and to Direct Marketing (Art. 21 GDPR)

If data is processed on the basis of Art. 6(1)(e) or (f) GDPR, you have the right to object at any time to the processing of your personal data on grounds relating to your particular situation. This also applies to any profiling based on these provisions. The legal basis on which any processing of data is based can be found in this Data Protection Declaration. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless the processing serves the establishment, exercise, or defense of legal claims (objection pursuant to Art. 21(1) GDPR).

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes. This also applies to profiling to the extent that it is related to such direct marketing. If you object, your personal data will no longer be used for direct marketing purposes (objection pursuant to Art. 21(2) GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority - in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement. This right exists without prejudice to any other administrative or judicial remedies.

Right to Data Portability

You have the right to have data that we process automatically on the basis of your consent or in performance of a contract delivered to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be carried out where technically feasible.

SSL and TLS Encryption

For security reasons and to protect the transmission of confidential content - such as orders or inquiries you submit to us as the website operator - this website uses SSL or TLS encryption. You can recognize an encrypted connection by the change in the browser’s address bar from “http://” to “https://” and by the lock icon displayed in the browser bar.

When SSL or TLS encryption is active, the data you transmit to us cannot be read by third parties.

Information, Rectification, and Erasure of Data

Within the scope of applicable statutory provisions, you have the right at any time to request information about your archived personal data, including its source and recipients, as well as the purpose of its processing. You may also have the right to have your data rectified or erased. If you have any questions on this subject or any other questions about personal data, please do not hesitate to contact us at any time.

Right to Request Processing Restrictions

You have the right to request restrictions on the processing of your personal data. To do so, you may contact us at any time. The right to request restriction of processing applies in the following cases:

  • If you dispute the accuracy of your data archived by us, we will usually need time to verify this claim. During the verification period, you have the right to request that we restrict the processing of your personal data.
  • If the processing of your personal data has been or is being conducted unlawfully, you may request the restriction of processing instead of the erasure of the data.
  • If we no longer require your personal data, but you need it to establish, exercise, or defend legal claims, you have the right to request restriction of processing instead of erasure.
  • If you have filed an objection pursuant to Art. 21(1) GDPR, a balancing of your rights and ours must be carried out. As long as it has not been determined whose interests prevail, you have the right to request restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data - with the exception of its storage - may only be processed with your consent or for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.

3. Recording of Data on This Website

Server Log Files

The provider of this website automatically collects and stores information in so-called server log files, which your browser transmits to us automatically. This information comprises:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources. It is recorded on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of the website, which requires the recording of server log files.

Inquiries by Email, Telephone, or Fax

If you contact us by email, telephone, or fax, your inquiry - including all resulting personal data (name, inquiry) - will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.

This data is processed on the basis of Art. 6(1)(b) GDPR if your inquiry relates to the performance of a contract or is necessary for pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries submitted to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), where obtained.

Data you send us via inquiries will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for storage no longer applies (e.g., after completion of your inquiry). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Processing of Customer and Contract Data

We collect, process, and use personal customer and contract data for the establishment, organization, and modification of our contractual relationships. Personal data relating to the use of this website (usage data) is collected, processed, and used only where necessary to enable the user to use our services or for billing purposes. The legal basis for these processes is Art. 6(1)(b) GDPR.

Customer data collected will be erased upon completion of the order or termination of the business relationship. This is without prejudice to any statutory retention obligations.

4. Custom Services

Job Applications

We offer visitors to this website the opportunity to submit job applications (e.g., by email, by post, or via our online application form). Below, we provide information on the scope, purpose, and use of the personal data collected during the application process. We assure you that the collection, processing, and use of your data will be carried out in compliance with applicable data protection law and all other statutory provisions, and that your data will always be treated as strictly confidential.

Scope and Purpose of Data Collection
If you submit a job application to us, we will process any related personal data (e.g., contact and communication details, application documents, notes taken during job interviews, etc.) where required to make a decision regarding the establishment of an employment relationship. The legal basis for this is § 26 BDSG (negotiation of an employment relationship), Art. 6(1)(b) GDPR (general contract negotiations), and - where you have given your consent - Art. 6(1)(a) GDPR. You may revoke any consent given at any time. Within our company, your personal data will only be shared with individuals involved in the processing of your application.

If your application is successful, the data you have submitted will be archived on the basis of § 26 BDSG and Art. 6(1)(b) GDPR for the purpose of implementing the employment relationship in our data processing system.

Data Retention Period
If we are unable to make you a job offer, you reject a job offer, or you withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6(1)(f) GDPR) for up to six months following the conclusion of the application procedure (rejection or withdrawal). After this period, the data will be deleted and any physical application documents will be destroyed. Storage serves in particular as evidence in the event of a legal dispute. If it becomes apparent that the data will be required beyond the six-month period (e.g., due to an impending or pending legal dispute), deletion will only take place once the purpose for further storage no longer applies.

Longer retention may also occur if you have given your consent (Art. 6(1)(a) GDPR) or if statutory retention requirements preclude deletion.