Privacy Policy
Data Protection Declaration according to DSGVO
The following information provides you with an overview of the collection and processing of your data and of the data protection rights you possess. With regard to procedures connected with data processing (e.g. collection, processing and transmission), we proceed according to the regulations of the Church Law on Data Protection in the Protestant Church in Germany (hereinafter referred to as “DSGVO”).
1. Name and Address of the Responsible Entity
The Responsible Entity within the meaning of the DSGVO and other national data protection laws of the Member States and any other data protection regulations is:
Neurologisches Rehabilitationszentrum “Godeshöhe” e.V.
Waldstrasse 2-10
53177 Bonn
Germany
Phone:+49(0)228 – 381 0
E-Mail: info(at)go.johanniter-kliniken.de
Website: www.johanniter.de/en/the-johanniter-clinics/neurological-rehabilitation-centre-godeshoehe/
2. Contact Data of the Local Officer for Data Protection
The local officer of the Responsible Entity for data protection is:
Cennet Rüzgar-Horoz
PwC Cyber Security Services GmbH
Friedrich-Ebert-Anlage 35-37
60327 Frankfurt am Main
Deutschland
E-Mail: johanniter-dsb(at)pwc-cybersecurity.com
Jessica Robrecht
Datenschutzkoordinatorin der Johanniter GmbH
E-Mail: Jessica.Robrecht(at)johanniter-gmbh.de
3. General Comments on Data Protection
3.1 Scope of the Processing of Personal Data
Your personal data are on principle only processed with your consent.
Furthermore, we only process your personal data insofar as this should be necessary for the provision of a functional website and of our contents and services or should said processing be permitted and/or required under statutory regulations.
3.2 Legal Basis for the Processing of Personal Data
Insofar as we obtain your consent to processing procedures with regard to personal data, Chapter 1, Section 4 No. 1 DSGVO serves as the legal basis for this.
When processing personal data for the fulfilment of a contract, Section 4 No. 2
DSGVO serves as the legal basis for this. This also applies to processing procedures that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data should be necessary in order to comply with a legal obligation to which our company is subject, Chapter 2, Section 6 No. 1c DSGVO serves as the legal basis for this.
In the event that your vital interests or those of any other natural person should render the processing of personal data necessary, Chapter 2, Section 6 No. 1d DSGVO serves as the legal basis for this.
Should the processing be necessary for the protection of legitimate church interests or the those of our company or of a third party, and should your own interests, basic rights and basic freedoms not override the first-mentioned interest, Chapter 2, Section 6 No. 1f DSGVO serves as the legal basis for this.
3.3 Deletion of Data and Length of the Storage Period
Your personal data will be deleted or blocked as soon as the purpose for which they had been stored has lapsed. They may be kept on record after that time, should this have been provided for by either the European or national legislator in Union law ordinances, laws or any other regulations to which the Responsible Entity is subject. The data will also be blocked or deleted upon the expiry of a storage period prescribed under the aforementioned norms, unless it should be the case that the further archiving of those data should be necessary for the conclusion or fulfilment of a contract.
4. Provision of the Website and Creation of Log Files
4.1 Description and Scope of Data Processing
Whenever our internet site is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data are collected hereby:
(1) Information pertaining to the browser type and the version used
(2) The operating system of the users
(3) The internet service provider of the users
(4) The IP address of the users
(5) Date and time of access
(6) Protocol and log data (technical data such as meta- and system data)
The data are also stored in the log files of our system. These data will not be stored together with other personal data.
4.2 Legal Basis for Data Processing
The legal basis for the temporary storage of the data and of the log files is Chapter 2, Section 6 DSGVO.
4.3 Purpose of Data Processing
The temporary storage of your IP address by the system is necessary in order to enable the supply of the website to your computer.
To this end your IP address must remain in storage for the duration of the session.
These purposes also justify our legitimate interest the processing of the data according to Chapter 2, Section 6 DSGVO.
4.4 Length of the Storage Period
The data will be deleted as soon as they are no longer necessary for the attainment of the purpose for which they had been collected. When the data are collected for the provision of the website, this is the case when the respective session is over.
When the data are stored in log files, this is the case after seven days at the very latest. Archiving beyond this time is possible. In such a case your IP address will be deleted or distorted so that its assignment to the accessing client is no longer possible.
4.5 Objection and Removal Options
The collection of the data in order to provide the website and the storage of the data in log files are absolute necessities for the operation of the internet site. It therefore follows that you do not have the option of objecting to this.
5. Contact Form and E-Mail Contact
5.1 Contact Form and E-Mail Contact
Contact forms are available on our internet site that may be used for making contact by electronic means. Should you avail yourself of this possibility, the data entered in the input mask will be transmitted to us and stored. These data are:
(1) Form of address (optional)
(2) First name (compulsory)
(3) Last name (compulsory)
(4) Street and house number (optional)
(5) Post code (compulsory)
(6) City/Town of residence (compulsory)
(7) Federal State (optional)
(8) Telephone number (optional)
(9) E-mail address (compulsory)
At the time of transmitting the message, the following data will also be stored:
(10) The IP address of the users
(11) Date and time of the transmission process
For the processing of the data, reference will be made in the context of the transmission process to this data protection declaration.
No data will be forwarded to any third parties in this connection. The data will be used exclusively for processing the conversation.
5.2 Legal Basis for the Data Processing
The legal basis for the processing of the data that are transmitted in the course of sending an e-mail is Chapter 2, Section 6 DSGVO.
5.3 Purpose of the Data Processing
The processing of the personal data from the input mask serves exclusively the purpose of enabling us to process the contact attempt. In the case of contact being established by e-mail, this also constitutes our necessary legitimate interest in processing the data.
The other personal data processed during the transmission procedure serve the purposes of preventing misuse of the contact form and of guaranteeing the security of our information technology systems.
5.4 Length of the Storage Period
The data will be deleted as soon as they are no longer required for the attainment of the purpose for which they had been collected. With respect to the personal data from the input mask of the contact form and those that had been transmitted by e-mail, this is the case when the respective conversation with the user is over. The conversation is over when it may be deduced from the circumstances that the issue in question has been finally settled.
Those personal data additionally collected during the transmission procedure will be deleted after the lapse of a period of seven days at the very latest.
5.5 Objection and Removal Options
Should you make contact with us via e-mail, you may object to the storage of your personal data at any time. In such a case the conversation may not be continued.
All personal data that had been stored in the course of establishing contact will be deleted in this case.
6. Online Application
6.1 Description and Scope of Data Processing
On our internet site www.johanniter.de/johanniter-kliniken/neurologisches-rehabilitationszentrum-godeshoehe/karriere/ we offer you the opportunity of sending an online application, thereby supplying your personal data, in reply to a job advertisement of Johanniter (St. John’s Ambulance). The data are thereby entered in an input mask, transmitted to us and stored. The data will not be forwarded to any third parties.
The following data are collected in the context of the application:
(1) The IP address of the user
(2) Date and time
(3) Last name, first name and form of address
(4) Street, post code, town/city
(5) E-mail address
(6) Telephone
(7) Enclosures may be sent as PDFs
6.2 Legal Basis for the Data Processing
The legal basis for the processing of those data necessary for the application procedure is Chapter 2, Section 2, No 6 DSGVO. Any data sentences that you voluntarily place at our disposal above and beyond that will be processed on the legal basis of the consent granted in accordance with Chapter 2, Section 7,8 DSGVO.
6.3 Purpose of the Data Processing
The purpose of the data processing is the implementation of the application procedure.
6.4 Length of the Storage Period
We store your personal data for as long as this is necessary for a decision to be taken concerning your application. Insofar as an employment relationship should not come into being between you and us, we are also able to archive data for longer than that, should this be necessary for defence against any possible legal claims. The application papers will thereby be deleted six months after the announcement of the decision to reject your application, insofar as a longer period of storage should not be necessary due to legal disputes.
6.5 Objection and Removal Options
Should the data be necessary for the fulfilment of the application process, the premature deletion of said data is only possible insofar as no statutory obligations should stand in the way of deletion.
7. Speculative Application
As well as applying for a specific position, you are also welcome to submit a speculative application to Johanniter. You will find under the following link a list of all Johanniter companies that collect, process and use your data for the processing of the application:
7.1 Scope of the processing of personal data
In the context of your online application, we ask you to send us the following data:
(1) Last name, first name and form of address
(2) E-mail address
(3) Telephone number
(4) Field of activity
(5) Federal State for your activity
(6) Storage period for the application documents
(7) Comments
(8) Enclosures upload for application documents
7.2 Legal Basis for the Data Processing
The legal basis for the processing of those data necessary for the speculative application procedure is Chapter 2, Section 6 DSGVO. Any data sentences that you voluntarily place at our disposal above and beyond that will be processed on the legal basis of the consent granted in accordance with Chapter 2, Section 7,8 DSGVO.
7.3 Purpose of the Data Processing
The purpose of the data processing is the implementation of the application procedure.
7.4 Length of the Storage Period
We store your personal data for as long as this is necessary for a decision to be taken concerning your application. Insofar as an employment relationship should not come into being between you and us, we are also able to archive data for longer than that, should this be necessary for defence against any possible legal claims. The application papers will thereby be deleted six months after the announcement of the decision to reject your application, insofar as a longer period of storage should not be necessary due to legal disputes.
You do, of course, have the right to withdraw your application at any time via the security link sent to you and, if applicable, to revoke the consent granted to a longer archiving period. Due to the sensitive nature of the data, the entering thereof will be in encrypted form.
7.5 Objection and Removal Options
Should you make contact with us by e-mail, you may object to the storage of your personal data at any time. In this case, the data you have supplied in the context of the application procedure will be deleted.
8. Online Donation
8.1. Description and Scope of Data Processing
On our internet site www.johanniter.de/en/the-johanniter-clinics/neurological-rehabilitation-centre-godeshoehe/about-us/donate-to-the-neurological-rehabilitation-centre-godeshoehe/ we offer you the opportunity to make an online donation to Johanniter. The data are thereby entered in an input mask, transmitted to us and stored. Details marked with an “*” are necessary for the online donation. All other information is voluntary.
As well as the online donation via our internet site, it is also possible to make donations in other ways. You may, for example, receive an appeal for donations from Johanniter GmbH by way of a flyer or letter, or in the context of events. In the course of this you will receive all necessary information for your donation. You may furthermore also register yourself on a voluntary basis for our donations newsletter, which may draw your attention to selected campaigns and events with appeals for donations.
The following data may be collected in the context of the donation:
(1) The IP address of the user
(2) Date and time of registration
(3) Last name, name, form of address and title
(4) Company
(5) Street, post code, town/city, country
(6) E-mail address
(7) Telephone
(8) Method of payment
(9) Account holder
(10) IBAN
(11) BIC
8.2. Legal Basis and Purposes of Data Processing
The collection of your data is necessary for the processing of the donation and is based upon Chapter 2, Section 6 DSGVO.
Insofar as you should wish it, the data sent to us will be declared on a donation receipt and sent to you. The legal basis for this is the consent granted in accordance with Chapter 2, Section 7 DSGVO. Insofar as you should wish it, we will send you, along with our donation newsletter, further information on our campaigns and events (e.g. relief projects). The legal basis for this is the consent granted in accordance with Chapter 2, Section 7 DSGVO.
8.3. Length of the Storage Period
The data will be deleted as soon as they are no longer required for the purpose for which they had been collected.
8.4. Forwarding of Data to Third Parties
As a matter of principle we do not forward data to any third parties. Depending on the payment services provider you select in the context of the order process, we will, in order to handle the payments, forward the data collected for this purpose to the financial institution commissioned with the payment and, if applicable, to our commissioned payment services provider or chosen payment service. The selected payment services providers do, in part, also collect these data themselves, insofar as you set up an account with them. In this case you must register yourself by way of your access data with that payment services provider in the context of the order process. In this respect, the data protection of the respective payment services provider will apply.
8.5. Objection and Removal Options
Should the data be necessary for the fulfilment of the purpose, the premature deletion of said data is only possible insofar as no statutory obligations should stand in the way of deletion.
Beyond that, you also have the right to revoke your consent at any time with effect for the future.
9. Rights of the Affected Person
Should personal data of yours be processed, you are an Affected Person within the meaning of DSGVO and you hold the following rights against the Responsible Entity:
9.1 Right to Information
You may demand from us as the Responsible Entity a confirmation as to whether personal data that affect yourself are processed by us.
Should this be the case, you may demand from the Responsible Entity information concerning the following:
- the purposes for which your personal data are processed;
- the categories of personal data that are processed;
- the recipients or categories of recipients to whom the personal data affecting yourself have been or will be disclosed;
- the planned length of the storage period for the personal data affecting yourself or, should it not be possible to provide specific details about this, the criteria according to which the duration of the storage period is defined;
- the existence of a right to the correction or deletion of the personal data affecting yourself and of a right to the restriction upon the processing thereof by the Responsible Entity or to lodge an objection against said processing;
- the existence of a right to register a complaint with a supervisory authority;
- all available information concerning the source of the data, should the personal data not have been obtained from the Affected Person themselves.
You have the right to demand information as to whether the personal data affecting yourself will be forwarded to a third country or to an international organisation.
9.2 Right to Correction
You have a right to correction and/or completion with regard to the Responsible Entity insofar as the processed personal data affecting yourself should be incorrect or incomplete. The Responsible Entity will be required to undertake the correction without delay.
9.3 Right to Restriction of Processing
Under the following conditions you may demand the restriction of the processing of the personal data affecting yourself:
- should you dispute the accuracy of the personal data affecting yourself, for a period of time that would enable the Responsible Entity to review the correctness of the personal data;
- should the processing be illegal and should you reject the deletion of the personal data and demand instead the restriction of the use of the personal data;
- should the Responsible Entity no longer require the personal data for the purposes of the processing but you should require the same in order to assert, exercise or defend legal claims or
- should you have lodged an objection to the processing in accordance with Chapter 3, Section 18 DSGVO and it has not as yet been established whether the legitimate reasons presented by the Responsible Entity override your own.
Should the processing of the personal data affecting yourself have been restricted, these data – with the exception of the archiving thereof – may only be processed with your consent, in order to assert, exercise or defend legal claims, to protect the rights of another natural person or legal entity or on the basis of an important public interest of the Union or one of its Member States.
Should the processing have restricted under the aforementioned conditions, you will be informed by the Responsible Entity before the restriction is revoked.
9.4 Right to Deletion
a) Deletion Obligation
You may demand from the Responsible Entity that the personal data affecting yourself should be deleted immediately, and the Responsible Entity will be obliged to indeed undertake their deletion without delay, insofar as one of the following grounds should apply:
- The personal data affecting yourself are no longer required for the purposes for which they had been collected or processed in any other manner.
- You revoke your consent upon which said processing in accordance with Chapter 2, Section 6 DSGVO had been based and no other legal basis for the processing is given.
- You lodge an objection against the processing in accordance with Chapter 3, Section 21 DSGVO and there are no overriding legitimate grounds for the processing, or you lodge an objection against processing for the purpose of direct advertising.
- The personal data affecting yourself had been processed illegally.
- The deletion of the personal data affecting yourself is necessary for compliance with a legal obligation according to Union law or the law of its Member States to which the Responsible Entity is subject.
- The personal data affecting yourself had been collected with respect to services offered by the information society in accordance with Chapter 2, Section 8 DSGVO.
b) Information to Third Parties
Should the Responsible Entity have publicised the personal data affecting yourself and should it, according to Chapter 3, Section 16 DSGVO, be obliged to delete the same, it will take appropriate steps, also of a technical nature and thereby taking into account the available technology and implementation costs, to inform the persons responsible for data processing who work with said personal data that you, as an Affected Person, have demanded the deletion of all links to said personal data as well as any copies or replications of the same.
c) Exceptions
The right to deletion does not apply insofar as the processing should be necessary:
- For the exercising of the rights of freedom of speech and information;
- In order to comply with a legal obligation that demands the processing according to the law of the Union or of its Member States to which the Responsible Entity is subject, or to perform a task that is in the public interest or is performed when exercising public authority vested in the Responsible Entity;
- For reasons of public interest in the field of public health according to Chapter 3, Section 17, No. 3 DSGVO;
- For the assertion, exercising or defence of legal claims
9.5 Right to Information
Should you have asserted your right to correction, deletion or restriction of processing against the Responsible Entity, the latter will be obliged to inform all recipients to whom the personal data affecting yourself had been disclosed of said correction or deletion of the data or of the restriction of the processing, unless this should prove to be impossible or entail a disproportionate amount of effort.
You have a right to be informed by the Responsible Entity as to who said recipients are.
9.6 Right to Data Portability
You have the right to receive the personal data affecting yourself that you have placed at the disposal of the Responsible Entity in a structured, standard and machine-readable format. You furthermore have the right to transmit said data to another responsible entity without hindrance on the part of that responsible entity to which the personal data had been supplied, insofar as:
- The processing is based on consent granted in accordance with Chapter 2, Section 6 DSGVO or Chapter 2, Section 9 DSGVO or on a contract in accordance with Chapter 2, Section 6 DSGVO and
- The processing is effected by way of an automated procedure.
When exercising this right you also have the right to occasion the personal data affecting yourself to be transferred directly from one responsible entity to another, inasmuch as this should be technically feasible. Freedoms and rights of other persons may not be impaired as a result of this.
The right to data portability does not apply to the processing of personal data that is necessary in order to perform a task that is in the public interest or is performed when exercising public authority vested in the Responsible Entity.
9.7 Right to Objection
You have the right to lodge an objection at any time against processing of personal data affecting yourself; this will also apply to any profiling based upon these regulations.
The Responsible Entity will thereafter no longer process the personal data affecting yourself, unless it should be able to prove compelling protection-worthy grounds for the processing that override your interests, rights and freedoms, or should the processing serve the assertion, exercising or defence of legal claims.
Should the personal data affecting yourself be processed for the purpose of direct advertising, you have the right to lodge at any time an objection against the processing of personal data affecting yourself for the purpose of any such advertising; this will also apply to profiling, insofar as this is in connection with any such direct advertising.
Should you object to the processing for direct advertising purposes, the personal data affecting yourself will no longer be processed for said purposes.
You have the possibility, in the context of using services of the information society – notwithstanding Guideline 2002/58/EC – of exercising your right to objection by way of automated procedures for which technical specifications are used.
9.8 Right to Revoke your Declaration of Consent under Data Protection Law
You have the right to revoke your declaration of Consent under data protection law at any time. The legality of any data processing effected on the basis of said consent up to the time of the revocation is not be affected by said revocation.
9.9 Automated Decision in an Individual Case including Profiling
You have the right not to be subjected to a decision based exclusively upon automated processing – including profiling – that unfolds legal effect against you or has considerable negative impacts against you in any other similar manner. This does apply should the decision:
- be necessary for the conclusion or fulfilment of a contract between yourself and the Responsible Entity,
- is permissible according to legal regulations of the Union or its Member States to which the Responsible Entity is subject and these legal regulations contain reasonable measures for the protection of your rights and freedoms as well as your legitimate interests or
- be taken with your explicit consent.
However, said decisions may not be based upon particular categories of personal data according to Chapter 2, Section 9 DSGVO should apply and neither have any appropriate measures for the protection of your rights and freedoms as well as your legitimate interests been taken.
With regard to the cases referred to in (1) and (3), the Responsible Entity will take appropriate measures for the protection of your rights and freedoms as well as your legitimate interests, which must include as a minimum the right to effect an intervention by a person acting for the Responsible Entity, to present one’s own point of view and to contest the decision.
9.10 Right to Register a Complaint with a Supervisory Authority
Notwithstanding any other legal remedies available in the context of administrative and/or judicial processes, you also have the right to register a complaint with the supervisory authority referred to below, should you be of the opinion that the processing of the personal data affecting yourself violates the DSGVO.
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2-4
40213 Düsseldorf
Germany
Phone: +49(0) 211/38424-0
E-Mail: poststelle(at)ldi.nrw.de
The supervisory authority will inform you as to the status and results of the complaint including the possibility of a judicial legal remedy in accordance with Chapter 7, Section 78 DSGVO.
Status: January 2023