Privacy policy

Privacy

Data protection is of particular concern to us. Our activities to meet the requirements of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG) and the German Social Code X (SGB X) are geared towards the goal of expressing our respect for your privacy and personal sphere.

1. what personal data is and where we obtain it from
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

a) Data that is collected when you visit the website
You can view our website without providing any personal data. By default, we only store the website from which you accessed our website, the name of your Internet service provider, which websites you visited on our website and the date and duration of your visit. For this purpose, small files (so-called cookies) are stored in your computer's memory for the duration of your visit. These are so-called temporary session cookies (for permanent cookies, see section 9 below). The corresponding data is stored on the servers of our service provider IONOS SE (Elgendorfer Str. 57, 56410 Montabaur). The session cookies are automatically deleted as soon as you close your browser window. We use the session cookies to create a so-called session ID for internal statistical purposes. The data obtained is completely anonymized, i.e. it cannot be used to identify you as a person.

Your IP address and a time stamp are stored for security reasons and are only used for internal purposes. The IP address is a machine-related identifier that makes a statement about the computer used for Internet access or the Internet gateway used at the time of the online query. The term time stamp refers to a value in a defined format that assigns a time to an event (e.g. the sending or receiving of a message, the modification of data, etc.). The purpose of a time stamp is to make it clear to humans or computers when which events occurred.

2. responsible body for data processing

Ernest Bdzikot, Morphosa Berlin, Freiherr-vom-Stein-Straße 3a, 10825 Berlin, Germany, service@morphosaberlin.de

3. for what purposes we use your personal data
Personal data may only be processed by us with your or a legal permission from the GDPR, the BDSG or another law regulating data protection.

a) Processing for the protection of legitimate interests (Art. 6 para. 1 f) GDPR)
In certain cases, we process your data so that we can protect our interests or those of a third party. This involves, for example, obtaining information and exchanging data with credit agencies in order to obtain information about your creditworthiness or transmitting data to address and telephone number verification services in order to check the validity of the data you have provided. We also process certain data that is generated when you use our website in order to enable you to use it or to ensure the security of our IT systems.

b) Processing based on your consent (Art. 6 para. 1 a) GDPR)
We process your data on the basis of your consent if you are not our customer but have nevertheless registered for our e-mail newsletter.

c) Due to legal requirements (Art. 6 para. 1 c) GDPR
Finally, we process your data in order to fulfill tax and commercial accounting and record-keeping obligations.

4. who receives your data and when it is transferred to third countries
In the following subsections, we explain who we share your data with and when we transfer it to so-called third countries. Third countries are countries outside the European Economic Area. Internally, your data is processed by several departments. We transfer data to external service providers primarily because we are unable to provide some services ourselves or cannot do so effectively. We have external service providers that we use for all our data processing and external service providers to whom data is only transferred if you decide to use a particular agency.

a) Internal recipients and general external service providers
Internally, all departments that require the data to fulfill the above-mentioned purposes have access to your data. We also use external service providers to process the data for these purposes. These external service providers are primarily providers of IT services and telecommunications as well as telephone number and address validation services. We also use external service providers for the technical dispatch of our e-mail newsletter.

Google
For our individual e-mail correspondence after the first dispatch, we use the "Mail" service of the provider Google, Inc. Parts of the data processing take place in the USA. Google participates in the EU-US Privacy Shield, which ensures an appropriate level of protection for data processing. If you do not wish this data processing, we give you the opportunity to object to it by sending an email to the above address. However, we will then no longer be able to correspond with you by e-mail. We will inform you of this consequence separately by e-mail before we implement your revocation.

Paypal
We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. The company PayPal Europe (S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) is responsible for the European area.

Der für die Verarbeitung Verantwortliche hat auf dieser Internetseite Komponenten von PayPal integriert. PayPal ist ein Online-Zahlungsdienstleister. Zahlungen werden über sogenannte PayPal-Konten abgewickelt, die virtuelle Privat- oder Geschäftskonten darstellen. Zudem besteht bei PayPal die Möglichkeit, virtuelle Zahlungen über Kreditkarten abzuwickeln, wenn ein Nutzer kein PayPal-Konto unterhält. Ein PayPal-Konto wird über eine E-Mail-Adresse geführt, weshalb es keine klassische Kontonummer gibt. PayPal ermöglicht es, Online-Zahlungen an Dritte auszulösen oder auch Zahlungen zu empfangen. PayPal übernimmt ferner Treuhänderfunktionen und bietet Käuferschutzdienste an.

If the data subject selects "PayPal" as the payment option during the ordering process in our online store, the data of the data subject is automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transfer of personal data required for payment processing.

PayPal also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

PayPal is obliged by Standard Contractual Clauses (SCC) to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information on the standard contractual clauses and the data processed through the use of Paypal, please refer to the privacy policy at 
https://www.paypal.com/webapps/mpp/ua/privacy-full.

Stripe
We offer the option of processing the payment transaction via the payment service provider Stripe, Inc, 510 Townsend St., San Francisco, CA 94103. The company Stripe Payments Europe Limited 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland is responsible for the European region.

The controller has integrated Stripe components on this website. Stripe is an online payment service provider. This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f GDPR). In this context, we pass on the following data to Stripe insofar as it is necessary for the fulfillment of the contract (Art. 6 para. 1 lit. b. GDPR).

Stripe assumes a dual role as controller and processor for data processing activities. As the controller, Stripe uses your transmitted data to fulfill regulatory obligations. This corresponds to Stripe's legitimate interest (pursuant to Art. 6 para. 1 lit. f GDPR) and serves the performance of the contract (pursuant to Art. 6 para. 1 lit. b GDPR). We have no influence on this process.

Stripe acts as a processor in order to complete transactions within the payment networks. Within the scope of the order processing relationship, Stripe acts exclusively in accordance with our instructions and has been contractually obliged to comply with the data protection regulations within the meaning of Art. 28 GDPR.

Stripe has implemented compliance measures for international data transfers. These apply to all global activities where Stripe processes personal data of natural persons in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs).

You can find further information on objection and removal options vis-à-vis Stripe at https://stripe.com/privacy-center/legal

5. how long your data will be stored
How long your data is stored depends on the legal basis of the data processing:

Data that is stored on a contractual basis and relates to a one-off exchange of services - such as our brokerage services - is stored for three years after the end of the year in which the contract was concluded due to the statutory limitation periods. If you have subscribed to our e-mail newsletter, either on the basis of your consent or because you are our customer, we will store the data required for sending the newsletter until you unsubscribe.

We store data that we process on the basis of a legitimate interest for three years from the collection of the data.

It may be necessary for us to retain certain data for a longer period of six to ten years due to our legal obligations. During this period, the data will not be used for purposes other than archiving.

After expiry of the last of the above-mentioned storage periods, the data will remain stored for up to three further months so that we can implement a technically thorough and scheduled deletion. Within these three months, the data will no longer be processed for other purposes.

6. your rights as a data subject and your revocation of consent
The General Data Protection Regulation guarantees you certain rights that you can assert against us. You have the right: to request confirmation from us as to whether personal data concerning you is being processed and, if so, the specific circumstances of the data processing (Art. 15 GDPR: Right of access by the data subject), to request that we rectify inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement (Art. 16 GDPR: right to rectification), to obtain from us the erasure of personal data concerning you without undue delay (Art. 17 GDPR: right to erasure), to obtain from us the restriction of processing (Art. 18 GDPR: right to restriction of processing), in the case of processing based on consent or for the performance of a contract, to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us or to transmit the data directly to the other controller, where technically feasible (Art. 20 GDPR: right to data portability), to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Art. 21 GDPR: Right to object), to lodge a complaint with a supervisory authority at any time, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes applicable law (Art. 77 GDPR in conjunction with Section 19 BDSG: Right to lodge a complaint with a supervisory authority).

Finally, if you have given us your consent, you have the right to withdraw your consent at any time. In this case, all data processing that we have carried out up to your revocation remains lawful. To do so, you can simply click on the link contained in each email and unsubscribe from the email service or send a message to service@morphosaberlin.de. If you inform us in this message that you do not wish to receive e-mails in future, we will no longer send any messages to the e-mail address you have provided. This does not affect e-mails that we send you to fulfill a contract that we may have concluded with you (for example, comparative offers that you have requested).

7. your obligation to provide personal data
You have no contractual or legal obligation to provide us with personal data. However, without the data you provide, we will not be able to offer you our contractual benefits and services.

8. Security
We use technical and organizational security measures to ensure that your personal data is protected against loss, incorrect changes or unauthorized access by third parties. In any case, only authorized persons on our part have access to your personal data, and only to the extent necessary for the purposes mentioned above. The security measures are constantly adapted to the improved technical possibilities.

You naturally have the option of withdrawing your consent at any time. You can send your revocation in writing to the following address Ernest Bdzikot, Morphosa Berlin, Freiherr-vom-Stein-Straße 3a, 10825 Berlin. However, it is also sufficient to send an e-mail to our customer service at the e-mail address service@morphosaberlin.de. In the event that you withdraw your consent, we ask for your understanding that we may not be able to provide certain services or may not be able to provide them in full or without disruption.

9. which internet-specific data processing is involved
a) Cookies
We use so-called cookies on our website. These are small files that are stored on your hard disk and through which certain information flows to us. This information includes in particular the login (your visit), the date and time of your visit to our website, the cookie number and the URL of the website from which you accessed our website. The corresponding data is stored on the servers of our service provider.

The use of cookies initially enables us to recognize you. In addition, cookies enable us to optimize our offer to your individual needs. We also use cookies to record the statistical frequency of visits to the various pages of our website and general navigation.

However, if you wish to prevent the use of cookies, you have the option of preventing the acceptance and storage of new cookies in your browser. You can still use our website in this case, but the scope of services may be restricted. To find out how this works with the browser you are using, please use the help function of the respective browser or contact the manufacturer. However, we recommend that you leave the cookies function switched on, as only then will you be able to fully benefit from the high level of user comfort that we constantly strive to provide.

b) Bing Ads
We use the conversion tracking "Bing Ads" of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"). For this purpose, Microsoft stores a cookie on your end device if you have reached us via a Microsoft Bing ad. This enables us to recognize that someone has reached a specific target page via a Bing network ad. We are only informed of the general number of users and no personal information about your identity. You can object to this collection by making the appropriate browser settings. Further information on data protection and the cookies used by Microsoft Bing can be found on the Microsoft website: https://privacy.microsoft.com/de-de/privacystatement

e) Google Analytics
This website and other online services of the health insurance fund center use the web analytics service Google Analytics and the Google Remarketing service, both of which are provided by Google Inc ("Google"). Through the Google Remarketing service, users who have already visited our websites and online services and are interested in the offer are addressed again through targeted advertising on the pages of the Google Partner Network. Advertising is displayed through the use of cookies. With the help of text files, user behavior when visiting the website can be analyzed and then used for targeted product recommendations and interest-based advertising. Google Analytics also uses cookies. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. However, we naturally use Google Analytics with the anonymizeIP function, which makes the IP address completely anonymous by masking it.

Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Third-party providers, including Google, also use the information stored in the cookies as part of the Google Remarketing service to place advertisements on other websites based on previous visits by a user to this website. Google will not associate your already masked IP address with any other data held by Google.

You can prevent the installation of cookies by setting your browser software accordingly or by installing a browser add-on (available at: https://tools.google.com/dlpage/gaoptout?hl=de; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

f) Google AdWords
Our website uses AdWords, a technology from Google. On the one hand, we use conversion tracking. This means that we can use a cookie to recognize which ad from the AdWords network brought you to us and what behavior was triggered on our site. This gives us a better picture of the effectiveness of our ads and we use the data for statistical and market research purposes. This data is anonymous to us. This means that we cannot attribute it to you personally. Our website also uses the remarketing function of Google Adwords. This function helps us to present interest-based advertisements to our visitors. Your browser stores cookies on your device that enable us to recognize you when you visit websites that belong to the Google advertising network. In this way, you can be presented with advertisements that relate to content that you have previously viewed on other websites. We do not receive any personal data from you as a result. You can deactivate the remarketing function by making the appropriate settings at https://www.google.com/ads/preferences/html/blocked-cookies.html.

g) Google +1 button
This website uses the "+1" button of the social network Google Plus, which is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google"). The button can be recognized by the "+1" symbol on a white or coloured background. When a user accesses a website of this offer that contains such a button, the browser establishes a direct connection with Google's servers. The content of the "+1" button is transmitted by Google directly to your browser, which integrates it into the website. The provider therefore has no influence on the scope of the data that Google collects with the button. According to Google, no personal data is collected without a click on the button. Such data, including the IP address, is only collected and processed for logged-in members. The purpose and scope of the data collection and the further processing and use of the data by Google as well as your rights in this regard and setting options to protect your privacy can be found in Google's data protection information on the "+1" button: and the FAQ: https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://plus.google.com/about?hlde&followup=https://plus.google.com/about?hlde&hl=de.

10) Site functionalities

10.1 Use of YouTube videos
This website uses the YouTube embedding function to display and play videos from the provider "YouTube", which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
The extended data protection mode is used here, which, according to the provider, only initiates the storage of user information when the video(s) is/are played. If the playback of embedded YouTube videos is started, the provider "YouTube" uses cookies to collect information about user behavior. According to information from "YouTube", these are used, among other things, to record video statistics, improve user-friendliness and prevent abusive behavior. If you are logged in to Google, your data will be assigned directly to your account when you click on a video. If you do not wish to be associated with your YouTube profile, you must log out before activating the button. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. When using YouTube, personal data may also be transmitted to the servers of Google LLC. in the USA.
Unabhängig von einer Wiedergabe der eingebetteten Videos wird bei jedem Aufruf dieser Website eine Verbindung zum Google-Netzwerk aufgenommen, was ohne unseren Einfluss weitere Datenverarbeitungsvorgänge auslösen kann.
All processing described above, in particular the reading of information on the end device used via the tracking pixel, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a GDPR. Without this consent, YouTube videos will not be used during your visit to our website.
You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the "cookie consent tool" provided on the website via alternative options communicated to you on the website.
Further information on data protection at "Youtube" can be found in the Youtube terms of use at https://www.youtube.com/static?template=terms and in Google's privacy policy at https://www.google.de/intl/de/policies/privacy

Historie der Privatsphäre-Einstellungen