IMPRINT
Respon­sible for the content of this website in the sense of the TDG as well as the MDSTV. and in the sense of the press is

Dr. med. Volker Rippmann,
Mr. Chris­tian Roessing
Charlottenstr.62
10117 Berlin
Tel: +49 30 60 93 62 80
Fax: +49 30 60 93 62 82
E‑Mail: info@metropolitan-aesthetics.de
Internet: www.metropolitan-aesthetics.de

Tax number according to §27a Umsatz­steu­er­ge­setz: 7439/250/1648

Respon­sible for content according to §10 Abs. 3 MDStv:
Dr. med. Volker Rippmann, Mr. Chris­tian Roessing

Compe­tent super­vi­sory authority:
Berlin State Office for Health and Social Affairs (LAGeSo)
Postal address: P.O. Box 31 09 29, 10639 Berlin
Telephone: (030) 90229–0

Compe­tent medical association:
Berlin Medical Association
Fried­rich­straße 16, 10969 Berlin
Telephone: (030) 40806–0

Legal profes­sional title:
Specia­lists in plastic and aesthetic surgery (awarded in Germany).

Profes­sional regula­tions of the Berlin Medical Association:
Avail­able at https://www.aerztekammer-berlin.de
(there: physi­cians, law, legal basis).

Website:

SENF Digital Marketing

Photos:

Nela König Photography

Disclaimer
1. content of the online offer

The authors of these pages do not assume any liabi­lity for the topica­lity, correct­ness, comple­teness or quality of the infor­ma­tion provided. Liabi­lity claims against the authors, which refer to damages of material or idealistic kind, which were caused by the use or non-use of the provided infor­ma­tion and/or by the use of incor­rect and incom­plete infor­ma­tion, are in principle impos­sible, if no as can be prove delibe­rate or roughly negli­gent being to blame for is present on the part of the author.
Any offers are subject to change and non-binding. The authors reserve the right to change, amend or delete parts of the website or the entire offer without prior notice or to discon­tinue the publi­ca­tion tempora­rily or permanently.

2. references and links

The author is not respon­sible for any contents linked or referred to from his pages — unless he has full knowledge of illegal contents and would be able to prevent the visitors of his site fromviewing those pages.
The author hereby expressly declares that at the time the links were created, no illegal content was apparent on the linked pages. The author has no influ­ence on the current and future design, content or author­ship of the linked offers and pages. He hereby expressly disso­ciates himself from all contents of all linked/connected pages that were changed after the links were set. This state­ment applies to any links and references set within the author’s own online offer as well as to external entries in guest books, forums and e‑mail lists provided by the author. For illegal, incor­rect or incom­plete contents and in parti­cular for damage, which develops from the use or Nicht­ver­wen­dung of such offered infor­ma­tion, alone the offerer of the side, to which one referred, is respon­sible in parti­cular that, which refers over left to the appro­priate publi­ca­tion only.

3. copyright and trade­mark law

The author endea­vors to observe the copyrights of the image, sound and video sequences as well as texts used in all publi­ca­tions, to use image, sound and video sequences as well as texts created by himself or to resort to license-free image, sound and video sequences.
All brands and trade­marks used within the online offer and possibly protected by third parties are subject without restric­tion to the provi­sions of the appli­cable trade­mark law and the ownership rights of the respec­tive regis­tered owners. It should not be concluded that trade­marks are not protected by the rights of third parties solely on the basis of their mention.
The copyright for any material created by the author is reserved. Any dupli­ca­tion or use of objects such as images, diagrams, sounds or texts in other electronic or printed publi­ca­tions is not permitted without the author’s agreement.

4. data protection

See privacy policy.

5. legal validity of this disclaimer

This disclaimer is to be regarded as part of the online publi­ca­tion which you were referred from. If sections or indivi­dual terms of this state­ment are not legal or correct, the content or validity of the other parts remain uninflu­enced by this fact.

6. volun­tary commitment

The online presence and all infor­ma­tion contained therein are designed to inform patients and guests all around the service and benefits. The site is in no way intended to replace the important patient-doctor relati­onship or even profes­sional on-site medical advice. Any medical or health advice provided on this site is solely from the authors. If any advice comes from a non-medically quali­fied indivi­dual or organiz­a­tion, it will be clearly indicated.

Privacy Policy

We appre­ciate your interest in our company. Data protec­tion is of a parti­cu­larly high priority for the manage­ment of Metro­po­litan Aesthe­tics. The use of the Internet pages of the Metro­po­litan Aesthe­tics is possible without any indica­tion of personal data. However, if a data subject wants to use special services of our enter­prise via our website, proces­sing of personal data could become necessary. If proces­sing of personal data is necessary and there is no legal basis for such proces­sing, we will generally obtain the consent of the data subject.

The proces­sing of personal data, such as the name, address, e‑mail address, or telephone number of a data subject shall always be in line with the country-specific data protec­tion regula­tions appli­cable to the Metro­po­litan Aesthe­tics. By means of this data protec­tion decla­ra­tion, our enter­prise would like to inform the public about the nature, scope and purpose of the personal data we collect, use and process. Further­more, data subjects are informed of their rights by means of this data protec­tion declaration.

As the controller, the Metro­po­litan Aesthe­tics has imple­mented numerous technical and organiz­a­tional measures to ensure the most complete protec­tion of personal data processed through this website. Nevertheless, Internet-based data trans­fers can always be subject to security vulnera­bi­li­ties, so that absolute protec­tion cannot be guaran­teed. For this reason, every data subject is free to transmit personal data to us by alter­na­tive means, for example by telephone.

1. defini­tions

The data protec­tion decla­ra­tion of the Metro­po­litan Aesthe­tics is based on the notions used by the European Direc­tive and Ordinance when issuing the Data Protec­tion Regula­tion (DS-GVO). Our privacy policy should be easy to read and under­stand for the public as well as for our custo­mers and business partners. To ensure this, we would like to explain the termi­no­logy used in advance.

We use the following terms, among others, in this data protec­tion declaration:

a) personal data
Personal data is any infor­ma­tion relating to an identi­fied or identi­fiable natural person (herein­after “data subject”). An identi­fiable natural person is one who can be identi­fied, directly or indirectly, in parti­cular by reference to an identi­fier such as a name, an identi­fi­ca­tion number, location data, an online identi­fier or to one or more factors specific to the physical, physio­lo­gical, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject
Data subject means any identi­fied or identi­fiable natural person whose personal data are processed by the controller.

c) Proces­sing
Proces­sing means any opera­tion or set of opera­tions which is performed upon personal data, whether or not by automatic means, such as collec­tion, recording, organiz­a­tion, filing, storage, adapt­ation or altera­tion, retrieval, consul­ta­tion, use, disclo­sure by trans­mis­sion, disse­mi­na­tion or other­wise making avail­able, align­ment or combi­na­tion, restric­tion, erasure or destruction.

d) Restric­tion of processing
Restric­tion of proces­sing is the marking of stored personal data with the aim of limiting their future processing.

e) Profiling
Profiling is any type of automated proces­sing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in parti­cular to analyze or predict aspects relating to that natural person’s job perfor­mance, economic situa­tion, health, personal prefe­rences, interests, relia­bi­lity, behavior, location or change of location.

f) Pseud­ony­miz­a­tion
Pseud­ony­miz­a­tion is the proces­sing of personal data in such a way that the personal data can no longer be attri­buted to a specific data subject without the use of additional infor­ma­tion, provided that such additional infor­ma­tion is kept separate and is subject to technical and organiz­a­tional measures to ensure that the personal data is not attri­buted to an identi­fied or identi­fiable natural person.

g) Controller or person respon­sible for processing.
The controller or person respon­sible for proces­sing is the natural or legal person, public autho­rity, agency or other body which alone or jointly with others deter­mines the purposes and means of the proces­sing of personal data. Where the purposes and means of such proces­sing are deter­mined by Union or Member State law, the controller or the specific criteria for its designa­tion may be provided for under Union or Member State law.

h) Processor
Processor means a natural or legal person, public autho­rity, agency or other body which processes personal data on behalf of the Controller.

i) Recipient
Recipient means a natural or legal person, public autho­rity, agency or other body to whom personal data are disclosed, whether or not a third party. However, public autho­ri­ties that may receive Personal Data in the context of a specific inves­ti­ga­tive task under Union or Member State law shall not be consi­dered as recipients.

j) Third Party
Third party means a natural or legal person, public autho­rity, agency or other body other than the data subject, the controller, the processor and the persons autho­rized to process the personal data under the direct respon­si­bi­lity of the controller or the processor.

k) Consent
Consent shall mean any freely given indica­tion of the data subject’s wishes for the specific case in an informed and unambi­guous manner, in the form of a decla­ra­tion or any other unambi­guous affir­ma­tive act by which the data subject indicates that he or she consents to the proces­sing of personal data relating to him or her.

2. name and address of the controller

The controller within the meaning of the General Data Protec­tion Regula­tion, other data protec­tion laws appli­cable in the Member States of the European Union and other provi­sions of a data protec­tion nature is:

Metro­po­litan Aesthetics

Charlot­ten­strasse 62
10117 Berlin
Germany

Tel.: 030 60936280

E‑mail: info@metropolitan-aesthetics.de
Website: https://metropolitan-aesthetics.de/

The data protec­tion officer of Metro­po­litan Aesthe­tics is Ms. Juliane Stechert and can be reached at the above address, in the name of Ms. Stechert, or via the above e‑mail address, by telephone or via the contact form.

3. COOKIES

The internet pages of Metro­po­litan Aesthe­tics use cookies. Cookies are text files that are placed and stored on a computer system via an Internet browser.

Numerous Internet pages and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identi­fier of the cookie. It consists of a string of charac­ters by which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited Internet pages and servers to distin­guish the indivi­dual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identi­fied via the unique cookie ID.

Through the use of cookies, the Metro­po­litan Aesthe­tics can provide the users of this website with more user-friendly services that would not be possible without the cookie setting.

By means of a cookie, the infor­ma­tion and offers on our website can be optimized for the user. Cookies enable us, as already mentioned, to recognize the users of our website. The purpose of this recogni­tion is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to re-enter his or her access data each time he or she visits the website, because this is handled by the website and the cookie stored on the user’s computer system. Another example is the cookie of a shopping cart in an online store. The online store remem­bers the items that a customer has placed in the virtual shopping cart via a cookie.

The data subject can prevent the setting of cookies by our website at any time by means of an appro­priate setting of the Internet browser used and thus perma­nently object to the setting of cookies. Further­more, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If the data subject deacti­vates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.

Here you can manage your cookie consent

4. collec­tion of general data and information

The website of the Metro­po­litan Aesthe­tics collects a series of general data and infor­ma­tion whenever a data subject or automated system calls up the website. This general data and infor­ma­tion is stored in the log files of the server. The following data may be collected: (1) the browser types and versions used, (2) the opera­ting system used by the acces­sing system, (3) the website from which an acces­sing system accesses our website (so-called referrer), (4) the sub-websites that are accessed via an acces­sing system on our website, (5) the date and time of an access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the acces­sing system and (8) other similar data and infor­ma­tion that serve to avert danger in the event of attacks on our infor­ma­tion techno­logy systems.

When using these general data and infor­ma­tion, the Metro­po­litan Aesthe­tics does not draw any conclu­sions about the data subject. Rather, this infor­ma­tion is needed (1) to deliver the contents of our website correctly, (2) to optimize the contents of our website and the adver­ti­sing for these, (3) to ensure the long-term functio­n­a­lity of our infor­ma­tion techno­logy systems and the techno­logy of our website, and (4) to provide law enfor­ce­ment autho­ri­ties with the infor­ma­tion necessary for prose­cu­tion in the event of a cyber attack. There­fore, the Metro­po­litan Aesthe­tics analyzes anony­mously collected data and infor­ma­tion on one hand, and on the other hand, with the aim of incre­a­sing the data protec­tion and data security of our enter­prise, to ensure an optimal level of protec­tion for the personal data we process. The anony­mous data of the server log files are stored separ­ately from any personal data provided by a data subject.

5. subscrip­tion to our newsletter

On the website of the Metro­po­litan Aesthe­tics, users are given the oppor­tu­nity to subscribe to our enterprise’s newsletter. The personal data trans­mitted to the controller when the newsletter is subscribed to is speci­fied in the input mask used for this purpose.

The Metro­po­litan Aesthe­tics informs its custo­mers and business partners at regular inter­vals by means of a newsletter about enter­prise offers. The newsletter of our enter­prise can basically only be received by the data subject, if (1) the data subject has a valid e‑mail address and (2) the data subject regis­ters for the newsletter mailing. For legal reasons, a confir­ma­tion e‑mail will be sent to the e‑mail address entered by a data subject for the first time for newsletter dispatch using the double opt-in proce­dure. This confir­ma­tion e‑mail serves to verify whether the owner of the e‑mail address as the data subject has autho­rized the receipt of the newsletter.

When regis­tering for the newsletter, we also store the IP address of the computer system used by the data subject at the time of regis­tra­tion, as assigned by the Internet service provider (ISP), as well as the date and time of regis­tra­tion. The collec­tion of this data is necessary in order to be able to trace the (possible) misuse of the e‑mail address of a data subject at a later point in time and there­fore serves the legal protec­tion of the controller.

The personal data collected in the context of a regis­tra­tion for the newsletter are used exclu­si­vely for sending our newsletter. Further­more, subscri­bers to the newsletter could be informed by e‑mail if this is necessary for the opera­tion of the newsletter service or a related regis­tra­tion, as could be the case in the event of changes to the newsletter offer or changes in the technical circum­s­tances. No personal data collected as part of the newsletter service will be passed on to third parties. The subscrip­tion to our newsletter can be cancelled by the data subject at any time. The consent to the storage of personal data that the data subject has given us for the newsletter mailing can be revoked at any time. For the purpose of revoking consent, a corre­spon­ding link can be found in each newsletter. Further­more, it is also possible to unsub­scribe from the newsletter mailing directly on the website of the controller at any time or to notify the controller of this in another way.

6 Newsletter tracking

The newslet­ters of the Metro­po­litan Aesthe­tics contain so-called tracking pixels. A tracking pixel is a minia­ture graphic that is embedded in such e‑mails that are sent in HTML format to enable log file recording and log file analysis. This enables a statis­tical evalua­tion of the success or failure of online marke­ting campaigns. Based on the embedded tracking pixel, the Metro­po­litan Aesthe­tics may see if and when an e‑mail was opened by a data subject, and which links in the e‑mail were called up by the data subject.

Such personal data collected via the tracking pixel contained in the newslet­ters are stored and analyzed by the controller in order to optimize the newsletter dispatch and to better tailor the content of future newslet­ters to the interests of the data subject. This personal data will not be disclosed to third parties. Data subjects are entitled at any time to revoke the separate decla­ra­tion of consent given in this regard via the double opt-in proce­dure. After a revoca­tion, this personal data will be deleted by the controller. The Metro­po­litan Aesthe­tics automa­ti­cally regards a withdrawal from the receipt of the newsletter as a revocation.

7. contact possi­bi­lity via the website

Based on statu­tory provi­sions, the website of the Metro­po­litan Aesthe­tics contains infor­ma­tion that enables a quick electronic contact to our enter­prise, as well as direct commu­ni­ca­tion with us, which also includes a general address of the so-called electronic mail (e‑mail address). If a data subject contacts the controller by e‑mail or by using a contact form, the personal data trans­mitted by the data subject will be stored automa­ti­cally. Such personal data trans­mitted on a volun­tary basis by a data subject to the controller will be stored for the purposes of proces­sing or conta­c­ting the data subject. No disclo­sure of such personal data to third parties will take place.

8 Routine deletion and blocking of personal data.

The controller shall process and store personal data of the data subject only for the period of time necessary to achieve the purpose of storage or insofar as this has been provided for by the European Direc­tives and Regula­tions or other legis­lator in laws or regula­tions to which the controller is subject.

If the storage purpose ceases to apply or if a storage period prescribed by the European Direc­tive and Regula­tion Maker or another compe­tent legis­lator expires, the personal data will be routi­nely blocked or deleted in accordance with the statu­tory provisions.

9. rights of the data subject
a) Right to confirmation
Every data subject has the right granted by the European Direc­tive and Regula­tion to obtain confir­ma­tion from the controller as to whether personal data concer­ning him or her are being processed. If a data subject wishes to exercise this right of confir­ma­tion, he or she may, at any time, contact any employee of the controller.

b) Right of access
Any person concerned by the proces­sing of personal data has the right granted by the European Direc­tive and Regula­tion to obtain at any time from the controller, free of charge, infor­ma­tion about the personal data stored about him or her and a copy of that infor­ma­tion. In addition, the European Direc­tive and Regula­tion Legis­lator has granted the data subject access to the following information:
the purposes of processing
the catego­ries of personal data processed
the recipi­ents or catego­ries of recipi­ents to whom the personal data have been or will be disclosed, in parti­cular in the case of recipi­ents in third countries or inter­na­tional organizations
if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for deter­mi­ning this duration
the existence of a right to obtain the recti­fi­ca­tion or erasure of personal data concer­ning him or her, or to obtain the restric­tion of proces­sing by the controller, or a right to object to such processing
the existence of a right of appeal to a super­vi­sory authority
if the personal data are not collected from the data subject: Any avail­able infor­ma­tion about the origin of the data
The existence of automated decision-making, inclu­ding profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful infor­ma­tion about the logic involved and the scope and intended effects of such proces­sing for the data subject.
Further­more, the data subject shall have the right to obtain infor­ma­tion as to whether personal data have been trans­ferred to a third country or to an inter­na­tional organiz­a­tion. If this is the case, the data subject also has the right to obtain infor­ma­tion about the appro­priate safeguards in connec­tion with the transfer.
If a data subject wishes to exercise this right of access, he or she may, at any time, contact an employee of the controller.

b) Right of access
Every person affected by the proces­sing of personal data has the right, granted by the European Direc­tive and Regula­tion Maker, to obtain from the controller, at any time and free of charge, infor­ma­tion about the personal data stored about him or her and a copy of that infor­ma­tion. In addition, the European Direc­tive and Regula­tion Legis­lator has granted the data subject access to the following information:
the purposes of processing
the catego­ries of personal data processed
the recipi­ents or catego­ries of recipi­ents to whom the personal data have been or will be disclosed, in parti­cular in the case of recipi­ents in third countries or inter­na­tional organizations
if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for deter­mi­ning this duration
the existence of a right to obtain the recti­fi­ca­tion or erasure of personal data concer­ning him or her, or to obtain the restric­tion of proces­sing by the controller, or a right to object to such processing
the existence of a right of appeal to a super­vi­sory authority
if the personal data are not collected from the data subject: Any avail­able infor­ma­tion about the origin of the data
The existence of automated decision-making, inclu­ding profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful infor­ma­tion about the logic involved and the scope and intended effects of such proces­sing for the data subject.
Further­more, the data subject shall have the right to obtain infor­ma­tion as to whether personal data have been trans­ferred to a third country or to an inter­na­tional organiz­a­tion. If this is the case, the data subject also has the right to obtain infor­ma­tion about the appro­priate safeguards in connec­tion with the transfer.
If a data subject wishes to exercise this right of access, he or she may, at any time, contact an employee of the controller.

c) Right of rectification
Every data subject affected by the proces­sing of personal data has the right granted by the European Direc­tive and Regula­tion to request the immediate recti­fi­ca­tion of inaccu­rate personal data concer­ning him or her. Further­more, the data subject has the right to request the comple­tion of incom­plete personal data — also by means of a supple­men­tary decla­ra­tion — taking into account the purposes of the processing.
If a data subject wishes to exercise this right of recti­fi­ca­tion, he or she may, at any time, contact any employee of the controller.

d) Right to erasure (right to be forgotten)
Any person concerned by the proces­sing of personal data has the right granted by the European Direc­tive and Regula­tion to obtain from the controller the erasure without delay of personal data concer­ning him or her, where one of the following grounds applies and insofar as the proces­sing is no longer necessary:
The personal data were collected or other­wise processed for such purposes for which they are no longer necessary.
The data subject revokes his or her consent on which the proces­sing was based pursuant to Art. 6(1)(a) DS-GVO or Art. 9(2)(a) DS-GVO and there is no other legal basis for the processing.
The data subject objects to the proces­sing pursuant to Article 21(1) DS-GVO and there are no overri­ding legiti­mate grounds for the proces­sing, or the data subject objects to the proces­sing pursuant to Article 21(2) DS-GVO.
The personal data have been processed unlawfully.
The erasure of the personal data is necessary for compli­ance with a legal obliga­tion under Union or Member State law to which the controller is subject.
The personal data has been collected in relation to infor­ma­tion society services offered pursuant to Article 8(1) DS-GVO.
If one of the afore­men­tioned reasons applies, and a data subject wishes to arrange for the erasure of personal data stored by the Metro­po­litan Aesthe­tics, he or she may, at any time, contact any employee of the controller. The employee of the Metro­po­litan Aesthe­tics shall arrange for the erasure request to be complied with immediately.

If the personal data was made public by the Metro­po­litan Aesthe­tics and our company is respon­sible pursuant to Art. 17 Para. 1 DS-GVO, Metro­po­litan Aesthe­tics shall imple­ment reason­able measures, inclu­ding technical measures, to compen­sate other data control­lers for proces­sing the personal data published, taking into account the avail­able techno­logy and the cost of imple­men­ta­tion, in order to inform the data subject that he or she has requested from those other data control­lers to erase all links to the personal data or copies or repli­ca­tions of the personal data, unless the proces­sing is necessary. The employee of the Metro­po­litan Aesthe­tics will arrange the necessary in indivi­dual cases.

e) Right to restric­tion of processing
Any person concerned by the proces­sing of personal data has the right, granted by the European Direc­tive and Regula­tion, to obtain from the controller the restric­tion of proces­sing if one of the following condi­tions is met:
The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.
The proces­sing is unlawful, the data subject objects to the erasure of the personal data and requests instead the restric­tion of the use of the personal data.
The controller no longer needs the personal data for the purposes of the proces­sing, but the data subject needs it for the asser­tion, exercise or defense of legal claims.
The data subject has objected to the proces­sing pursuant to Article 21 (1) of the GDPR and it is not yet clear whether the legiti­mate grounds of the controller override those of the data subject.
If one of the afore­men­tioned condi­tions is met, and a data subject wishes to request the restric­tion of personal data stored by the Metro­po­litan Aesthe­tics, he or she may, at any time, contact any employee of the controller. The employee of the Metro­po­litan Aesthe­tics will arrange the restric­tion of the processing.

f) Right to data portability
Any person affected by the proces­sing of personal data has the right granted by the European Direc­tive and Regula­tion to receive the personal data concer­ning him or her, which have been provided by the data subject to a controller, in a struc­tured, commonly used and machine-readable format. He or she also has the right to transmit such data to another controller without hindrance from the controller to whom the personal data have been provided, provided that the proces­sing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the proces­sing is carried out by automated means, unless the proces­sing is necessary for the perfor­mance of a task carried out in the public interest or in the exercise of official autho­rity vested in the controller.
Further­more, when exercising the right to data porta­bi­lity pursuant to Article 20(1) of the GDPR, the data subject shall have the right to obtain that the personal data be trans­ferred directly from one controller to another controller where techni­cally feasible and provided that this does not adver­sely affect the rights and freedoms of other individuals.
In order to assert the right to data porta­bi­lity, the data subject may at any time contact any employee of the Metro­po­litan Aesthetics.

g) Right to object
Any data subject concerned by the proces­sing of personal data has the right, granted by the European Direc­tives and Regula­tions, to object at any time, on grounds relating to his or her parti­cular situa­tion, to proces­sing of personal data concer­ning him or her carried out on the basis of Article 6(1)(e) or (f) of the DS-GVO. This also applies to profiling based on these provisions.
The Metro­po­litan Aesthe­tics shall no longer process the personal data in the event of the objec­tion, unless we can demons­trate compel­ling legiti­mate grounds for the proces­sing which override the interests, rights and freedoms of the data subject, or for the asser­tion, exercise or defence of legal claims.
If the Metro­po­litan Aesthe­tics processes personal data for direct marke­ting purposes, the data subject shall have the right to object at any time to proces­sing of personal data processed for such marke­ting. This also applies to the profiling, insofar as it is related to such direct marke­ting. If the data subject objects to the Metro­po­litan Aesthe­tics to the proces­sing for direct marke­ting purposes, the Metro­po­litan Aesthe­tics will no longer process the personal data for these purposes.
In addition, the data subject has the right, on grounds relating to his or her parti­cular situa­tion, to object to proces­sing of personal data concer­ning him or her which is carried out by the Metro­po­litan Aesthe­tics for scien­tific or histo­rical research purposes, or for statis­tical purposes pursuant to Article 89(1) of the Data Protec­tion Regula­tion (DS-GVO), unless such proces­sing is necessary for the perfor­mance of a task carried out in the public interest.
In order to exercise the right to object, the data subject may directly contact any employee of the Metro­po­litan Aesthe­tics or another employee. The data subject is also free to exercise his/her right to object by means of automated proce­dures using technical speci­fi­ca­tions in connec­tion with the use of infor­ma­tion society services, notwith­stan­ding Direc­tive 2002/58/EC.

h) Automated decisions in indivi­dual cases, inclu­ding profiling.
Any data subject concerned by the proces­sing of personal data shall have the right, granted by the European Direc­tive and Regula­tion, not to be subject to a decision based solely on automated proces­sing, inclu­ding profiling, which produces legal effects concer­ning him or her or similarly signi­fi­cantly affects him or her, unless the decision (1) is necessary for entering into, or the perfor­mance of, a contract between the data subject and the controller, or (2) is permitted by Union or Member State law to which the controller is subject and that law contains suitable measures to safeguard the data subject’s rights and freedoms and legiti­mate interests, or (3) is made with the data subject’s explicit consent.
If the decision (1) is necessary for entering into, or the perfor­mance of, a contract between the data subject and the data controller, or (2) it is made with the data subject’s explicit consent, the Metro­po­litan Aesthe­tics shall imple­ment suitable measures to safeguard the data subject’s rights and freedoms and legiti­mate interests, which include at least the right to obtain the data subject’s invol­ve­ment on the part of the controller, to express his or her point of view and contest the decision.
If the data subject wishes to exercise the rights concer­ning automated decisions, he or she may, at any time, contact any employee of the controller.

i) Right to withdraw consent under data protec­tion law.
Any data subject concerned by the proces­sing of personal data has the right, granted by the European Direc­tive and Regulation-maker, to withdraw consent to the proces­sing of personal data at any time.
If the data subject wishes to exercise the right to withdraw consent, he or she may, at any time, contact any employee of the controller.

10. data protec­tion provi­sions on the use and appli­ca­tion of Facebook.

The controller has integrated compon­ents of the company Facebook on this website. Facebook is a social network.

A social network is a social meeting place operated on the Internet, an online commu­nity that generally allows users to commu­ni­cate with each other and interact in virtual space. A social network can serve as a platform for sharing opinions and experi­ences or enables the Internet commu­nity to provide personal or company-related infor­ma­tion. Facebook enables users of the social network to create private profiles, upload photos and network via friend requests, among other things.

The opera­ting company of Facebook is Facebook, Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. The controller of personal data, if a data subject lives outside the USA or Canada, is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Each time one of the indivi­dual pages of this website operated by the data controller is called up and on which a Facebook compo­nent (Facebook plug-in) has been integrated, the Internet browser on the infor­ma­tion techno­logy system of the data subject is automa­ti­cally caused by the respec­tive Facebook compo­nent to download a repre­sen­ta­tion of the corre­spon­ding Facebook compo­nent from Facebook. A complete overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE. Within the scope of this technical proce­dure, Facebook receives knowledge of which specific sub-page of our website is visited by the data subject.

h) Automated decisions in indivi­dual cases, inclu­ding profiling.
Any data subject concerned by the proces­sing of personal data shall have the right, granted by the European Direc­tive and Regula­tion, not to be subject to a decision based solely on automated proces­sing, inclu­ding profiling, which produces legal effects concer­ning him or her or similarly signi­fi­cantly affects him or her, unless the decision (1) is necessary for entering into, or the perfor­mance of, a contract between the data subject and the controller, or (2) is permitted by Union or Member State law to which the controller is subject and that law contains suitable measures to safeguard the data subject’s rights and freedoms and legiti­mate interests, or (3) is made with the data subject’s explicit consent.
If the decision (1) is necessary for entering into, or the perfor­mance of, a contract between the data subject and the data controller, or (2) it is made with the data subject’s explicit consent, the Metro­po­litan Aesthe­tics shall imple­ment suitable measures to safeguard the data subject’s rights and freedoms and legiti­mate interests, which include at least the right to obtain the data subject’s invol­ve­ment on the part of the controller, to express his or her point of view and contest the decision.
If the data subject wishes to exercise the rights concer­ning automated decisions, he or she may, at any time, contact any employee of the controller.

i) Right to withdraw consent under data protec­tion law.
Any data subject concerned by the proces­sing of personal data has the right, granted by the European Direc­tive and Regulation-maker, to withdraw consent to the proces­sing of personal data at any time.
If the data subject wishes to exercise the right to withdraw consent, he or she may, at any time, contact any employee of the controller.

10. data protec­tion provi­sions on the use and appli­ca­tion of Facebook.

The controller has integrated compon­ents of the company Facebook on this website. Facebook is a social network.

A social network is a social meeting place operated on the Internet, an online commu­nity that generally allows users to commu­ni­cate with each other and interact in virtual space. A social network can serve as a platform for sharing opinions and experi­ences or enables the Internet commu­nity to provide personal or company-related infor­ma­tion. Facebook enables users of the social network to create private profiles, upload photos and network via friend requests, among other things.

The opera­ting company of Facebook is Facebook, Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. The controller of personal data, if a data subject lives outside the USA or Canada, is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Each time one of the indivi­dual pages of this website operated by the data controller is called up and on which a Facebook compo­nent (Facebook plug-in) has been integrated, the Internet browser on the infor­ma­tion techno­logy system of the data subject is automa­ti­cally caused by the respec­tive Facebook compo­nent to download a repre­sen­ta­tion of the corre­spon­ding Facebook compo­nent from Facebook. A complete overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE. Within the scope of this technical proce­dure, Facebook receives knowledge of which specific sub-page of our website is visited by the data subject.

If the data subject is logged in to Facebook at the same time, Facebook recognizes which specific sub-page of our website the data subject is visiting each time the data subject calls up our website and for the entire duration of the respec­tive stay on our website. This infor­ma­tion is collected by the Facebook compo­nent and assigned by Facebook to the respec­tive Facebook account of the data subject. If the data subject activates one of the Facebook buttons integrated on our website, for example the “Like” button, or if the data subject posts a comment, Facebook assigns this infor­ma­tion to the personal Facebook user account of the data subject and stores this personal data.

Facebook always receives infor­ma­tion via the Facebook compo­nent that the data subject has visited our website if the data subject is logged into Facebook at the same time as calling up our website; this takes place regard­less of whether the data subject clicks on the Facebook compo­nent or not. If the data subject does not want this infor­ma­tion to be trans­mitted to Facebook, he or she can prevent the trans­mis­sion by logging out of his or her Facebook account before calling up our website.

The data policy published by Facebook, which can be accessed at https://de-de.facebook.com/about/privacy/, provides infor­ma­tion about the collec­tion, proces­sing and use of personal data by Facebook. It also explains which setting options Facebook offers to protect the privacy of the data subject. In addition, various appli­ca­tions are avail­able that make it possible to suppress data trans­mis­sion to Facebook. Such appli­ca­tions can be used by the data subject to suppress data trans­mis­sion to Facebook.

11. privacy policy on the use and appli­ca­tion of Google Analy­tics (with anony­miz­a­tion function).

The controller has integrated the Google Analy­tics compo­nent (with anony­miz­a­tion function) on this website. Google Analy­tics is a web analysis service. Web analysis is the collec­tion, compi­la­tion and evalua­tion of data about the behavior of visitors to websites. A web analysis service collects, among other things, data on which website a data subject came to a website from (so-called refer­rers), which subpages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is mainly used for the optimiz­a­tion of a website and for the cost-benefit analysis of internet advertising.

The opera­ting company of the Google Analy­tics compo­nent is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

The controller uses the addition “_gat._anonymizeIp” for web analysis via Google Analy­tics. By means of this additive, the IP address of the Internet connec­tion of the data subject is shortened and anony­mized by Google if access to our Internet pages is from a Member State of the European Union or from another State party to the Agree­ment on the European Economic Area.

The purpose of the Google Analy­tics compo­nent is to analyze the flow of visitors to our website. Among other things, Google uses the data and infor­ma­tion obtained to evaluate the use of our website, to compile online reports for us showing the activi­ties on our website, and to provide other services related to the use of our website.

Google Analy­tics sets a cookie on the infor­ma­tion techno­logy system of the data subject. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyze the use of our website. By each call of one of the indivi­dual pages of this website, which is operated by the controller and on which a Google Analy­tics compo­nent has been integrated, the internet browser on the infor­ma­tion techno­logy system of the data subject is automa­ti­cally caused by the respec­tive Google Analy­tics compo­nent to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks and subse­quently enable commis­sion calculations.

By means of the cookie, personal infor­ma­tion, for example the access time, the place from which an access origi­nated and the frequency of visits to our website by the data subject, is stored. Each time the data subject visits our website, this personal data, inclu­ding the IP address of the internet connec­tion used by the data subject, is trans­mitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may disclose this personal data collected via the technical proce­dure to third parties.

The data subject can prevent the setting of cookies by our website, as already described above, at any time by means of an appro­priate setting of the Internet browser used and thus perma­nently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the infor­ma­tion techno­logy system of the data subject. In addition, a cookie already set by Google Analy­tics can be deleted at any time via the Internet browser or other software programs.

Further­more, the data subject has the possi­bi­lity to object to the collec­tion of data generated by Google Analy­tics and related to the use of this website as well as to the proces­sing of this data by Google and to prevent such proces­sing. For this purpose, the data subject must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on tells Google Analy­tics via JavaScript that no data and infor­ma­tion about visits to Internet pages may be trans­mitted to Google Analy­tics. The instal­la­tion of the browser add-on is consi­dered by Google as an objec­tion. If you wish to prevent collec­tion by Universal Analy­tics across diffe­rent devices, the opt-out must be carried out on all systems used. If the infor­ma­tion techno­logy system of the data subject is deleted, formatted or reinstalled at a later time, the data subject must reinstall the browser add-on in order to deacti­vate Google Analy­tics. Provided that the browser add-on is uninstalled or deacti­vated by the data subject or another person attri­bu­table to his or her sphere of control, there is the option of reinstal­ling or reacti­vating the browser add-on.

Further infor­ma­tion and the appli­cable Google privacy policy can be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google Analy­tics is explained in more detail under this link https://www.google.com/intl/de_de/analytics/.

By using this website, you consent to the proces­sing of data about you by Google in the manner and for the purposes set out above.

12. privacy policy on the use and appli­ca­tion of Google Remarketing.

The controller has integrated Google Remar­ke­ting services on this website. Google Remar­ke­ting is a function of Google AdWords that enables a company to display adver­ti­se­ments to Internet users who have previously visited the company’s website. The integra­tion of Google Remar­ke­ting thus allows a company to create user-related adver­ti­se­ments and conse­quently to display interest-relevant adver­ti­se­ments to the Internet user.

The opera­ting company of the Google Remar­ke­ting services is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

The purpose of Google Remar­ke­ting is the display of interest-relevant adver­ti­sing. Google Remar­ke­ting enables us to display adver­ti­se­ments via the Google adver­ti­sing network or to have them displayed on other Internet pages that are tailored to the indivi­dual needs and interests of Internet users.

Google Remar­ke­ting sets a cookie on the infor­ma­tion techno­logy system of the data subject. What cookies are has already been explained above. By setting the cookie, Google is enabled to recognize the visitor to our website when he or she subse­quently visits websites that are also members of the Google adver­ti­sing network. Each time a website is accessed on which the Google Remar­ke­ting service has been integrated, the Internet browser of the person concerned automa­ti­cally identi­fies itself to Google. Within the scope of this technical proce­dure, Google obtains knowledge of personal data, such as the IP address or the user’s surfing behavior, which Google uses, among other things, to display interest-relevant advertising.

By means of the cookie, personal infor­ma­tion, for example the Internet pages visited by the person concerned, is stored. Each time the data subject visits our website, personal data, inclu­ding the IP address of the internet connec­tion used by the data subject, is trans­mitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may disclose this personal data collected via the technical proce­dure to third parties.

By means of the cookie, personal infor­ma­tion, for example the Internet pages visited by the data subject, is stored. Each time the data subject visits our website, personal data, inclu­ding the IP address of the internet connec­tion used by the data subject, is trans­mitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may disclose this personal data collected via the technical proce­dure to third parties.

The data subject can prevent the setting of cookies by our website, as already described above, at any time by means of an appro­priate setting of the Internet browser used and thus perma­nently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the infor­ma­tion techno­logy system of the data subject. In addition, a cookie already set by Google Analy­tics can be deleted at any time via the Internet browser or other software programs.

Further­more, the data subject has the option to object to interest-based adver­ti­sing by Google. To do this, the data subject must call up the link www.google.de/settings/ads from any of the internet browsers he or she uses and make the desired settings there.

Further infor­ma­tion and the appli­cable data protec­tion provi­sions of Google can be found at https://www.google.de/intl/de/policies/privacy/.

13. data protec­tion provi­sions on the use and appli­ca­tion of Google-Adwords

The controller has integrated Google AdWords on this website. Google AdWords is an Internet adver­ti­sing service that allows adver­ti­sers to place ads in Google’s search engine results as well as in the Google adver­ti­sing network. Google AdWords allows an adver­tiser to specify certain keywords in advance, by means of which an ad is displayed in Google’s search engine results exclu­si­vely when the user retrieves a keyword-relevant search result using the search engine. In the Google adver­ti­sing network, the ads are distri­buted on topic-relevant websites by means of an automatic algorithm and in compli­ance with the previously defined keywords.

The opera­ting company of the Google AdWords services is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

The purpose of Google AdWords is to adver­tise our website by displaying interest-relevant adver­ti­se­ments on the websites of third-party compa­nies and in the search engine results of the Google search engine and to display third-party adver­ti­se­ments on our website.

If a data subject accesses our website via a Google ad, a so-called conver­sion cookie is stored by Google on the data subject’s infor­ma­tion techno­logy system. What cookies are has already been explained above. A conver­sion cookie loses its validity after thirty days and is not used to identify the data subject. The conver­sion cookie is used to track whether certain subpages, for example the shopping cart from an online store system, have been called up on our website, provided the cookie has not yet expired. Through the conver­sion cookie, both we and Google can track whether a data subject who arrived at our website via an AdWords ad generated a sale, i.e. completed or cancelled a purchase of goods.

The data and infor­ma­tion collected through the use of the conver­sion cookie are used by Google to compile visit statis­tics for our website. These visit statis­tics are in turn used by us to deter­mine the total number of users who were referred to us via AdWords ads, i.e. to deter­mine the success or failure of the respec­tive AdWords ad and to optimize our AdWords ads for the future. Neither our company nor other adver­ti­sers of Google AdWords receive infor­ma­tion from Google by means of which the data subject could be identified.

By means of the conver­sion cookie, personal infor­ma­tion, for example the internet pages visited by the data subject, is stored. Each time the data subject visits our website, personal data, inclu­ding the IP address of the internet connec­tion used by the data subject, is trans­mitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may disclose this personal data collected via the technical proce­dure to third parties.

The data subject can prevent the setting of cookies by our website, as already described above, at any time by means of an appro­priate setting of the Internet browser used and thus perma­nently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a conver­sion cookie on the infor­ma­tion techno­logy system of the data subject. In addition, a cookie already set by Google AdWords can be deleted at any time via the internet browser or other software programs.

Further­more, the data subject has the option to object to interest-based adver­ti­sing by Google. To do this, the data subject must call up the link www.google.de/settings/ads from any of the internet browsers he or she uses and make the desired settings there.

Further infor­ma­tion and the appli­cable data protec­tion provi­sions of Google can be found at https://www.google.de/intl/de/policies/privacy/.

14. privacy policy on the use and appli­ca­tion of Instagram.

The controller has integrated compon­ents of the service Insta­gram on this website. Insta­gram is a service that quali­fies as an audio­vi­sual platform and allows users to share photos and videos and also to redis­tri­bute such data in other social networks.

The opera­ting company of the Insta­gram services is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

By each call of one of the indivi­dual pages of this website, which is operated by the controller and on which an Insta­gram compo­nent (Insta button) has been integrated, the internet browser on the infor­ma­tion techno­logy system of the data subject is automa­ti­cally caused by the respec­tive Insta­gram compo­nent to download a repre­sen­ta­tion of the corre­spon­ding compo­nent from Insta­gram. Within the scope of this technical proce­dure, Insta­gram receives knowledge about which specific subpage of our website is visited by the data subject.

If the data subject is logged in to Insta­gram at the same time, Insta­gram recognizes which specific sub-page the data subject is visiting each time the data subject calls up our website and for the entire duration of the respec­tive stay on our website. This infor­ma­tion is collected by the Insta­gram compo­nent and assigned by Insta­gram to the respec­tive Insta­gram account of the data subject. If the data subject activates one of the Insta­gram buttons integrated on our website, the data and infor­ma­tion thus trans­mitted will be assigned to the personal Insta­gram user account of the data subject and stored and processed by Instagram.

Insta­gram always receives infor­ma­tion via the Insta­gram compo­nent that the data subject has visited our website if the data subject is simul­ta­ne­ously logged into Insta­gram at the time of calling up our website; this takes place regard­less of whether the data subject clicks on the Insta­gram compo­nent or not. If the data subject does not want this infor­ma­tion to be trans­mitted to Insta­gram, he or she can prevent the trans­mis­sion by logging out of his or her Insta­gram account before acces­sing our website.

Further infor­ma­tion and the appli­cable data protec­tion provi­sions of Insta­gram can be found at https://www.instagram.com/about/legal/privacy/.

15. data protec­tion provi­sions on the use and appli­ca­tion of LinkedIn.

The controller has integrated compon­ents of the LinkedIn Corpo­ra­tion on this website. LinkedIn is an Internet-based social network that enables users to connect with existing business contacts and to make new business contacts. Over 400 million regis­tered indivi­duals use LinkedIn in more than 200 countries. This makes LinkedIn currently the largest platform for business contacts and one of the most visited websites in the world.

The opera­ting company of LinkedIn is LinkedIn Corpo­ra­tion, 2029 Stierlin Court Mountain View, CA 94043, USA.

Respon­sible for data protec­tion outside the USA is LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

With each indivi­dual call-up of our website that is equipped with a LinkedIn compo­nent (LinkedIn plug-in), this compo­nent causes the browser used by the data subject to download a corre­spon­ding repre­sen­ta­tion of the compo­nent from LinkedIn. Further infor­ma­tion on LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. As part of this technical proce­dure, LinkedIn receives knowledge of which specific sub-page of our website is visited by the data subject.

If the data subject is logged in to LinkedIn at the same time, LinkedIn recognizes which specific sub-page of our website the data subject is visiting with each call-up of our website by the data subject and for the entire duration of the respec­tive stay on our website. This infor­ma­tion is collected by the LinkedIn compo­nent and assigned by LinkedIn to the respec­tive LinkedIn account of the data subject. If the data subject activates a LinkedIn button integrated on our website, LinkedIn assigns this infor­ma­tion to the personal LinkedIn user account of the data subject and stores this personal data.

LinkedIn always receives infor­ma­tion via the LinkedIn compo­nent that the data subject has visited our website if the data subject is simul­ta­ne­ously logged into LinkedIn at the time of calling up our website; this takes place regard­less of whether the data subject clicks on the LinkedIn compo­nent or not. If the data subject does not want this infor­ma­tion to be trans­mitted to LinkedIn, he or she can prevent the trans­mis­sion by logging out of his or her LinkedIn account before acces­sing our website.

LinkedIn offers the possi­bi­lity to unsub­scribe from email messages, SMS messages and targeted ads as well as to manage the ad settings at https://www.linkedin.com/psettings/guest-controls. LinkedIn also uses partners such as Quantcast, Google Analy­tics, BlueKai, Double­Click, Nielsen, Comscore, Eloqua and Lotame, which may set cookies. Such cookies can be rejected at https://www.linkedin.com/legal/cookie-policy. LinkedIn’s appli­cable privacy policy can be found at https://www.linkedin.com/legal/privacy-policy. LinkedIn’s cookie policy can be found at https://www.linkedin.com/legal/cookie-policy.

16. privacy policy for the use and appli­ca­tion of Pinterest.

The controller has integrated compon­ents of Pinte­rest Inc. on this website. Pinte­rest is a so-called social network. A social network is a social meeting place operated on the Internet, an online commu­nity, which generally allows users to commu­ni­cate with each other and interact in virtual space. A social network can serve as a platform for sharing opinions and experi­ences or allows the Internet commu­nity to provide personal or business-related infor­ma­tion. Pinte­rest enables users of the social network, among other things, to publish collec­tions of images and indivi­dual images as well as descrip­tions on virtual pinboards (so-called pinning), which can then in turn be shared by other users (so-called repin­ning) or commented on.

The opera­ting company of Pinte­rest is Pinte­rest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

By each call of one of the indivi­dual pages of this website, which is operated by the controller and on which a Pinte­rest compo­nent (Pinte­rest plugin) has been integrated, the internet browser on the infor­ma­tion techno­logy system of the data subject is automa­ti­cally caused by the respec­tive Pinte­rest compo­nent to download a repre­sen­ta­tion of the corre­spon­ding Pinte­rest compo­nent from Pinte­rest. Further infor­ma­tion on Pinte­rest can be found at https://pinterest.com/. Within the scope of this technical proce­dure, Pinte­rest receives knowledge of which specific sub-page of our website is visited by the data subject.

If the data subject is logged into Pinte­rest at the same time, Pinte­rest recognizes which specific sub-page of our website the data subject is visiting each time the data subject calls up our website and for the entire duration of the respec­tive stay on our website. This infor­ma­tion is collected by the Pinte­rest compo­nent and assigned by Pinte­rest to the respec­tive Pinte­rest account of the data subject. If the data subject activates a Pinte­rest button integrated on our website, Pinte­rest assigns this infor­ma­tion to the personal Pinte­rest user account of the data subject and stores this personal data.

Pinte­rest always receives infor­ma­tion via the Pinte­rest compo­nent that the data subject has visited our website if the data subject is logged into Pinte­rest at the same time as calling up our website; this takes place regard­less of whether the data subject clicks on the Pinte­rest compo­nent or not. If the data subject does not want this infor­ma­tion to be trans­mitted to Pinte­rest, he or she can prevent the trans­mis­sion by logging out of his or her Pinte­rest account before calling up our website.

The privacy policy published by Pinte­rest, which is avail­able at https://policy.pinterest.com/de/privacy-policy, provides infor­ma­tion about the collec­tion, proces­sing and use of personal data by Pinterest.

17. privacy policy on the use and appli­ca­tion of Twitter

The controller has integrated compon­ents of Twitter on this website. Twitter is a multi­lin­gual publicly acces­sible micro­blog­ging service on which users can publish and distri­bute so-called tweets, i.e. short messages limited to 280 charac­ters. These short messages can be accessed by anyone, inclu­ding people who are not regis­tered with Twitter. However, the tweets are also displayed to the so-called follo­wers of the respec­tive user. Follo­wers are other Twitter users who follow the tweets of a user. Further­more, Twitter makes it possible to address a broad audience via hashtags, links or retweets.

Twitter Inter­na­tional Company, One Cumber­land Place, Fenian Street Dublin 2, D02 AX07, Ireland.

Each time one of the indivi­dual pages of this website operated by the controller is called up and on which a Twitter compo­nent (Twitter button) has been integrated, the Internet browser on the infor­ma­tion techno­logy system of the data subject is automa­ti­cally caused by the respec­tive Twitter compo­nent to download a repre­sen­ta­tion of the corre­spon­ding Twitter compo­nent from Twitter. Further infor­ma­tion on the Twitter buttons can be found at https://publish.twitter.com/. Within the scope of this technical proce­dure, Twitter receives knowledge of which specific sub-page of our website is visited by the data subject. The purpose of integra­ting the Twitter compo­nent is to enable our users to disse­mi­nate the content of this website, to make this website known in the digital world and to increase our visitor numbers.

If the data subject is logged into Twitter at the same time, Twitter recognizes which specific subpage of our website the data subject is visiting with each call to our website by the data subject and for the entire duration of the respec­tive stay on our website. This infor­ma­tion is collected by the Twitter compo­nent and assigned by Twitter to the respec­tive Twitter account of the data subject. If the data subject activates one of the Twitter buttons integrated on our website, the data and infor­ma­tion thus trans­mitted will be assigned to the personal Twitter user account of the data subject and stored and processed by Twitter.

Twitter always receives infor­ma­tion via the Twitter compo­nent that the data subject has visited our website if the data subject is simul­ta­ne­ously logged into Twitter at the time of calling up our website; this takes place regard­less of whether the data subject clicks on the Twitter compo­nent or not. If the data subject does not want this infor­ma­tion to be trans­mitted to Twitter, he or she can prevent the trans­mis­sion by logging out of his or her Twitter account before acces­sing our website.

The appli­cable data protec­tion provi­sions of Twitter are avail­able at https://twitter.com/privacy?lang=de.

18. privacy policy on the use and appli­ca­tion of XING

The controller has integrated compon­ents of Xing on this website. Xing is an Internet-based social network that allows users to connect with existing business contacts and to make new business contacts. Indivi­dual users can create a personal profile of themselves on Xing. Compa­nies can, for example, create company profiles or publish job offers on Xing.

The opera­ting company of Xing is XING SE, Dammtor­straße 30, 20354 Hamburg, Germany.

Each time one of the indivi­dual pages of this website operated by the controller is called up, on which a Xing compo­nent (Xing plug-in) has been integrated, the Internet browser on the infor­ma­tion techno­logy system of the data subject is automa­ti­cally prompted by the respec­tive Xing compo­nent to download a repre­sen­ta­tion of the corre­spon­ding Xing compo­nent from Xing. Further infor­ma­tion on the Xing plug-ins can be found at https://dev.xing.com/plugins. Within the scope of this technical proce­dure, Xing receives infor­ma­tion about which specific subpage of our website is visited by the data subject.

If the data subject is logged in to Xing at the same time, Xing recognizes which specific subpage of our website the data subject is visiting each time the data subject calls up our website and for the entire duration of the respec­tive stay on our website. This infor­ma­tion is collected by the Xing compo­nent and assigned by Xing to the respec­tive Xing account of the data subject. If the data subject activates one of the Xing buttons integrated on our website, for example the “Share” button, Xing assigns this infor­ma­tion to the personal Xing user account of the data subject and stores this personal data.

Xing always receives infor­ma­tion via the Xing compo­nent that the data subject has visited our website if the data subject is simul­ta­ne­ously logged into Xing at the time of calling up our website; this takes place regard­less of whether the data subject clicks on the Xing compo­nent or not. If the data subject does not want this infor­ma­tion to be trans­mitted to Xing, he or she can prevent the trans­mis­sion by logging out of his or her Xing account before acces­sing our website.

The data protec­tion provi­sions published by Xing, which can be accessed at https://www.xing.com/privacy, provide infor­ma­tion about the collec­tion, proces­sing and use of personal data by Xing. Further­more, Xing has published data protec­tion infor­ma­tion for the XING Share button at https://www.xing.com/app/share?op=data_protection.

19. privacy policy on the use and appli­ca­tion of YouTube

The controller has integrated YouTube compon­ents on this website. YouTube is an Internet video portal that allows video publis­hers to post video clips free of charge and other users to view, rate and comment on them, also free of charge. YouTube allows the publi­ca­tion of all types of videos, which is why complete film and TV shows, but also music videos, trailers or videos made by users themselves can be accessed via the Internet portal.

The opera­ting company of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

Each time one of the indivi­dual pages of this website operated by the controller is called up, on which a YouTube compo­nent (YouTube video) has been integrated, the Internet browser on the infor­ma­tion techno­logy system of the data subject is automa­ti­cally caused by the respec­tive YouTube compo­nent to download a repre­sen­ta­tion of the corre­spon­ding YouTube compo­nent from YouTube. Further infor­ma­tion on YouTube can be found at https://www.youtube.com/yt/about/de/. Within the scope of this technical proce­dure, YouTube and Google receive knowledge of which specific sub-page of our website is visited by the data subject.

If the data subject is logged into YouTube at the same time, YouTube recognizes which specific sub-page of our website the data subject is visiting by calling up a sub-page that contains a YouTube video. This infor­ma­tion is collected by YouTube and Google and assigned to the respec­tive YouTube account of the data subject.

YouTube and Google always receive infor­ma­tion via the YouTube compo­nent that the data subject has visited our website if the data subject is simul­ta­ne­ously logged into YouTube at the time of calling up our website; this takes place regard­less of whether the data subject clicks on a YouTube video or not. If the data subject does not want this infor­ma­tion to be trans­mitted to YouTube and Google, he or she can prevent the trans­mis­sion by logging out of his or her YouTube account before acces­sing our website.

The data protec­tion provi­sions published by YouTube, which can be accessed at https://www.google.de/intl/de/policies/privacy/, provide infor­ma­tion about the collec­tion, proces­sing and use of personal data by YouTube and Google.

20. legal basis of processing

Article 6 I lit. a DS-GVO serves our company as the legal basis for proces­sing opera­tions in which we obtain consent for a specific proces­sing purpose. If the proces­sing of personal data is necessary for the perfor­mance of a contract to which the data subject is a party, as is the case, for example, with proces­sing opera­tions that are necessary for the delivery of goods or the provi­sion of another service or consi­de­ra­tion, the proces­sing is based on Article 6 I lit. b DS-GVO. The same applies to such proces­sing opera­tions that are necessary for the imple­men­ta­tion of pre-contractual measures, for example in cases of inqui­ries about our products or services. If our company is subject to a legal obliga­tion by which a proces­sing of personal data becomes necessary, such as for the fulfill­ment of tax obliga­tions, the proces­sing is based on Art. 6 I lit. c DS-GVO. In rare cases, the proces­sing of personal data might become necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance data or other vital infor­ma­tion had to be passed on to a doctor, hospital or other third party. Then the proces­sing would be based on Art. 6 I lit. d DS-GVO. Finally, proces­sing opera­tions could be based on Art. 6 I lit. f DS-GVO. Proces­sing opera­tions that are not covered by any of the afore­men­tioned legal bases are based on this legal basis if the proces­sing is necessary to protect a legiti­mate interest of our company or a third party, provided that the interests, funda­mental rights and freedoms of the data subject are not overridden. Such proces­sing opera­tions are permitted to us in parti­cular because they were speci­fi­cally mentioned by the European legis­lator. In this respect, it took the view that a legiti­mate interest could be assumed if the data subject is a customer of the controller (recital 47 sentence 2 DS-GVO).

21. legiti­mate interests in the proces­sing pursued by the controller or a third party.

If the proces­sing of personal data is based on Article 6 I lit. f DS-GVO, our legiti­mate interest is the conduct of our business for the benefit of the well-being of all our employees and our shareholders.

22 Duration for which the personal data is stored.

The criterion for the duration of the storage of personal data is the respec­tive statu­tory reten­tion period. After expiry of the period, the corre­spon­ding data is routi­nely deleted, provided that it is no longer required for the fulfill­ment or initia­tion of the contract.

23. data security

We use the widespread SSL proce­dure (Secure Socket Layer) in connec­tion with the highest encryp­tion level supported by your browser when visiting the website. As a rule, this is a 256-bit encryp­tion. If your browser does not support 256-bit encryp­tion, we use 128-bit v3 techno­logy instead. You can tell whether an indivi­dual page of our website is encrypted by the closed key or lock symbol in the lower status bar of your browser.

We also use appro­priate technical and organiz­a­tional security measures to protect your data against accidental or inten­tional manipu­la­tion, partial or complete loss, destruc­tion or against unaut­ho­rized access by third parties. Our security measures are conti­nuously improved in line with techno­lo­gical developments.

24. legal or contrac­tual requi­re­ments to provide the personal data; neces­sity for the conclu­sion of the contract; obliga­tion of the data subject to provide the personal data; possible conse­quences of non-provision

We would like to inform you that the provi­sion of personal data is partly required by law (e.g. tax regula­tions) or may also result from contrac­tual regula­tions (e.g. infor­ma­tion on the contrac­tual partner). Sometimes, in order to conclude a contract, it may be necessary for a data subject to provide us with personal data that must subse­quently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before provi­ding personal data by the data subject, the data subject must contact one of our employees. Our employee will explain to the data subject on a case-by-case basis whether the provi­sion of the personal data is required by law or contract or is necessary for the conclu­sion of the contract, whether there is an obliga­tion to provide the personal data, and what the conse­quences of not provi­ding the personal data would be.

25. existence of automated decision-making

As a respon­sible company, we do not use automatic decision-making or profiling.

26. up-to-dateness and change of this privacy policy
This privacy policy is currently valid and has the status of March 2019.

Due to the further develo­p­ment of our website and offers on it or due to changed legal or regula­tory requi­re­ments, it may become necessary to change this privacy policy. You can access and print out the current data protec­tion decla­ra­tion at any time on the website at https://metropolitan-aesthetics.de/impressum-datenschutz/.

This data protec­tion decla­ra­tion was created by the data protec­tion decla­ra­tion generator of the DGD Deutsche Gesell­schaft für Daten­schutz GmbH, which acts as the external data protec­tion officer Hamburg, in coope­ra­tion with the data protec­tion lawyer Chris­tian Solmecke.