Privacy Policy
1. Data Protection at a Glance
General Information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified. For detailed information about data protection, please refer to our privacy policy below this text.
Data Collection on this Website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find the operator’s contact details in the section “Information about the responsible body” in this privacy policy.
How do we collect your data?
Your data are collected in two ways: you provide it directly (e.g., via a contact form), and some data are automatically collected (or upon your consent) when visiting the website by our IT systems. This mainly includes technical data (e.g. browser type, operating system, or time of page access). This data is collected automatically as soon as you access this website.
What do we use your data for?
Some of the data are collected to ensure error-free provision of the website. Other data can be used to analyze your user behavior.
What are your rights regarding your data?
You have the right at any time to obtain, free of charge, information about the origin, recipient, and purpose of your stored personal data. You also have a right to request correction or deletion of these data. If you have given consent to data processing, you can revoke it at any time for the future. You also have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you can lodge a complaint with the relevant supervisory authority.
For this and other questions about data protection, you can contact us at any time.
Analytics tools and third‑party tools
When visiting this website, your browsing behavior may statistically be evaluated. This mainly occurs using so‑called analytics tools.
Detailed information about these analytics tools can be found in the privacy policy below.
2. Hosting and Content Delivery Networks (CDN)
External Hosting
This website is hosted by an external provider. The personal data collected on this website are stored on the provider’s servers. This may include IP addresses, contact inquiries, meta‑ and communication data, contract data, contact details, names, website accesses, and other data generated via a website.
We use this provider to fulfill contracts with our potential and existing customers (Art. 6 (1) lit. b GDPR) and in the interest of a secure, fast, and efficient provision of our online services by a professional provider (Art. 6 (1) lit. f GDPR).
Our hosting provider will process your data only as far as necessary to fulfill its performance obligations and will follow our instructions regarding this data.
We use the following hosting provider:
ALL‑INKL.COM – Neue Medien Münnich
Owner: René Münnich
Hauptstraße 68 | D‑02742 Friedersdorf
Conclusion of a Data Processing Agreement
To ensure data protection compliant processing, we have concluded a data processing agreement with our hosting provider.
3. General Information and Mandatory Disclosures
Data Protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with legal data protection regulations as well as this privacy policy.
When you use this website, various personal data are collected. Personal data are data by which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens.
Please note that data transmission over the internet (e.g., communication by email) may have security vulnerabilities. A fully secure protection of data from third‑party access is not possible.
Information about the controller responsible
The controller responsible for data processing on this website is:
Dr. Bettina Sommer, FEBO
Heiglhofstraße 1a
81377 Munich
Phone: +49 (0) 89 710 19 800
Email: info@augenarzt-sommer.de
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data (e.g., names, email addresses).
Storage duration
Unless a more specific retention period is stated in this privacy policy, your personal data remain with us until the purpose of the data processing is fulfilled. If you request deletion, revoke consent, or the purpose no longer applies, your data will be deleted unless we have legally permissible reasons to retain it (e.g., tax or commercial retention periods); in such cases, deletion will take place after those reasons expire.
Note on data transfer to the USA
Our website includes tools from companies based in the USA. If these tools are active, your personal data may be transferred to the US servers of those companies. Please note that the USA is not considered a secure third country under EU data protection law. US companies may be required to hand over personal data to security authorities without your legal recourse. It cannot be ruled out that US authorities (e.g., intelligence agencies) may process, analyze, and store your data located on US servers for surveillance purposes. We have no influence over such processing activities.
Withdrawal of your consent to data processing
Many processing operations are only possible with your explicit consent. You may revoke any consent you have given at any time. The lawfulness of processing carried out up to the revocation remains unaffected.
Right to object in specific cases and to direct marketing (Art. 21 GDPR)
IF DATA PROCESSING IS BASED ON ART. 6 (1) LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR IF PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21 (1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT IT RELATES TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21 (2) GDPR).
Right to lodge a complaint with the supervisory authority
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, place of work, or the place of the alleged infringement. This right is without prejudice to other administrative or judicial remedies.
Right to data portability
You have the right to receive personal data that we process automatically based on your consent or in performance of a contract, in a structured, commonly used and machine-readable format, either to yourself or to another controller. If you request direct transfer to another controller, it will only be carried out if technically feasible.
SSL and TLS encryption
For security reasons and to protect transmission of confidential content (e.g., orders or inquiries transmitted to us), this website uses SSL/TLS encryption. An encrypted connection is indicated by “https://” in the browser address line and a lock icon.
When SSL/TLS encryption is active, data you transmit to us cannot be read by third parties.
Access, deletion and correction
Under applicable law, you have the right at any time to obtain free information about your stored personal data, their origin, recipients and the purpose of data processing and, if applicable, the right to correct or delete such data. For this and further questions regarding personal data, you may contact us at any time.
Right to restrict processing
You have the right to request restriction of processing of your personal data. You may contact us at any time. The right exists in the following cases:
- If you dispute the accuracy of your stored personal data, we usually need time to verify it. During this verification period, you may request restriction of processing.
- If processing of your personal data has been or is unlawful, you may request restriction instead of deletion.
- If we no longer need your personal data, you require it for the exercise, defense or assertion of legal claims, and you have requested restriction instead of deletion.
- If you have objected under Art. 21 (1) GDPR, a balance between your interests and ours must be made. As long as it remains unclear whose interests prevail, you may request restriction of processing.
If processing is restricted, such data – aside from storage – may only be processed with your consent, or for the assertion, exercise or defense of legal claims, or to protect the rights of another natural or legal person, or for important public interest of the EU or a Member State.
4. Data collection on this website
Cookies
Our website uses so-called “cookies.” Cookies are small text files and do not harm your device. They are stored temporarily (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit. Persistent cookies remain until you delete them or until automatic deletion by your browser.
In some cases, third‑party cookies may be stored on your device when you visit our site. These enable use of certain third‑party services (e.g. payment processing cookies).
Cookies serve various purposes. Many cookies are technically necessary because certain website functions (e.g. shopping cart or video display) do not function without them. Other cookies help analyze user behavior or display advertisements.
Cookies necessary for electronic communication or delivery of requested features (functional cookies, e.g. shopping cart) or to optimize the website (e.g. audience measurement) are stored based on Art. 6 (1) lit. f GDPR, unless another legal basis is stated. The site operator has a legitimate interest in storing cookies for a technically error-free and optimized service. If consent is requested, cookies are only stored based on Art. 6 (1) lit. a GDPR; consent may be revoked at any time.
You can configure your browser to be informed about cookies and decide individually, block them entirely, or enable automatic deletion on browser close. Disabling cookies may limit the functionality of this website.
If third‑party or analytics cookies are used, we will inform you separately in this privacy policy and, if applicable, ask for your consent.
Inquiry via Email, Telephone or Fax
If you contact us via email, telephone or fax, your inquiry and any personal data provided (e.g. name, inquiry) will be stored and processed to handle your request. These data will not be shared without your consent.
Processing of these data is based on Art. 6 (1) lit. b GDPR, if your request relates to contract performance or pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively handling inquiries (Art. 6 (1) lit. f GDPR) or on your consent (Art. 6 (1) lit. a GDPR), if given.
Data you send via contact forms will remain with us until you request deletion, revoke consent, or the purpose ends (e.g. after completion). Mandatory legal obligations, especially statutory retention periods, remain unaffected.
5. Analytics Tools and Advertising
Google Analytics
This website uses features of the web analytics service Google Analytics. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the site operator to analyze visitor behavior. The operator receives usage data such as page views, time spent, operating systems used, and user origin. Google may combine this data into a profile assigned to the user or device.
Google Analytics uses technologies that enable user recognition for behavior analysis (e.g. cookies or device fingerprinting). Information collected about website use is typically transmitted to a Google server in the USA and stored there.
Use of this analytics tool is based on Art. 6 (1) lit. f GDPR. The site operator has a legitimate interest in analyzing user behavior to optimize the website and advertising. If consent is given (e.g. cookie consent), processing is based on Art. 6 (1) lit. a GDPR; consent may be revoked at any time.
Data transmission to the USA is based on the EU Commission’s standard contractual clauses. Details can be found at Google’s controller terms.
IP anonymization
We’ve enabled IP anonymization on this website. This shortens your IP address within EU or EEA member states before transmission to the USA. Only in rare cases is the full IP address transmitted and shortened later. Google uses this information to evaluate site usage, compile reports, and provide additional services. Your browser‑transmitted IP address is not combined with other Google data.
Browser Plugin
You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available here.
For more information on handling user data in Google Analytics, see Google’s privacy policy.
Data processing agreement
We have concluded a data processing agreement with Google and fully implement the strict requirements of German data protection authorities when using Google Analytics.
Storage duration
User‑ and event‑level data stored by Google associated with cookies, user IDs (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) are anonymized or deleted after 14 months. More details at Google’s support documentation.
6. Plugins and Tools
Google Web Fonts (local hosting)
This site uses web fonts provided by Google for consistent typography. The fonts are hosted locally. No connection to Google servers occurs.
More information is available in Google Fonts FAQ and Google’s privacy policy.
Google Maps
This site uses the Google Maps service. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To use Google Maps functions, your IP address must be stored. These data are typically transmitted to Google servers in the USA and stored there. The site operator has no control over this transmission.
Use of Google Maps is in the interest of an appealing display of our online offerings and easy discoverability of locations listed on the site. This constitutes a legitimate interest under Art. 6 (1) lit. f GDPR. If consent is requested, processing is based on Art. 6 (1) lit. a GDPR; consent may be revoked at any time.
Data transmission to the USA is based on the EU Commission’s standard contractual clauses. Details at Google’s GDPR controller terms.
For more information on data handling, see Google’s privacy policy.
