Privacy policy

Draft — to be reviewed by legal/data-protection counsel before go-live. This text describes the actual technical implementation of this website (static site, hosting via Cloudflare Pages, contact form via Web3Forms, self-hosted fonts, web analytics with Google Analytics only after consent). It does not replace individual legal advice and must be confirmed by a reviewed final version before publication.

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:
UniCare GmbH
Burgweg 5a, 61389 Schmitten im Taunus
Represented by the Managing Director Jörg Saborowski
E-mail: info@unicare-gmbh.de
Phone: +49 151 52653565

2. General information on data processing

As a matter of principle, we process personal data of our users only to the extent that this is necessary to provide a functional website and to handle your enquiries. This website is directed at medical professionals and institutional contacts. The legal bases are in particular Art. 6(1)(b) GDPR (initiation/performance of a contract or responding to enquiries) and Art. 6(1)(f) GDPR (legitimate interest in a secure and functional web presence).

3. Hosting via Cloudflare Pages

This website is provided as a static site via Cloudflare Pages, a service of Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA. When the pages are accessed, Cloudflare processes technically necessary connection data (e.g. IP address, time of access, requested resource, volume of data transferred, browser/operating-system information) in order to ensure the delivery of the content and the security and stability of the connection. The legal basis is Art. 6(1)(f) GDPR.

A data processing agreement pursuant to Art. 28 GDPR is in place with Cloudflare. As the processing may also take place on servers in the USA or other third countries, any third-country transfer is based on the standard contractual clauses of the EU Commission (Art. 46 GDPR); according to its own information, Cloudflare is also certified under the EU-U.S. Data Privacy Framework. Details: Cloudflare privacy policy.

4. Contact form (Web3Forms)

If you send us an enquiry via the contact form, we process the data you provide — in particular name, e-mail address, telephone number where applicable, clinic/institution and your message — to handle the enquiry and in the event of follow-up questions. The legal basis is Art. 6(1)(b) or (f) GDPR.

The technical transmission of the form is carried out via the service Web3Forms, which forwards the entered form data exclusively to our mailbox (info@unicare-gmbh.de). A data processing agreement pursuant to Art. 28 GDPR is to be concluded with the provider; insofar as a transfer to a third country takes place, this is based on the standard contractual clauses of the EU Commission (Art. 46 GDPR). Your details are stored for as long as is required to handle your enquiry; statutory retention obligations remain unaffected. [Before go-live: check and add the specific provider details, server location and data processing agreement of Web3Forms.]

5. Fonts

The fonts used are served locally from this server. There is no connection to third-party servers (e.g. Google Fonts); no personal data is transferred to third parties when fonts are displayed.

6. Consent and cookie banner

For web analytics (see section 7) we only set cookies or transmit data once you have expressly consented via our cookie banner (Art. 6(1)(a) GDPR). Until consent is given, no analytics data is collected via Google's Consent Mode procedure. Necessary functions of the website can be used without consent.

We store your choice locally in your browser. You can withdraw or change your consent at any time with effect for the future — via the "Cookie settings" link in the page footer.

7. Web analytics with Google Analytics 4

Following your consent, we use Google Analytics 4, a web analytics service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies or comparable technologies that enable an analysis of the use of the website (e.g. pages accessed, approximate origin, device used, actions triggered). This information helps us to improve our offering. The legal basis is your consent (Art. 6(1)(a) GDPR).

The IP address is processed by Google in a shortened/anonymised form. A transfer to the USA cannot be ruled out; according to its own information, Google LLC is certified under the EU-U.S. Data Privacy Framework, and in addition standard contractual clauses (Art. 46 GDPR) are in place. A data processing agreement pursuant to Art. 28 GDPR is in place with Google. Details: Google privacy policy.

8. Google Tag Manager

To integrate and control the analytics tags mentioned above, we use the Google Tag Manager (Google Ireland Limited). The Tag Manager itself does not collect any personal data for analytics purposes but manages the triggering of tags. Tags that process personal data (e.g. Google Analytics) are only triggered after your consent (see section 6).

9. Your rights as a data subject

You have the following rights vis-à-vis the controller with regard to the personal data concerning you: the right of access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) as well as a right to object to the processing (Art. 21 GDPR). You can withdraw a consent you have given at any time with effect for the future.

Irrespective of this, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). Competent is the supervisory authority of the federal state of our registered office (the Hessian Commissioner for Data Protection and Freedom of Information) or the authority of your usual place of residence.

10. Encryption (SSL/TLS)

For security reasons, this website uses SSL/TLS encryption. You can recognise an encrypted connection by "https://" in the address bar of your browser.

11. Currency and changes to this privacy policy

This privacy policy reflects the status of the most recent revision. Due to the further development of the website or changed statutory or official requirements, it may become necessary to adapt it.