In the following, we, Oviavo GmbH Wattstraße 11, 13355 Berlin (hereinafter „Oviavo“ or „we“) inform visitors to our website https://oviavo.com/ (hereinafter “Website”) and persons (hereinafter “Members”) who are enabled by their employer to make use of our benefits within the scope of their employment relationship in accordance with our General Terms and Conditions for Members at https://oviavo.com/terms-members (hereinafter “Oviavo Benefits”) and their partners (hereinafter collectively “Users”) about the processing of their personal data by us and by third parties commissioned by us or other third parties, as well as about the claims and rights to which data subjects are entitled under data protection regulations, in particular the European General Data Protection Regulation (GDPR). Personal data in the sense of the GDPR are all data relating to a specific or identifiable person, e.g. name, address, e-mail addresses, user behavior. We provide separate information about recipients of data, including service providers commissioned by us, under Section 6. In the event that links to third-party providers are clicked on within the framework of the website, the data protection provisions of these third parties will apply exclusively. Oviavo does not check the data protection provisions of third parties and is not responsible for further data processing.
We process the aforementioned data in accordance with Art. 6 para. 1 s. 1 lit. f GDPR to protect the legitimate interests of us or of third parties. In particular, we pursue the following legitimate interests:
- Ensuring IT security, in particular the security of the Website,
- Assertion of legal claims and defense in legal disputes.
3. Data processing when contacting us; newsletter3.1. Contact When contacting us (e.g. via e-mail), we process the information provided to us (e-mail address, name, telephone number, if applicable, and the content of the inquiry) in order to respond to the inquiry. The legal basis of the processing is Art. 6 para. 1 s. 1 lit. b GDPR if the subject of the inquiry is (pre-)contractual information, in accordance with Art. 6 para. 1 s. 1 lit. f GDPR if there is a legitimate interest on the part of Oviavo or in accordance with Art. 6 para. 1 p. 1 lit. a or Art. 9 para. 2 lit. a GDPR if we have been provided with information that serves neither (pre-)contractual purposes nor our legitimate interests and/or contains special categories of personal data (see Section 4). 3.2. Newsletter We will inform people who register for the Oviavo newsletter with their e-mail address about us and our services. Only a valid e-mail address is required to register for the newsletter. We use the so-called double-opt-in procedure to register for our newsletter. This means that after registration we send an e-mail to the specified e-mail address in which we ask the recipient to confirm that he or she wishes to receive the newsletter. In addition, we store the IP addresses used and the times of registration and confirmation. The purpose of this procedure is to document the respective consent and, if necessary, to be able to clarify a possible misuse of personal data. After confirmation, we process the respective e-mail address for the purpose of sending the newsletter. The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file via which technical information on the browser and operating system used by the recipient, as well as the respective IP address and the time of the respective retrieval of the newsletter, are processed. We also use this information to better understand the interests of newsletter recipients and to improve our newsletters and their content. At the end of each newsletter there is a link that can be used to unsubscribe from the newsletter at any time. The newsletter can also be unsubscribed at any time by sending a message to email@example.com. Upon unsubscribing from the newsletter, the personal data stored for the purpose of providing the newsletter will be deleted, unless there is a legal obligation to retain such data. The legal basis for sending and evaluating the usage behavior of newsletter recipients is the respective consent pursuant to Art. 6 para. 1 s. 1 lit. a GDPR. This consent can only be withdrawn together for the receipt of the newsletter and the evaluation of the usage behavior. To send our newsletter, we use the MailChimp service of the company The Rocket Science Group, LLC (see section 7.3 (5)), to which the above data is also transmitted.
4. Data processing „Oviavo Benefits“In the following, we provide information on the type, scope and purpose of the processing of personal data in connection with the use of Oviavo Benefits, including the Members Portal in accordance with our General T&Cs for Members at https://oviavo.com/terms-members/ (hereinafter “User Agreement”). The use of the Oviavo Benefits is voluntary. Oviavo points out that for effective use, it is necessary for us to process personal data of Users that is as specific as possible and in some cases also very intimate. So-called “special categories of personal data” (Art. 9 GDPR) therefore also become relevant, in particular health data, data on sexual life or sexual orientation, which we may only process on the basis of the express consent of the Users concerned. 4.1. Onboarding Oviavo provides its services to Members, i.e. those employees whose eligibility has been previously determined by Oviavo’s cooperation partner (hereinafter referred to as the “Employer”). For this purpose, the Employer provides us with the following personal data of Members as part of the “onboarding” process
- First and last names,
- personnel numbers,
- work e-mail addresses,
- start date of eligibility,
- if applicable: end date of eligibility.
- Date of birth,
- physical sex,
- information about the desire to have children,
- information about partner situation,
- optional: Gender identity.
- Type and name of health insurance,
- Partner status (single, registered partnership, married, etc.),
- cycle dates,
- contraceptive methods,
- desire to have children,
- pre-existing medical conditions
- Number of registered Member,
- number of active Member (log-ins),
- number of booked phone consultation,
- amount of budget used by all Member of the respective Employer.
5. Internal processingWe process the personal data mentioned above under Sections 2 to 4 within the scope of administrative tasks as well as for the organization of our operations, and to comply with legal obligations, such as archiving. The legal bases for this are Art. 6 para. 1 s. 1 lit. b, c or f GDPR. Accordingly, the purpose and our interest in processing lie in the maintenance of our business activities, the performance of our legal duties and the provision of our contractual services. All data is also stored in our Hubspot customer relationship management tool (see section 7.3 (5)).
6. Storage durationWe delete the data mentioned in the above Sections 2 to 4 after the storage is no longer required or restrict the processing if there are statutory retention obligations. In particular, the storage duration is determined by the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are usually 3 years, but in certain cases can be up to 30 years. In particular, we are subject to various retention and documentation obligations, which result, among other things, from the German Commercial Code (HGB), the German Fiscal Code (AO), and the German Money Laundering Act (GwG). The retention and documentation periods specified there are 2 to 10 years.
8. Data Protection RightsEvery data subject has:
- The right to information according to Art. 15 GDPR,
- the right to rectification according to Art. 16 GDPR,
- the right to erasure according to Art. 17 GDPR,
- the right to restriction of processing according to Art. 18 GDPR, as well as
- the right to data portability under Art. 20 GDPR.
Version: April 2021