Privacy policy

HELIX Operations GmbH („HELIX“, "we") would like to use this Privacy Policy to inform you about how we process personal data in connection with our online presence at www.helix.life, such as names and e-mail addresses as well as information about your visit on our website.

1. Controller

Controllers for the processing of your personal data within the meaning of article 4 (7) of the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) is

HELIX Operations GmbH
HELIX HUB, Invalidenstr. 113
10115 Berlin, Germany
Email: info@helix.life
Phone: +49 30 586 930-000
Fax: +49 30 586 930-251

You can find further information about us in the imprint.

 

2. Data protection officer

We have appointed an external data protection officer. You can reach him at

HELIX Operations GmbH
zu Hd. Datenschutzbeauftragter
HELIX HUB, Invalidenstr. 113
10115 Berlin, Germany
Email: datenschutz@helix.life
  

3. Data processing when visiting the website
3.1. Log files

To make our website available and to ensure its functionality, the web server automatically records your visit in so-called server log files when you visit our website. The following data is processed in the process: Browser type and version, the operating system used by the terminal device, the IP address of the requesting computer, access date and time of the server request, the duration of the stay on the website, the amount of data transferred, the location from which the user retrieves data from the website, connection data and sources and from which page the access is made.

Purpose
This data is processed for the purpose of providing our website and for statistical analysis as well as for the purpose of identifying and tracing unauthorised access to the web server and other criminal offences.

Legal basis
The legal basis of the data processing is article 6 (1) (f) GDPR. Our legitimate interests are to ensure IT security and the operation of our website.

Recipients
The recipients of the data are our hosting service providers.

Storage period
Log file information is stored from the end of your respective website visit for a maximum of 30 days and then deleted.

Objection
The data processing is necessary for the security and operation of the website. You exercise your right to object by no longer accessing our website.

Obligation to provide your data
The provision of the personal data is neither legally nor contractually required. Without the provision, however, the service and the functionality of our website are not guaranteed. In addition, individual services may not be available or may be limited.

 

3.2. General information about cookies
Cookies are small text files that can be used to identify the user’s terminal device. Cookies are stored on your device when you use our website. Cookies can transmit information from our web server or third-party web servers to the user’s web browser, where it is stored for later retrieval. A cookie usually contains the name of the domain from which the cookie data was sent, information about the age of the cookie and an alphanumeric identifier.

Purpose
We use cookies to ensure the proper functioning of our website and to optimize your website experience.

Legal basis
The legal basis for data processing is article 6 (1) (f) GDPR. Our legitimate interests consist in the technical provision and guarantee of the operation of our internet presence and IT security as well as in the optimisation of the presentation of our offer and direct marketing measures.

Recipients
In addition to the individual transfers described below, we pass on your data to our IT service and hosting providers for strictly specific purposes – if at all necessary – and only to the extent required.

Storage period
We store the data for as long as it is needed to fulfil the aforementioned purposes, or you delete the cookies.

Withdrawal and Objection
Insofar as the data processing is based on your consent pursuant to article 6 (1) (a) GDPR, you have the right to withdraw your consent at any time. You can delete the cookies in your browser.

If the legal basis is article 6 (1) (f) GDPR, you can object to the data processing. You can exercise your right to object by configuring your browser according to your wishes, for example, so that no cookies from third-party providers (so-called third-party cookies) or no cookies at all are stored or a notice always appears before a new cookie is created. Furthermore, cookies that have already been stored can be deleted at any time via the browser.

You can find out how to configure cookies for the most popular browsers by following the links below:

Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en

Safari: https://support.apple.com/de-de/guide/safari/sfri11471/13.0/mac/10.15

Opera: https://help.opera.com/de/latest/web-preferences/#cookies

Obligation to provide your data
The provision of your personal data is neither legally nor contractually required. Without the provision, however, the service and the functionality of our website may not be guaranteed. In addition, individual services may not be available or may be limited.

 

3.3. Analysis and Tracking
This website does not use additional analytics services such as Google Analytics or similar services, nor does it use tracking tools for marketing or re-marketing purposes.

 

3.4 Social Media Buttons
This website uses simple graphics with html links as social media buttons to the social media platforms LinkedIn and Twitter. In contrast to some widespread social media plugins, no data is transmitted to the provider of the social media platforms when accessing our website and without clicking on the social media buttons.
Only when you click on the respective social media button does your browser establish a direct connection with the respective provider of the social media platform. We have no influence on the data requested by the provider of the social media platform on its website. If you are logged in to the respective social media platform when you click on the social media button, the respective provider can assign the visit to this website to your user account. For further information, please refer to the data protection information of the respective provider of the social media platform.

 

3.5 Instagram Feed
On our website, we integrate the feed of our Instagram profile to make current information available to you across platforms. We use the WordPress plug-in from Smash Balloon LLC (https://smashballoon.com/) for this purpose. To display our Instagram feed, the plug-in retrieves the information from Instagram and integrates it into our website. In order to display the Instagram feed for you, your IP address is processed via the plug-in when you visit the website. We host the plug-in on our servers and have configured the plug-in in a way that no data is transmitted to third parties and only local image data is loaded. This may result in some images not being displayed correctly. The plug-in does not set any cookies. If you click on an image in the displayed Instagram feed, you will be redirected to our Instagram profile. You can find more details about the relevant data processing under section 5.2.
You can find more information about the plug-in at: https://smashballoon.com/gdpr-and-our-plugins/ and https://smashballoon.com/doc/instagram-feed-gdpr-compliance/.

Purpose
We process your data in order to be able to show you the content of our Instagram profile on our website as well.

Legal basis
The legal basis for data processing is article 6 (1) (f) GDPR. Our legitimate interests consist of optimizing the presentation of our website.

Recipients
We transfer your data strictly for the specific purpose – if at all necessary – and only to the extent required to our IT and hosting service providers.

Storage period
We store the data for as long as it is needed to fulfill the aforementioned purpose.

Objection
The data processing is necessary for the presentation of the content on our website. You exercise your objection by no longer visiting our website or by configuring your browser to block the plug-in.

Obligation to provide your data
The provision of your personal data is neither legally nor contractually required. Without the provision, however, the service and the functionality of our website may not be guaranteed. In addition, individual services may not be available or may be limited.

 

4. Data processing in connection with our content and offers
4.1 Contact by e-mail, fax, telephone or through a platform

You can contact us via the e-mail addresses, fax and telephone numbers provided by us on our website or via a platform on which we are present. If you make use of this option, personal data transmitted in response to your contact request will be processed.

Purpose
The processing is conducted for the purpose of dealing with your inquiry.

Legal basis
If the contact is aimed at concluding a contract or if your contact is about an existing contract with you, article 6 (1) (b) DSGVO is the legal basis for the processing.

The legal basis for the processing of your data in the other cases is article 6 (1) (f) GDPR. The legitimate interest in these cases results from the fact that we can only conduct the action requested by you (e.g., answering enquiries) by processing your data accordingly.

Recipients
In the course of processing your request, your data will be transferred to our IT service providers and to our employees who will process your inquiry.

Storage period
We store your data in principle up to the complete answer of your inquiry.

Obligation to provide your data
There is no legal obligation to provide your data. However, if you do not provide us with your data, it is not possible to contact us.

 

4.2 Conclusion and execution of contracts
You can rent conference rooms and office space from us or have events organized. For the conclusion and execution of the respective contract, it is necessary that we process the personal data of our contact persons. This includes surname, first name, (professional) e-mail address, telephone numbers, if applicable the company to which you belong and the position you hold in this company.

Purpose
The processing is carried out for the purpose of concluding and executing the contract.

Legal basis
If we conclude a contract with you personally, the legal basis is article 6 (1) (b) GDPR. If you serve as a contact person for our contractual partner – e.g. because you act for a company – the legal basis is article 6 (1) (f) GDPR, whereby our legitimate interest is to conclude and execute the contract with our contractual partner.

Recipients
In the course of processing your request, your data will be transferred to our IT service providers as well as to our employees who process your request.

Storage period
We store your data as long as we need it for the execution of the contract. In addition, we store your data as long as and to the extent that we are obliged to do so due to legal retention periods.

Obligation to provide your data
There is no legal obligation to provide your data. However, if you do not provide us with your data, it may not be possible to conclude or execute a contract with us.

 

4.3 Advertising by mail or e-mail
If you are or have been a customer of ours, we may, under certain circumstances, send you promotional communications by mail or e-mail to provide you with current information about us. You will receive these promotional communications without the need for consent.

Purpose
The processing of your data is for the purpose of direct marketing.

Legal basis
The legal basis for data processing is article 6 (1) (f) GDPR. Our legitimate interests are to send you advertising in the form of direct marketing. Based on the contractual relationship existing between you and us and the information provided by us in the context of this privacy notice, we assume that you consent to the advertising sent by us, in particular because you can object to receiving such advertising at any time by simply notifying us if you are not interested.

Recipients
We pass on your data strictly for the intended purpose, if at all necessary, and only to the extent required within the framework of order processing and to our IT service providers.

Storage period
Your data will be stored for the purpose of sending advertising for as long as it is needed for this purpose or until you object to the processing of your data for this purpose.

Objection
You can unsubscribe from our advertising e-mails and letters at any time. Simply send us a short message that you no longer wish to receive advertising. If you do not tell us which mailing medium your objection refers to, we will assume that this applies to both mail and e-mail advertising.

Obligation to provide your data
We receive your data within the framework of the contractual relationship existing between you and us. Without the provision of this data, the implementation of the contractual relationship is not possible. However, you may object to the processing of your data for the purpose of sending advertising in connection with the contractual relationship at any time in accordance with the above information.

 

4.4. Job applications
You can apply for a position with us directly via the contact provided on our website. Alternatively, you have the option of applying by other means, e.g. via a portal. If you apply for a position with us, we process the data that you provide in your application.

Purpose
The personal data you provide will be processed for the purpose of deciding whether to establish an employment relationship.

Legal basis
The legal basis is article 6 (1) (b), 88 (1) GDPR and section 26 (1), (8) Federal Data Protection Act. If you provide more than the required information, the legal basis is your consent pursuant to article 6 (1) (a) GDPR. Insofar as we are legally obliged to process data that we have received as part of the application process, we conduct this data processing on the basis of article 6 (1) (c) GDPR.

Sources and Recipients
If you apply to us via a portal, your data will also be processed by the portal and transmitted to us. Depending on which way you choose to apply, the portal may function as a processor under article 28 GDPR or as a joint controller with us under article 26 GDPR. For more information, see section 5.3.

In order to assess your documents, they will be forwarded to the relevant employees of the company to which you are applying. In addition, your data may be forwarded to our group-affiliated company and to our IT service providers as part of a data processing agreement.

Storage period
If your application is successful, we will store your application documents in your personnel file. If the data processing is based on a legal obligation to which we are subject article 6 (1) (c) GDPR), the data will be stored for as long as is necessary to fulfil our legal obligation.

If your application was unsuccessful, your application documents will be stored by us for the duration of the application process and will also be kept for 3 months in order to answer any questions you may have. After this period, the documents will be deleted. Only if you consent, we will store your data until withdrawal in order to be able to contact you in the future regarding interesting job offers within our company.

Obligation to provide your data
The provision of your data is necessary for the application process and for the decision on the establishment of an employment relationship. If you do not provide us with your data, we will unfortunately not be able to consider you in the selection process for filling the advertised position.

 

5. Data processing in connection with our presence on social media
We maintain publicly accessible profiles on various social media platforms and job portals. Your visit to these profiles may initiate data processing procedures. In the following, we provide you with an overview of which of your personal data is processed by us when you visit our profiles. We would like to point out that you use our profiles and the contents available on them at your own responsibility. This applies in particular to the use of interactive functions (e.g., commenting, sharing, rating).

When you visit our profiles, your personal data is processed not only by us but also, where applicable, by the providers of the respective platform. The individual data processing procedures and their scope differ depending on the provider of the respective platform and are not necessarily comprehensible for us. For details about the collection and storage of your personal data as well as the type, scope, and purpose of their use by the provider of the respective platform, please also refer to the data protection information of the respective provider.

 

5.1. LinkedIn
HELIX operates a profile on the social media platform LinkedIn of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”).

Joint controllership with LinkedIn
HELIX and LinkedIn have concluded an agreement as part of their joint controllership, which you can access here: https://legal.linkedin.com/pages-joint-controller-addendum (so-called “Page Insights Joint Controller Addendum”). The agreement covers those data processing procedures in connection with a visit to or interaction with our LinkedIn profile, but only to the extent that such data is also processed (thereafter) for “Page Insights”. “Page Insights” comprise analytics services that help the operator of a LinkedIn profile to better understand interactions with its LinkedIn profile. The purpose of the data processing is to generate aggregate statistics for LinkedIn profile operators. It involves processing data in the context of people visiting or interacting with a LinkedIn profile, but only to the extent that the purpose is to use it for “Page Insights”. LinkedIn provides more detailed information on this at the following link: https://www.linkedin.com/help/linkedin/answer/4499/linkedin-page-analytics-overview?lang=en. The “Information on data for Page Insights ” (https://legal.linkedin.com/pages-joint-controller-addendum), which can be accessed by data subjects, indicates how and when “insights data” are collected and used to create “Page Insights”:

When you visit our LinkedIn profile, LinkedIn collects, among other things, your IP address and other information that is present on your PC in the form of cookies. This information is used to provide us, as the operator of our LinkedIn profile, with statistical information about the use of the LinkedIn profile. We do not receive any personal data from LinkedIn in this context.

Through the LinkedIn Insight Tag, your data is transmitted to LinkedIn, under certain circumstances also to the USA. The transfer is secured by a data processing agreement and the conclusion of the EU standard contractual clauses, which in individual cases allow a transfer to so-called third countries outside the EU. Further information on data protection at LinkedIn can be found here https://www.linkedin.com/legal/privacy-policy#choices-oblig.

The respective responsibilities, in particular with regard to the protection of data subject rights, between HELIX and LinkedIn can be found in the Page Insights Addendum (https://legal.linkedin.com/pages-joint-controller-addendum).

LinkedIn assumes primary responsibility for complying with the GDPR obligations for the shared processing of “Insights Data”. This includes fulfilling your data subject rights. LinkedIn provides more details on how to exercise these rights in its privacy policy under point 4: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

Controllership of HELIX
In addition to the processing mentioned above, we are solely responsible for any further processing by us (for example, if you contact us via LinkedIn and we process your data to respond to your inquiry).

Purpose
This processing of the visitors’ data serves the purpose of providing the profile, the statistical evaluation of the use of our profile as well as for the purpose of answering your inquiries or communicating with you and publishing information about HELIX.

Legal basis
The legal basis of the processing for the purpose of answering inquiries that serve a future conclusion of a contract and are initiated by you is article 6 (1) (b) GDPR and in other cases article 6 (1) (f) GDPR. The legitimate interests regarding the processing of personal data when visiting the site and the creation of the “Insights data” are Communication and interaction with interested parties and customers; dissemination of information; anonymised evaluation and presentation of the use of our LinkedIn profile.

Storage period
After answering your request, the personal data you have provided will be deleted from our systems. If you interact with us publicly, for example by leaving a comment or reacting to a post, this data remains publicly accessible on the site until it is deleted by us or you. Insofar as legal storage obligations require longer storage, your data will only be stored for this purpose and blocked for other purposes.

Objection
LinkedIn users can influence the extent to which their user behaviour may be recorded when visiting our LinkedIn profile under the settings. The processing of information by means of the cookies used by LinkedIn can also be prevented by not allowing cookies from third-party providers or those from LinkedIn in your own browser settings. You have the option to delete comments and reactions on LinkedIn. To exercise your right to object, please contact our data protection officer or datenschutz@helix.life.

Obligation to provide your data
You are not obliged to provide your data. However, visiting, or individual functionalities of our LinkedIn profile may not be possible or only possible to a limited extent without us or LinkedIn processing personal data.

 

5.2 Instagram
HELIX operates a profile on the social network Instagram of Meta Platforms Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland (“Meta”).

Joint controllership with Meta
Meta and we have concluded an agreement within the scope of joint controllership, which you can access here: https://de-de.facebook.com/legal/terms/page_controller_addendum (so-called “Page Insights Addendum”). From this, the respective responsibilities, in particular with regard to the protection of data subject rights, between us and Meta can also be inferred. The Page Insights Addendum refers to those data processing operations that are collected in connection with a visit to or interaction with our Instagram page, but only insofar as these data are also processed (thereafter) for “Page Insights”. “Page Insights” include analytics services that help Page owners better understand interactions with their Pages. The purpose of the data processing is to create aggregated statistics for us, the operator of our Instagram profile. Meta provides more details on how to exercise these rights in the “Page Insights Data Information”. You can find this here https://www.facebook.com/legal/terms/information_about_page_insights_data.

When you visit our Instagram profile, Meta collects, among other things, your IP address and other information that is present on your system in the form of cookies. This information is used to provide us, as the operator of the Instagram profile, with statistical information about the use of the Instagram profile. Meta provides more detailed information on this at the following link: https://help.instagram.com/1533933820244654.

The data collected about you in this context will be processed by Meta and, if necessary, transferred to countries outside the EU. The transfer is secured by an order processing agreement and the conclusion of the EU standard contractual clauses, which in individual cases permit a transfer to so-called third countries outside the EU. The data usage guidelines are available at the following link: https://help.instagram.com/519522125107875.
In which way Meta uses the data from the visit of Instagram profiles for its own purposes, to what extent activities on the Instagram profile are assigned to individual users, how long Meta stores this data and whether data from a visit to the Meta site is passed on to third parties, is not conclusively and clearly stated by Meta and is not known to us. When accessing an Instagram profile, the IP address assigned to your end device is transmitted to Meta. According to information from Meta, this IP address is anonymized (for “German” IP addresses). Meta also stores information about the end devices of its users (e.g. as part of the “login notification” function); if necessary, this enables Meta to assign IP addresses to individual users. If you are currently logged in to Instagram as a user, a cookie with your Instagram ID is located on your end device. This enables Meta to track that you have visited our website and how you have used it. This also applies to all other Meta pages. Via Instagram buttons embedded in websites, it is possible for Meta to record your visits to these websites and assign them to your Instagram profile. Based on this data, content or advertising tailored to you can be offered. If you want to avoid this, you should log out of Instagram or deactivate the “stay logged in” function, delete the cookies present on your device and exit and restart your browser. In this way, meta-information through which you can be directly identified will be deleted. This allows you to use our Instagram profile without revealing your Instagram identifier. When you access interactive features of the site (like, comment, share, message, etc.), an Instagram login screen will appear. After any login, you will again be recognizable to Meta as a specific user. For information on how to manage or delete information about you, please visit these support pages: https://help.instagram.com/1533933820244654.

Controllership of HELIX
In addition to the processing mentioned above regarding Insights Data, we are generally solely responsible for any further processing by us (for example, if you contact us via Instagram and we process their data to respond to your inquiry).

Purpose
This processing of visitors’ data serves the purpose of providing the site, statistical analysis of the use of our site, as well as the purpose of answering your inquiries (if you have sent us an inquiry) or communicating with you and publishing information about offers from HELIX.

Legal basis
The legal basis of the processing for the purpose of answering inquiries that serve a future conclusion of a contract and are initiated by you is Art. 6 para. 1 p. 1 lit. b DSGVO and in the other cases Art. 6 para. 1 p. 1 lit. f DSGVO. The legitimate interests regarding the processing of personal data when visiting the site and the creation of the “site insights” are: Communication and interaction with interested parties and customers; Dissemination of information; Anonymized evaluation and presentation of the use of our meta and Instagram pages.

Storage period
After your request has been completed, the personal data you have provided will be deleted from our systems. Should you interact with us publicly, for example by leaving a comment or “liking” a post, this data will remain publicly accessible on the site until deleted by us or you. If legal storage obligations require longer storage, your data will only be stored for this purpose and will be blocked for other purposes.

Objection
You have the option to delete comments and likes on Instagram. To exercise your right to object to us, please contact our data protection officer. We will then process your request immediately.

Obligation to provide your data
The provision of your data is voluntary. However, it is not possible to visit our Instagram page without us or Meta processing personal data.

 

5.3 StepStone
HELIX operates a profile on the StepStone job portal of StepStone Deutschland GmbH, Völklinger Straße 1 in 40219 Düsseldorf (“StepStone”).

If you apply via the StepStone application form, according to StepStone’s T&C there is joint controllership between StepStone and HELIX if you are registered with StepStone; the joint controllership agreement set out in Part D of the GTC pursuant to article 26 GDPR shall apply to this. If you are not registered with StepStone, StepStone states that it acts as our processor in accordance with article 28 GDPR.

If you move from StepStone directly to our website and apply via our application form, we are solely responsible for the data processing.

StepStone’s T&Cs are available at https://www.stepstone.de/e-recruiting/allgemeine-geschaftsbedinungen.

Joint controllership with StepStone
Under the joint controllership agreement, StepStone is responsible for processing the personal data of users registered on StepStone during the application process for a job advertisement from us.

HELIX is responsible for the processing of personal data of applicants after receipt of applications in the customer centre. The subject of the processing operations is all data provided and submitted by applicants. These data usually include all CV-related data, such as the name, address, telephone number, date of birth and information on educational background and professional experience. In addition, we may process other data as part of our responsibilities. This includes information provided when using the comment or note function or by assigning an application status, as well as, in the case of using the video interview service, a) the recorded applicant videos, or b) the e-mail address and name of applicants used to conduct a live interview.

Controllership of HELIX
In addition to the processing in joint controllership, we are solely responsible for any further processing by us (for example, if we are in contact with you outside of StepStone to conduct the application process).

Purpose
The purpose of the data processing is to enable you to apply for jobs at HELIX via StepStone.

Legal basis
The legal basis is article 6 (1) (b), 88 (1) GDPR in conjunction with. § 26 (1), (8) Federal Data Protection Act. If you provide more than the required information, the legal basis is your consent pursuant to article 6 (1) (a) GDPR. Insofar as we are legally obliged to process data that we have received as part of the application process, we conduct this data processing on the basis of article 6 (1) (c) GDPR.

Storage period
After processing your application, your personal data provided will be deleted from our systems in accordance with section 4.4. If you interact with us publicly, for example by leaving a comment or giving a rating, this data remains publicly accessible until it is deleted by us or you.

Withdrawal
You have the option to delete comments and reactions on StepStone. To exercise your right to withdrawal, please contact our data protection officer or datenschutz@helix.life We will then process your request immediately.

Obligation to provide your data
You are not obliged to provide us with your data. The provision of your data is necessary for the application process and for deciding whether to establish an employment relationship. However, you can also choose another way to submit your application, e.g., via our website. If you do not provide us with your data, we will unfortunately not be able to consider you in the selection process for filling the advertised position.

 

6. Transfer to a so-called third country
Unless otherwise stated in this Privacy Policy, we do not transfer your data outside the European Economic Area.

 

7. How long we keep your personal data
Unless a shorter storage period results from the other provisions of this Privacy Policy, we will only store your personal data for as long as is necessary to fulfil the respective purposes, and thereafter only to the extent and insofar as we are obliged to do so due to mandatory statutory retention obligations. If we no longer need your data for the purposes described in this Privacy Policy, it will only be stored during the respective statutory retention period and not processed for other purposes.

 

8. Your Rights
If we process your personal data, you have the following data subject rights:

 

8.1. Right of access
You have the right to obtain information about your personal data processed by us in accordance with article 15 GDPR. In particular, you can access information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the source of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.

 

8.2. Right to rectification
In accordance with article 16 GDPR, you have the right to demand rectification of inaccurate of your personal data.

 

8.3. Right to erasure
You have the right to request the erasure of your personal data stored by us in accordance with article 17 GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise, or defence of legal claims.

 

8.4. Right to restriction of processing
You have the right to request the restriction of the processing of your personal data in accordance with article 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you oppose the erasure or we no longer require the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with article 21 GDPR.

 

8.5. Right to data portability
You have the right, in accordance with article 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request that it be transferred to another controller.

 

8.6. Right to object
If your personal data is processed based on article 6 (1) (e) or (f) GDPR, you have the right to object to the processing of your personal data in accordance with article 21 GDPR, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.

You can express your objection by sending an e-mail to datenschutz@helix.life.

 

8.7. Automated individual decision-making including profiling
Where certain decisions on our part are based solely on automated processing – including user profiling – you have the right not to be subject to such a decision which produces legal effects concerning you or similarly significantly affects you. However, this does not apply,

  • if the decision is necessary for the conclusion or performance of a contract between you and us,
  • where the decision is authorised by the European Union or national law to which we are subject, and that law contains appropriate measures to safeguard your rights and freedoms and your legitimate interests; or
  • if this form of decision-making is conducted with your express consent.

 

8.8. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or our registered office for this purpose.

 

8.9. Right to withdrawal of consent
If you have given your consent under data protection law, you have the right to withdraw this consent at any time. The withdrawal of consent does not affect the lawfulness of the processing based on the consent until the withdrawal. To notify us of your withdrawal, please contact our Data Protection Officer or datenschutz@helix.life.

 

9. Data security
Within the website visit, we use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is encrypted by the closed key or lock symbol in the status bar of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

 

10. Links to third party websites
Please note that our website may contain links to content from other providers to which this Privacy Policy does not apply. We have no influence on these websites and not on whether they comply with the applicable data protection regulations.

 

11. Updating the Privacy Policy

Due to the further development of technical standards but also of our offers or due to changed legal or official requirements, it may become necessary to change this Privacy Policy. We reserve the right to change this Privacy Policy at any time with effect for the future. You can access the latest version on our website at https://helix.life/privacy-policy/. Please visit the website regularly and inform yourself about the current Privacy Policy.

Last updated: 2022