5. Transfer of data
In principle, your personal data will only be passed on without your express prior consent in the following cases:
This data is passed on on the basis of our legitimate interest in combating abuse, prosecuting criminal offenses and securing, asserting and enforcing claims and that your rights and interests in the protection of your personal data do not outweigh your interests, Art. 6 Para. 1 lit . f GDPR or based on a legal obligation according to Art. 6 Para. c GDPR.
We rely on contractually affiliated external companies and external service providers ("processors") to provide the services. In such cases, personal data is passed on to these processors in order to enable them to continue processing. These processors are carefully selected by us and regularly checked to ensure that your rights and freedoms are protected. The contract processors may only use the data for the purposes specified by us and are also contractually obliged by us to treat your data exclusively in accordance with this data protection declaration and German data protection laws.
In detail, we use the contract processors listed below. Insofar as personal data is transferred to third countries in this context, we ensure that this is done in accordance with the requirements of Art. 44 ff GDPR. DPAs with the service providers we use who have their headquarters in the USA are listed below. The DPAs contain so-called standard contractual clauses. The standard contractual clauses are agreements adopted by the European Commission. If the processor signs such a standard contract, it undertakes to comply with European data protection standards.
- Provision of server services, cloud hosting - Amazon Web Services EMEA, 38 avenue John F. Kennedy, 1855 Luxembourg, Luxembourg. Server location: Ireland for Irish clients, London for UK clients). https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/
- Provision of email & SMS services - SendGrid, Inc.1801 California Street, Suite 500, Denver, CO 80202. https://www.twilio.com/legal/data-protection-addendum.
- Provision of chat support, knowledge base, help centre - Intercom, Inc. (Intercom R&D Unlimited Company), 55 2nd Street, 4th FloorSan Francisco, California 94105. https://www.intercom.com/help/en/articles/1385437-how-intercom-complies-with-gdpr
The transfer of data to contract processors takes place on the basis of Art. 28 Para. 1 GDPR, alternatively on the basis of our legitimate interest in the economic and technical advantages associated with the use of specialized contract processors, and the fact that your rights and interests in the protection of your personal data do not predominate, Art. 6 para. 1 lit. f GDPR.
As part of the further development of our business, the structure of Altra Health limited may change, as the legal form is changed, subsidiaries, parts of companies or parts of the company are founded, bought or sold. In such transactions, the customer information is passed on together with the part of the company to be transferred. Whenever personal data is passed on to third parties to the extent described above, we ensure that this is done in accordance with this data protection declaration and the relevant data protection laws.
Any transfer of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances if necessary and your rights and interests in the protection of your personal data do not outweigh your interests, Art. 6 Para. 1 lit. f GDPR.