Below Nurses Notes (or “WE”, "US", "OUR") provides you with an overview of what personal data we process for what purpose and how we ensure the protection of that data.
In section I. you can find information applicable in general. In section II. We explain the processing of personal data in the context of you visiting our website (“Website”) and when subscribing to our services.
Section I: General Information
Controller of the processing of personal data is:
Telephone: +1 478-227-6644
You can reach our data protection officer under the following contact information:
We process personal data provided by you or generated by us.
Depending on the form that you have completed and successfully submitted, Nurses Notes will be collecting some personal information. This includes the following, but not limited to: Name, Country Residence, Email Address, Contact Number, and other media attachments. Media attachments usually come in a form of resume and this form is found in the Job section of this website. Full disclosure of how the data will be used is available and must be confirmed by the user prior to submitting their data.
Nurses Notes also uses Google Analytics, Search Console, and AdSense, all of which only run after the user grants permission in the Cookie Notice Agreement, a popup message that appears upon visiting the website. The amount of time that the cookie is stored for when user accepts the notice lasts for one (1) month. The amount of time that the cookie is stored for when the user doesn’t accept the notice last only for an hour. After which, the data is disposed.
If you upload documents (e.g. resume) to the website, you should avoid uploading documents with embedded location data (EXIF GPS) included. Users must also avoid attaching other personal documents such as driver’s license, nursing license, passport, and the likes. Visitors to the website can download and extract any location data from images on the website.
Generally, we process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) for various purposes. In principle, the following can be considered as the purposes of the processing: the processing for the initiation of contractual relationships and the performance of contracts (Art. 6 (1) lit. b GDPR), for the protection of legitimate interests (Article 6 (1) lit. f DSGVO), based on your consent (Article 6 (1) lit. a GDPR) and/ or statutory provisions (Art. 6 (1) lit. c GDPR).
There is no legal or contractual obligation to provide us with personal data. We only ask you to provide us with the data necessary for our services. Without this personal data, we may not be able to offer you our services such as job assistance, newsletter updates, or establishing partnerships.
We process data only as long as it is necessary in relation to the initial specified, explicit and legitimate purpose.
Additionally, we are subject to various filing and documentation obligations, including those arising from the German Commercial Code (HGB) and the German Tax Code (AO). The deadlines for storage and documentation specified there are up to ten years.
In light of possible legal claims, the processing period is also determined by statutory time limitations, which can be up to thirty years according to §§ 195 ff. of the German Civil Code (BGB), whereby the regular time limitation is three years.
Based on the Implementing Rules and Regulations of the Data Privacy Act of 2012 Rule IV. Data Privacy Principles Section 19, lit d., Personal Data shall not be retained longer than necessary.
1. Retention of personal data shall only for as long as necessary:
(a) for the fulfillment of the declared, specified, and legitimate purpose, or when the processing relevant to the purpose has been terminated;
(b) for the establishment, exercise or defense of legal claims; or
(c) for legitimate business purposes, which must be consistent with standards followed by the applicable industry or approved by appropriate government agency.
2. Retention of personal data shall be allowed in cases provided by law.
3. Personal data shall be disposed or discarded in a secure manner that would prevent further processing, unauthorized access, or disclosure to any other party or the public, or prejudice the interests of the data subjects.
Every data subject has the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR) and the right to data portability (Art. 20 GDPR). To exercise those rights, you can contact us under the contact information given in section I. 2. or 3.
In addition, if you are of the opinion that the processing of your personal data is unlawful, you have the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR). This right to complain is without any prejudice to any other administrative or judicial remedy.
Information about your right to object in accordance with Art. 21 General Data Protection Regulation (GDPR)
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you on the basis of Art. 6 (1) lit. f GDPR (processing of personal Data based on a balancing of interests); this includes profiling based on those provisions (Art. 4 No. 4 GDPR).
Should you decide to object the processing, we will stop to process personal data concerning you, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the purpose of establishment, exercise or defence of legal claims.
You also have the right to object at any time to processing of personal data concerning you for the purpose of advertising; this also applies to profiling insofar as it is associated with advertising.
Should you decide to object to the processing for advertising purposes, we will stop to process personal data concerning you for these purposes.
The objection is not subject to any form. Ideally, it should be lodged at the bodies mentioned in section I. 2. and 3.
Additionally, under the Implementing Rules and Regulations of the Data Privacy Act of 2012 Rule VIII. Rights of Data Subjects
Section 34. Rights of the Data Subject. The data subject is entitled to the following rights:
a. Right to be informed.
1. The data subject has a right to be informed whether personal data pertaining to him or her shall be, are being, or have been processed, including the existence of automated decision-making and profiling.
2. The data subject shall be notified and furnished with information indicated hereunder before the entry of his or her personal data into the processing system of the personal information controller, or at the next practical opportunity:
(a) Description of the personal data to be entered into the system;
(b) Purposes for which they are being or will be processed, including processing for direct marketing, profiling or historical, statistical or scientific purpose;
(c) Basis of processing, when processing is not based on the consent of the data subject;
(d) Scope and method of the personal data processing;
(e) The recipients or classes of recipients to whom the personal data are or may be disclosed;
(f) Methods utilized for automated access, if the same is allowed by the data subject, and the extent to which such access is authorized, including meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject;
(g) The identity and contact details of the personal data controller or its representative;
(h) The period for which the information will be stored; and
(i) The existence of their rights as data subjects, including the right to access, correction, and object to the processing, as well as the right to lodge a complaint before the Commission.
b. Right to object. The data subject shall have the right to object to the processing of his or her personal data, including processing for direct marketing, automated processing or profiling. The data subject shall also be notified and given an opportunity to withhold consent to the processing in case of changes or any amendment to the information supplied or declared to the data subject in the preceding paragraph.
When a data subject objects or withholds consent, the personal information controller shall no longer process the personal data, unless:
1. The personal data is needed pursuant to a subpoena;
2. The collection and processing are for obvious purposes, including, when it is necessary for the performance of or in relation to a contract or service to which the data subject is a party, or when necessary or desirable in the context of an employer-employee relationship between the collector and the data subject; or
3. The information is being collected and processed as a result of a legal obligation.
c. Right to Access. The data subject has the right to reasonable access to, upon demand, the following:
1. Contents of his or her personal data that were processed;
2. Sources from which personal data were obtained;
3. Names and addresses of recipients of the personal data;
4. Manner by which such data were processed;
5. Reasons for the disclosure of the personal data to recipients, if any;
6. Information on automated processes where the data will, or is likely to, be made as the sole basis for any decision that significantly affects or will affect the data subject;
7. Date when his or her personal data concerning the data subject were last accessed and modified; and
8. The designation, name or identity, and address of the personal information controller.
d. Right to rectification. The data subject has the right to dispute the inaccuracy or error in the personal data and have the personal information controller correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable. If the personal data has been corrected, the personal information controller shall ensure the accessibility of both the new and the retracted information and the simultaneous receipt of the new and the retracted information by the intended recipients thereof: Provided, That recipients or third parties who have previously received such processed personal data shall be informed of its inaccuracy and its rectification, upon reasonable request of the data subject.
e. Right to Erasure or Blocking. The data subject shall have the right to suspend, withdraw or order the blocking, removal or destruction of his or her personal data from the personal information controller’s filing system.
1. This right may be exercised upon discovery and substantial proof of any of the following:
(a) The personal data is incomplete, outdated, false, or unlawfully obtained;
(b) The personal data is being used for purpose not authorized by the data subject;
(c) The personal data is no longer necessary for the purposes for which they were collected;
(d) The data subject withdraws consent or objects to the processing, and there is no other legal ground or overriding legitimate interest for the processing;
(e) The personal data concerns private information that is prejudicial to data subject, unless justified by freedom of speech, of expression, or of the press or otherwise authorized;
(f) The processing is unlawful;
(g) The personal information controller or personal information processor violated the rights of the data subject.
2. The personal information controller may notify third parties who have previously received such processed personal information.
f. Right to damages. The data subject shall be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal data, taking into account any violation of his or her rights and freedoms as data subject.
Section 35. Transmissibility of Rights of the Data Subject. The lawful heirs and assigns of the data subject may invoke the rights of the data subject to which he or she is an heir or an assignee, at any time after the death of the data subject, or when the data subject is incapacitated or incapable of exercising the rights as enumerated in the immediately preceding section.
Section 36. Right to Data Portability. Where his or her personal data is processed by electronic means and in a structured and commonly used format, the data subject shall have the right to obtain from the personal information controller a copy of such data in an electronic or structured format that is commonly used and allows for further use by the data subject. The exercise of this right shall primarily take into account the right of data subject to have control over his or her personal data being processed based on consent or contract, for commercial purpose, or through automated means. The Commission may specify the electronic format referred to above, as well as the technical standards, modalities, procedures and other rules for their transfer.
Section 37. Limitation on Rights. The immediately preceding sections shall not be applicable if the processed personal data are used only for the needs of scientific and statistical research and, on the basis of such, no activities are carried out and no decisions are taken regarding the data subject: Provided, that the personal data shall be held under strict confidentiality and shall be used only for the declared purpose. The said sections are also not applicable to the processing of personal data gathered for the purpose of investigations in relation to any criminal, administrative or tax liabilities of a data subject. Any limitations on the rights of the data subject shall only be to the minimum extent necessary to achieve the purpose of said research or investigation.
On our Website we may link to other websites by third parties. Such websites by third parties are governed by the provisions and privacy policies of the respective third party offering the content behind those links. We do not actively check such links and external content unless required by applicable laws.
If you discover wrong and/or inappropriate content please inform us, for example via email to firstname.lastname@example.org and we will delete and change such links immediately.
Contact forms are found in several sections of the website. In the Homepage is a newsletter subscription found at the bottom of the page right before the footer section. In the Job section which collects personal information for the purpose of job application. The Contact section of this website also collects personal information. The data that this platform collects from the contact forms are used only for its intended use. It is not directly shared with any of our partners, unless otherwise stated.
In order to ensure the best possible protection of your data, the Website is offered via a secure SSL connection.
Section II: Processing of personal data regarding our Website
In order to offer you a convenient online service featuring numerous functions, our Website uses text files (“Cookies”). A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
If you visit our login page,Nurses Notes will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
If you are an employee or admin of Nurses Notes and has the ability to upload content, edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
We collect data about each visit of our Website (so-called server logfiles) (“Access Data”). Access Data includes the following:
Name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, User’s operating system, referrer URL (the previously visited page), IP address and the requesting provider
When using a mobile device Access Data also contains: Country code, language, device name, operating system and version name. We use this Access Data for statistical analysis for the purpose of operation, security and optimization of our Website. We anonymize Access Data before processing it for statistical analysis. However, we reserve the right to check these Access Data retrospectively if there is a justified suspicion of illegal use based on concrete indications.
This data is stored because this is the only way to prevent the misuse of our Website and Software and, if necessary, allow us to investigate any potential crimes committed. As a matter of principle, this data will not be passed on to third parties unless there is a legal obligation to pass it on or the transfer of data serves criminal prosecution purposes.
This data processing is based on Art. 6 (1) f. GDPR and we wish to achieve the legitimate interests of stabilizing and improving our Website, quality insurance and fraud prevention.
In case the anonymization of IP-addresses is active on a website, the user’s IP-address will be truncated inside the European Union or the European Economic Area. Only in exceptional cases the user’s full IP-address will be transmitted to a server of Google in the US and truncated there. IP-anonymization is active on our websites.
On behalf of us, Google will process this data in order to analyze your use of our websites, to generate reports on website activity and to render further services regarding the use of our websites. The IP-address transmitted by your browser will not be associated with other data in possession of Google.
You can prevent the storage of cookies by modifying your browser setting to decline cookies. Furthermore, you can prevent the collection and following procession of data by Google through this cookie by downloading a browser-plugin through the following link: https://tools.google.com/dlpage/gaoptout/.
An opt-out-cookie will be stored on your device. This will prevent further allocation of data through the Google Analytics cookie on our websites. Preventing storage of cookies may prevent you from taking full advantage of our websites.
You can find further information about terms and conditions as well as data protection on https://www.google.com/policies/privacy/
The processing of personal data through Google Analytics is based on Article 6 (1) lit. f GDPR. Purpose and our legitimate interest are analysis of the use of our websites as well as improved functionality.
There will be content you may access on this website containing videos from Youtube.
We have included YouTube by Google Inc., 1600 Amphitheater Parkway, Mountain View, California 94043, USA videos in our website, which are directly playable from our website. Without any action by you as User the YouTube Plugin is deactivated and therefore no data are transferred.
If you wish view the video, you have to click the respective button first. Only with the click of the respective button a connection to YouTube will be set up and data transferred thereto. The Google Inc. will get the information that you have accessed the corresponding website of our online service. In addition, automatically collected Access Data are transmitted.
Google Inc. processes the data collected about you via the Plugins, creates usage profiles and uses them for purposes of advertising and/ or market research. Such processing is carried out in particular for the presentation of needs-based advertisement and to inform other users of the social network about your activities on our website. You have a right to object to the formation of these user profiles, whereby you must contact the respective provider of the Plugin.
This happens regardless of whether YouTube provides a user account that you are logged in to, or if there is no user account. When you’re logged in to YouTube, your data will be assigned directly to your account. If you do not wish to associate with your profile on YouTube, you must log out before activating the button.
Google is certified according to the EU-US agreement “privacy shield,” https://www.privacyshield.gov. The “Privacy Shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA.
Through the embedded videos, we offer you the opportunity to play YouTube videos directly on our site, so that we can improve the usability of our website and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 (1) f. GDPR.
The Website is connected to various social networks via “Social Plugins“.
Without any action by you as User the Social Plugins are deactivated and therefore no data is transferred. If you wish to share for example a content, you have to click the respective button first. Only with the click of the respective button a connection to the respective social network will be set up and data transferred thereto.
The provider of the Plugin will get the information that you have accessed the corresponding website of our online service. In addition, automatically collected Access Data are transmitted.
The providers of Plugins process the data collected about you via the Plugins, create usage profiles and use them for purposes of advertising, market research and / or tailor-made design of their website. Such processing is carried out in particular for the presentation of needs-based advertisement and to inform other users of the social network about your activities on our website. You have a right to object to the formation of these user profiles, whereby you must contact the respective provider of the Plugin.
The data collection by the respective provider of the Plugin is carried out regardless of whether you have an account with the provider and are logged while using the Plugin. If you are logged into your Social Media account, your collected data will be assigned directly to your existing account with the provider of the Plugin.
For example, if you link the page, the Plugin provider also stores this information in your user account and shares it with your contacts publicly. We recommend that you log out regularly after using a social network, but especially before activating the Plugin.
The use of social media plugins is based on Art. 6 (1) f. GDPR. Our legitimate interest is improved functionality of our website and enabling our visitors to share our content on social media.
In detail, these are the following social networks:
1601 Willow Road, Menlo Park, CA 94025, USA or
Facebook Ireland Ltd.
4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook“).
Facebook is certified according to the EU-US agreement “privacy shield”, https://www.privacyshield.gov. The “privacy shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA.
LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA or LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”). LinkedIn is certified according to the EU-US agreement “privacy shield”, https://www.privacyshield.gov.
Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter“).
Twitter is certified according to the EU-US agreement “privacy shield”, https://www.privacyshield.gov.
ATTN: Privacy Operations
1601 Willow Road
Menlo Park, CA 94025
Instagram, a product of Facebook, utilizes standard contract clauses, rely on the European Commission’s adequacy decisions about certain countries, as applicable, and obtain your consent for these data transfers to the United States and other countries.
Nurses Notes share personal information that we collect to our partners and potential advertisers, should it deem fit for its intended agreement. Normally, these information come with a consent from the user from which they must agree prior to submitting their personal details. In addition, information that we gather from Analytics are shared with our partners and advertisers. This data from Analytics does not contain any of your personal information, but mere behavior of general users when they visit the website. The information that’s collected and shared are based on the tracking codes our partners are using. To get a complete understanding of this, please click here.
When contacting us (e.g. by email), we process your name, email address and any personal data disclosed in the message itself. The processing is based on Art. 6 (1) f. GDPR. Purpose and our legitimate interest is answering your enquiry and, if applicable, follow-up questions.
Your contact information is used depending on the purpose of the form that you have used when you submitted your personal information. You may receive newsletters directly from Nurses Notes in a form of email. You may also receive messages or calls from our affiliates if you have submitted your information in our job bank system. Your contact information and the data that you provide is protected by the EU GDPR cookie law and CCPA regulations. We only use your data based on its intended use. which you have to agree before you can submit your data.
With our newsletter we inform you about our products and us. When registering for the newsletter, you have to provide an email address. In case of registration for the newsletter, we also store the date of registration as well as the user’s first and last name, if you choose to additionally disclose those.
After registration, the user will receive an email to confirm the registration. The processing is based on your consent (Art. 6 (1) a. GDPR). Purpose of the processing is the distribution of our newsletter.
We process your requests for information, correction, deletion, restriction of processing of personal data and data portability pursuant to the GDPR.
In doing so we process the following personal data:
– Master data
– Privacy statements (consent to the processing of personal data, withdrawal of your consent, objections to the processing of personal data, statements asserting your rights of access, to rectification, erasure, restriction of processing, and data portability, including the information you provide us by asserting your rights)
– All data or categories of data that are the subject of the request.
The processing of personal data is based on Article 6 (1) lit. c GDPR. Purpose is an effective affected rights management.
We do not use automated decision-making. Regarding profiling, we use the tracking tool Google Analytics. For further information about our use of Google Analytics see Section II. 3. – “Google Analytics”.