e:lmo privacy policy
Data protection information of TCC GmbH
We, TCC GmbH, Humboldtstr. 67a, 22083 Hamburg (hereinafter referred to as "TCC") take the protection of personal data very seriously. We treat personal data confidentially and in accordance with the statutory provisions of the relevant data protection laws, in particular the European General Data Protection Regulation (GDPR) and this privacy policy.
This privacy policy relates to the use of the technical platforms e:va, e:mma, e:lmo and PMDS. Our digital offerings may contain links to other offerings from third-party service providers to which this privacy policy does not apply.
1. Responsible persons
The controller for the processing of personal data within the meaning of Art. 4 No. 7 GDPR is
TCC GmbH
Humboldtstr. 67a
22083 Hamburg
info@tcc-clinicalsolutions.de
If you have any questions about data protection, please contact us at the above postal address with the addition "Data protection" or at the e-mail address provided. Our data protection officer can be reached at dsb@tcc-clinicalsolutions.de.
2. Purpose of the processing of personal data
2.1 Data processing for the provision of contractual services
We collect and process personal data insofar as this is necessary for the performance of our contractual relationship. This includes, in particular, the e-mail address, possibly the name or the name/salutation provided and, if applicable, the license code or similar, in order to ensure that only registered users have access to the functions of the respective service offer, to be able to communicate regarding the use, if applicable, and to be able to bill for services, if applicable.
For all forms, we only collect the personal data that is absolutely necessary for the initiation or processing of the contractual relationship. The collection of data that is not absolutely necessary, but in which we are interested in order to optimize the fulfillment of the purpose, is only optional. In this case, you can decide on a voluntary basis whether and which data you wish to provide to us.
The basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
2.2 Data processing in the context of chat, video and telecommunication transmissions
In the context of some of our services and in particular in the context of our TCC apps, we offer you the opportunity to make or participate in internet calls, video conferences and/or telecommunication transmissions. Depending on whether and, if so, how the software solution used for this purpose and the functionalities or services offered with it are used, the personal data listed below may be the subject of processing: Personal details: user name and profile picture; meeting metadata: Participant IP addresses, device/hardware information; for recordings: MP4 file of all video, audio and video recordings, M4A file of audio recordings, text file of chats; when dialing in by telephone: details of the incoming and outgoing telephone number, country name, start and end time. It may be possible to use the chat, question or survey function - text entries made may be processed in order to transmit, display and, if necessary, log them. In order to enable the display of video and the playback or transmission of audio, the data of the microphone and/or video camera of the end device used is processed for the duration of the video or audio function use. The camera and/or microphone can be deactivated or muted at any time via the software used.
The data processing described above is necessary so that we can provide the services described above. The basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.
2.3 e:va Dashboards
The e:va platform serves the purpose of visualizing medical data, nursing data and therapy data from the PDMS in an aggregated, contextual and relevant manner.
With regard to the data processing explained, Art. 6 para. 1 sentence 1 lit. b GDPR forms the basis. Some of the data that is processed is assigned to the special category of personal data, in particular health data within the meaning of Art. 9 GDPR or Section 22 BDSG, which is specially protected in accordance with Art. 9 para. 1 GDPR. In addition, these are only processed under special conditions. For this reason, we may obtain consent to process such data. Data processing is carried out on the basis of consent pursuant to Art. 6 para. 1 sentence 1 lit. a in conjunction with Art. 9 para. 2 lit. Art. 9 para. 2 lit. a GDPR. Consent that has been granted can be revoked at any time with effect for the future. An informal notification to us is sufficient for this. The legality of the data processing operations already carried out remains unaffected by the revocation.
2.4 e:mma App
The purpose of the e:mma app is to enable proactive, data-driven medical treatment. The app serves as a platform for the use of various microservices in the area of prediction scores.
The possible microservices in the app are, as of May 2024, not for medical purposes and are not approved for such purposes. Customers act with this knowledge and therefore at their own risk. Any claims against TCC GmbH arising from this are excluded. Customers are obliged to obtain the patient's consent in writing.
Microservice Sepsis Prediction:
The SepsisPredict algorithm provides a non-invasive, cost-effective sepsis risk prediction solution that helps optimize healthcare resources in hospitals and medical facilities. The software supports early detection of sepsis, which can lead to a reduction in complications, hospitalizations, mortality rates and long-term effects of sepsis. In particular, personal data within the meaning of Art. 9 para. 1 GDPR is processed in this context.
With regard to the data processing described above, Art. 6 para. 1 sentence 1 lit. b GDPR provides the basis, which permits the processing of data for the performance of a contract or pre-contractual measures. At least some of the data may be special categories of personal data, especially health data, within the meaning of Art. 9 GDPR or Section 22 BDSG, which are specially protected in accordance with Art. 9 para. 1 GDPR and may only be processed under special conditions. We may therefore obtain consent to process such data. The data processing then takes place on the basis of the consent in accordance with Art. 6 para. 1 sentence 1 lit. a, if applicable in conjunction with Art. 9 para. 2 lit. Art. 9 para. 2 lit. a GDPR. Consent that has been granted can be revoked at any time with effect for the future. An informal notification to us is sufficient for this. The legality of the data processing operations already carried out remains unaffected by the revocation.
2.5 e:lmo platform
Multidisciplinary communication is provided within e:lmo. The platform enables collaboration between doctors and nursing staff. This results in a smooth exchange of information and coordination of patient care. Furthermore, the platform serves as a documentation tool, which allows for the consil-related storage and retrieval of patient-related information. In this context, primarily personal data is processed in accordance with Art. 9 para. 1 GDPR.
With regard to the data processing explained, Art. 6 para. 1 sentence 1 lit. b GDPR forms the basis. The data that is processed is of the special category of personal data, in particular health data within the meaning of Art. 9 GDPR, or Section 22 BDSG, which is specially protected in accordance with Art. 9 para. 1 GDPR. In addition, these will only be processed under special conditions. For this reason, we may obtain consent to process such data. Data processing is carried out on the basis of consent pursuant to Art. 6 para. 1 sentence 1 lit. a in conjunction with Art. 9 para. 2 lit. Art. 9 para. 2 lit. a GDPR. Consent that has been granted can also be withdrawn at any time with effect for the future. An informal notification to us is sufficient for this. The legality of the data processing operations already carried out remains unaffected by the revocation.
2.6 App and App Store - Use
In order to install a TCC app, you may have to conclude a user agreement with a third-party provider (e.g. iOS App Store, Google Play Store) for access to a portal or online store of the respective third-party provider.
We are not party to such an agreement and have no influence on the data processing by the third-party provider. Which data is processed and how it is processed in the context of registration with the online store can be found in the privacy policy of the third-party provider. The download from the online store is purely voluntary. The app itself is free of charge, but we would like to point out that connection costs may be incurred.
The functions of the TCC apps may only be available to registered users. A network connection is required for some services of the TCC apps. If a form is filled out within a TCC app, the form data may be stored within the app and forwarded to us. Cookies may need to be used to maintain sessions within a TCC app (see below). These expire after the app has been used and do not allow any conclusions to be drawn about personal identity. Personal data is processed as part of the use of an app in order to be able to offer the use of the app and app-specific services. If there are other processing purposes, we will inform you about them directly in the respective app or in the respective app store or in this privacy policy.
The basis for the above data processing is Art. 6 para. 1 sentence 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
2.7 Registration processes
To use some of our offers, you may have to go through and complete a registration process. The personal data requested in the respective registration process will then be processed: license code if applicable, title if applicable, first name if applicable, last name if applicable, e-mail address if applicable and an identifier if applicable in order to be able to assign the use of the respective offer to a specific person or a specific end device.
The basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
2.8 Cookies
We may use so-called cookies, among other things to be able to offer services, in particular to ensure the registration or login status in e:lla and e:rin.
Cookies are small text files that are stored on the user's end device and may contain data on the respective user in order to enable access to various functions, among other things. Cookies are stored on the end device used and may be read by us from there. Consequently, users have control over the use of cookies. By changing the settings, the transmission of cookies can be deactivated or restricted and, for example, cookies from third parties or cookies can be generally rejected. However, if the setting of cookies for our services is prevented, it may not be possible to use the functions or services offered or to use them to their full extent.
In the context of our digital offerings, we may use cookies that are necessary to enable us to provide the services we owe or to ensure the functionality of our services. The legal basis for setting these cookies is Section 25 (2) No. 2 TTDSG. Any processing of personal data carried out in this context is then based on Art. 6 para. 1 sentence 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures, or Art. 6 para. 1 sentence 1 lit. f GDPR, which permits data processing to safeguard the legitimate interests of the controller, unless the interests or fundamental rights and freedoms of the data subject outweigh the controller's interest in data processing. Our interest then lies in ensuring the provision of the functions of our services.
We may obtain consent for the use of other cookies that are not required. The cookies are then set on the basis of the consent given in accordance with Section 25 (1) TTDSG, any processing of personal data carried out in this context in accordance with Art. 6 (1) sentence 1 lit. a GDPR. Consent can be withdrawn at any time. The legality of data processing already carried out on the basis of consent remains unaffected by the revocation.
2.9 Data processing for communication
In addition to the contract data, we process communication data (name, address, telephone number, e-mail address) in order to process an inquiry and/or to be able to contact you regarding an inquiry or a contract. Personal data provided to us by e-mail or via a contact form or via another communication channel opened by us will only be processed for correspondence or only for the purpose for which the data was provided to us.
This data is processed on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR if an inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 sentence 1 lit. f GDPR) or on consent (Art. 6 para. 1 sentence 1 lit. a GDPR) if this has been obtained in this regard.
2.10 Newsletter
With your consent, you can subscribe to our newsletter, which we use to inform you about news and interesting offers. The respective content of a newsletter is explained in the respective declaration of consent. In order to subscribe to a newsletter offered by us, you must provide an e-mail address and information that allows us to verify that the owner of the e-mail address provided wishes to subscribe and agrees to receive the newsletter. For this purpose, we will send an e-mail to the specified e-mail address with a confirmation link (double opt-in). If the registration is not confirmed, the information provided will be blocked and automatically deleted.
The only mandatory information for sending the newsletter is an e-mail address. The provision of further, separately marked data is voluntary and is used to be able to address you personally. In addition, we store the IP addresses used and the times of registration and confirmation. The purpose of this procedure is to provide proof of registration and, if necessary, to be able to clarify any possible misuse of personal data. We do not collect any other data in this context. We use this data exclusively for sending the requested newsletter.
Data processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. Consent to the sending of a newsletter can be revoked at any time and the respective subscription can be canceled. The revocation can be declared by clicking on the link provided in each e-mail or by sending us a message using the contact details given in section 1. The legality of the data processing operations already carried out remains unaffected by the revocation.
2.11 Data processing for improvement and/or research purposes
We may also use data for research purposes and to improve our services. In this context, we only use personal data in anonymized form where possible or required.
The basis for data processing may be Art. 6 para. 1 sentence 1 lit. f GDPR, which permits the processing of data for the purposes of the legitimate interests pursued by the controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Our interest lies in the scientific use of the data to improve the digital care program.
2.12 Data processing in the context of our Facebook and Instagram pages
We operate company pages (fan pages) on the social network facebook.com ("Facebook") and on the social network Instagram ("Instagram") of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. For the operation of the aforementioned site, we are jointly responsible with Meta Platforms Ireland Limited ("Meta") within the meaning of Art. 4 No. 7 GDPR. The Facebook terms of use and guidelines as well as the agreement on joint responsibility pursuant to Art. 26 GDPR can be found here.
The type and scope of the information provided, the associated purposes of the data processing, its legality and information on exercising the rights of data subjects can be found in Facebook's privacy policy and other information provided by Meta on the processing of "Insights data" (see above). Meta provides us with so-called Page Insights for our website. Page insights (e.g. https://www.facebook.com/business/a/page/page-insights) are summarized data that we can use to gain information about how people interact with our site. Facebook is responsible for generating and providing these Page Insights; we have no influence over this. This also applies to data processing that is carried out exclusively for the purposes of Meta Platforms Ireland Limited. Meta also assumes all obligations under the GDPR with regard to the processing of Insights data (including Art. 12 and 13 GDPR, Art. 15 to 22 GDPR and Art. 32 to 34 GDPR).
The purpose of the data processing of the data provided by us is the statistical evaluation of the use of our company pages. This enables us, for example, to determine the preferred visiting and posting times of our users and to use this information to optimize our posts and our company pages. In addition, we process personal data made publicly accessible there (e.g. real names in the user profile) as well as data directly related to activities on our company pages (e.g. contributions, posts, likes, tags), also for the purpose of communication.
The basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures, insofar as the data is processed in accordance with the Facebook or Instagram terms of use, otherwise, insofar as we are responsible under data protection law, Art. 6 para. 1 sentence 1 lit. f GDPR, which permits the processing of data to safeguard the legitimate interests of the controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail. Our interest lies in the provision of content and communication with users of social networks and in improving the reach and effectiveness of our posts.
The rights to information, correction, deletion, restriction of processing and data portability of the stored Insights data can be asserted against Meta, as Meta has assumed the corresponding obligations:
Meta Platforms Ireland Limited
4 Grand Canal Square
Dublin 2, Ireland
Privacy policy: https://www.facebook.com/about/privacy/
2.13 Data processing in the context of our LinkedIn company page
We operate a company page on the social network linkedin.com of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn") and are provided by LinkedIn with so-called page analytics with regard to our services. We are jointly responsible with LinkedIn for this operation of the LinkedIn company page within the meaning of Art. 26 GDPR.
The nature and scope of the information provided to LinkedIn, the associated purposes of data processing by LinkedIn, its lawfulness and information on exercising data subject rights can be found in LinkedIn's privacy policy at the URL https://www.linkedin.com/legal/privacy-policy and the joint responsibility agreement, which can be found at the URL https://legal.linkedin.com/pages-joint-controller-addendum. Page analytics is aggregated data that allows us to gain insight into how people interact with our site. The generation and provision of these page analytics is the responsibility of LinkedIn, we have no influence on this. LinkedIn assumes all obligations under the GDPR with regard to the processing of Insights data (including Art. 12 and 13 GDPR, Art. 15 to 22 GDPR and Art. 32 to 34 GDPR).
The purpose of the data processing of the data provided by LinkedIn by us is the statistical evaluation of the use of our company page. This enables us, for example, to determine the preferred visiting and posting times of our users and to use this information to optimize our posts and our company page. In addition, we process personal data made publicly available on LinkedIn (e.g. real names in the user profile) as well as data directly related to activities on our company page (e.g. contributions, posts, likes, tags), also for the purpose of communication.
The basis for the above data processing is Art. 6 para. 1 sentence 1 lit. a GDPR. If consent has been given to LinkedIn, this consent can be revoked at any time with effect for the future. If consent has been given to us in this regard, this consent can be revoked at any time with effect for the future. Otherwise, our data processing is based on Art. 6 para. 1 sentence 1 lit. f GDPR, which permits the processing of data to safeguard the legitimate interests of the controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail. Our interest lies in the provision of content and communication with LinkedIn users and in improving the reach and effectiveness of our posts.
The rights to information, correction, deletion, restriction of processing and data portability of the stored Insights data can be asserted against LinkedIn, as LinkedIn has assumed the corresponding obligations:
LinkedIn Ireland Unlimited Company
Wilton Place
Dublin 2
Ireland
Privacy policy https://www.linkedin.com/legal/privacy-policy
1.14 Online presence in other social networks
We may have set up online presences in other social networks in order to communicate with interested parties and customers and to inform them about our services and current offers. In addition to our interactions, the social networks process data from visitors to their websites for the purpose of market research and advertising, i.e. a user profile may be created by the respective operator of the social network from the respective visit or usage behavior and the preferences and interests of a visitor derived from this. Such user profiles can be used, among other things, to display advertisements customized to the respective user profile within the respective social network and possibly on other websites. Cookies (see above) may be stored on visitors' devices, which can be used to collect data on user behavior. This data can also be collected across several browsers and/or end devices used by a user, especially for logged-in members of the respective social network. Even if a visitor does not have a profile with the respective social network, it cannot be ruled out that personal data relating to this visitor will be stored when they visit the respective website.
Requests for information regarding the data stored via our online presence in social networks or the exercise of other related data subject rights (see below) can be addressed to the provider(s) of the respective service. Only the providers of the social networks have access to the respective data stored there and can provide the relevant information. With regard to the purpose and scope of data processing by the various social networks, we also refer to their respective data protection notices and the respective contact options:
New Work SE
Am Strandkai 1
20457 Hamburg
Germany
Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung
The processing of data in the context of our online presence in social networks takes place, insofar as we are responsible under data protection law, on the basis of our legitimate interest in effective information and direct communication with interested parties and customers of our company. The basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR, which permits the processing of data for the purposes of the legitimate interests pursued by the controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Our interest lies in the provision of content and communication with users of the respective social networks and in improving the reach and effectiveness of our posts.
2.15 Matomo
On some of our websites, we may use the Matomo analysis service to analyze the use and optimization of our websites. When used, Matomo creates an internal hash value for each visitor to the respective website, which is calculated from various factors such as the anonymized IP address, the resolution, the browser, the plug-ins used and the operating system.
In contrast to other analysis and statistics programs, Matomo does not transmit any data to a third-party server. The IP address transmitted by the browser via Matomo is neither merged with other data collected by us nor passed on to third parties and is only processed anonymously. No tracking cookies are set as part of our web analysis with Matomo. If individual pages of our website are accessed, the following data is processed: two bytes of the IP address of the accessing system (anonymous), browser type and version, operating system used, the website accessed, the website from which the visit is made (referrer URL) - unless the accessing browser prohibits this, the pages and files that are accessed on our website, and, if applicable, the website visited after ours. the website that is visited after ours (when clicking on an external link on our website), the date and time of access, the time spent on the website, the frequency with which the website is accessed, the location (country).
The use of Matomo described above is based on Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in analyzing user behavior in order to optimize our website and identify errors.
2.16 Data processing for the protection of legitimate interests
We also process personal data if this is necessary to protect our legitimate interests or those of third parties. This may be the case in particular to ensure IT security and IT operations, especially in the case of support requests, to be able to trace and prove facts in the event of legal disputes, and to statistically evaluate usage.
The basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in the data processing listed above. Our interest lies either in IT security, in ensuring support for better usability of the app or in our legal interest or in our interest in analysis.
2.17 Other data processing on the basis of consent
We may also request consent for the processing of personal data. Any granting of consent and the relevant data processing in each case is done on a voluntary basis and there are no disadvantages in the event of non-consent.
Data processing is then carried out on the basis of consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. Consent that has been granted can be revoked at any time with effect for the future. An informal notification to us is sufficient for this. The legality of the data processing operations already carried out remains unaffected by the revocation.
2.18 Log files
Each time e:lla and e:rin are used, a connection is established with the corresponding server. Information is automatically collected in the process. The IP address and information about the device used are recorded. Without this data, it would not be technically possible to use e:lla or e:rin. In this respect, the collection of data is absolutely necessary. In addition, we use the anonymized information for statistical purposes. This data cannot be assigned to specific persons. This data is not merged with other data sources. They help us to optimize the offer and the technology.
We also reserve the right to check the log files retrospectively if we suspect illegal use of our website.
The legal basis for the temporary storage of the data or log files is Art. 6 para. 1 sentence 1 lit. f GDPR, whereby the legitimate interest follows from the aforementioned purposes.
2.19 Data processing for applications
Applications for positions in our company can be sent to us via our websites and the contact details provided there. If personal data is transmitted to us in this way or in any other way in applications, we process personal data for the purpose of reviewing, processing and responding to the application and, if necessary, preparing the employment relationship.
The basis for data processing is either Art. 88 para. 1 GDPR, Section 26 para. 1 BDSG (new) which permits the processing of data for the decision on the establishment, for the establishment and for the execution of employment relationships or - if consent has been given - Art. 6 para. 1 sentence 1 lit. a GDPR. Consent given can be revoked at any time with effect for the future. All you need to do is send us an informal email. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
2.20 Data processing for the fulfillment of legal obligations
In addition, we process personal data to fulfill legal obligations (e.g. regulatory requirements, commercial and tax law retention and verification obligations).
The basis for data processing is Art. 6 para. 1 sentence 1 lit. c GDPR, which permits processing to fulfill a legal obligation.
3. Recipients of the personal data
Personal data will only be passed on or otherwise transmitted to third parties if this is necessary for the purpose of providing the service or if express prior consent has been given or if there is a legal basis for the transfer.
Service providers who support us in providing our services to you are sales and marketing partners, software (SaaS) providers, IT service providers, in particular service providers for software and hardware maintenance, hosting providers and e-mail service providers.
4. Duration of data storage
In principle, we delete personal data as soon as it is no longer required for the above-mentioned purposes, unless temporary storage is still necessary. For example, we store personal data on the basis of legal obligations to provide evidence and retain data, including those arising from the German Commercial Code and the German Fiscal Code. The storage periods are up to ten years. We also store personal data for the period during which claims can be asserted against our company (statutory limitation period of three or up to thirty years).
5. Rights of data subjects
Within the framework of the applicable statutory provisions, data subjects have the right to obtain information free of charge at any time about their personal data stored by us, its origin and recipients and the purpose of the data processing and, if applicable, a right to rectification or erasure of this data.
You can contact us at any time using the contact details given in section 1 if you have any further questions on the subject of personal data.
Data subjects may also have the right to restrict the processing of their data and the right to receive the data provided in a structured, commonly used and machine-readable format.
If we have been given consent to process personal data for specific purposes, this consent can be withdrawn at any time with effect for the future. If we process data to protect legitimate interests, this processing can be objected to on grounds relating to the particular situation of the data subject. If we cannot demonstrate compelling legitimate grounds for further processing which override the interests, rights and freedoms of the data subject, or if we process the data in question for direct marketing purposes, we will no longer process this data.
In addition, data subjects have the option of contacting a data protection supervisory authority (right to lodge a complaint).
arztkonsultation ak GmbH - Privacy policy
1. data protection at a glance
General information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. Detailed information on the subject of data protection can be found in our data protection declaration listed below this text.
Data collection on this website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find the operator's contact details in the "Information on the controller" section of this privacy policy.
How do we collect your data?
On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter during registration, in your user account or when booking an appointment.
Other data is collected automatically or with your consent by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.
What do we use your data for?
Some of the data is collected to ensure that the website is provided without errors. Other data can be used to analyze your user behavior.
What rights do you have with regard to your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. You also have the right to lodge a complaint with the competent supervisory authority.
You can contact us at any time if you have further questions on the subject of data protection.
Analysis tools and tools from third-party providers
When you visit this website, your surfing behavior may be statistically evaluated. This is mainly done with so-called analysis programs.
Detailed information on these analysis programs can be found in the following privacy policy.
2. hosting
External hosting
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.
The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).
Our hoster will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions with regard to this data.
We use the following hoster:
dogado.pro GmbH (formerly RobHost GmbH)
Glashütter Str. 53
01309 Dresden
Germany
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany
Order processing
We have concluded a data processing agreement (DPA) with the above-mentioned providers. This is a contract prescribed by data protection law, which ensures that they only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
3. General notes and mandatory information
Data protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the Internet (e.g. when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.
Note on the responsible body
The controller responsible for data processing on this website is:
arztkonsultation ak GmbH
Schusterstr. 3
19055 Schwerin
Schwerin, Germany
Phone: +49 385 5183000-0
E-mail: info@arztkonsultation.de
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).
Storage duration
Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the deletion will take place after these reasons no longer apply.
Data Protection Officer
We have appointed a data protection officer for our company.
SECUWING GmbH & Co KG / Data Protection Agency
Maximilian Hartung
Frauentorstrasse 9
86152 Augsburg
Augsburg, Germany
Phone: +49 821 90786450
E-Mail: epost@datenschutz-agentur.de
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can withdraw your consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to object to the collection of data in special cases and to direct marketing (Art. 21 GDPR)
IF THE DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA CONCERNED UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR).
IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).
Right to lodge a complaint with the competent supervisory authority
In the event of breaches of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint is without prejudice to any other administrative or judicial remedies.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Information, deletion and correction
Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipients and the purpose of the data processing and, if necessary, a right to correction or deletion of this data at any time. You can contact us at any time if you have further questions on the subject of personal data.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time to do this. The right to restriction of processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we generally need time to check this. You have the right to request the restriction of the processing of your personal data for the duration of the review.
- If the processing of your personal data was/is carried out unlawfully, you can request the restriction of data processing instead of erasure.
- If we no longer need your personal data, but you need it for the exercise, defense or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
- If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
Objection to advertising e-mails
We hereby object to the use of contact data published as part of our obligation to provide a legal notice for the purpose of sending unsolicited advertising and information material. The operators of this website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.
4. data collection on this website
Cookies and local storage
Our Internet pages use so-called "cookies". Cookies are small text files and do not cause any damage to your end device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.
Cookies are sent to the server each time the page is accessed. This is not necessary for all information. In these cases, we use local storage technology (also known as "local data" or "local storage"). This involves storing data locally in your browser's cache, which can still be accessed and read even after the browser window has been closed or the program has been exited - unless you delete the cache. Third parties cannot access the data stored in the local storage. They are not passed on to third parties and are not used for advertising purposes.
Cookies have various functions. The cookies used are technically necessary, as certain website functions would not work without them.
Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the cookies in question are stored exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR); consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this privacy policy and, if necessary, request your consent.
Technically necessary cookies and local storage entries when using the video consultation
ak_webapp_appointment_display_mode (cookie - storage period 30 days)
If available, this entry specifies how the calendar view should be displayed and distinguishes between list and calendar view.
ak_webapp_camera_settings (cookie - storage period 30 days)
Special features set for the devices used in the video call. Does the image need to be rotated? Has the preparation been carried out? Has a camera or microphone been specifically selected? Is created when the user has successfully logged in.
ak_webapp_lastlogin (cookie - storage period 30 days)
If present, this entry indicates the last login type used to log in. This can improve the user experience by displaying the corresponding panel on the next login screen and eliminating the need to select the login type.
ak_webapp_locale (cookie - storage period 30 days)
If the user sets a language, the setting is saved here. Is created if the user changes the default setting (browser setting > "de").
ak_webapp_systeminfo (cookie - storage period 30 days)
If present, this entry specifies whether warnings about the browser version or unset document key passwords should no longer be displayed.
ak_webapp_user_token (cookie - storage duration 24 hours)
The authentication token for the user logged in to the API. Is created when the user has successfully logged in to the API. Is deleted when the user has successfully logged out of the API. With the "Stay logged in" option, deletion takes place after 24 hours.
aklogid (cookie - storage period 1 day)
An ID to be able to display possible error messages in groups. Is created the first time the WebApp is called up on this day.
io (cookie - storage duration session)
A session ID for WebSocket, which is required for communication with the WebRTC server.
arztkonsultation_session (cookie - session storage duration)
Can also exist as videosprechstunde_digital_session. Contains the session ID of the user session.
XSRF-TOKEN (cookie - storage duration 2 hours)
Token to protect form entries.
openpages (Local Storage - permanent)
This value is used to determine whether the WebApp is reopened in another tab. A timestamp is set when the WebApp is called up. The stamp is deleted when the last tab with our WebApp is closed. Is used together with "page_available".
page_available (Local Storage - permanent)
This value is used to determine whether the WebApp is reopened in another tab. When the WebApp is called, this value is set if "openpages" already exists. Is used together with "openpages".
pusherTransportTLS (Local Storage - permanent)
This value contains information on latency, time of last access and protocol for the connection to the push notification service.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address (shortened)
This data is not merged with other data sources.
This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website -- for this purpose, the server log files must be recorded.
Request by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, we will store and process your inquiry, including all personal data (name, inquiry), for the purpose of processing your request. We will not pass on this data without your consent.
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.
The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
Setting up a user account
When you set up a user account, we store the data you enter with TCC GmbH that is required to carry out the "video consultation" function (contract data). These data are title, surname, first name and your e-mail address (if available).
Your data will be stored until the video consultation function is deactivated and then for a further year in the event of simple reactivation. If you were a customer liable to pay, we are legally obliged to store this data for six years from the last accounting entry of the financial year of your deactivation for the purpose of providing evidence to the tax office in accordance with Section 147 of the German Fiscal Code. The documents containing your data must be retained in our accounting records for ten years after this date.
Additional users
If additional users are created to conduct video calls or for administration purposes, their first and last names and e-mail address (if available) are collected, stored and processed.
The legal basis is the necessity for the processing of a contractual relationship (Art. 6 para. 1 lit. b GDPR).
Use of the video consultation by patients
We only store your name and the TAN code you use to log in. We automatically delete this data record after one month. In the customer area of your service provider, we also store when, with whom and for how long a video consultation took place for billing purposes. This data record is automatically deleted after three months. We do not collect any other patient data.
The legal basis is the consent of the data subject (Art. 6 para. 1 lit. a GDPR).
Communication between the service provider and patient is authenticated and encrypted via our servers, which are located exclusively in Germany. It goes without saying that the content of the communication between service provider and patient is not stored.
Status: 27.06.2024