for the offer www.digitalplushealth.de, also “website”.
I. General
With the following information, we would like to give you an overview of the
processing of your personal data by us and your rights under data protection
law. Personal data is only processed if the data subject has consented, if it is
necessary for the performance of a contract or if the EU General Data Protection
Regulation (GDPR) or another law permits or prescribes the processing.
-
Who is responsible for data processing and whom can I contact?
Responsible according to Art. 4 Para. 7 of the EU Data Protection
Regulation (GDPR) and the Federal Data Protection Act (BDSG) is:
HEPICC GmbH, Koppelskamp 3c, 40489 Düsseldorf, Germany
HRB 92350
Sie erreichen unseren Datenschutzbeauftragten unter:
info@hepicc.de
-
What sources and data do we use?
We process personal data that we collect from each other and make
available to our users within the framework of our business relationship
for the better exchange of information and services with companies in
the health industry and within the framework of our “HEPICC GmbH” offer.
In addition, HEPICC GmbH collects user data accessible from public
sources (e.g., publications, specializations, lecturing activities,
committee membership).
Participating companies in the health industry and other service
providers (both together in the following: “partners”) can then view
this profile data and, in doing so, contact the users, for example, in
order to submit an offer for cooperation.
Furthermore, users of our “HEPICC GmbH” service can access the data
provided by other users to achieve better treatment approaches and
procedures for their patients and exchange information with each other.
Personal data is thus collected in order to assist users in exchanging
information and services with a partner and with each other. The data
provided will be stored by HEPICC GmbH and used within the framework of
the exchange of information and services.
Relevant personal data are, in particular, personal details (especially
first name, surname, telephone number and e-mail address). In addition,
this may also be order data (e.g., for booking a consultation or a
corresponding preliminary enquiry), data from the fulfilment of our
contractual obligations (e.g. billing data in the context of invoicing),
documentation data (e.g. advertising and sales data) as well as other
data comparable with the aforementioned categories.
In detail, we process the following personal data:
- When visiting the website: www.digitalplushealth.de
When you use the website for information purposes only, i.e., if
you do not transmit any information to us, we only collect the
personal data that your browser transmits to our server. When
you view our website, we collect the following data, which is
technically necessary for us to display our website to you and
to ensure its stability and security (legal basis is Art. 6
para. 1 p. 1 lit. f DSGVO):
- IP address
-
Date and time of the request
-
Time zone difference to Greenwich Mean Time (GMT)
-
Content of the request (specific page)
-
Access status/HTTP status code
-
Amount of data transferred in each case
-
Website from which the request came
-
browser
-
Operating system and its interface
-
Language and version of the browser software.
In addition to the aforementioned data, cookies are stored on
your computer when you use our website. Cookies are small text
files that are stored on your hard drive in relation to the
browser you are using and which provide the party setting the
cookie (in this case, us) with certain information. Cookies
cannot execute programs or transfer viruses to your computer.
They serve to make the Internet offer more user-friendly and
effective overall.
Use of cookies:
This website uses the following types of cookies, the scope and
functionality of which are explained below:
- Transient cookies
- Persistent cookies
Transient cookies are automatically deleted when you close the
browser. These include, in particular, session cookies. These
store a so-called session ID, with which various requests from
your browser can be assigned to the joint session. This enables
your computer to be recognized when you return to our website.
Session cookies are deleted when you log out or close the
browser.
Persistent cookies are automatically deleted after a predefined
period of time, which may differ depending on the cookie. You
can delete the cookies in the security settings of your browser
at any time.
You can configure your browser setting according to your
preferences and, for example, refuse to accept third-party
cookies or all cookies. Please note that you may not be able to
use all the functions of our website.
-
What do we process your data for (purpose of processing) and on what
legal basis?
We process personal data in accordance with the provisions of the EU
General Data Protection Regulation (GDPR) and the German Federal Data
Protection Act (BDSG)
-
for the fulfilment of contractual obligations (Art. 6 para. 1
b GDPR).
Data is processed to improve the exchange of information and
services between our users and partners, i.e., in particular
companies in the health industry and, within the scope of our
“HEPICC GmbH” service, also between users themselves, in the
context of the performance of our contractual relationships with
our customers or for the performance of pre-contractual measures
(e.g., making appointments for an exchange about the consulting
portfolio of HEPICC GmbH), which take place upon request. The
purposes of the data processing primarily depend on the specific
service and may include, among other things, the provision of
advice, support as well as the performance of corresponding
services.
- within the framework of the balancing of interests (Art. 6
para. 1 f GDPR)
Where necessary, we process your data beyond the actual
performance of the contract to protect legitimate interests of
us or third parties.
Examples:
- Ensuring IT security and the IT operation of our
company,
- Assertion of legal claims and defense in legal disputes,
- Prevention and investigation of criminal offences,
- Advertising or market research insofar as you have not
objected to the use of your data,
- Measures for business management and further development
of services and products.
-
based on your consent (Art. 6 para. 1 a GDPR)
Insofar as you have given us consent to process personal data
for certain purposes (e.g., forwarding data to partners in the
health industry, evaluating data for marketing purposes, sending
newsletters), this processing is lawful on the basis of your
consent.
Consent given can be revoked at any time. This also applies to
the revocation of declarations of consent given to us prior to
the application of the GDPR, i.e., prior to 25 May 2018. The
revocation of consent only takes effect for the future and does
not affect the lawfulness of the data processed until the
revocation.
-
Who gets my data?
Within our company, those areas that need your data to fulfil our
contractual and legal obligations are given access to it. Service
providers and vicarious agents employed by us may also receive data for
these purposes, provided that they in particular maintain the
confidentiality and particular sensitivity of the data.
You therefore consent to us transmitting, processing and using the data
you have provided to third parties for the purpose of providing
independent advice, information or customer support through partners and
also to contact you by e-mail or telephone for this purpose for the
purposes stated above.
In particular, you expressly consent to our transferring the data
provided to third parties in the above-mentioned cases – insofar as this
is necessary – and to their collecting, storing and using it to the same
extent as we would be permitted to do under this data protection
declaration.
With regard to the transfer of data to recipients outside of our
company, it should first be noted that we generally only pass on
information about you if this is required by legal provisions or if you
have consented to this.
Under these conditions, recipients of personal data may be, for example:
- Companies in the health industry,
- in the context of our “HEPICC GmbH” offer, the respective users
among themselves,
- service providers that we use within the framework of order
processing relationships.
Further data recipients may be those bodies for which you have given us
your consent to transfer data or to which we are authorized to transfer
personal data on the basis of a balancing of interests.
-
Are data transferred to a third country or to an international
organization?
A transfer of data to countries outside the European Union (so-called
third countries) takes place as far as
-
it is required by law (e.g., reporting obligations under tax
law) or
- you have given us your consent.
Furthermore, a transfer to bodies in third countries is provided for in
the following cases:
- If required in individual cases, your personal data may be
transferred to an IT service provider in the USA or another
third country to ensure the IT operation of our company in
compliance with the European data protection level.
- Personal data of those interested in our services may also be
processed in the USA within the framework of a CRM system with
their consent.
-
How long will my data be stored?
We process and store your personal data as long as this is necessary for
the fulfilment of our contractual and legal obligations. If the data is
no longer required for the fulfilment of contractual or legal
obligations, it is regularly deleted, unless its – temporary – further
processing is necessary for the following purposes:
-
Fulfilment of retention obligations under commercial and tax
law, which may result, for example, from the German Commercial
Code (HGB) or the German Fiscal Code (AO),
- preservation of evidence within the framework of the statutory
limitation provisions. According to §§ 195 ff. of the German
Civil Code (BGB), these limitation periods can be up to 30
years, with the regular limitation period being 3 years.
-
What data protection rights do I have?
Every data subject has the right to information under Article 15 of the
GDPR, the right to rectification under Article 16 of the GDPR, the right
to erasure under Article 17 of the GDPR, the right to restriction of
processing under Article 18 of the GDPR, the right to object under
Article 21 of the GDPR and the right to data portability under Article
20 of the GDPR.
With regard to the right to information and the right to erasure, the
restrictions according to §§ 34 and 35 BDSG apply. In addition, there is
a right of appeal to a competent data protection supervisory authority
(Art. 77 GDPR in conjunction with § 19 BDSG).
You may revoke your consent to the processing of personal data at any
time. This also applies to the revocation of declarations of consent
given to us before the GDPR came into force, i.e. before 25 May 2018.
Please note that the revocation only takes effect for the future.
Processing that took place before the revocation is not affected.
-
Is there an obligation for me to provide data?
The user has the right, upon request, to receive information free of
charge at any time about the data stored about him or her. Within the
scope of our business relationship, you must provide those personal data
that are necessary for the establishment, implementation and termination
of a business relationship and for the fulfilment of the associated
contractual obligations or which we are legally obliged to collect.
Without this data, we will generally not be able to enter into, perform
and terminate a contract with you. In addition, the user has the right
to correct inaccurate data, block and delete his or her personal data,
insofar as this does not conflict with a legal obligation to retain data
or the data can be taken from generally accessible sources.
-
To what extent is there automated decision-making?
We do not use fully automated decision-making in accordance with Art. 22
GDPR for the establishment and implementation of the business
relationship.
-
Does profiling take place?
We do not process your data automatically with the aim of evaluating
certain personal aspects (profiling).
-
Information about your right to object according to Art. 21 GDPR
Individual right of objection
You have the right to object at any time, on grounds relating to your
particular situation, to the processing of personal data concerning you
which is carried out on the basis of Art. 6(1)(e) GDPR (data processing
in the public interest) and Art. 6(1)(f) GDPR (data processing on the
basis of a balance of interests).
If you object, we will no longer process your personal data unless we
can demonstrate compelling legitimate grounds for the processing which
override your interests, rights and freedoms, or the processing is for
the assertion, exercise or defense of legal claims.
Right to object to processing of data for direct marketing purposes
In individual cases, we process your personal data in order to carry out
direct advertising. You have the right to object at any time to the
processing of personal data concerning you for the purposes of such
advertising, insofar as it is related to such direct marketing. If you
object to processing for direct marketing purposes, we will no longer
process your personal data for these purposes.
Recipients of an objection
The objection can be made informally with the subject “Objection”,
stating your name and address, and should be addressed to:
info@hepicc.de
-
Links
The HEPICC GmbH website may contain links to websites of other
providers, which are not covered by this data protection declaration.
HEPICC GmbH accepts no responsibility for the content of these sites, as
the respective provider or operator of the sites is always responsible
for the content of the linked sites.
