Data Privacy Policy

for the offer, also “website”.

I. General

With the following information, we would like to give you an overview of the processing of your personal data by us and your rights under data protection law. Personal data is only processed if the data subject has consented, if it is necessary for the performance of a contract or if the EU General Data Protection Regulation (GDPR) or another law permits or prescribes the processing.
  1. Who is responsible for data processing and whom can I contact?

    Responsible according to Art. 4 Para. 7 of the EU Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) is:

    HEPICC GmbH, Koppelskamp 3c, 40489 Düsseldorf, Germany
    HRB 92350

    Sie erreichen unseren Datenschutzbeauftragten unter:
  2. What sources and data do we use?

    We process personal data that we collect from each other and make available to our users within the framework of our business relationship for the better exchange of information and services with companies in the health industry and within the framework of our “HEPICC GmbH” offer. In addition, HEPICC GmbH collects user data accessible from public sources (e.g., publications, specializations, lecturing activities, committee membership).

    Participating companies in the health industry and other service providers (both together in the following: “partners”) can then view this profile data and, in doing so, contact the users, for example, in order to submit an offer for cooperation.

    Furthermore, users of our “HEPICC GmbH” service can access the data provided by other users to achieve better treatment approaches and procedures for their patients and exchange information with each other.

    Personal data is thus collected in order to assist users in exchanging information and services with a partner and with each other. The data provided will be stored by HEPICC GmbH and used within the framework of the exchange of information and services.

    Relevant personal data are, in particular, personal details (especially first name, surname, telephone number and e-mail address). In addition, this may also be order data (e.g., for booking a consultation or a corresponding preliminary enquiry), data from the fulfilment of our contractual obligations (e.g. billing data in the context of invoicing), documentation data (e.g. advertising and sales data) as well as other data comparable with the aforementioned categories.

    In detail, we process the following personal data:

    1. When visiting the website:

      When you use the website for information purposes only, i.e., if you do not transmit any information to us, we only collect the personal data that your browser transmits to our server. When you view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO):

      • IP address
      • Date and time of the request
      • Time zone difference to Greenwich Mean Time (GMT)
      • Content of the request (specific page)
      • Access status/HTTP status code
      • Amount of data transferred in each case
      • Website from which the request came
      • browser
      • Operating system and its interface
      • Language and version of the browser software.

      In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive in relation to the browser you are using and which provide the party setting the cookie (in this case, us) with certain information. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.

      Use of cookies:

      This website uses the following types of cookies, the scope and functionality of which are explained below:

      • Transient cookies
      • Persistent cookies

      Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This enables your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser.

      Persistent cookies are automatically deleted after a predefined period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

      You can configure your browser setting according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all the functions of our website.
  3. What do we process your data for (purpose of processing) and on what legal basis?

    We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG)

    1. for the fulfilment of contractual obligations (Art. 6 para. 1 b GDPR).

      Data is processed to improve the exchange of information and services between our users and partners, i.e., in particular companies in the health industry and, within the scope of our “HEPICC GmbH” service, also between users themselves, in the context of the performance of our contractual relationships with our customers or for the performance of pre-contractual measures (e.g., making appointments for an exchange about the consulting portfolio of HEPICC GmbH), which take place upon request. The purposes of the data processing primarily depend on the specific service and may include, among other things, the provision of advice, support as well as the performance of corresponding services.

    2. within the framework of the balancing of interests (Art. 6 para. 1 f GDPR)

      Where necessary, we process your data beyond the actual performance of the contract to protect legitimate interests of us or third parties.

      • Ensuring IT security and the IT operation of our company,
      • Assertion of legal claims and defense in legal disputes,
      • Prevention and investigation of criminal offences,
      • Advertising or market research insofar as you have not objected to the use of your data,
      • Measures for business management and further development of services and products.

    3. based on your consent (Art. 6 para. 1 a GDPR)

      Insofar as you have given us consent to process personal data for certain purposes (e.g., forwarding data to partners in the health industry, evaluating data for marketing purposes, sending newsletters), this processing is lawful on the basis of your consent.

      Consent given can be revoked at any time. This also applies to the revocation of declarations of consent given to us prior to the application of the GDPR, i.e., prior to 25 May 2018. The revocation of consent only takes effect for the future and does not affect the lawfulness of the data processed until the revocation.
  4. Who gets my data?

    Within our company, those areas that need your data to fulfil our contractual and legal obligations are given access to it. Service providers and vicarious agents employed by us may also receive data for these purposes, provided that they in particular maintain the confidentiality and particular sensitivity of the data.

    You therefore consent to us transmitting, processing and using the data you have provided to third parties for the purpose of providing independent advice, information or customer support through partners and also to contact you by e-mail or telephone for this purpose for the purposes stated above.

    In particular, you expressly consent to our transferring the data provided to third parties in the above-mentioned cases – insofar as this is necessary – and to their collecting, storing and using it to the same extent as we would be permitted to do under this data protection declaration.

    With regard to the transfer of data to recipients outside of our company, it should first be noted that we generally only pass on information about you if this is required by legal provisions or if you have consented to this.

    Under these conditions, recipients of personal data may be, for example:

    • Companies in the health industry,
    • in the context of our “HEPICC GmbH” offer, the respective users among themselves,
    • service providers that we use within the framework of order processing relationships.

    Further data recipients may be those bodies for which you have given us your consent to transfer data or to which we are authorized to transfer personal data on the basis of a balancing of interests.
  5. Are data transferred to a third country or to an international organization?

    A transfer of data to countries outside the European Union (so-called third countries) takes place as far as

    • it is required by law (e.g., reporting obligations under tax law) or
    • you have given us your consent.

    Furthermore, a transfer to bodies in third countries is provided for in the following cases:

    • If required in individual cases, your personal data may be transferred to an IT service provider in the USA or another third country to ensure the IT operation of our company in compliance with the European data protection level.
    • Personal data of those interested in our services may also be processed in the USA within the framework of a CRM system with their consent.
  6. How long will my data be stored?

    We process and store your personal data as long as this is necessary for the fulfilment of our contractual and legal obligations. If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted, unless its – temporary – further processing is necessary for the following purposes:

    • Fulfilment of retention obligations under commercial and tax law, which may result, for example, from the German Commercial Code (HGB) or the German Fiscal Code (AO),
    • preservation of evidence within the framework of the statutory limitation provisions. According to §§ 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being 3 years.
  7. What data protection rights do I have?

    Every data subject has the right to information under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR, the right to object under Article 21 of the GDPR and the right to data portability under Article 20 of the GDPR.

    With regard to the right to information and the right to erasure, the restrictions according to §§ 34 and 35 BDSG apply. In addition, there is a right of appeal to a competent data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).

    You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into force, i.e. before 25 May 2018. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected.
  8. Is there an obligation for me to provide data?

    The user has the right, upon request, to receive information free of charge at any time about the data stored about him or her. Within the scope of our business relationship, you must provide those personal data that are necessary for the establishment, implementation and termination of a business relationship and for the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will generally not be able to enter into, perform and terminate a contract with you. In addition, the user has the right to correct inaccurate data, block and delete his or her personal data, insofar as this does not conflict with a legal obligation to retain data or the data can be taken from generally accessible sources.
  9. To what extent is there automated decision-making?

    We do not use fully automated decision-making in accordance with Art. 22 GDPR for the establishment and implementation of the business relationship.
  10. Does profiling take place?

    We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).
  11. Information about your right to object according to Art. 21 GDPR

    Individual right of objection

    You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(e) GDPR (data processing in the public interest) and Art. 6(1)(f) GDPR (data processing on the basis of a balance of interests).

    If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the assertion, exercise or defense of legal claims.

    Right to object to processing of data for direct marketing purposes

    In individual cases, we process your personal data in order to carry out direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising, insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

    Recipients of an objection

    The objection can be made informally with the subject “Objection”, stating your name and address, and should be addressed to:
  12. Links

    The HEPICC GmbH website may contain links to websites of other providers, which are not covered by this data protection declaration. HEPICC GmbH accepts no responsibility for the content of these sites, as the respective provider or operator of the sites is always responsible for the content of the linked sites.