Data Protection Declaration

I. Name and address of the controller

Medical Network FrankfurtRheinMain
c/o Kur- und Kongreß-GmbH Bad Homburg
P.O. Box 1845
61288 Bad Homburg
Germany

Tel: +49 (0) 61 72 / 178-3150
Fax: +49 (0) 61 72 / 178-3158

Email: info@medical-network-frm.de

is the data controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws.

II. Data protection contact

If you would like to know more about data protection, please contact the office of the Medical Network FrankfurtRheinMain (see I). You can also write an email to the following email address:

Email: datenschutz@medical-network-frm.de

III. General information on data processing

Scope of processing of personal data
Generally speaking, we collect and use personal data of users of our homepage only to the extent this is necessary for providing a functional website and presenting our content and services.

As a general rule, users’ personal data are collected and used only following their consent. An exception to this principle applies in cases where the processing of the data is permitted under legal provisions, or where obtaining prior consent is not possible for genuine reasons.

Legal basis for the processing of personal data
The following provisions general serve as the legal basis for the processing of personal data:

  • Art. 6 (1)(a) GDPR where permission is obtained from the data subject.
  • Art. 6 (1)(b) GDPR for processing operations for the performance of a contract to which the data subject is a party. This includes any processing operations necessary for the performance of pre-contractual measures.
  • Art. 6(1)(c) GDPR for processing operations required for the performance of a legal obligation.
  • Art. 6(1)(d) GDPR, if the processing of personal data is required by vital interests of the data subject or another natural person.
  • Art. 6 (1)(f) GDPR, if the processing operation is necessary for safeguarding the legitimate interests of our company or a third party, provided that those interests are not overridden by the interests, fundamental rights and fundamental freedoms of the data subject.

 

Data erasure and storage period
Users’ personal data of users will be erased or blocked as soon as the purpose of storage no longer applies. Data may be further stored if this has been provided for by European or national legislators in EU regulations, laws or other provisions to which the controller is subject. Data will also be blocked or erased on the expiry of a storage period under such provisions, unless there is a need for further storage of the data for the conclusion or performance of a contract.

IV. Use of our website, general information

Description and scope of data processing
Whenever our website is accessed, our system automatically collects data and information from the user’s computer system. The following information is collected:

  • Information about the browser type and version used
  • The user’s operating system
  • The user’s internet provider
  • The user’s IP address
  • Date and time of access
  • Websites via which the user’s system has accessed our website
  • Websites accessed by the user’s system via our website

 

The above data are stored in the log files of our system. The data are not stored together with other personal data of the user.

Purpose and legal basis of data processing
The temporary storage of the IP address by our system is necessary to allow delivery of the website to the user’s computer. For this purpose, the user’s IP address must be kept for the duration of the session.

Storage in log files is carried out to ensure the functional capability of the website. We also use the data to optimise the website and to ensure the security of our information technology systems. No analysis of the data for marketing purposes is carried out in this context.

The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR.

The collection of your personal data on the provision of our website and the storage of data in log files is essential for the operation of the website. Accordingly, there is no entitlement for the user to object.

Duration of storage
Your data will be erased as soon as they are no longer required to achieve the purpose of their collection. If your data are collected in order to make the website available, they will be erased when the session ends.

Your data stored in log files will be erased after seven days at the latest. Further storage is possible, but in this case user IP addresses are erased or pseudonymised. This means that identification with the client calling the website is no longer possible.

V. General information on the use of cookies

On our website, we use cookies. Cookies are text files that are stored in the internet browser or downloaded from the internet browser to the user’s computer system. When you visit a website, a cookie may therefore be stored on your operating system. This contains a characteristic string that allows the unique identification of the browser when you visit the website again.

We use cookies to make our homepage more user-friendly. Some elements of our website require the browser to be identified even after a page break.

The following data are stored and transferred in this context:

  • Language settings

The legal basis for the processing of personal data using cookies is Art. 6(1)(f) GPDR. The purpose of using technically necessary cookies is to simplify the use of our website.

Please note that some functions of our website can only be provided with the use of cookies. The applications involved are as follows:

  • Application of language settings

We do not use user data collected by technically necessary cookies to create user profiles.

Cookies are stored on the user’s computer, and transferred by that device to our page. As the user, you therefore have control over the use of cookies. You can restrict or disable the transfer of cookies by making the appropriate changes to your Internet browser settings. Stored cookies can also be erased there. Please note that you may not be able to use all functions of our website if you deactivate cookies.

VI. Your rights / data subject rights

Under the EU General Data Protection Regulation, you have the following rights as the data subject:

Right of information
You have the right to be informed by us as the data controller as to whether we process your personal data.

In addition, you can request the following information:

(1) Purpose of the data processing operation

(2) The categories of personal data processed

(3) The recipients or categories of recipients to whom your personal data have been disclosed or are still being disclosed

(4) The intended duration of storage of your personal data or, if specific information cannot be provided in this regard, criteria for determining the duration of storage

(5) The existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the controller or a right to object to such processing

(6) The existence of a right of appeal to a supervisory authority

(7) All available information on the source of the data if the personal data are not being collected from the data subject

(8) The existence of an automated decision-making system, including profiling, under Art. 22(1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impacts of such processing for the data subject

Finally, you also have the right to request information on whether your personal data is being transferred to a third country or to an international organisation. In that case, you can obtain information on appropriate guarantees under Art. 46 GDPR in connection with the transfer.

You can claim your right to information by sending an email to:

Email: datenschutz@medical-network-frm.de

 

Right to rectification
If your personal data processed by us are incorrect or incomplete, you have a right to having the data corrected and/or completed. The correction will be made immediately.

Right to restriction of processing
The right to restrict the processing of your personal data may be invoked in the following cases:

(1) The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data

(2) The processing is unlawful, and the data subject opposes the erasure of the personal data, and instead requests restriction of the use of personal data

(3) The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims, or

(4) The data subject has lodged an objection to the processing pursuant to Art. 21(1) GDPR pending verification whether the legitimate grounds of the controller override those of the data subject

If the processing of your personal data has been restricted, such data may only be used – apart from their storage – with your consent or for the establishment, exercise or defence of legal rights, or for protection of the rights of another natural or legal person or important public interest of the Union or of a Member State.

If there is a restriction of processing in accordance with the above principles, you will be informed by us before the restriction is lifted.

Right to erasure
Where the following grounds apply, you can request that your personal data be erased immediately. The data controller is obliged to erase the data immediately. The applicable reasons are as follows:

(1) Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) The processing operation was subject to consent in accordance with Art. 6(1)(a) or Art. 9(2)(a) GDPR, and you revoke that consent. A further prerequisite is that there is no other legal basis for the processing.

(3) You lodge an objection to the processing (Art. 21(1) GDPR), and there are no higher-priority legitimate grounds for the processing. Another possibility is for you to lodge an objection to the processing under Art. 21(2) GDPR.

(4) Your personal data is being processed unlawfully.

(5) The erasure of your personal data is required for performance of a legal obligation under Union law or the law of Member States to which the controller is subject.

(6) Your personal data were collected in relation to information society services offered pursuant to Art. 8(1) of the GDPR.

If we have publicly disclosed your personal data, and if we are obliged under Art. 17(1) GDPR to erase the data, we will take reasonable steps, including technical steps, having regard to the available technology and implementation costs, to inform data controllers processing the personal data that you, as the data subject, have requested the erasure of all links to such personal data or copies or replications of the personal data.

Please note that there is right to erasure where the processing is necessary:

(1) For exercising of the right to freedom of expression and information

(2) For performance of a legal obligation that requires such processing under Union or Member State law to which the controller is subject or for the performance of a task that is in the public interest or carried out in the exercise of official authority delegated to the controller

(3) For reasons of public interest in the field of public health pursuant to Art. 9(2)(h) and (i) and Art. 9 (3) GDPR

(4) For archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes under Art. 89(1) GDPR, to the extent that the law referred to in subparagraph a) is likely to render impossible or seriously affect the achievement of the objectives of such processing, or

(5) For the establishment, exercise or defence of legal claims

Right to information
If you have invoked the right to rectification, erasure or restriction of the processing, we are obliged to notify all recipients to whom your personal data have been disclosed of such rectification or erasure of the data or of the restriction of processing, unless this proves to be impossible or involves a disproportionate effort. You also have the right to be informed regarding such recipients.

Right to data portability
Under the GDPR, you also have the right to receive the personal data provided to us in a structured, commonly used and machine-readable format. In addition, you have the right to transfer this data to another controller without hindrance by the controller to whom the personal data was initially made available, provided that:

The processing is based on a consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, or on a contract pursuant to Art. 6(1)(b), and
The processing is carried out by automated methods.

Finally, as part of exercising the right to data portability, you have the right to have your personal data transferred directly from one controller to another, where this is technically feasible and does not affect the freedoms and rights of others.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.

Right to revoke the data protection consent declaration
You have the right to revoke your data protection consent declaration at any time. Please note that the revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent up until such revocation.

Right to objection
You further have the right, for reasons arising from your particular situation, to lodge an objection at any time to the processing of your personal data pursuant to Art. 6(1)(e) or (f) GDPR. The right of objection also applies to profiling based on these provisions.

The controller will no longer process your personal data unless it can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or that the processing is for the purposes of establishing, exercising or defending legal claims.

If your personal data are processed for the purpose of advertising [? – word missing in German text – translator], you have the right to object at any time to the processing of your personal data for the purpose of such advertising. This also applies to profiling where it relates to direct marketing. In the event of opposition to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

You also have the possibility, in the context of the use of information society services (notwithstanding Directive 2002/58/EC), of exercising your right of objection through automated procedures using technical specifications.

Automated decision-making in individual cases including profiling
Under the EU General Data Protection Regulation, you also have the right not to be subject to a decision that is based solely on automated processing, including profiling, which would have legal force in your regard or similarly negatively affect you to a significant degree. However, an exception to this principle applies where the decision:

(1) Is required for the conclusion or performance of a contract between you and the controller

(2) Is permitted by Union or Member State legal provisions to which the controller is subject, and where such provisions contain reasonable measures to safeguard your rights and freedoms and your legitimate interests, or

(3) Is made with your express consent

If the processing is carried out in the situations mentioned in (1) and (3), the controller will take reasonable steps to safeguard such rights and freedoms and your legitimate interests. This includes at least your right to deal with a person representing the controller, and to state your own position and to contest the decision.

A decision under (1) – (3) may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9(2)(a) or (g) apply, and reasonable measures have been taken for the protection of rights and freedoms and your legitimate interests.

Right to appeal to a supervisory authority
If you believe that the processing of your personal data breaches the GDPR, you have the right to appeal to a supervisory authority, in particular in the Member State of its residence, place of work or the place of the alleged breach.

Right to appeal to a supervisory authority
If you believe that the processing of your personal data breaches the GDPR, you have the right to appeal to a supervisory authority, in particular in the Member State of its residence, place of work or the place of the alleged breach.

[NB: This heading and body text are identical to those in the previous paragraph, also in the source text – Translator]

VII. Electronic contact and enquiry form

If you would like to submit an enquiry, you will find an enquiry form on our homepage. The data entered in the input mask will be transferred to us and stored. These data are:

  • Name
  • Email
  • Subject
  • Content of the message

 

At the time of sending the message, the following data will also be stored:

  • The user’s IP address
  • Date and time of registration

 

The processing of personal data in this context is solely for processing your enquiry.

You can also contact us via the email address provided. In this case, the user’s personal data transferred by email will be stored.

Your data will not be transferred to third parties in this context, but used exclusively for processing the contact.

The legal basis for the processing of the data, in the presence of the user’s consent, is Art. 6(1)(a) GDPR. The legal basis for processing of the data transferred on sending an email is Art. 6(1)(f) GDPR. If the email contact is aimed at entering into a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR.

In this context, the processing of personal data is solely for the purpose of processing the contact; the required legitimate interest for processing also applies in the case of contact by email.

If further personal data are processed during the despatch process, they serve only to prevent misuse of the request form and to ensure the security of our information technology systems.

Your data will be erased as soon as they are no longer required to achieve the purpose of their collection. In the case of personal data from the input mask of the enquiry form and personal data sent by email, this means when the relevant conversation with the user has been concluded. The conversation has concluded when it can be inferred from the circumstances that the matter has been definitively clarified.

The additional personal data collected during the message despatch process will be erased after a period of seven days at the latest.

You have the opportunity to revoke your consent to the processing of personal data at any time. On contacting us by email, you are also able to object to the storage of your personal data at any time. Please note, however, that it will then be impossible to continue the conversation.

All personal data stored in the course of your making contact will be erased in this situation.

VIII. Use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to and stored by Google on a server in the USA. However, if IP anonymization is enabled on this website, Google will truncate your IP address beforehand within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activity, and to provide other services related to website usage and internet usage to the website operator.

The IP address transferred from your browser as part of Google Analytics will not be merged with other Google information.

You can prevent the storage of cookies by setting your browser software accordingly; please note, however, that in this case you may not be able to use all the functions of this website in full. You may also prevent the capture by Google of the data generated by the cookie with regard to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

This website uses Google Analytics with the extension “_anonymizeIp()”. As a result, IP addresses are processed in truncated form, and there is therefore no possibility of their being connected to a particular person. If there is a personal link contained in the data collected about you, it is immediately excluded, and the personal data is immediately erased.

We use Google Analytics to analyse and regularly improve the usage of our website. With the statistics obtained, we can improve our offering and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has undertaken to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US Framework. The legal basis for the use of Google Analytics is Art. 6(1)(f) GDPR, or where consent has been given, Art. 6(1)(a) GDPR

[NB: These are the actual designations of the respective sections in the Directive. German version requires correction! – Translator].

Details of third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of Use: http://www.google.com/analytics/terms/en.html, Privacy Policy Summary: http://www.google.com/intl/de/analytics/learn/privacy.html, and Privacy Policy: http://www.google.de/intl/de/policies/privacy.

IX: Integration of YouTube videos

We have integrated YouTube videos in our online offering, which are stored on http://www.YouTube.com and are playable directly from our website. These are all integrated in “enhanced privacy mode”, which means that if you do not play the video, you will not transfer any data about you as a user to YouTube. Only when you play the videos are the data referred to in Paragraph 2 transferred. We have no control over this data transfer.

Through your visit to the website, YouTube receives the information that you have accessed the corresponding subpage of our website. This happens regardless of whether YouTube has provided a user account that you have used to log in, or if no user account has been provided. If you have logged in to Google, your data will be assigned directly to your account. If you do not wish to be connected to your profile on YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for purposes of advertising, market research and/or customisation of its website. This kind of analysis is carried out especially (even for users who have not logged in) to provide appropriate advertising and to inform other users of the social network of your activities on our website. You have a right to object to the creation of these user profiles, but you must approach YouTube to exercise it.

Further information on the purpose and scope of the collection of data and their processing by YouTube is provided in its privacy policy, where you can also obtain more information on your rights and settings options for protecting your privacy: https://www.google.com/intl/en/policies/privacy. Google also processes your personal information in the United States and has undertaken to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US Framework

X: Integration of Google Maps

On this website, we use the services of Google Maps. This allows us to display interactive maps directly in the website, and to give you convenient use of the map function.

Through your visit to the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the information referred to in section IV of this policy will be transferred to Google. This happens regardless of whether Google has provided a user account that you have used to log in, or if no user account has been provided. If you have logged in to Google, your data will be assigned directly to your account. If you do not wish to be connected to your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and/or customisation of its website. This kind of analysis is carried out especially (even for users who have not logged in) to provide appropriate advertising and to inform other users of the social network of your activities on our website. You have a right to object to the creation of these user profiles, but you must approach Google to exercise it.

For more information on the purpose and scope of the collection of data and their processing by the plug-in provider, please refer to its privacy policies, where can also find out more about your rights and privacy settings here: http://www.google.com/intl/en/policies/privacy. Google also processes your personal information in the USA and has undertaken to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US Framework.

XI. Use of Google Fonts:

On the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR, we integrate the fonts (“Google Fonts”) of the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. The purpose is the optimisation and economic operation of our homepage. The provider’s privacy policy can be found at: https://www.google.com/policies/privacy/, The opt-out can be set at:
https://adssettings.google.com/authenticated.

XII. Use of Typekit fonts from Adobe

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6(1)(f) GDPR), we use external “Typekit” fonts of the provider Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland. Adobe is certified under the Privacy Shield Agreement, thereby ensuring compliance with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000TNo9AAG&status=Active).