Privacy Policy (information obligations in accordance with Art. 13 GDPR)

We believe that data protection should be transparent, intelligible and, most importantly, fair to all parties. The aim of this privacy policy is therefore on the one hand to inform you which of your personal data we collect and use, whether this data may be disclosed to third parties and, if so, to which, how long we store your data and what rights you have if you have any objection to our reasonable use of your data. If you still have any questions after you have read this comprehensive privacy policy, please do not hesitate to contact us using the contact details below.

Definitions

The following definitions are to ensure that we have the same understanding of the terms. This ensures that all parties will know what we mean in this policy.

Personal data: This is all information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing: Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing: This means the marking of stored personal data with the aim of limiting their processing in the future.

Profiling: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements is called profiling.

Pseudonymisation: Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

Controller: This is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Recipient: Any natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of such data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

Third party: This is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Consent: This means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

1. Name and contact details of the controller

Controller for the data processing:

Medical Helpline Worldwide GmbH
Otto-Lilienthal-Straße 18
28199 Bremen
Germany

You can contact us by post, by email at info@medical-helpline.com or by telephone on +49 421 240 110-0.

2. Data protection officer

You can contact our data protection officer using the following contact details:

IT-Kanzlei Lutz
Stefan Lutz, LL.M.
IT Lawyer
Teerhof 59
28199 Bremen
Germany
Tel.: +49 421 40892660
Email: lutz@hb-law.de
Website: www.hb-law.de

3. Collection of personal data during use for information purposes

3.1 Whenever you access our website, we collect the following information about your computer: Your computer’s IP address, the request from your browser and the time of the request. The status and the transferred data volume in the context of this request are also recorded. We also collect product and version information about the browser used and your computer’s operating system. We also record the website from which our website was accessed. Your computer’s IP address is only stored for the duration of your use of our website, following which it is immediately deleted or anonymised by being truncated. We use this data for operating our website, particularly for identifying and correcting errors on our website, determining the number of visitors to our website and carrying out updates or improvements. The legal basis for this processing is Art. 6 (1) (f) GDPR.Verarbeitung ist Art. 6 Abs. 1 lit. f DSGVO.

4. Cookies & Local Storage

4.1 Sometimes, we also collect information about your use of our website by using browser cookies. These are small text files that are stored on your data carrier and that store certain settings and data about your browser to exchange with our system. A cookie usually contains the name of the domain from which the cookie data was sent and information about the age of the cookie and an alphanumeric identifier. Cookies allow our system to recognise the user’s device and make any predefined settings available immediately. Once a user accesses the platform, a cookie is transmitted to the respective user’s computer hard disk. Cookies help us to improve our website and provide you with a better service more tailored to you. They allow us to recognise your computer if you return to our website, and thus:

  • to store information about your preferred activities on the website and thereby tailor our website to your individual interests. This includes e.g. adverts that correspond to your personal interests.
  • to speed up processing your enquiries.

4.2 The cookies we use only store the data specified above about your use of the website. This is not done by an assignment to you personally, but by allocating an identification number to the cookie ("cookie ID"). The cookie ID is not aggregated with your name, your IP address or similar data that would allow the cookie to be assigned to you.

4.3 There is a distinction between session cookies, which are deleted as soon as you close your browser, and persistent cookies, which are stored beyond the individual session. In relation to the function of cookies, there is a further distinction between:

  • Technical cookies: These are necessary to navigate the website, use basic functions and guarantee the security of the website; they neither collect information about you for marketing purposes nor store which websites you have visited;
  • Performance cookies: These collect information about how you use our website, which pages you visit and e.g. if any errors occur when using the website; they do not collect any information that could identify you - all data collected is anonymous and is only used to improve our website and to find out what our users are interested in;
  • Advertising cookies, Targeting cookies: These are used to provide the website user with relevant advertising on the website or third-party promotions and to determine the effectiveness of these promotions; advertising and targeting cookies are stored for a maximum of 13 months;
  • Sharing cookies: These are used to improve the interactivity of our website with other services (e.g. social networks); sharing cookies are stored for a maximum of 13 months.

4.4 Each use of cookies which is not technically necessary constitutes data processing which is only permitted with your express and active consent in accordance with § 25 (1) of the Telecommunications and Telemedia Data Protection Act (TTDSG) and which also only happens in compliance with this statutory provision. This particularly applies to the use of advertising, targeting or sharing cookies. Furthermore, we only transmit your personal data that has been processed by cookies to third parties if you have given your express consent to this in accordance with § 25 (1) TTDSG.

4.5 On our website we use the following cookies:


4.6 You can specify whether cookies can be placed and retrieved using you browser settings. For example, you can completely deactivate the storage of cookies in your browser, restrict it to certain websites or configure your browser so that it automatically notifies you as soon as a cookie is to be placed and asks you to confirm this. You can block or delete individual cookies. However, for technical reasons, this may result in some features of our website being impaired and no longer functioning fully.

4.7 If cookies can only be used on our website with your consent, you can also set the above settings in our cookie consent tool. To do this, simply click on the “privacy settings” link on the cookie symbol on the homepage.

5. Use of Borlabs Cookie Consent

5.1 We have integrated the consent management tool “Borlabs Cookie” (www.borlabs.io) provided by Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg, Germany on our website to obtain consent to data processing, the use of cookies or similar functions. With “Borlabs Cookie”, you can give or refuse your consent to certain functionalities of our website, e.g. for the purpose of integrating external elements, integrating streaming content, statistical analysis, range measurement and personalised advertising. You can use “Borlabs Cookie” to give or refuse your consent for all functions or give your consent for individual purposes or individual functions. You can also change your settings retrospectively using the “privacy settings" link on the website you have visited.

5.2 The purpose of integrating “Borlabs Cookie” is to allow users of our website to decide on the matters mentioned above and, in the context of the further use of our website, to provide the option of changing previous settings. Whilst using “Borlabs Cookie”, personal data and information about the devices used are processed (IP address, language, browser etc.) and sent to Borlabs GmbH. The information about your settings is also stored in your device.

5.3 The legal basis for processing is Art. 6 (1) sentence 1 (c), Art. 6 (3) sentence 1 (a), Art. 25 and Art. 5 (2) GDPR and, in the alternative, Art. 6 (1) (f) GDPR. We store the cookie required for recording your consent on the basis of § 25 (2) (2) TTDSG. Borlabs Cookie enables us to fulfil our legal obligations (e.g. obtaining informed consent and the duty to provide evidence) when processing our users’ data. In addition to obtaining consent and providing evidence of the obtained consent, our legitimate interest in processing is analysing the rate of consent and other functionalities.

5.4 “Borlabs Cookie” stores your data for as long as your user settings are active. Once you have set your user settings, you will be asked for your consent again after one year. Your user settings will then be stored again for this period unless you have already deleted the information about your user settings yourself in your device’s settings. We have concluded an order processing agreement with Borlabs GmbH in accordance with Article 28 GDPR.

5.5 You may object to the processing provided that the processing is based on Art. 6 (1) sentence 1 (f) GDPR. Your right to object arises from reasons relating to your personal circumstances. Please send an email to info@borlabs.io if you wish to object.

6. Data security

6.1 All information you send to us is stored on servers located within the European Union. Unfortunately, the transferring information via the internet is not completely secure; therefore, we cannot guarantee the security of the data transmitted to our website via the internet. However, we implement technical and organisational measures to secure our website and other systems against loss, destruction, access, modification or the dissemination of your data by unauthorised persons. Particularly, we transfer your personal data in an encrypted format. We use the coding systems SSL (Secure Socket Layer) and TLS (Transport Layer Security) for this.

7. No disclosure of your personal data

7.1 We do not disclose your personal data to third parties unless you have consented to the disclosure of the data or we are entitled or obliged to disclose data due to statutory provisions and / or official regulations or court orders. In this context, information may particularly be provided for the purposes of criminal prosecution, averting danger or enforcing intellectual property rights

8. Data protection and third-party websites

8.1 The website may contain hyperlinks to and from third-party websites. If you follow a hyperlink to one of these websites, please note that we cannot accept any responsibility or liability for third-party content or privacy policies. Please familiarise yourself with the respective privacy policies before you transmit personal data to these websites.

9. Use of our website's features

9.1 In addition to using our website for purely informative purposes, we also offer various services that you can use if you are interested. You will usually need to provide additional personal data for this, which we use in order to provide the respective service. If other details are optional, these are identified accordingly.

9.2 When contacting us by email or using the contact form, we will store your email address and, if you have provided it, your name and your telephone number so that we can answer your questions (legal basis is Art. 6 (1) sentence 1 (b) GDPR).

10. Use of our online application form

10.1 If you wish to apply for our product online, you need to provide your personal data that we require to process your application in order for the contract to be concluded. The details required are marked separately; any other details are optional. We process the data you have provided in order to process your application. We may also disclose your payment details to our bank. The legal basis for this is Art. 6 (1) sentence 1 (b) GDPR. The legal basis for the essential shopping basket cookie and the session cookie when registering for our shop is § 25 (2) (2) TTDSG.

A customer account will be created that you can use e.g. to store and release medical data. You can object to the storage of data at any time.

If you have given us your consent, we may also process the data you have provided in order to inform you about further products in our range that may be of interest to you or to send you emails containing technical information.

10.2 We are obliged to store your address, payment details and order details for a period of ten years on the basis of commercial law and tax law provisions. However, we shall restrict processing after two years, i.e. your data will only be used in order to comply with statutory obligations.

10.3 In order to prevent unauthorised third parties from accessing your personal data, particularly financial data, the ordering process is encrypted using TLS technology.

11. Application process

11.1 We process the data that you have sent us in connection with your application in order to verify your suitability for the role (or, if applicable, other vacant positions in our company) and to complete the application process.

11.2 The legal basis for processing your personal data during this application process is primarily § 26 of the Federal Data Protection Act (BDSG). Accordingly, the processing of this data is permissible if it is necessary in connection with the decision on concluding an employment contract. If the data is required following the conclusion of the application process, e.g. for prosecution, data processing may be carried out on the basis of Art. 6 GDPR, particularly for the safeguarding of legitimate interests in accordance with Art. 6 (1) (f) GDPR. Our interest here is in the assertion or defence of claims.

11.3 Unsuccessful applicants’ data will be deleted after 6 months.

11.4 If you have consented to the further storage of your personal data, we will transfer your data to our pool of applicants. The data will be deleted from here after the expiry of two years.

11.5 If you have been offered a job during the application process, the data will be transferred from the applicant data system to our staff information system.

11.6 Following receipt of your application, your application data will be viewed by the personnel department. Suitable applications will then be forwarded internally to the head of department for the respective open position. The further course of action will then be decided. Within the company, generally only those persons have access to your data who need it for the ordinary conduct of our application procedure.

12. Social media profile

12.1 We have presences on several social media platforms. We use the following providers:

12.1.1 LinkedIn, operated by Linkedin Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, privacy policy at www.linkedin.com/legal/privacy-policy

12.1.2 Xing, operated by New Work SE, Am Strandkai 1, 20457 Hamburg, Germany, privacy policy at privacy.xing.com/en/privacy-policy

12.1.3 Instagram, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, privacy policy at privacycenter.instagram.com/policy

12.1.4 Facebook, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, privacy policy at www.facebook.com/privacy/center

12.2 We use the technical platform and services of the providers for these information services. Please note that you are responsible for your use of our profiles on social media platforms and the features of such profiles. This particularly applies to the use of the interactive features (e.g. comment, share, like). When visiting our profiles, the providers of the social media platforms collect data including your IP address and other information which is available in the form of cookies on your device. This information is used to provide us, as operators of the accounts, with statistical information about your interaction with us. The legal basis is your consent: for placing cookies, this is § 25 (1) TTDSG; for subsequent data processing it is Art. 6 (1) (a) GDPR.

12.3 The data collected about you in this context is processed by the platforms during which it may be transferred to countries outside the European Union, particularly the USA. According to their own statements, all of the aforementioned providers maintain an appropriate level of data protection that corresponds to that of the former EU-US Privacy Shield and we have agreed the standard data protection clauses with each company (with the exception of Xing, as this provider has its headquarters within the EU). We do not know how the social media platforms use the data resulting from your visit to our account and interaction with our postings for their own purposes, how long this data is stored and whether data is disclosed to third parties. The data processing may differ depending on whether you are registered and logged in to the social network or visit the site as a non-registered and / or anonymous user. When you access a post or the account, the IP address assigned to your device is transmitted to the provider of the social media platform. If you are currently logged in as a user, a cookie on your end device can be used to track how you have navigated the internet. Buttons embedded in websites enable the platforms to record your visits to these website pages and assign them to your respective profile. This data can be used to offer content or advertising tailored to you. If you wish to avoid this, you should log out or deactivate the "stay logged in" function, delete the cookies on your device and restart your browser.

12.4 As the provider of the information service, we also only process the data resulting from your use of our service that you provide to us and that requires interaction. For example, if you ask a question that we can only answer by email, we will store your information in accordance with our general data processing principles, which we describe in this privacy policy. The legal basis for processing your data on the social media platform is Art. 6 (1) sentence 1 (f) GDPR.

12.5 To exercise your rights as a data subject, you can contact us or the provider of the social media platform. If one party is not responsible for responding or needs to obtain the information from the other party, we or the provider will then forward your request to the respective partner. Please contact the provider of the social media platform directly for questions about profiling and the processing of your data when using the website. For questions about the processing of your interaction with us on our website, please use the contact details provided above.

12.6 What information the social media platform receives and how it is used is described by the respective providers in their relevant privacy policies (see link in the table above). Here, you will also find information on contact options as well as on the settings options for advertisements. You can find more information about social networks and how you can protect your data at www.youngdata.de.

13. Third party provider tools

13.1 Use of Matomo
13.1.1 We use the web analysis service Matomo on this website to analyse and check the use of our website. Using the statistics obtained, we are able to improve our offer and present it in a more interesting way for you as the user.

13.1.2 We use a version of Matomo that does not require cookies. Therefore, no Matomo cookies are stored on your computer for the purpose of web analysis. For the analysis of website usage, your IP address and information such as time stamp, web pages visited and your language settings are recorded. We store the information collected in this way on our server.

13.1.3 This website uses Matomo with the extension “anonymizeIP”. This means that IP addresses are processed in abbreviated form and a direct link to a person is excluded. The IP address provided by your browser using Matomo will not be linked with other data collected by us. The legal basis for the use of Matomo is Art. 6 (1) sentence 1 (f) GDPR.

13.1.4 You can prevent the use of Matomo by unchecking the following box and activating the opt-out plugin:

In this case, an opt-out cookie preventing Matomo from storing user data will be placed in your browser in accordance with § 25 (1) TTDSG. If you delete your cookies, this will result in the Matomo opt-out cookie also being deleted. You will need to reactivate the opt-out when you visit our site again.

13.1.5 The program Matomo is an open source project. You can find the third-party provider’s information on data protection at matomo.org/privacy-policy/.

14. Recipients or categories of recipients

14.1 If we disclose your personal data to third parties, you will be explicitly informed of this by way of a description of the respective data processing (e.g. when using our contact form). For technical and organisational processing, we also use external service providers with which we have concluded appropriate order processing contracts within the meaning of Art. 28 GDPR. These include e.g. service providers for web hosting, sending emails, the maintenance and servicing of our IT systems etc.

15. Storage period

15.1 We store your data for as long as this is necessary for achieving the respective purpose but for no longer than any statutory provisions require us to do so (e.g. we are required under commercial law to retain business correspondence, which may include emails, for 10 years).
As soon as the reason for storage lapses or a prescribed storage period expires in accordance with the above provisions, the personal data shall be routinely blocked or deleted.

15.2 As soon as the reason for storage lapses or a prescribed storage period expires in accordance with the above provisions, the personal data shall be routinely blocked or deleted.

16. Your rights

16.1 You have extensive rights in relation to the processing of your personal data. Firstly, you have a comprehensive right of access and can request the correction and / or erasure and / or blocking of your personal data. You can also request a restriction of processing and have a right of objection and a right to data portability. If you wish to assert one of your rights and / or obtain more information about this, please contact us at info@medical-helpline.com.

16.2 You also have the right to complain to a supervisory authority. If you have any questions, comments or queries regarding the collection, processing and use of your personal data by us, please do not hesitate to contact us using the contact details provided.

16.3 Right to object

Right to object in individual cases
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1) (e) or (f) GDPR, including profiling based on those provisions.
We shall no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Right to object to the processing of data for direct marketing purposes
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

17. No obligation to provide personal data

17.1 The conclusion of contracts with us is not dependent upon you providing us with your personal data in advance. For you as the customer, there is essentially no statutory or contractual obligation to provide us with your personal data; however, we may only be able to provide certain offers to a limited extent or may not be able to provide them at all if you do not provide the necessary information. If, in exceptional circumstances, this should be the case with regard to the products and services we offer as specified above, we will inform you of this separately.