Privacy policy

TODO supply a title

Πολιτική απορρήτου: Greek Privacy Policy


Below we inform you according to the legal requirements - in particular the EU General Data Protection Regulation (GDPR, available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679) - about the processing of personal data by our company.
 

Data protection

Table of contents

I. General information

1. Important Terms

2. Scope

3. Data controller

4. Data Protection Officer

II. Breakdown of the data processing

1. General information regarding data processing

2. Using our services

3. Paid services

4. Job application

5. Customer feedback

6. Tracking

7. Listing of the basic data of doctors and healthcare professionals

III. Affected rights

1. Right to object

2. Right to information

3. Right to rectification

4. Right to erasure ("right to be forgotten")

5. Right to restriction of processing

6. Right to data portability

7. Withdrawal with consent

8. Right to appeal


I. General information

In this section of the Privacy Policy, you will find information about the scope, the person responsible for the data processing, the data protection officer and the data security. We also explain in advance the meaning of important terms used in the privacy policy.


1. Important Terms

Browser:: Computer program for displaying web pages (e.g. Chrome, Firefox, Safari)

Cookies: Text files that the called web server places on the user's computer through the browser used. The stored cookie information may contain both an identifier (cookie ID) used for recognition, as well as content information such as login status or information about visited web pages. The browser sends the cookie information back to the web server with each new request made by visiting this page again. Most browsers accept cookies automatically. You can manage cookies using the browser features (usually under "Options" or "Preferences"). This may disable the storage of cookies, be made dependent on your approval in individual cases or otherwise restricted. You can also delete cookies at any time.

Third countries: Countries outside the European Union (EU)

GDPR:Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation) at: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679#d1e2789-1-

Personal Data: Any information relating to an identified or identifiable natural person. A natural person is considered as identifiable, which can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, the expression of the physical , physiological, genetic, mental, economic, cultural or social identity of this natural person.

Profiling: Any type of automated processing of personal data that involves the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or change of location of that natural person.

Services: Our offers, to which this Privacy Policy applies (see Scope).

Tracking: The collection of data and their evaluation regarding the behavior of visitors towards our services.

Tracking technologies;: Tracking can be done both via the log files stored on our web servers and by collecting data from your device via pixels, cookies and similar tracking technologies.

Processing: Any process or series of operations performed with or without the aid of automated processes, such as collecting, organizing, storing, adapting or modifying, reading, querying, using, disclosure through submission, dissemination or any other form of provision, adjustment or association, restriction, erasure or destruction.

Pixels: Pixels are also called counting pixels, tracking pixels, web beacons, web bugs or tracking bugs. These are small, invisible graphics in HTML emails or on web pages. When a document is opened, this small image is downloaded from a server on the Internet, where the download is registered. This allows the operator of the server to see if and when an e-mail has been opened or a website has been visited. Usually this function is performed by using a small program (Javascript). This will allow certain types of information to be detected and shared on your computer system, such as the content of cookies, the time and date of the page view, and a description of the page on which the pixel is located.

 

2. Scope

This Privacy Policy applies to the following offers:

• Our online offer, which is available at www.medbook.online (hereafter referred to as “Medbook”).

• Whenever one of our offers (e.g. websites, subdomains, mobile applications, web services or third-party affiliations) refers to the Privacy Policy, unless otherwise stated, it refers to the present Privacy Policy, regardless of the way in which you access or use it.

All of these offers are collectively referred to as "Services".

 

3. Data controller

Data controller - the one who decides on the purposes and means of processing personal data – is in connection with the Services

BR Healthcare Research UG (haftungsbeschränkt)

Kaiser-Wilhelm-Ring 3-5,

50672 Köln

+49 221 29977950

www.medbook.online

 

4. Data Protection Officer

mip Consult GmbH

Rechtsanwalt Asmus Eggert

Alte Jakobstr. 77

10179 Berlin

+49 30 20889990

dataprotection@medbook.online

https://www.mip-consult.de/

 

II. Breakdown of the data processing

In this section of the privacy policy we will inform you in detail about the processing of personal data in the context of our services. For better clarity, we divide this information into certain functionalities of our services. During the normal use of the services, different functionalities and consequently, different processing operations, can come into play successively or simultaneously.

 

1. General information regarding data processing

For all processing operations described below, unless otherwise stated::

a. Scope of obligation to provide & consequences of non-provision

In the performance of Medbook’s offers, the provision of personal information is not required by law or contract and you are under no obligation to provide any data. The basic data contained in the profiles of doctors and healthcare professionals are provided to us by third parties (see: 7).

We will inform you as part of the entry process, if the provision of personal data for the respective service is required (e.g. in the case of a "mandatory field"). In the case of required data, non-provisioning means that the service concerned cannot be provided. Otherwise, non-provisioning may mean that we cannot provide our services in the same form and quality.

b. consent

In some cases, you may also give us your consent to further processing, in connection with the processing described below, in which case we will inform you separately in connection with the submission of the respective declaration of consent on all modalities, the scope of the consent and the purposes of these processing activities. The processing activities based on your consent are therefore not re-listed here (Article 13 (4) GDPR).

c. Transfer of personal data to third countries

If we transfer data to third countries, i.e. countries outside the European Union, the transfer will take place only in compliance with the statutory eligibility requirements.

If the transfer of the data to a third country does not serve the purpose of fulfilling our contract with you, we do not have your consent, the transfer is not required for the assertion, exercise or defense of legal claims and no other exemption applies under Art. 49 of the GDPR, we will only transfer your data to a third country if there is an adequacy decision pursuant to Art. 45 of the GDPR or suitable safeguards pursuant to Art. 46 of the GDPR present.

One of these adequacy decisions is the Commission Implementing Decision (EU) 2016/1250 of 12.07.2016 on the so-called "EU-US Privacy Shield" for the USA. For transfers to companies that are certified according to the EU-US Privacy Shield, the data protection level is generally considered appropriate in terms of Art. 45 of the GDPR.

Alternatively or additionally, the conclusion of the EU standard data protection clauses adopted by the European Commission will provide the receiving body with appropriate safeguards under Article 46 (2) (c) of the GDPR and an adequate level of data protection. Copies of EU standard data protection clauses are available on the European Commission's website at: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en

Hosting with external service providers

Our data processing takes place to a large extent with the involvement of so-called hosting service providers who provide us with storage space and processing capacities in their data centers and process personal data on our behalf in accordance with our instructions. All of the functionalities listed below may transfer personal data to hosting service providers. These service providers process data either exclusively in the EU or we have ensured an adequate level of data protection using the EU standard data protection clauses (see c.).

e. Transmission to state authorities

We provide personal information to governmental authorities (including law enforcement agencies) when required to fulfill a legal obligation to which we are subject (Legal Basis: Art. 6 (1) (c) GDPR) or is required to assert, exercise or defend legal claims (Legal basis Art. 6 (1) f) GDPR).

f. storage time

The "Storage time" section indicates how long we use the data for the respective processing purpose. At the end of this period, the data will no longer be processed by us but will be deleted at regular intervals, unless continued processing and storage is required by law (in particular because it is necessary to fulfill a legal obligation or to assert, exercise or defend legal claims ) or you give us further consent.

g. names of data categories

In the next sections, the following summary category names are used for specific types of data:

Account data: Login / user ID and password

Address data: Street, house number, if necessary other contact information, postal code, area/city, country

Credentials: Information about the service you have signed up for; Dates and technical information on registration, confirmation and cancellation; data provided by you at registration

Ordering information: Ordered products / services, prices, payment information

Proof of treatment: Everything with which you can prove a doctor's treatment (prescription, sick leave, bonus booklets, medical certificates, correspondence)

Job application documents: Curriculum vitae, qualifications, evidence, work samples, certificates, pictures

Rating data : Text information that can contain all sorts of data;

Contact details: Telephone number (s), fax number (s), e-mail address (es)

Personal master data : Title, sex, first name, last name, date of birth

Profile data: Title, sex, first name, surname, specialty, year of birth, address

Payment data: Bank account information

Access Data: Date and time visiting our service; the page from which the accessing system came to our site; pages accessed during use; session identification data; and the following information of the accessing computer system: used Internet Protocol (IP) address, browser type and version, device type, operating system and similar technical information.

 

2. Using our services

Below we describe how your personal information is processed when you use our services (e.g., loading and viewing the website, opening and navigating our website through your mobile device). In particular, we point out that the transfer of access data to external content providers (see under b.) is inevitable due to the technical functioning of the transfer of information on the Internet. The third party providers themselves are responsible for the privacy-compliant operation of the IT systems they use. The decision regarding the storage duration of the data is up to the service providers.

a. Purpose of data processing and legal basis as well as legitimate interests and storage duration

Data category Purpose of processing Legal basis Legitimate interest, if necessary Storage time
External content providers that provide content (e.g., images, videos, embedded social networking postings, banner ads, fonts, update information) required to view the service Designing profiles of doctors and healthcare professionals; Offer a service Art. 6 par. 1 f) GDPR, in addition to Article 45 GDPR in conjunction with Commission Implementing Decision (EU) 2016/1250 of 12.07.2016 on the so-called "EU-US Privacy Shield" Proper function of the services, (accelerated) presentation of the contents  
Access data Establishing a connection, presenting the contents of the service, detecting attacks on our site due to unusual activities, fault diagnosis Art. 6 par. 1 f) GDPR Proper functioning of services, security of data and business processes, prevention of abuse, prevention of damage through interference with information systems 4 weeks
Contact details E-mail verification Art. 6 par. 1 f) GDPR Proper functioning of services, security of data and business processes, prevention of abuse, prevention of damage through interference with information systems Creating hash value; this is not a personal-related data and does not have to be deleted
Contact details User Registration Art. 6 par. 1 b) GDPR By signing up, users will be able to manage their reviews and easily create new reviews. This is the core functionality of the website and the purpose of the company. Deletion of data upon deletion of the user account
Credentials, rating data, access data Submission of reviews Art. 6 par. 1 f) GDPR

 

Art. 11 2000/C 364/01 (right to freedom of expression, freedom of the press)

 

Art. 8 ECHR

 

Art. 1 2000/C 364/01 (General Individual Rights)

 

Art. 1 of ECHR Protocol and Art. 17 2000/C 364/01 (Protection of property)
Business Conduct Ensure credibility Deletion of data upon deletion of the user account
Credentials, rating data, personal master data, treatment data Verification of reviews (doctor's exam) Art. 6 par. 1 f) GDPR Execution of the review process according to the Federal Court (BGH) judgment

 

Securing credibility
Deletion 4 years after rejection of the rating. The transmission of the documents to the doctor in the course of the examination process takes place anonymously
 

b. Recipient of personal data

Recipient category Affected data Legal basis Legitimate interest, if necessary
Hosting with an external service provider All data in accordance with Letter a. Art. 6 par. 1 f) GDPR, in addition to Article 45 GDPR in conjunction with Commission Implementing Decision (EU) 2016/1250 of 12.07.2016 on the so-called "EU-US Privacy Shield" Proper function of the services, (accelerated) presentation of the contents
E-mail service provider Contact details Art. 6 par. 1) f GDPR Proper functioning of services, security of data and business processes, prevention of abuse
Support service Contact data, free text information that can contain all sorts of data Art. 6 par. 1 b), f) GDPR Implementation of an efficient customer service for optimal support of users
IT security service Access data Art. 6 par. 1 f) GDPR Preventing attacks by exploiting vulnerabilities / security gaps
 

3. Paid services

Below we describe how your personal information is processed when you use services that are only offered for a fee.

a. Purpose of data processing and legal basis as well as legitimate interests and storage duration

Data category Purpose of processing Legal basis Legitimate interest, if necessary Storage time
Account data Identification, control of the authorization to access the offer Art. 6 par. 1 b) GDPR   Duration of registration
Credentials Identification, contact, traceability of registration Art. 6 par. 1 b), f) GDPR Proof of registration Duration of registration
Contact details Full representation on the website Art. 6 par. 1 b) GDPR   Duration of registration
Payment data Handling payments for the service Art. 6 par. 1 b) GDPR   Duration of the contractual relationship

b. Recipient of personal data

Recipient category Affected data Legal basis Legitimate interest, if necessary
Payment service Payment data Art. 6 par. 1 b) GDPR  
Hosting with an external service provider All data in accordance with Letter a. Art. 6 par. 1 f) GDPR, in addition to Article 45 GDPR in conjunction with Commission Implementing Decision (EU) 2016/1250 of 12.07.2016 on the so-called "EU-US Privacy Shield" Proper function of the services, (accelerated) presentation of the contents
 

4. Job application

Below we describe how your personal data is processed during the application process for a job at our company as a new employee:

a. Purpose of data processing and legal basis as well as legitimate interests and storage duration

Data category Purpose of processing Legal basis Legitimate interest, if necessary Storage time
Address data, contact data Identification, establishment of contact, communication for contract initiation Art. 6 par. 1 b) GDPR   6 months
Personal master data Identification, contact, age verification Art. 6 par. 1 b) GDPR   6 months
Application documents Candidate selection Art. 6 par. 1 b) GDPR   6 months

b. Recipient of personal data

Recipient category Affected data Legal basis Legitimate interest, if necessary
HR department All data in accordance with Letter a. Art. 28 GDPR  
 

5. Customer feedback

Below we describe how your personal information is processed when you contact our customer service:

a. Purpose of data processing and legal basis as well as legitimate interests and storage duration

Data category Purpose of processing Legal basis Legitimate interest, if necessary Storage time
Contact details (e-mail address), contents of inquiries / complaints Processing of customer inquiries and user complaints Art. 6 par. 1 b), f) Customer loyalty, improvement of our service Processing of the request or deletion if the customer status ceases or for non-customers after 1 year

b. Recipient of personal data

Recipient category Affected data Legal basis Legitimate interest, if necessary
Hosting with an external service provider All data in accordance with Letter a. Art. 6 par. 1 f) GDPR, in addition to Article 45 GDPR in conjunction with Commission Implementing Decision (EU) 2016/1250 of 12.07.2016 on the so-called "EU-US Privacy Shield" Implementation of an efficient customer service for optimal user support
 

6. Tracking

Below we describe how your personal information is processed from tracking technologies used to analyze and optimize our services as well as for promotional purposes.

The description of tracking methods also includes information on how to prevent or object to the processing of data. Please note that this so-called "opt-out", i.e. the rejection of processing, is usually stored via cookies. If you access our services via a new device or another browser, or if you have deleted the cookies set by your browser, you have to go through the process again.

The tracking methods described process personal data only in pseudonymous form. A connection with a specific, identified natural person, i.e. a combination of the data with information about the carrier of the pseudonym, does not take place.

a. Tracking to analyze and optimize our services and their use

• (1) Purpose of the processing

The analysis of user behavior by means of tracking helps us examine the effectiveness of our services, optimize and adapt them to the users’ needs and eliminate errors. It also serves to statistically determine parameters for the use of our services (range, intensity of use, user surfing behavior) based on uniform standard procedures and thus to obtain comparable values across the market.

• (2) Legal basis of the processing

Services that we provide in connection with a contract are tracked and associated with user behavior analysis to deliver our contractual obligations. The legal basis for this processing of personal data is Art. 6 par. 1 b) of the GDPR. The evaluation of information obtained through tracking is necessary in order to provide you with optimized services according to the contractual purpose and to ensure the greatest possible benefit for you.

Otherwise, i.e. beyond a contractual relationship, the legal basis for this processing of personal data is Article 6 f) of the GDPR. On this legal basis, we pursue the legitimate interest, on the basis of the information gained from tracking, to provide attractive services as efficiently as possible and to market them in the best possible way.

• (3) The tracking methods used in detail
Name of the service Functionality Possibility to prevent processing (opt-out) Data transfer to third country? Adequacy decision, if necessary (Article 45 GDPR) Suitable guarantees, if necessary (Art. 46 GDPR)
Google Analytics Our Services use Google Analytics, a web analytics service provided by Google LLC ("Google"). Google Analytics uses cookies that allow us to analyze the use of the website.

We use Google Analytics including the features of Universal Analytics. Universal Analytics allows us to analyze the activities on our services across devices (e.g. when accessing via laptop and later via a tablet).This is made possible by the pseudonymous assignment of a user ID.

The information generated by the cookie about your use of the website is usually transmitted to a Google server in the USA and stored there. The IP address provided by Google Analytics within the framework of Google Analytics will not be merged with other data provided by Google. We have also extended the code "anonymize IP" on our Google Analytics services. This guarantees the masking (shortening of the last eight digits) of your IP address so that all data is collected anonymously. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.

On our behalf, Google will use this information to evaluate your use of the Services, to compile reports on the services activities and to provide us with other services related to the use of the services and Internet usage.

The transferred data associated with cookies or user IDs will be deleted after 38 months. The deletion of data whose retention period has been reached is done automatically once a month.
You can prevent the storage of cookies by a corresponding setting of your browser software; however, we point out that in this case you may not be able to fully use all the features of our services.

You may also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google, by downloading the browser plug-in available under the following link and install: http://tools.google.com/dlpage/gaoptout?hl=en. This plugin is provided by Google; We point out that we can neither check nor control its function.

As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent the collection by Google Analytics by setting an opt-out cookie to prevent future collection of your data when you visit the Services.

The opt-out cookie is only valid in this browser and only for the respective website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

To avoid detection by Universal Analytics across devices, you must opt-out on all systems you use.
Yes, USA Commission Implementing Decision (EU) 2016/1250 of 12.07.2016 on the so-called "EU-US Privacy Shield"  
Google Adwords Provider Google LLC ("Google")

 

Purpose of Tracking Advertising

 

Processing of personal data Cookie ID

 

Duration of storage Cookies lose their validity after 30 days and are not used for personal identification

 

Legal basis Legitimate interest
If you do not wish to participate in the tracking process, you can generally disable the automatic setting of cookies in the browser settings or disable cookies for conversion tracking by setting your browser to block the use of cookies from the domain "googleadservices.com"      
 

7. Listing of the basic data of doctors and healthcare professionals

We only publish business-related data of doctors and health professionals, collectively referred to as profile data (see point II.1.g). These profile data are freely available to the public from other sources and have been submitted to us by a listing company. The businesslike collection, storage, listing and use of publicly available, personal data is allowed under Art. 6 par. 1 f) of the GDPR. The general public has an interest in making data about doctors, therapists and health professionals quickly and completely accessible. This was confirmed again by the Federal Court of Justice in September 2014 (ref. VI ZR 358/13) and currently in February 2018 (ref. VI ZR 30/17). The data is made available to users via the platform. The storage takes place up until the (temporary) cessation of the professional activity.

 

III. Affected rights

 

1. Right to object

If we process your personal data in order to operate direct advertising, you have the right to object at any time, with future effect, to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

You also have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, with effect for the future, which is based on Article 6 par. 1 e) or f) of the GDPR, this also applies to profiling based on these provisions.

The right to object can be exercised free of charge. You can contact us via the contact details listed under I.4 or alternatively via e-mail dataprotection@medbook.online.

 

2. Right to information

You have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and information listed in Art. 15 of the GDPR; GDPR.

 

3. Right to rectification

You have the right to obtain from us, without undue delay, the rectification of inaccurate personal data concerning you (Art. 16 of the GDPR). Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

 

4. Right to erasure ("right to be forgotten")

You have the right to obtain from us the erasure of personal data concerning you, without undue delay, where one of the following grounds stated in applies and the processing is not necessary for one of the purposes described in Art. 17 (3) of the GDPR.

 

5. Right to restriction of processing

You have the right to obtain from us restriction of processing of your personal data, where one of the conditions described in Art. 18 (1) (a) to (d) of the GDPR applies.

 

6. Right to data portability

Under the conditions set out in https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679#d1e3018-1-1you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, as well as the right to transmit those data to another controller without hindrance from us. In exercising your right to data portability, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible.

 

7. Withdrawal with consent

If the processing is based on your consent, you have the right to revoke your consent at any time. The lawfulness of the processing on the basis of consent until the revocation will not be affected.

 

8. Right to appeal

You have a right to appeal to the supervisory authority responsible for our company. The supervisory authority responsible for our company is:

Der Landesbeauftragte für Datenschutz und Informationsfreiheit NordrheinWestfalen, Postfach 200444, 40102 Düsseldorf https://www.ldi.nrw.de/


© 2019 Medbook.online.

Παρακαλούμε διαβάστε προσεκτικά τους όρους χρήσης, την πολιτική απορρήτου και την πολιτική cookies της παρούσας ιστοσελίδας. Χρησιμοποιώντας το medbook.online τεκμαίρεται ότι έχετε διαβάσει, κατανοήσει και πλήρως αποδεχτεί χωρίς καμία επιφύλαξη τους όρους και τις πολιτικές αυτές. Σε περίπτωση που δεν αποδέχεστε οποιονδήποτε εκ των όρων και πολιτικών, παρακαλούμε να μην κάνετε χρήση της ιστοσελίδας.

Copyright Medbook 2018-2019