A. Responsible person and contact
Responsible for this website is German Health Advisor GmbH, Berliner Straße 51, 60311 Frankfurt (c/o Krieger GmbH), email@example.com.
If you have any questions about this privacy statement or about the collection, processing or use of your personal data, you are welcome to contact us - under the keyword "Privacy" - by e-mail.
• Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to that person, such as a name, an identification number, location data or an online identifier.
• Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
C. Summary of our processing activities
The following is a brief description of the processing activities on our website. Detailed information on this can be found in the respective sections below.
• If you visit our website for purely informational purposes without further registration, personal data will only be processed to a limited extent so that the website can be displayed to you (for more details, see D.).
• If you wish to use our platform as a patient or doctor, further personal data will be processed in this context (for more details see E.).
• Furthermore, your personal data will be used for contacting you (see under F.) for newsletter registration (see under G.) or for statistical analysis to improve our website (see under H.).
• If applicable, your personal data will also be disclosed to third parties (see under I).
D. Processing of your data when using our website for informational purposes
If you visit our website for informational purposes only, without providing personal data via registration or otherwise, only the Internet connection data that your browser transmits to our server will be processed. This information contains personal data only to a limited extent. The processed data includes information on:
• Your IP address
• your device (type, name, ID)
• your browser (type/version)
• Your operating system (including language settings)
• Date and time of your requests
• the content of your requests
• Your screen resolution
• Your Internet service provider
• Websites from which your system accesses our website (referrer URL)
This information is processed to enable you to use our website (e.g. by adapting our website to the needs of your device).
The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. b DSGVO, as we need the automatically collected data to effectively provide our website, as well as Art. 6 para. 1 p. 1 lit. f DSGVO, as the storage serves our legitimate interest to ensure the stability and security of the website.
In addition, we use the data with your consent to compile comprehensive demographic data to create anonymized statistics about the use of our website. This data is not merged with other data sources. For more information on this processing of personal data in the context of visiting our website, please refer to the section "Cookies" (see under H. ).
E. Data processing during registration on our platform
We offer the full functionality of our service for obtaining second medical opinions and organizing medical treatments after appropriate registration on our platform. This service includes further tools and services (e.g. creation of user profiles for doctors and patients, notification service) for which we request personal data from you, such as name or e-mail address and, if applicable, further information. Without this information, we may not be able to provide you with the requested service. Below we provide you with an overview of the related processing operations and legal bases.
1. Register and create a profile
To use the service of our platform as a patient or physician, you must register and create a user account ("patient profile" or "physician profile").
1.1 When you register as a patient and create a patient profile, we store your profile data (name, user name, e-mail address and, if applicable, log-in and password details, hereinafter "patient profile"), as well as all data of the initial findings uploaded by you and, if applicable, further information on the clinical picture ("health data").
1.2 After your registration request for our platform, you will receive an email with a Reference/Case ID, through which you can modify your profile and change, add or delete related data.
1.3 When registering as a physician, you submit your registration request by e-mail to firstname.lastname@example.org. Upon receipt of your registration request, we will review your request. In the event of a positive review result and after the conclusion of a user agreement, you have the option to register as a doctor on the platform. When you register as a physician and create a physician profile, we store your profile data (name, user name, e-mail address, telephone number, specializations, profile photo and, if applicable, log-in and password details, hereinafter "physician profile").
1.4 The legal basis for the data processing of profile data is Art. 6 para. 1 lit. b DSGVO, because it serves the effective provision of the customer area and the administration of your user account, without which participation in our service offer is not possible.
The legal basis for the processing of your health data is your consent, Art. 9 para. 2 lit. a DSGVO.
We store the data you provide for the duration of your use of the customer area, unless you delete it beforehand. You can manage and change all information in the protected customer area.
2. Service for obtaining second medical opinions and organizing medical treatment
For the purpose of our service for obtaining second medical opinions and organizing medical treatments for the users of our platform, we process your data as follows:
2.1 When we propose a patient to the selected physicians, we first provide the physicians with the appropriate initial findings on an anonymized basis.
2.2 If the physician contacted informs us that they are interested in providing their medical services, we will forward the physicians' estimate and our associated service fee to you.
2.3 If you decide in favor of one of the requested physicians on the basis of the cost estimates, we will send them your initial findings including all the data you uploaded to the platform.
2.4 The legal basis for this data processing is the consent of the patients according to Art. 6 para. 1 p. 1 lit. a DSGVO as well as Art. 6 para. 1 lit. b DSGVO, because the data processing enables the provision of our service via our platform.
3. Direct advertising for our similar services
We also process the personal data and contact details provided by you as part of the registration process in order to inform you directly about our other similar goods and services. The legal basis for this data processing is Art. 6 (1) p. 1 lit. f DSGVO, because advertising related products and services by way of direct advertising represents a legitimate interest for us as the provider of this platform, as well as Section 7 (3) UWG.
You may object to the processing of your personal data for the purpose of direct marketing at any time. We will then refrain from further processing for such purposes. You can send us your objection by e-mail to email@example.com.
4. Notification service
For notifications via the platform, we offer a notification service. You will receive an email notification when we send you a communication through the platform, such as a doctor's cost estimate or the need for further information.
The legal basis for this data processing is Art. 6 (1) lit. b DSGVO, as the notifications are part of our service.
If you contact us - e.g. via contact form or e-mail - your personal data will be stored and processed by us. This is usually your name and e-mail address, as well as the information you have otherwise provided. This data is stored and used exclusively for communication with you and the associated technical administration.
The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. b DSGVO, insofar as it is carried out for the fulfillment of a contract or pre-contractual measures, as well as Art. 6 para. 1 p. 1 lit. f DSGVO, as the processing of these requests is in the mutual interest of communication.
G. Newsletter subscription
If you register for our newsletter, which informs you about interesting products and services, the personal data you provide in this context (such as name, address and e-mail address) will be processed by us for sending the newsletter.
For registration, we use the so-called double-opt-in procedure. After your newsletter registration on our website, you will receive an email with a link that you can use to confirm that you are the owner of the email address and would like to create a user account on our platform. If your confirmation is not received within 24 hours, your registration and the personal data you provided will be automatically deleted.
You may revoke your consent to the processing of your personal data for the purpose of direct marketing at any time for the future. We will then refrain from further processing for such purposes. You can send us your revocation at any time by e-mail to firstname.lastname@example.org. To do so, you can also unsubscribe via the unsubscribe link located at the end of each newsletter.
H. Analysis tools
We use our own session cookies, which enable the customer-friendly use of our website, for example by storing your settings. At the end of a browser session, these cookies are automatically deleted. The legal basis for the use of such cookies is the fulfillment of the contract (Art. 6 para. 1 p. 1 lit. b. DSGVO).
We also work with other service providers who help us improve our website or provide additional functionality. Such service providers may use their own cookies. You can find more information about this in the following sections.
You can set your browser so that you are informed about the setting of cookies, allow cookies only in individual cases, limit the acceptance of cookies to certain cases or generally exclude them, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.
I. Disclosure of personal data to third parties
Your personal information may be disclosed to the following contractors who assist us in providing our services:
1. Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called cookies (see under H.). The information generated by cookies about your use of this website is transmitted to a Google server and stored there. We have activated the IP anonymization function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
We have concluded an order processing contract with Google. The data transfer is therefore privileged according to Art. 28 DSGVO.
For the exceptional cases in which personal data is transferred to the USA or another third country outside the EEA, Google has subjected itself to appropriate safeguards that ensure an adequate level of protection in the third country.
The storage of Google Analytics cookies is based on your consent if you have given it in the context of our cookie banner, Art. 6 para. 1 p. 1 lit. a DSVGO. You can revoke this consent at any time with effect for the future by sending your revocation to info@germanhealthadvisors. de.
We use Purview Expert View software to provide our platform. The provider is Nimble Co, LLC, 2001 Tidewater Colony Suite 203, Annapolis, MD 21401.
Purview is a SaaS provider that stores our platform on its servers and offers the corresponding software including all functionalities for our platform.
We have concluded an order processing contract with Purview. The data transfer is therefore privileged according to Art. 28 DSGVO.
For the exceptional cases in which personal data is transferred to the USA or another third country outside the EEA, Purview has subjected itself to appropriate safeguards that ensure an adequate level of protection in the third country.
3. Other transfers
If other categories of recipients of personal data arise in the context of future data collection, we will inform you of this at the time we collect this information for this purpose.
In the event of a reorganization or sale of our company to a third party, the transfer of your personal data to the reorganized company or third party is possible in accordance with applicable law.
If we are legally entitled or obligated to do so (for example, due to applicable law or a court order), we may disclose your personal data.
J. Storage periods
Our aim is to process your personal data only to the minimum extent possible. We will therefore only store your personal data for as long as it is necessary to fulfill the purpose for which it was originally collected or - if applicable - for as long as longer storage is required or justified by law. We will therefore generally delete your personal data when you use our platform as a patient or doctor within 1 month of terminating your account, if this does not conflict with any statutory retention obligations or if the patient or doctor requests longer use.
K. Your rights
You have the following data protection rights, depending on the circumstances of the specific case:
• Information: You have the right to request information about and access to your personal data and/or copies of this data. This includes information about the purpose of the use, the category of data used, its recipients and authorized persons and, if possible, the planned duration of data storage or, if this is not possible, the criteria for determining this duration.
• Correction, blocking, deletion: You have the right to demand the correction, deletion or restriction of the processing of your personal data, insofar as their use is inadmissible under data protection law. This is the case in particular if (i) the data is incomplete or inaccurate, (ii) it is no longer necessary for the purposes for which it was collected, (iii) the consent on which the processing was based has been revoked, or (iv) you have successfully exercised a right to object to data processing; in cases where the data is processed by third parties, we will forward your requests for rectification, erasure or restriction of processing to these third parties, unless this proves impossible or involves a disproportionate effort;
• Refusal/revocation of your consent: Many data processing operations are only possible with your explicit consent. You have the right to refuse your consent or to revoke consent already given - without affecting the lawfulness of the data processing operations carried out prior to revocation - at any time.
• Automated decision-making including profiling: You have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you;
• Data portability: You have the right to have data that you have provided to us handed over to you or a third party in a common structured, machine-readable format. However, the right to request direct transfer to another controller only exists to the extent that this is technically feasible.
• Right of appeal to the competent supervisory authority: If you believe that your rights have been violated as a result of processing of your personal data that does not comply with data protection law, you have the right to lodge a complaint with the competent supervisory authority.
Furthermore, you have the right to object to the processing of your personal data at any time:
• if we process your personal data for direct marketing purposes; or
• insofar as we process your personal data in pursuit of our legitimate interests and there are reasons arising from your particular situation.
You may (i) exercise the rights set out above or (ii) ask questions or (iii) lodge a complaint about the processing of your personal data carried out by us by contacting us - as indicated in A above.