Last updated 1 September 2022
1. Purpose and Scope
This Privacy Policy applies with regard to the visiting and use of: www.samedi.de/patientenbesuche
We process personal data (hereinafter generally referred to as “data”) only to the extent required and for the purpose of providing a functional and user-friendly website, including the contents and services offered therein.
In accordance with Article 4 No. 1. of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as “GDPR”), “processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
With the following Privacy Policy we inform you in particular about the type, scope, purpose, term and legal basis of the processing of personal data, insofar as we decide either independently or together with others on the purposes and means of processing. In addition, we inform you in the following about the third-party components we use for optimisation and in order to increase the quality of use insofar as third parties process data in turn on their own responsibility.
2. We as the Controller
The responsible provider of this website within the meaning of data protection law is:
samedi GmbH
represented by Katrin Alscher, Prof. Dr. Alexander Alscher, Dr. Benedikt Simon
Rigaer Str. 44
10247 Berlin
Germany
Tel.: +49 (0)30 21230707-0
e-mail: info@samedi.de
The provider’s data protection officer is:
Oliver Guderjahn
External data protection officer / business lawyer (LL. M.)
Kedua GmbH
Eichhorster Weg 80
13435 Berlin
Managing director: Ralf Schulze
HRB 4691 AG Neuruppin
e-mail: datenschutz@samedi.de
3. Log Files
For technical reasons data is transmitted to us via your Internet browser; particularly in order to provide a secure and stable website. Among other things, the type and version of your Internet browser, the operating system, the website from which you accessed our website (referrer URL), the page(s) of our website which you visit, the date and time of the respective access, as well as the IP address of the Internet connection from which use of our website takes place are collected using these so-called server log files.
The data collected in this manner is temporarily stored, but not together with any other data from you. The legal basis for such storage is provided by Article 6 Paragraph 1 lit. f) of the EU General Data Protection Regulation [GDPR]. Our legitimate interest lies in the improvement, stability, functionality and security of our website.
The data is deleted after seven days at the latest, unless further storage for the purpose of providing evidence is required. Otherwise, data shall be partially or entirely exempt from deletion until an issue has been finally clarified.
4. Cookies
We use so-called cookies with our website. Cookies are small text files or other storage technologies that are placed and stored on your terminal device by your Internet browser. With these cookies certain information about you is processed to an individual extent.
a) First-party cookies
Provider: samedi
Name: _platform_session
Use: session ID
Validity period: session is deleted when the Internet browser is closed
Legal basis: Article 6 Paragraph 1 lit. f. of the EU General Data Protection Regulation
b) Third-party cookies
We do not use third-party cookies.
c) Removal option
You may prevent or restrict the installation of cookies through the appropriate setting of your Internet browser. You may also delete cookies that have already been saved at any time. However, the steps and measures required to this end depend on your specific Internet browser. If you have any questions, please use the help function or documentation provided with your Internet browser or contact the manufacturer or support.
Should you prevent or restrict the installation of cookies, then this may, however, result in the fact that not all of our website functions are fully available.
5. Processing Your Personal Data
Via the website http://www.samedi.de/patientenbesuche you have the option of booking an appointment for a patient visit in compliance with the regulations on containment of the novel coronavirus. In accordance with the respective regulations and laws personal data shall be collected and stored by the institutions:
- name of the patient
- your name and surname
- your address
- your mobile phone number
- your e-mail address
This data is collected and processed on the basis of Article 6 Paragraph 1 lit. c. and Article 6 Paragraph 1 lit. a.
We use your e-mail address in order to send you an e-mail with a visitor’s ticket that you may use to validate your visit on location.
Any personal data that you enter (with the exception of the e-mail address) is encrypted end-to-end directly in your web browser, so that only the institution where you book the appointment is able to decrypt this data again.
6. Disclosure of Personal Data
Due to the contact tracking required by health departments, the institution where you book the appointment may share your personal information with health departments.
7. Routine Erasure and Blocking of Personal Data
Unless otherwise required by law, personal data shall only be stored for the period of time required for the purpose of storage. After the purpose of storage has ceased to apply, personal data will be routinely blocked or erased in accordance with statutory provisions.
As part of the regulations to contain the spread of the novel coronavirus, your personal data will be automatically deleted after 28 days.
8. Other Processors
We share your data with service providers who support us in the operation of our websites and related processes within the scope processing in accordance with Article 28 of the EU General Data Protection Regulation [GDPR]. These are, for example, hosting service providers. Our service providers are strictly bound by our instructions and correspondingly obliged by way of agreement.
In the following, we name the processors with whom we work, if we have not already done so in the preceding text of the Privacy Policy. If data is transferred outside the EU or EEA in this context, then we provide information on the appropriate level of data protection.
- Filoo GmbH, Rhedaer Straße 25, 33330 Gütersloh: hosting services
Data security is regulated by a processing agreement. - retarus GmbH, Aschauer Straße 30, 81549 Munich: e-mail dispatch
Data security is regulated by a processing agreement.
a) retarus GmbH / e-mail appointment reminders
To ensure the dispatch and delivery of automated e-mail reminders, we use the services of retarus GmbH, Aschauer Straße 30, 81549 Munich, Germany ("retarus"). When we send you an automatically generated e-mail, your e-mail address and the personal data required for the reminder are transmitted to retarus' servers in Germany, stored in retarus' log files and automatically deleted after 15 days at the latest. The legal basis for processing your personal data required for the reminder is your consent in accordance with Art. 6 Para. 1 lit. a EU GDPR and for possible health data Art. 9 Para. 2 lit. a EU GDPR. You can revoke your consent at any time with effect for the future. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation. In order to ensure that data is processed in accordance with data protection law, we have concluded an order processing contract with retarus.
b) retarus GmbH / SMS appointment reminders
To ensure the dispatch and delivery of automated SMS notifications, we use the services of retarus GmbH, Aschauer Straße 30, 81549 Munich, Germany ("retarus"). When we send you an automatically generated SMS, your mobile phone number and the personal data required for the reminder are transmitted to retarus' servers.
The legal basis for the processing of your personal data required for the reminder is your consent in accordance with Art. 6 Para. 1 lit. a EU GDPR and for possible health data Art. 9 Para. 2 lit. a EU GDPR. You can revoke your consent at any time with effect for the future. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
In order to ensure that the processing of data complies with data protection law, we have concluded an order processing contract with retarus.
9. Rights of Users and Data Subjects
With regard to the data processing described above, users and data subjects shall have the right to
- confirmation as to whether data relating to them is being processed, to information about the data processed, to further information about the data processing and to copies of the data (cf. also Article 15 of the EU GDPR);
- to have inaccurate or incomplete data corrected or completed (cf. also Article 16 EU GDPR);
- to have the data concerning them deleted without delay (cf. also Article 17 EU GDPR), or, alternatively, insofar as further processing is necessary pursuant to Art. 17 Paragraph 3 EU GDPR, to have processing restricted in accordance with Article 18 EU GDPR;
- receipt of the data concerning and provided by them and to transfer of this data to other providers/controllers (cf. also Article 20 EU GDPR);
- lodge a complaint to the supervisory authority if they are of the opinion that the data concerning them is being processed by the provider in breach of data protection provisions (cf. also Article 77 EU GDPR).
In addition, the provider shall be obliged to inform all recipients to whom data has been disclosed by the provider about any correction or erasure of data or restriction of processing that takes place on the basis of Articles 16, 17 Paragraph 1, 18 of the EU General Data Protection Regulation. However, this obligation shall not obtain insofar as this notification is impossible or involves disproportionate effort. Notwithstanding the above, the user shall have a right to information about these recipients.
Likewise, users and data subjects have the right to object to the future processing of data concerning them in accordance with Article 21 EU GDPR, provided that the data is processed by the provider in accordance with Article 6 Paragraph 1 lit. f) of the EU General Data Protection Regulation. In particular, objection to data processing for the purpose of direct advertising shall be permitted.