Privacy Policy – Rehabilitation Beds

Privacy Policy Rehabilitation Beds

Last updated 23 July 2021

1. Purpose and Scope

This Privacy Policy applies with regard to visiting and use of:

[] ( We process personal data (hereinafter generally referred to as "**data**") only as required and for the purpose of providing a functional and user-friendly website, including its content and the services offered therein. In accordance with Article 4 No. 1. of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as "**GDPR**"), "**processing**" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or combination, restriction, erasure or destruction. With the following Privacy Policy we inform you in particular about the type, scope, purpose, term and legal basis of the processing of personal data, insofar as we decide either independently or together with others on the purposes and means of processing. In addition, we inform you in the following about the third-party components we use for optimisation purposes and in order to increase the quality of use insofar as third parties process data in turn on their own responsibility.

2. We as the Controller

The responsible provider of this website within the meaning of data protection law is:

samedi GmbH
represented by Katrin Alscher, Prof. Dr. Alexander Alscher, Dr. Benedikt Simon
Rigaer Str. 44
10247 Berlin
Tel.: +49 (0)30 21230707-0


The provider's data protection officer is:
Oliver Guderjahn
External data protection officer / business lawyer (LL. M.)
Kedua GmbH
Eichhorster Weg 80
13435 Berlin
Managing director: Ralf Schulze
HRB 4691 AG Neuruppin>

3. Registration and Log-in Area

In order for you as an institution to use the rehabilitation beds portal, you must register on the portal and create a user account. After registration the log-in user account will provide you with access to your stored data with regard to your institution, your patient data created in the portal, as well as information about your reservation data and your current messages. The following information is mandatory for registration: - form of address - first and last name - function of the person registering within the institution - telephone number - name of the institution - as well as the address. The mandatory information is marked with an asterisk (*). By registering with the rehabilitation beds portal you conclude an agreement for the transfer of personal data to third parties. The legal basis for registration and use of the rehabilitation beds portal is thus provided by Article 6 Paragraph 1 lit. b) of the EU General Data Protection Regulation. You have the option of providing further information about your institution as well as users/employees at your institution both while registering and within the portal. You provide this information on a voluntary basis. The legal basis for this is therefore your consent in accordance with Article 6 Paragraph 1 lit. a) EU GDPR. In addition, you have the option of entering further information within the portal, e.g. about your patients. As an institution, you decide what data you enter. As the data controller, it is your responsibility to ensure the legality of these entries, in particular your authorisation to transfer them. We do not carry out a corresponding check. Within your user account you have the option at any time of deleting individual parts or all of the data you have entered. Only the rehabilitation clinic requested by your institution will receive the personal data for the purpose of checking further treatment. The data is made available exclusively for the purpose of electronic inspection by the respective users at an institution. No personal health data shall be passed on to third parties by the rehabilitation beds portal unless expressly confirmed by the respective institution.

4. Log Files

For technical reasons data is transmitted to us via your Internet browser; particularly in order to provide a secure and stable website. Among other things, the type and version of your Internet browser, the operating system, the website from which you accessed our website (referrer URL), the page(s) of our website that you visit, the date and time of the respective access, as well as the IP address of the Internet connection from which use of our website takes place are collected using these so-called server log files. The data collected in this manner is temporarily stored, but not together with any other data from you. The legal basis for such storage is provided by Article 6 Paragraph 1 lit. f) of the EU General Data Protection Regulation [GDPR]. Our legitimate interest lies in the improvement, stability, functionality and security of our website. The data shall be deleted after seven days at the latest, unless further storage for the purpose of providing evidence is required. Otherwise, data shall be partially or entirely exempt from deletion until an issue has been finally clarified.

5. Cookies

We use so-called cookies with our website. Cookies are small text files or other storage technologies that are placed and stored on your terminal device by your Internet browser. With these cookies certain information about you is processed to an individual extent.

a) First-party cookies**Provider:** samedi**Name:** `_bp_session`**Use:** User log-in**Validity period:** Current session**Legal basis:** Article 6 Paragraph 1 lit. b. of the EU General Data Protection Regulation

b) Removal option: You may prevent or restrict the installation of cookies through the appropriate setting of your Internet browser. You may also delete cookies that have already been saved at any time. However, the steps and measures required to this end depend on your specific Internet browser. If you have any questions, please use the help function or documentation provided with your Internet browser or contact the manufacturer or support. Should you prevent or restrict the installation of cookies, then this may, however, result in the fact that not all of our website functions are fully available.

6. Processing

samedi GmbH acts as a processor in relation to the rehabilitation bed providers on this portal. For the processing of personal data that we carry out on behalf of a controller, we provide sufficient guarantees that we take appropriate technical and/or organisational measures so that the processing is in compliance with statutory provisions and ensures protection of the rights of data subjects. Furthermore, we share your data with service providers who support us in the operation of our websites and related processes within the scope processing in accordance with Article 28 of the EU General Data Protection Regulation. These are hosting service providers as well as service providers for e-mail dispatch. Our service providers are strictly bound by our instructions and correspondingly obliged by way of agreement. In the following, we name the processors with whom we work, if we have not already done so in the preceding text of the Privacy Policy. If data is transferred outside the EU or EEA in this context, then we provide information on the appropriate level of data protection. - retarus GmbH, Aschauer Straße 30, 81549 Munich: e-mail dispatch

There is a processing agreement with the service provider in accordance with Article 28 of the EU General Data Protection Regulation. - Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA: hosting services.

There is a processing agreement with the service provider in accordance with Article 28 EU GDPR as well as appropriate safeguards for third-country transfers in accordance with Article 46 EU GDPR.

7. Contact Option via the Website

Due to statutory requirements the website contains information that makes quick electronic contact with our company possible as well as immediate communication with us; this also includes a general address related to the so-called electronic mail (e-mail address) as well as a telephone number. If you contact us by e-mail, telephone or via our contact form, then we will store your name, contact information and your request. The data is used to process your request and to communicate with you. The legal bases are provided by Article 6 Paragraph 1 lit. a) and b) of the EU GDPR (consent/contract initiation or contract execution). This personal data is not passed on to third parties. If your request has finally been settled and there are no other storage obligations, then the data will be deleted.

8. Routine Erasure and Blocking of Personal Data

Unless otherwise required by law, personal data shall only be stored for the period of time required for the purpose of storage. Subject to statutory retention periods, personal data shall be routinely blocked or deleted in accordance with statutory provisions after the purpose of storage has ceased to apply.

9. Rights of Users and Data Subjects

With regard to the data processing described above, you have the following rights: **Right of access**: You have the right of access to the personal data processed with regard to your person; that is, you have the right to obtain confirmation as to whether your personal data are processed or not. Insofar as this is the case, you have the right to access the personal data processed about you and certain additional information, as well as to receive a copy in a commonly used electronic format. **Right to rectification**: You have the right to have inaccurate personal data concerning you corrected as well as the right to have incomplete personal data completed. **Right to erasure**: You have the right to erasure of your personal data. This is the case, for example, if the personal data are no longer necessary in relation to the purposes for which they are processed, you withdraw your consent and there is no other legal ground for the processing, or the processing of your personal data is not required for compliance with a legal obligation, for the assertion, exercise or defence of legal claims. **Right to restriction of processing**: If you have given us your consent to process personal data, then you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. **Right to object**: You have the right to object if the processing is based on the weighing of interests in accordance with Article 6 Paragraph 1 Sentence 1 lit. e) or f) EU GDPR in order to request a reassessment of interests or to object to direct marketing. We will then carry out a new assessment and continue processing your personal data, despite your objection, only if we can demonstrate compelling legitimate grounds that override your interests. **Right to data portability**: You have the right to data portability. This means that you may have the right to obtain the personal data concerning you that you have provided to us and to have that data transferred to another controller. **Right to restriction of processing**: You have the right to restrict your personal data, for example if you contest its accuracy or if you have objected to the processing as described above. In both cases, this right applies during the processing and verification of your request by us. **Right to lodge a complaint with the supervisory authority**: You may file a complaint if you believe that we have violated applicable data protection provisions in the processing of your personal data. In addition, the controller shall be obliged to inform all recipients to whom data has been disclosed about any correction or erasure of data or restriction of processing that takes place on the basis of Articles 16, 17 Paragraph 1, 18 of the EU General Data Protection Regulation. However, this obligation shall not obtain insofar as this notification is impossible or involves disproportionate effort. Notwithstanding the above, the user shall have a right to information about these recipients.

10. Changes to this Privacy Policy

Changes may be made to this Privacy Policy in order to comply with technical and legal adjustments.