Last updated 23 July 2021
1. Purpose and Scope
2. We as the Controller
The responsible provider of this website within the meaning of data protection law is:
represented by Katrin Alscher, Prof. Dr. Alexander Alscher, Dr. Benedikt Simon
Rigaer Str. 44
Tel.: +49 (0)30 21230707-0
The provider's data protection officer is:
External data protection officer / business lawyer (LL. M.)
Eichhorster Weg 80
Managing director: Ralf Schulze
HRB 4691 AG Neuruppin>
3. Registration and Log-in Area
In order for you as an institution to use the rehabilitation beds portal, you must register on the portal and create a user account. After registration the log-in user account will provide you with access to your stored data with regard to your institution, your patient data created in the portal, as well as information about your reservation data and your current messages. The following information is mandatory for registration: - form of address - first and last name - function of the person registering within the institution - telephone number - name of the institution - as well as the address. The mandatory information is marked with an asterisk (*). By registering with the rehabilitation beds portal you conclude an agreement for the transfer of personal data to third parties. The legal basis for registration and use of the rehabilitation beds portal is thus provided by Article 6 Paragraph 1 lit. b) of the EU General Data Protection Regulation. You have the option of providing further information about your institution as well as users/employees at your institution both while registering and within the portal. You provide this information on a voluntary basis. The legal basis for this is therefore your consent in accordance with Article 6 Paragraph 1 lit. a) EU GDPR. In addition, you have the option of entering further information within the portal, e.g. about your patients. As an institution, you decide what data you enter. As the data controller, it is your responsibility to ensure the legality of these entries, in particular your authorisation to transfer them. We do not carry out a corresponding check. Within your user account you have the option at any time of deleting individual parts or all of the data you have entered. Only the rehabilitation clinic requested by your institution will receive the personal data for the purpose of checking further treatment. The data is made available exclusively for the purpose of electronic inspection by the respective users at an institution. No personal health data shall be passed on to third parties by the rehabilitation beds portal unless expressly confirmed by the respective institution.
4. Log Files
For technical reasons data is transmitted to us via your Internet browser; particularly in order to provide a secure and stable website. Among other things, the type and version of your Internet browser, the operating system, the website from which you accessed our website (referrer URL), the page(s) of our website that you visit, the date and time of the respective access, as well as the IP address of the Internet connection from which use of our website takes place are collected using these so-called server log files. The data collected in this manner is temporarily stored, but not together with any other data from you. The legal basis for such storage is provided by Article 6 Paragraph 1 lit. f) of the EU General Data Protection Regulation [GDPR]. Our legitimate interest lies in the improvement, stability, functionality and security of our website. The data shall be deleted after seven days at the latest, unless further storage for the purpose of providing evidence is required. Otherwise, data shall be partially or entirely exempt from deletion until an issue has been finally clarified.
We use so-called cookies with our website. Cookies are small text files or other storage technologies that are placed and stored on your terminal device by your Internet browser. With these cookies certain information about you is processed to an individual extent.
a) First-party cookies**Provider:** samedi**Name:** `_bp_session`**Use:** User log-in**Validity period:** Current session**Legal basis:** Article 6 Paragraph 1 lit. b. of the EU General Data Protection Regulation
b) Removal option: You may prevent or restrict the installation of cookies through the appropriate setting of your Internet browser. You may also delete cookies that have already been saved at any time. However, the steps and measures required to this end depend on your specific Internet browser. If you have any questions, please use the help function or documentation provided with your Internet browser or contact the manufacturer or support. Should you prevent or restrict the installation of cookies, then this may, however, result in the fact that not all of our website functions are fully available.
There is a processing agreement with the service provider in accordance with Article 28 of the EU General Data Protection Regulation. - Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA: hosting services.
There is a processing agreement with the service provider in accordance with Article 28 EU GDPR as well as appropriate safeguards for third-country transfers in accordance with Article 46 EU GDPR.
7. Contact Option via the Website
Due to statutory requirements the website contains information that makes quick electronic contact with our company possible as well as immediate communication with us; this also includes a general address related to the so-called electronic mail (e-mail address) as well as a telephone number. If you contact us by e-mail, telephone or via our contact form, then we will store your name, contact information and your request. The data is used to process your request and to communicate with you. The legal bases are provided by Article 6 Paragraph 1 lit. a) and b) of the EU GDPR (consent/contract initiation or contract execution). This personal data is not passed on to third parties. If your request has finally been settled and there are no other storage obligations, then the data will be deleted.
8. Routine Erasure and Blocking of Personal Data
Unless otherwise required by law, personal data shall only be stored for the period of time required for the purpose of storage. Subject to statutory retention periods, personal data shall be routinely blocked or deleted in accordance with statutory provisions after the purpose of storage has ceased to apply.
9. Rights of Users and Data Subjects
With regard to the data processing described above, you have the following rights: **Right of access**: You have the right of access to the personal data processed with regard to your person; that is, you have the right to obtain confirmation as to whether your personal data are processed or not. Insofar as this is the case, you have the right to access the personal data processed about you and certain additional information, as well as to receive a copy in a commonly used electronic format. **Right to rectification**: You have the right to have inaccurate personal data concerning you corrected as well as the right to have incomplete personal data completed. **Right to erasure**: You have the right to erasure of your personal data. This is the case, for example, if the personal data are no longer necessary in relation to the purposes for which they are processed, you withdraw your consent and there is no other legal ground for the processing, or the processing of your personal data is not required for compliance with a legal obligation, for the assertion, exercise or defence of legal claims. **Right to restriction of processing**: If you have given us your consent to process personal data, then you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. **Right to object**: You have the right to object if the processing is based on the weighing of interests in accordance with Article 6 Paragraph 1 Sentence 1 lit. e) or f) EU GDPR in order to request a reassessment of interests or to object to direct marketing. We will then carry out a new assessment and continue processing your personal data, despite your objection, only if we can demonstrate compelling legitimate grounds that override your interests. **Right to data portability**: You have the right to data portability. This means that you may have the right to obtain the personal data concerning you that you have provided to us and to have that data transferred to another controller. **Right to restriction of processing**: You have the right to restrict your personal data, for example if you contest its accuracy or if you have objected to the processing as described above. In both cases, this right applies during the processing and verification of your request by us. **Right to lodge a complaint with the supervisory authority**: You may file a complaint if you believe that we have violated applicable data protection provisions in the processing of your personal data. In addition, the controller shall be obliged to inform all recipients to whom data has been disclosed about any correction or erasure of data or restriction of processing that takes place on the basis of Articles 16, 17 Paragraph 1, 18 of the EU General Data Protection Regulation. However, this obligation shall not obtain insofar as this notification is impossible or involves disproportionate effort. Notwithstanding the above, the user shall have a right to information about these recipients.