Privacy Policy samedi

Privacy Policy

Last updated 01 September 2022


1. Purpose and Scope

This Privacy Policy applies with regard to visiting and use of: www.samedi.com

We process personal data (hereinafter referred to in general as “data”) only to the extent required and for the purpose of providing a functional and user-friendly website, including the contents and services offered therein.

In accordance with Article 4 No. 1. of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to simply as “GDPR”), “processing” shall mean any operation or set of operations performed on personal data, with or without the aid of automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, query, use, disclosure by transmission, dissemination or any other form of provision, matching or combination, restriction, deletion or destruction.

With the following Privacy Policy we inform you in particular about the type, scope, purpose, term and legal basis of the processing of personal data, insofar as we decide either independently or together with others on the purposes and means of processing. Moreover, we inform you in the following about the third-party components we use for optimisation purposes and in order to increase the quality of use insofar as third parties process data in turn on their own responsibility.

2. Differentiation from Our Other Services

As soon as you log in or register as a user under app.samedi.de the data protection terms and conditions for the user account for professionals from samedishall apply. As soon as you log in or register as a user under patient.samedi.de or termin.samedi.de the data protection terms and conditions for the user account for professionals from samedi shall apply.

3. We as the Controller

The responsible provider of this website within the meaning of data protection law is:

samedi GmbH
represented by Katrin Alscher, Prof. Dr. Alexander Alscher, Dr. Benedikt Simon
Rigaer Str. 44
10247 Berlin
Germany
Tel.: +49 (0)30 21230707-0
e-mail: info@samedi.de

The provider’s data protection officer is:

Oliver Guderjahn
External data protection officer / business lawyer (LL. M.)
Kedua GmbH
Eichhorster Weg 80
13435 Berlin

Managing director: Ralf Schulze
HRB 4691 AG Neuruppin
Email: datenschutz@samedi.de

4. Log Files

For technical reasons data is transmitted to us via your Internet browser; particularly in order to provide a secure and stable website. Among other things, the type and version of your Internet browser, the operating system, the website from which you accessed our website (referrer URL), the page(s) of our website that you visit, the date and time of the respective access, as well as the IP address of the Internet connection from which use of our website takes place are collected using these so-called server log files.

The data collected in this manner is temporarily stored, but not together with any other data from you. The legal basis for such storage is provided by Article 6 Paragraph 1 lit. f) of the EU General Data Protection Regulation [GDPR]. Our legitimate interest lies in the improvement, stability, functionality and security of our website.

The data is deleted after seven days at the latest, unless further storage for the purpose of providing evidence is required. Otherwise, data shall be partially or entirely exempt from deletion until an issue has been finally clarified.

5. Cookies

We use cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.


You can manage the cookies via the cookie banner and configure your browser so that you are informed about the placement of cookies and only allow cookies in individual cases, while excluding the acceptance of cookies either for certain cases or in general, and activate automatic deletion of cookies once your browser is closed. However, the steps and measures required to this end depend on your specific Internet browser. If you have any questions, please use the help function or documentation provided with your Internet browser or contact the manufacturer or support. Should you prevent or restrict the installation of cookies, then this may, however, result in the fact that not all of our website functions are fully available.

The use of cookies required for the operation of the homepage is based on Section 25 Abs. 2 Nr. 2 et seq. of the German Tele-Media Law [TMG]. Insofar as other cookies (e.B. cookies for the analysis of your surfing behaviour) are stored, these are treated separately in this data protection declaration.

6. Analytical Tools and Marketing

a) Matomo

We use the open source web analytics service Matomo on our website which we host ourselves. We use “cookies” for this purpose. These are text files that are stored on your computer which allow analysis of your use of the website. The following information is collected from you:

  • the type and version of browser you are using
  • the operating system you are using
  • your country of origin
  • the date and time of the server request
  • the number of visits
  • the time you spend on the website and the external links you use
  • the first two bytes of your IP address

The information generated by the cookie about your use of this website is only stored on our server and is not passed on to third parties. In this case pseudonymous profiles of the users may be created from the processed data. These user profiles are deleted after six months at the latest. The cookies have a maximum validity of three months. Any storage of Matomo cookies and processing of your data is based on your consent in accordance with Article 6 Paragraph 1 lit. a of the EU General Data Protection Regulation.

Users may object to anonymised data collection by the Matomo program at any time with effect for the future by objecting to the processing in the Usercentrics Cockpit (button at the bottom left) or by selecting the so-called “Do Not Track” (DNT) setting in your browser.

b) HubSpot

We use the tracking code provided by the company HubSpot Germany GmbH,
Am Postbahnhof 17, 10243 Berlin on our website.

We use this service in order to obtain information about use of our homepage; for example, the pages a visitor views most frequently and which page served as the landing page of a visit, in order to make our homepage even more user-friendly and to improve our marketing activities.

We use HubSpot “cookies” for this purpose. These are text files that are stored on your computer. The cookies are valid for the following periods:

  • __hstc: 13 months
  • Hubspotutk: 13 months
  • __hssc: 30 minutes
  • __hssrc: expires at the end of the session.
  • messagesUtk: 13 months


If visitors leave your website before they have been added as a contact, the messagesUtk cookie remains associated with their browser. If there is already a chat history with the visitor and the visitor later returns to the website with the same browser (with the same cookies set), their conversation history will be loaded in the chatflows tool.

The storage of HubSpot cookies as well as access to data stored in the cookies is based on your consent pursuant to Section 25 (1) TTDSG. The use of the information generated by the cookie for the evaluation of the described information is based on your consent pursuant to Art. 6 para. 1 lit. a DSGVO. The legal basis for the possible transfer of personal data to the USA is your consent pursuant to Art. 49 (1) lit. a DSGVO. The personal data collected in this way will be stored for a period of 6 months and then deleted.

The information generated by the cookies about your use of this website is transferred to HubSpot computers in Germany and stored there. However, under certain circumstances (e.g. in the case of support requests on our part vis-à-vis the service provider), your data may be transferred to the USA as a third-country. The transfer of data to the U.S. is associated with risks because EU citizens are not protected in particular from extensive potential data surveillance by U.S. intelligence agencies and other authorities. In this case, our service provider has submitted to the standard contracual clauses. Furthermore, there is a processing agreement with the service provider.

The information generated by the cookies is not shared with third parties. You may object to the storage of cookies by configuring the appropriate setting in the Usercentrics Cockpit (button at the bottom left) or the corresponding setting in your browser software.

7. Plug-ins and Tools

a) YouTube

We have included content from YouTube (videos), operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA on our homepage. This content can be played directly via our homepage. All of this content is integrated in “extended data protection mode”, i.e. no data about you as a user is transmitted to YouTube if you do not play the videos. The data specified in Paragraph 2 are transmitted only when you play the videos. We have no influence on this data transmission.

It is irrelevant whether you have a user account with Google or are logged in there. However, if you are logged in or log in later, then the data will be assigned to your user account data. The data that is transferred includes IP address and an identification number assigned to your browser (cookie ID). The cookie ID makes you recognisable on other pages. Furthermore, the address of the page retrieved from us, the system date and time of retrieval and the identifier of your browser are transmitted.

The storage of the YouTube cookie as well as access to data stored in the cookies is based on your consent pursuant to Section 25 (1) TTDSG. The use of the information generated by the cookie for the evaluation of the described information is based on your consent pursuant to Art. 6 para. 1 lit. a DSGVO. The transfer of the collected data to the USA is based on your consent pursuant to Art. 49 para. 1 lit. a DSGVO. The transfer of data to the USA is associated with risks, as EU citizens in the USA are in particular not protected from extensive possible data monitoring by the US secret services and other authorities.

Google stores this data as usage profiles. These profiles are used for advertising purposes and market research as well as for the needs-based design of Google offers and to inform other users about your activities on our website.

If you wish to object to the creation of user profiles by Google, then you must assert your rights vis-à-vis Google. Further information on the purpose and scope of data collection and its processing by Google can be found here: www.google.de/intl/de/policies/privacy.

b) Usercentrics

We use the Usercentrics Consent Management Platform in order to obtain the legally required cookie consents (consent data) from visitors to our site. Consent data is understood as the following data:

  • date and time of visit or consent / refusal
  • device information
  • anonymised IP address

The data is processed for the purpose of compliance with legal obligations (obligation to provide evidence pursuant to Art. 7 (1) DSGVO) and the associated documentation of your consents and thus on the basis of Art. 6 (1) lit. c DSGVO in conjunction with Section 25 (2) No. 2 TTDSG. Local storage is used to store the data.

Consent data is stored for a period of three years. The data is stored in the European Union. Further information about the collected data as well as contact options can be found at https://usercentrics.com/privacy-policy/.

8. Contact Form

If you send us inquiries about samedi in general or further information about the areas of application and functionalities of the software via our contact form, then the data you provide will be processed for the purpose of handling and processing your inquiry via e-mail. Your data will not be used for any other purposes or passed on unless you give us your separate consent to do so. The legal basis for processing your personal data is your consent in accordance with Article 6 Paragraph 1 lit. a) of the EU General Data Protection Regulation.

The legal basis for the possible transfer of personal data to the USA is your consent pursuant to Art. 49 para. 1 lit. a of the EU General Data Protection Regulation.

You may revoke this consent at any time. An informal e-mail to: datenschutz@samedi.de will suffice. The legality of any data processing operations carried out up to revocation shall remain unaffected. Once we have fully processed your request, we will delete your personal data unless mandatory legal provisions – in particular retention periods – take precedence.

If you provide us with your separate consent in accordance with Article 6 Paragraph 1 lit. a) EU GDPR, then we will store the data you enter in the contact form for a maximum period of one year in order to adequately process any subsequent inquiries, unless you request that we delete such data or you withdraw your consent. Mandatory statutory provisions – in particular retention periods – shall remain unaffected.

In order to process your data we use a service provider based in the USA, but your data is stored in Germany. However, under certain circumstances (e.g. in the case of support requests on our part vis-à-vis the service provider), your data may be transferred to the USA as a third-country nevertheless. Furthermore, due to laws in the U.S., American security authorities have the theoretical possibility of accessing data stored by our service provider in the EU. In this case, our service provider has submitted to the standard contractual clauses. Furthermore, there is a processing agreement with the service provider.

9. Newsletter

If you would like to receive our newsletter, then we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter ((double opt-in procedure). Further data is either not collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

Processing of the data entered in the newsletter registration form shall take place exclusively on the basis of your consent (Article 6 Paragraph 1 lit. a) EU GDPR). The legal basis for the possible transfer of personal data to the USA is your consent pursuant to Art. 49 para. 1 lit. a of the EU General Data Protection Regulation. You may withdraw your consent to storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the corresponding link in the newsletter. The legality of any data processing operations already carried out shall remain unaffected by such revocation.

The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will then be deleted once you unsubscribe. Data that we have stored for other purposes shall remain unaffected.

10. General Information and Contact Support

Your information will be stored by us for the purpose of processing inquiries if you address them to us by mail, e-mail, or telephone, including the contact data you provide in this case, depending on the method with which contact is made. Your data will not be used for any other purposes or passed on unless you give us your separate consent to do so. The legal basis for processing your personal data is your consent in accordance with Article 6 Paragraph 1 lit. a) of the EU General Data Protection Regulation. The legal basis for the possible transfer of personal data to the USA is your consent pursuant to Art. 49 para. 1 lit. a of the EU General Data Protection Regulation. You may revoke this consent at any time. An informal e-mail to: datenschutz@samedi.de will suffice. The legality of any data processing operations carried out up to revocation shall remain unaffected. We shall delete your personal data as soon as we have completely processed your request, unless mandatory legal provisions – in particular retention periods – take precedence.

In order to process your data we use a service provider based in the USA, but your data is stored in Germany. However, under certain circumstances (e.g. in the case of support requests on our part to the service provider), transfer of your data to the USA as a third-country may occur nevertheless. Furthermore, due to laws in the U.S., American security authorities have the theoretical possibility of accessing data stored by our service provider in the EU. In this case, our service provider has submitted to the standard contractual clauses. Furthermore, a processing agreement exists with the service provider.

11. Applications

If you send us your application for an advertised position via our application tool, then your application documents will be processed on the basis of Article 88 of the EU General Data Protection Regulation in conjunction with Section 26 Paragraph 1 Sentence 1 1 HS. of the German Federal Data Protection Law [BDSG]. If you send an application photo as well, then you do so voluntarily and thus give your consent to collection and storage of your application photo (Article 88 in conjunction with Section 26 Paragraph 2 BDSG). We have a very strong interest in conducting and completing a proper application process. This also includes rebuttal of any contrary allegations of discrimination in connection with conclusion of the application process; which is why your application documents will not be deleted until six months after rejection. Your application documents will only be stored for a longer period of time with your express consent in order to consider you for future job postings, if applicable. In the case of unsolicited applications deletion will be carried out even without formal rejection following receipt of your application documents within a maximum of 12 months.

12. Processing

We conclude processing / data protection agreements insofar as we use external service providers for whom commissioned data processing of our available personal data represents a (core) component of their processing activities. These external service providers are carefully selected and regularly monitored by us. They process personal data only on our behalf and strictly in accordance with our instructions on the basis of the relevant contract on commissioned processing / data protection agreement (Article 28 EU GDPR).

Unless otherwise stated in this Privacy Policy, we will transfer data to processors for the aforementioned purposes to

  • Filoo GmbH, Rhedaer Straße 25, 33330 Gütersloh: hosting services
  • Usercentrics GmbH, Sendlingerstr. 7, 80331 Munich: cookie consent banner
  • retarus GmbH, Aschauer Straße 30, 81549 Munich: e-mail and SMS-dispatch
  • Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin: e-mail newsletter samedi patient account
  • Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen: STUN/TURN; Jira
  • Telekom T-Systems International GmbH Hahnstrasse 43d, 60528 Frankfurt am Main: Database backup (E2E)
  • HubSpot Germany GmbH, AM Postbahnhof 17, 10243 Berlin: Customer-Relationsship-Management; E-Mail Newsletter

13. Transfer of Personal Data to Third countries

If we transfer personal data to countries outside the EU that do not offer an equivalent level of data protection, then we rely on an adequacy decision of the European Commission (Article 45 GDPR), appropriate safeguards (Article 46 GDPR) or, in accordance with Article 49 GDPR, the facts governing exception permits for third country transfer.

14. Recipients of Personal Data

Recipients of personal data

Unless otherwise stated in this Privacy Policy, we will only transfer data to recipients for the aforementioned purposes to

• service providers for operation of our websites and the related processes, such as newsletter dispatch or the processing of leads generated via our homepage;

• authorities, state regulators or other law enforcement agencies and courts, if required or permitted by law or if enforced by a binding order (Article 6 Paragraph 1 lit. f) EU GDPR or in accordance with other statutory provisions).

Your personal data shall not be forwarded to third parties unless in connection with the purposes listed. If necessary, we shall always inform you in advance and provide you with the opportunity to decide whether or not we may use your personal data in this deviating manner.

15. Routine Erasure and Blocking of Personal Data

Unless otherwise stated in this Privacy Policy, personal data shall only be stored for the period of time required for the purpose of storage, unless otherwise required by law. After the purpose of storage has ceased to apply, personal data will be routinely blocked or erased in accordance with statutory provisions.

16. Rights of Users and Data Subjects

With regard to the data processing described above, users and data subjects shall be entitled to

a) Right of access

You have the right of access to the personal data processed with regard to your person; that is, you have the right to obtain confirmation as to whether your personal data are processed or not. Insofar as this is the case, you have the right to access the personal data processed about you and certain additional information, as well as to receive a copy in a commonly used electronic format.

b) Right to rectification

You have the right to have inaccurate personal data concerning you corrected as well as the right to have incomplete personal data completed.

c) Right to erasure

You have the right to erasure of your personal data, subject to restrictions under applicable law. This is the case, for example, if the personal data are no longer necessary in relation to the purposes for which they are processed, you withdraw your consent and there is no other legal ground for the processing, or the processing of your personal data is not required for compliance with a legal obligation, for the assertion, exercise or defence of legal claims.

d) Right to restriction of processing

You have the right to restrict your personal data, for example if you contest its accuracy or if you have objected to the processing as described above. In both cases, this right applies during the processing and verification of your request by us.

e) Right to withdraw your consent to data processing

If you have consented to a certain type of processing, then you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

f) Right to data portability

You have the right to have data that we automatically process on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a commonly used, machine-readable format. If you request direct transfer of the data to another controller, then this will only be done to the extent technically feasible.

g) Right to object

You have the right to object if the processing is based on the weighing of interests in accordance with Article 6 Paragraph 1 Sentence 1 lit. e) or f) EU GDPR in order to request a reassessment of interests or to object to direct marketing. We will then carry out a new assessment and continue processing your personal data, despite your objection, only if we can demonstrate compelling legitimate grounds that override your interests.

h) Right to lodge a complaint with the competent supervisory authority

You may file a complaint if you believe that we have violated applicable data protection provisions in the processing of your personal data.

In addition, the provider shall be obliged to inform all recipients to whom data has been disclosed by the provider about any correction or erasure of data or restriction of processing that takes place on the basis of Articles 16, 17 Paragraph 1, 18 of the EU General Data Protection Regulation. However, this obligation shall not obtain insofar as this notification is impossible or involves disproportionate effort. Notwithstanding the above, the user shall have a right to information about these recipients.