Privacy Protection

 

1. An overview of data protection

General

The following gives a simple overview of what happens to your personal information when you visit our website. Personal information is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our privacy policy found below.

Data collection on our website

Who is responsible for the data collection on this website?

The data collected on this website are processed by the website operator. The operator’s contact details can be found in the website’s required legal notice.

How do we collect your data?

Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.

Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.

What do we use your data for?

Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.

What rights do you have regarding your data?

You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.

2. General information and mandatory information

Responsibilities

Name of the responsible location:
MVZ Interdisziplinäres Centrum für Radiochirurgie GbR
Mörkenstraße 47
22767 Hamburg
Tel. 040 / 32 55 52-119
Fax 040 / 32 55 52-219
E-Mail: info@icera.de
www.icera.de

Manager:
Prof. Dr. med. Bodo Lippitz

Manager responsible for data processing:
Hossein Sepehr (Manager)
Praxis Service Gesellschaft PSG bR
Andreas-Knack-Ring 16
22307 Hamburg
Tel. +49 40.3803756-240
Fax +49 40.3803756-251

Person responsible for data processing:
Marcel Petersen
KaroMedia Services GmbH
Gutenbergstr. 2a
21509 Hamburg
Tel. + 49 40 72810070
Email: M.Petersen@Karolinenhof.de

Intended purpose of
the collection, processing and use of data

The object of the company is the operation of a medical care centre with at least two different medical specialties (currently neurosurgery and radiation therapy) for the provision of medical and non-medical services and all related activities, the establishment and implementation of cooperations with outpatient and inpatient service providers, with facilities for prevention and rehabilitation and with non-medical service providers in the area of health care, including the provision and implementation of new forms of medical care, such as integrated care, and all activities in connection therewith.

Description of the group of persons concerned
and the relevant data and data categories

Patient and supplier data as well as employee data as far as these are necessary for the fulfilment of the mentioned purposes. For this purpose, the following data or data categories are recorded: address data, insurance data, bank details, health data, data for personnel management and control, for communication as well as for processing and controlling transactions, accounting and performance data, contact data.

Recipients or categories of recipients,
to whom the data may be communicated

Public authorities in the presence of overriding legal regulations (e.g. health authorities), external authorities (e.g. accounting office, payroll accounting) and internal departments (e.g. administration, controlling, nursing) for fulfilling the purposes mentioned.

Standard periods for the deletion of data

The legislator has enacted a variety of storage obligations and periods. After expiry of these periods, the corresponding data is routinely deleted. If data is not affected by this, it will be deleted when the above-mentioned purposes cease to apply.

Information, correction, deletion and blocking

At any time you have the right to the personal data stored with regard to your person, its origin and recipient as well as the purpose of storage. You also have the option of having your data stored by us corrected, blocked or deleted at any time.

If the deletion is contrary to legal, contractual, commercial or tax reasons, in particular statutory retention periods, the data will be blocked instead of deleted.

Planned data transfer to third countries

Data is transmitted exclusively to EU member states and for the aforementioned purposes.

Right of appeal to the competent supervisory authority

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Kurt-Schumacher-Allee 4
20097 Hamburg
Tel.: 040 / 428 54 – 4040
Fax: 040 / 428 54 – 4000
E-Mail: mailbox@datenschutz.hamburg.de

Right to data portability

You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

Information, blocking, deletion

As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.

Opposition to promotional emails

We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.

3. Data protection officer

Statutory data protection officer

We have appointed a data protection officer for our company.

Marcel Petersen
KaroMedia Services GmbH
Gutenbergstr. 2a
21509 Hamburg
Tel. + 49 – 40 – 72810070
E-Mail: M.Petersen@Karolinenhof.de

4. Data collection on our website

Cookies

Some of our web pages use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use (such as the shopping cart) are stored pursuant to Art. 6 paragraph 1, letter f of DSGVO. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. If other cookies (such as those used to analyze your surfing behavior) are also stored, they will be treated separately in this privacy policy.

Server-Log-Dateien

The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:

  • Visited Website
  • Time at time of access
  • Amount of data sent in bytes
  • Source/reference from which you accessed the page
  • Browser used
  • Operating system used
  • IP address used

These data will not be combined with data from other sources.

The basis for data processing is Art. 6 (1) (f) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

After 7 days, these log files are usually deleted automatically.

5. Analytics and advertising

Matomo (formerly Piwik)

This website uses the open source web analytics service Matomo. Matomo uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. For this purpose, the information generated by the cookie about the use of this website is stored on our server. The IP address is anonymized before it is stored.

Matomo cookies remain on your device until you delete them.

The storage of Matomo cookies is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.

The information generated by the cookies about your use of this website will not be disclosed to third parties. You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website.

If you do not agree with the storage and use of your data, you can disable this feature here. In this case, an opt-out cookie will be stored in your browser to prevent Matomo from storing your usage data. If you delete your cookies, this will mean that the opt-out cookie will also be deleted. You will then need to reactivate it when you return to our site if you wish your activity not to be tracked.

[[matomo-optout]]

6. Plugins and tools

YouTube

Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.

If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy

Vimeo

Our website uses features provided by the Vimeo video portal. This service is provided by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

If you visit one of our pages featuring a Vimeo plugin, a connection to the Vimeo servers is established. Here the Vimeo server is informed about which of our pages you have visited. In addition, Vimeo will receive your IP address. This also applies if you are not logged in to Vimeo when you visit our website or do not have a Vimeo account. The information is transmitted to a Vimeo server in the US, where it is stored.

If you are logged in to your Vimeo account, Vimeo allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your Vimeo account.

For more information on how to handle user data, please refer to the Vimeo Privacy Policy at https://vimeo.com/privacy.

Google Maps

This site uses the Google Maps map service via an API. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

Further information about handling user data, can be found in the data protection declaration of Google at https://www.google.de/intl/de/policies/privacy/.

7. Other

Safety measures

We use technical and organisational security measures to ensure that our users’ personal data is protected against loss, incorrect changes or unauthorised access by third parties. In particular, we endeavour to prevent any automatic reading out of our website and its data stock by third parties.

We have concluded a contract for order data processing with the European operator of our server (server location EU).

Security software I.

The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 14 days.

Backups of security log details are retained for 9 days.

The data is stored on the basis of Art. 6 Para. 1 letter f DSGVO (legitimate interest) and does not affect normal web visitors.

Visiting the login page sets also a temporary cookie that aids compatibility with some alternate login methods. This cookie contains no personal data and expires after 1 hour.

This site is regularly scanned by Sucuri SiteCheck for possible malware and vulnerabilities. SiteCheck is a subsidiary of Go Daddy Operating Company LLC, 14455 N. Hayden Rd. 226, Scottsdale AZ 85260, USA. We do not send personal information to Sucuri; however, Sucuri could find personal information posted publicly (such as in comments) during their scan. For more details, please see Sucuri’s privacy policy.

Updates to this Privacy Policy

We will update this policy from time to time to protect your personal information. You should check this policy from time to time to keep up to date on how we protect your information and continually improve the content of our website.

 

June, 2018