Privacy Policy (information obligations in accordance with Art. 13 GDPR)
We believe that data protection should be transparent, intelligible and, most importantly, fair to all parties. The aim of this privacy policy is therefore on the one hand to inform you which of your personal data we collect and use, whether this data may be disclosed to third parties and, if so, to which, how long we store your data and what rights you have if you have any objection to our reasonable use of your data. If you still have any questions after you have read this comprehensive privacy policy, please do not hesitate to contact us using the contact details below.
1. Name and contact details of the controller
Controller for the data processing:
Medical Helpline Worldwide GmbH
Otto-Lilienthal-Straße 18
28199 Bremen
Germany
You can contact us by post, by email at info@medical-helpline.com or by telephone on +49 421 240 110-0.
2. Data protection officer
You can contact our data protection officer using the following contact details:
IT-Kanzlei Lutz
Stefan Lutz, LL.M.
IT Lawyer
Teerhof 59
28199 Bremen
Germany
Tel.: +49 421 408 926-60
E-Mail: lutz@hb-law.de lutz@hb-law.de
Website: www.hb-law.de
3. Collection of personal data during use for information purposes
3.1 Whenever you access our website, we collect the following information about your computer: Your computer’s IP address, the request from your browser and the time of the request. The status and the transferred data volume in the context of this request are also recorded. We also collect product and version information about the browser used and your computer’s operating system. We also record the website from which our website was accessed. Your computer’s IP address is only stored for the duration of your use of our website, following which it is immediately deleted or anonymised by being truncated. We use this data for operating our website, particularly for identifying and correcting errors on our website, determining the number of visitors to our website and carrying out updates or improvements. The legal basis for this processing is Art. 6 (1) (f) GDPR.
4. Cookies & Local Storage
4.1 Sometimes, we also collect information about your use of our website by using browser cookies. These are small text files that are stored on your data carrier and that store certain settings and data about your browser to exchange with our system. A cookie usually contains the name of the domain from which the cookie data was sent and information about the age of the cookie and an alphanumeric identifier. Cookies allow our system to recognise the user’s device and make any predefined settings available immediately. Once a user accesses the platform, a cookie is transmitted to the respective user’s computer hard disk. Cookies help us to improve our website and provide you with a better service more tailored to you. They allow us to recognise your computer if you return to our website, and thus:
- to store information about your preferred activities on the website and thereby tailor our website to your individual interests. This includes e.g. adverts that correspond to your personal interests.
- to speed up processing your enquiries.
4.2 The cookies we use only store the data specified above about your use of the website. This is not done by an assignment to you personally, but by allocating an identification number to the cookie ("cookie ID"). The cookie ID is not aggregated with your name, your IP address or similar data that would allow the cookie to be assigned to you.
4.3 There is a distinction between session cookies, which are deleted as soon as you close your browser, and persistent cookies, which are stored beyond the individual session. In relation to the function of cookies, there is a further distinction between:
- Technical cookies: These are necessary to navigate the website, use basic functions and guarantee the security of the website; they neither collect information about you for marketing purposes nor store which websites you have visited;
- Performance cookies: These collect information about how you use our website, which pages you visit and e.g. if any errors occur when using the website; they do not collect any information that could identify you - all data collected is anonymous and is only used to improve our website and to find out what our users are interested in;
- Advertising cookies, Targeting cookies: These are used to provide the website user with relevant advertising on the website or third-party promotions and to determine the effectiveness of these promotions; advertising and targeting cookies are stored for a maximum of 13 months;
- Sharing cookies: These are used to improve the interactivity of our website with other services (e.g. social networks); sharing cookies are stored for a maximum of 13 months.
4.4 Each use of cookies which is not technically necessary constitutes data processing which is only permitted with your express and active consent in accordance with § 25 (1) of the Telecommunications and Telemedia Data Protection Act (TDDDG) and which also only happens in compliance with this statutory provision. This particularly applies to the use of advertising, targeting or sharing cookies. Furthermore, we only transmit your personal data that has been processed by cookies to third parties if you have given your express consent to this in accordance with § 25 (1) TDDDG.
4.5 On our website we use the following cookie:
Cookie Name | Value | Domain | Expire |
---|---|---|---|
JSESSIONID | F5C216EB46500A46E733AD841CBBCAD3
| customer.aqua-med.eu | Session |
4.6 You can specify whether cookies can be placed and retrieved using you browser settings. For example, you can completely deactivate the storage of cookies in your browser, restrict it to certain websites or configure your browser so that it automatically notifies you as soon as a cookie is to be placed and asks you to confirm this. You can block or delete individual cookies. However, for technical reasons, this may result in some features of our website being impaired and no longer functioning fully.
4.7 If cookies can only be used on our website with your consent, you can also set the settings specified at 4.6 in our cookie consent tool.
5. Data security
5.1 All information you send to us is stored on servers located within the European Union. Unfortunately, the transferring information via the internet is not completely secure; therefore, we cannot guarantee the security of the data transmitted to our website via the internet. However, we implement technical and organisational measures to secure our website and other systems against loss, destruction, access, modification or the dissemination of your data by unauthorised persons. Particularly, we transfer your personal data in an encrypted format. We use the coding systems SSL (Secure Socket Layer) and TLS (Transport Layer Security) for this.
6. No disclosure of your personal data
6.1 We do not disclose your personal data to third parties unless you have consented to the disclosure of the data or we are entitled or obliged to disclose data due to statutory provisions and / or official regulations or court orders. In this context, information may particularly be provided for the purposes of criminal prosecution, averting danger or enforcing intellectual property rights.
7. Data protection and third-party websites
7.1 The website may contain hyperlinks to and from third-party websites. If you follow a hyperlink to one of these websites, please note that we cannot accept any responsibility or liability for third-party content or privacy policies. Please familiarise yourself with the respective privacy policies before you transmit personal data to these websites.
8. Use of our website's features
8.1 In addition to using our website for purely informative purposes, we also offer various services that you can use if you are interested. You will usually need to provide additional personal data for this, which we use in order to provide the respective service. If other details are optional, these are identified accordingly.
8.2 When contacting us by email or using the contact form, we will store your email address and, if you have provided it, your name and your telephone number so that we can answer your questions (legal basis is Art. 6 (1) sentence 1 (b) GDPR).
9. Use of our online application form
9.1 If you wish to apply for our product online, you need to provide your personal data that we require to process your application in order for the contract to be concluded. The details required are marked separately; any other details are optional. We process the data you have provided in order to process your application. We may also disclose your payment details to our bank. The legal basis for this is Art. 6 (1) sentence 1 (b) GDPR. The legal basis for the essential shopping basket cookie and the session cookie when registering for our shop is § 25 (2) (2) TDDDG.
A customer account will be created that you can use e.g. to store and release medical data. You can object to the storage of data at any time.
If you have given us your consent, we may also process the data you have provided in order to inform you about further products in our range that may be of interest to you or to send you emails containing technical information.
9.2 We are obliged to store your address, payment details and order details for a period of ten years on the basis of commercial law and tax law provisions. However, we shall restrict processing after two years, i.e. your data will only be used in order to comply with statutory obligations.
9.3 In order to prevent unauthorised third parties from accessing your personal data, particularly financial data, the ordering process is encrypted using TLS technology.
9.4 If you opt for a payment method from the payment service provider Mollie, payment will be processed via Mollie B.V., Keizersgracht 126, 1015 CW Amsterdam, Netherlands (hereinafter referred to as ‘Mollie’), to whom we will pass on the information you provide during the ordering process together with the information about your order (name, account number if applicable, bank sort code if applicable, credit card number if applicable, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR. Your data will only be passed on for the purpose of payment processing with the payment service provider Mollie and only to the extent that it is necessary for this purpose. You can find more information on Mollie's data protection at the URL www.mollie.com/privacy.
10. Social Media Profile
10.1 We have presences on several social media platforms. We use the following providers:
10.1.1 Instagram, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, privacy policy at privacycenter.instagram.com/policy
10.1.2 Facebook, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, privacy policy at www.facebook.com/privacy/center
10.2 We use the technical platform and services of the providers for these information services. Please note that you are responsible for your use of our profiles on social media platforms and the features of such profiles. This particularly applies to the use of the interactive features (e.g. comment, share, like). When visiting our profiles, the providers of the social media platforms collect data including your IP address and other information which is available in the form of cookies on your device. This information is used to provide us, as operators of the accounts, with statistical information about your interaction with us. The legal basis is your consent: for placing cookies, this is § 25 (1) TDDDG; for subsequent data processing it is Art. 6 (1) (a) GDPR.
10.3 The data collected about you in this context is processed by the platforms during which it may be transferred to countries outside the European Union, particularly the USA. All of the above providers are certified under the EU-US Data Privacy Framework. There is also an EU Commission adequacy decision and we have concluded the EU Standard Contractual Clauses (SCC) with the providers. We do not know how the social media platforms use the data resulting from your visit to our account and interaction with our postings for their own purposes, how long this data is stored and whether data is disclosed to third parties. The data processing may differ depending on whether you are registered and logged in to the social network or visit the site as a non-registered and / or anonymous user. When you access a post or the account, the IP address assigned to your device is transmitted to the provider of the social media platform. If you are currently logged in as a user, a cookie on your end device can be used to track how you have navigated the internet. Buttons embedded in websites enable the platforms to record your visits to these website pages and assign them to your respective profile. This data can be used to offer content or advertising tailored to you. If you wish to avoid this, you should log out or deactivate the "stay logged in" function, delete the cookies on your device and restart your browser.
10.4 As the provider of the information service, we also only process the data resulting from your use of our service that you provide to us and that requires interaction. For example, if you ask a question that we can only answer by email, we will store your information in accordance with our general data processing principles, which we describe in this privacy policy. The legal basis for processing your data on the social media platform is Art. 6 (1) sentence 1 (f) GDPR.
10.5 To exercise your rights as a data subject, you can contact us or the provider of the social media platform. If one party is not responsible for responding or needs to obtain the information from the other party, we or the provider will then forward your request to the respective partner. Please contact the provider of the social media platform directly for questions about profiling and the processing of your data when using the website. For questions about the processing of your interaction with us on our website, please use the contact details provided above.
10.6 What information the social media platform receives and how it is used is described by the respective providers in their relevant privacy policies (see link in the table above). Here, you will also find information on contact options as well as on the settings options for advertisements. You can find more information about social networks and how you can protect your data at www.youngdata.de.
11. Third party provider tools
11.1 Use of Matomo
11.1.1 We use the web analysis service Matomo on this website to analyse and check the use of our website. Using the statistics obtained, we are able to improve our offer and present it in a more interesting way for you as the user.
11.1.2 We use a version of Matomo that does not require cookies. Therefore, no Matomo cookies are stored on your computer for the purpose of web analysis. For the analysis of website usage, your IP address and information such as time stamp, web pages visited and your language settings are recorded. We store the information collected in this way on our server.
11.1.3 This website uses Matomo with the extension “anonymizeIP”. This means that IP addresses are processed in abbreviated form and a direct link to a person is excluded. The IP address provided by your browser using Matomo will not be linked with other data collected by us. The legal basis for the use of Matomo is Art. 6 (1) sentence 1 (f) GDPR.
You can prevent the use of Matomo by unchecking the following box and activating the opt-out plugin:
In this case, an opt-out cookie preventing Matomo from storing user data will be placed in your browser in accordance with § 25 (1) TDDDG. If you delete your cookies, this will result in the Matomo opt-out cookie also being deleted. You will need to reactivate the opt-out when you visit our site again.
11.1.5 The program Matomo is an open source project. You can find the third-party provider’s information on data protection at matomo.org/privacy-policy/.
11.2 Use of Cloudflare
11.2.1 Our website uses services provided by Cloudflare, Inc. (“Cloudflare”), which in Germany are provided by Cloudflare Germany GmbH Rosental 7, c/o Mindspace, 80331 Munich, in order to improve the website’s security and performance. The legal basis for this is Art. 6 (1) (f) GDPR. You can object to data processing by no longer using the website.
11.2.2 The services we use are:
- Cloudflare CDN: A content delivery network that improves the loading time of our website thanks to content being delivered by a server that is geographically closer to the user.
- Cloudflare Universal SSL Certificate: Provides an encrypted connection between your browser and our website in order to guarantee the security of your data.
- Cloudflare Web Application Firewall (WAF): Protects our website against malicious attacks and security threats.
- Cloudflare Turnstile: A CAPTCHA system that helps with recognising and preventing automated attacks by bots without genuine users having to solve CAPTCHA puzzles.
11.2.3 Cloudflare may have access to some of your data such as your IP address, system configuration information and other information regarding traffic to and from the website in order to provide these services. These data are processed and may be stored outside of the European Economic Area, e.g. in the USA. Cloudflare is certified under the Trans-Atlantic Data Privacy Framework, which means that it has undertaken to maintain a data protection standard that is comparable with European data protection provisions. For this reason, the European Commission issued an adequacy decision for the USA legitimising any data transfer to the USA. We have also concluded Standard Contractual Conditions (SCCs) with Cloudflare, which you can view at www.cloudflare.com/cloudflare_customer_SCCs.pdf.
11.2.4 For further information about Cloudflare’s data protection practices, please refer to Cloudflare’s Privacy Policy at www.cloudflare.com/privacypolicy/.
11.3 Integrating YouTube Videos
11.3.1 We have integrated YouTube videos on our online offering; these are stored on YouTube.com and can be played directly from our website. The legal basis for displaying the video is Art. 6 (1) (a) GDPR, i.e. involvement only happens with your consent. We place the cookie necessary for playing the video in accordance with § 25 (2) (2) of the Federal Act on Privacy in Telecommunications and Digital Services (TDDDG) as this is technically necessary.
11.3.2 By visiting the website, YouTube receives information that you have called up the relevant subpage of our website. The basic data mentioned above such as IP address and time stamp are also transferred. This happens regardless of whether YouTube provides a user account via which you have logged in or whether no user account exists. If you are logged into Google, your data are assigned directly to your account. If you do not wish this to be assigned to your YouTube profile, you must log out before activating the button. YouTube stores your data as a user profile and uses them for the purposes of advertising, market research and / or the targeted design of its website. This sort of evaluation particularly takes place (even for users who aren’t logged in) in order to provide targeted advertising and to inform other users of the social network about your activity on our website. You have the right to object to the creation of this user profile; you need to contact YouTube to exercise this right.
11.3.3 The collected information is stored on Google servers, including in the USA. Google LLC (the parent company) is certified under the EU-US Data Privacy Framework. There is also an EU Commission adequacy decision and we have concluded the EU Standard Contractual Clauses (SCC) with the provider.
11.3.4 You can find more information about the purpose and scope of the collection and processing of data by YouTube in the Privacy Policy. Here, you can also find further information about your rights and settings options for protecting your privacy: www.google.en/intl/en/policies/privacy.
12. Recipients or categories of recipients
12.1 If we disclose your personal data to third parties, you will be explicitly informed of this by way of a description of the respective data processing (e.g. when using our contact form). For technical and organisational processing, we also use external service providers with which we have concluded appropriate order processing contracts within the meaning of Art. 28 GDPR. These include e.g. service providers for web hosting, sending emails, the maintenance and servicing of our IT systems etc.
13. Storage period
13.1 We store your data for as long as this is necessary for achieving the respective purpose but for no longer than any statutory provisions require us to do so (e.g. we are required under commercial law to retain business correspondence, which may include emails, for 10 years).
13.2 As soon as the reason for storage lapses or a prescribed storage period expires in accordance with the above provisions, the personal data shall be routinely blocked or deleted.
14. Your rights
14.1 You have extensive rights in relation to the processing of your personal data. Firstly, you have a comprehensive right of access and can request the correction and / or erasure and / or blocking of your personal data. You can also request a restriction of processing and have a right of objection and a right to data portability. If you wish to assert one of your rights and / or obtain more information about this, please contact us at info@medical-helpline.com.
14.2 You also have the right to complain to a supervisory authority. If you have any questions, comments or queries regarding the collection, processing and use of your personal data by us, please do not hesitate to contact us using the contact details provided.
14.3 Right to object
Right to object in individual cases
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1) (e) or (f) GDPR, including profiling based on those provisions.
We shall no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Right to object to the processing of data for direct marketing purposes
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
15. No obligation to provide personal data
15.1 he conclusion of contracts with us is not dependent upon you providing us with your personal data in advance. For you as the customer, there is essentially no statutory or contractual obligation to provide us with your personal data; however, we may only be able to provide certain offers to a limited extent or may not be able to provide them at all if you do not provide the necessary information. If, in exceptional circumstances, this should be the case with regard to the products and services we offer as specified above, we will inform you of this separately.