Privacy Policy

Transparent handling of your personal data is very imporant for us. Therefore we shall fulfill our information obligations to the utmost degree. We inform you on the personal data registered while visiting our website, to what purpose and on the basis of what laws and how long your data will be stored. We also inform you about your rights as the person concerned.

A. Name and adress of the responsible

The responsible according to the basic regulation of data protection and other national data protection laws of member states as well as differing legal regulations of data protection is:

Medizinisches Versorgungszentrum am St. Josefs-Hospital Wiesbaden GmbH, Beethovenstrasse 20, 65189 Wiesbaden, Tel 49(0) 611 170 , Fax 49 (0) 611 17711, e-mail: info@joho.de

Authorized representatives:

Martin Bosch
Jens Gabriel
Dr. Thomas Schneider

B. Name and address of the data protection officer:

The data protection officer of the responsible is

David Große Dütting
SANOVIS GmbH
Riedenburger Str. 7
81677 München
Tel. 49(=) 251/92208-238
e-mail: Datenschutz@curacon.de

C. General information on data protection

Scope of processing personal data
Personal data are being processed by us only to the extent necessary for providing a functional website as well as our contents and our services.  

Processing personal data of our users takes place only after approval is given by the user. Exceptions of these rules are only allowed if prior approval is impossible for factual reasons and data processing is provided for by legal regulations.

Transfer of personal data
As a general principle your personal data collected while using our website are transferred only inside the JoHo-Verbund. We refer to our legitimate interest according to article 6 sect.1 lit. f) DSGVO. If we transfer your data to one of our authorized service providers we shall inform you about the details of the proceedings. In case of utilizing the data for marketing purposes we shall insure previous anonymisation of the data.

Data erasure and storage duration
Personal data of persons concerned are erased or blocked as soon as the reason for storage becomes extinct. Storage may occur over and beyond if this is  provided for by the european or national legislator in the framework of regulations, laws or other provisions of the Union as far as the responsible is subject to these regulations. Blockage or erasure of data occurs also after the end of the storage period prescribed by the norms mentionned before unless further storage of data is required for the conclusion or fulfillment of a contract.

Consequences of failure to provide data
Without providing selected personal data you cannot visit our website. Processing your data is required technically for making available our website. Providing more personal data is not prescribed by law and you are not obliged to provide them. In these cases we ask for your approval for the processing which you can cancel any time. Without your approval and provision of the data vou cannot use special services provided by our website (p.e. contact forms).

Profiling
Automatic decision making including profiling is not provided by our website.

D. Provision of the website and availability of logfiles

Hosting
Hosting services employed by us serve to provide the following services:
infrastructure and platform services, computing capacitiy, storage capacity and data base services, safety as well as technical maintenance services which we us to operate this online offer.

Logfiles
Description and scope of data processing
When accessing our internetsite our system collects automatically data and information of the computer system of the accessing computer. The following data are collected:

  • information of the type of browser and the version used
  • information of the operating system used
  • IP-address of the device used
  • date and time of access
  • if necessary the address of the website from which the user had access to our   internetsite (so called Referrer-URLs)
  • the result of the access (so called HTTP Status Codes)

These data alone cannot be attributed by us to distinct persons. Only if forms are filled with personal data the IP-address can be attributed subsequently to a person.

Scope of data processing
Temporary storage of the IP-address by the system is necessary to make possible the providing of the website to the user‘s computer. To this effect the IP-address of the user must remain stored for the duration of the meeting. In addition storage in logfiles takes place to assure operability of the website. The informations of the server logfiles are required for safety reasons (p.e. to clear up cases of abuse and fraud).

Legal base for data processing
On the basis of art. 6 sect.1 lit.c DSGVO our website collects data about every access to the server on which this service is located. More over we have a legitimate interest in the sense of art. 6 sect.1 lit.f DSGVO of data processing to make possible the provision of the website.

Duration of storage
According to § 76 BDSG we are obliged to be able to trace who has entered personal data. For this reason we store server logfiles until the end of the following year. They are then erased. Data of which further storage is required for reasons of proof are exempted from erasure until the incident in question is settled. The provisions of § 76 BDSG are the basis of data processing according to art. 6 sect.1 lit.c DSGVO.

Possibilty of contradiction and erasure
Collection of data for the provision of the website and the storage of data in logfiles are imperatif for the operation of the website. Therfore the user does not have any possibility of contradiction.

E. Use of cookies

Description and scope of data processing
Our website uses cookies. Cookies are text files stored in the internet browser or are transferred from the internet browser to the user‘s computer. When a user accesses the website a cookie may be stored in the operational system of the user. This cookie contains a characteristical string making possible a clear identification of the browser in case of further access to the website. We use cookies to make our website easy to use. On our website we use cookies that make possible an analysis of the user‘s surfing behaviour. The user‘s data  collected this way are pseudonymised by technical proceedings. For this reason  attribution of the data to the accessing user is impossible. Data are not stored together with other personal data of users.

Scope of data processing
The aim of using technically necessary cookies is to simplify the use of websites for users (p.e. via language settings). Some functions of our internetsite cannot be offered without cookies. For these it is necessary that the browser can be recognized even after a change of pages. User dates collected by the technically required cookies are not used for the creation of user profiles. The use of analysis cookies serves the improvement of the quality of our website and its contents. By the analysis cookies we learn how our website is used and this way we can optimize our offer steadily.

Legal base for data processing
The legal base for processing personal data by technically required cookies is our legitimate interest according to art. 6 sect.1 lit f DSGVO. The legal base for processing personal data using cookies with analytical aims is art. 6 sect.1 lit. a DSGVO providing the user has given his consent.

Duration of storage, possibility of contradiction and deletion
Cookies are stored on the user‘s computer and transferred by it to our site. This way, as a user you are in ful control of the use of cookies. By changing the settings in your internet browser you can deactivate or limite the transfer of cookies or cancel your consent as well. This can also be done by automatic means.

Links to third parties‘sites.
Our online offer contains links to internet sites of other offerers. We have no influence on the respect of legal data protection regulations by these offerers. Therefore you should always check the data protection provisions offered by them. In the framework of further development of our internet site and the use of new technologies changes of these data protection declarations may become necessary. For this reason we recommend you to run through this declaration of data protection regularely.

E. Collection of data in forms and via E-Mail contact

Description and scope of data processing
On our internetsite there are contact forms that can be used for electronical contact. If a user uses this possibility the data entered into the input screen are transferred to us and stored. At the time of sending the message the following data are stored:

  • date and time of request
  • name
  • telefone number
  • reference of message
  • message

Alternatively contact is also possible via the indicated e-mail address. In this case the user‘s personal data contained in the e-mail are stored.
In this context no data are transferred to third parties. The data are used exclusively for  processing the conversation.

Legal base for data processing
For processing the data your approval is requested during the process of sending the mail and this data protection declaration is referred to.

Therefore, the legal base for data processing is the existance of the user‘s consent, art. 6 sect.1 lit.a DSGVO. The legal base for the processing of data transferred by e-mail is art. 6 sect.1 lit.f DSGVO. If the e-mail contact aims at concluding a contract the additional legal base for the processing is art. 6 sect.1 lit. b DSGVO.

Scope of processing
Processing personal data from the input screen serves only to process the contact. In the case of e-mail contact this is also the required legitimate interest in processing the data.

Other personal data processed during the sending of the mail serve to prevent abuse of the contact form and to ensure the safety of our information technique systems.

Duration of storage
Data are erased as soon as they are no more required for achieving the purpose of their collection. For personal data from the input screen of the contact form and those sent by mail this applies when conversation with the user is finished. Conversation is finished when circumstances indicate that the facts are terminally clear.

Possibility of contradiction and erasure
The user has always the possibility to revoke his consent to processing his personal data. In the case of a user‘s e-mail contact with us he can contradict the storage of his personal data at any time. All personal data stored during contact are erased.

F. Prescription order

Description and scope of data processing
You have the possibility to order online recurring recipes via our website and  to fetch them the next working day at the doctor‘s office.
The following data entered into the input mask are transferred to us and stored:

  • name, first name
  • telefon number
  • e-mail address
  • birth date
  • medicine and package size

Legal base for data processing
For the processing of data we ask for your consent during the sending process and point out the present data protection declaration. The legal base for data processing is therefore the existence of the user‘s consent according to art. 6 sect.1 lit. a DSGVO.

Scope of data processing
These data are used for issuing recipes.

Duration of storage
Data are erased as soon as they are not required any more for the purpose of their collection. Concerning personal data from the input mask of the order form this applies when the ordered recipe has been issued. Information concerning the issuing of a recipe becomes part of the patient‘s record on the basis of legal retention obligations.

Possibility of contradiction and erasure
The user has the possibilty to revoke his consent to personal data processing at any time. If the patient orders a recipe by online form he can oppose the storage of personal data at any time. However the data processing realized until the moment of opposition is legal.

G. Safety

SSL-Encryption
For safety reasons and the protection of the transfer of confidential contents, p.e. the requests you are sending us as website operators we are using SSL encryption. You can recognize an encrypted connection when the address of the browser changes from „http://“ to „https://“ and at the lock symbol in your browser line. When ssl encryption is activated data transferred by you cannot be read by third parties.

Rights of persons concerned
If your personal data are processed you are a person concerned according to DSGVO and you have the following rights vis-à-vis the responsible:

Right of information
You may ask the responsible to confirme that personal data concerning you are being processed by us. In the case of processing you can ask the responsible the following informations:

  • scope of processing personal data
  • the category of personal data being processed
  • the receiver or categories of receivers to whom your personal data have been   or will be disclosed
  • the planned duration of storage of personal data concerning you or, in case specification is impossible, criteria for the determination of storage duration
  • right to correction or erasure of personal data concerning you, a right to limit  processing by the responsible or the right to contradict this processing
  • existance of a right to appeal to a supervisory authority
  • all existing informations concerning the origin of the data if personal data are not collected from the person concerned
  • the existance of automatic decision making including profiling according to art.22 sect.1 and 4 DSGVO or – at least in these cases – meaningful information on the logic involved as well as the scope and planned effects of such processing for the person concerned.You have the right to get information whether personal data concerning you are transferrred to a third country or an international organisation. In the context of this transfer you can ask information on suitable guarantees according to art. 46 DSGVO.

Right of correction
You have a right of correction and/or completion by the responsible in cases where processed personal data concerning you are incorrect or incomplete. The responsible has to carry out the correction forthwith.

Right to limit processing
You can ask the limitation of processing of personal data concerning you

  • if you contest the correctness of personal data concerning you for the time necessary for the responsible to check the correctness of the personal data
  • if processing is unlawful and you refuse the erasure of personal data and claim the limitation of the use of personal data instead.
  • the responsible does not need any more the personal data for the scope of the processing, but you need them for the assertion, exercise or defense of legal claims or
  • you have objected processing according to art. 21 sect. 1 DSGVO and it is not clear yet whether legitimate reasons of the responsible outweigh your reasons.

If processing of personal data concerning you has been limited these data – apart from their storage – may only be processed with your consent or for the assertion, exercise or defense of legal claims or to protect the rights of another natural or judicial person or for an important public interest of the Union or a member state. If processing has been limited according to the above mentionnend prerequisits you are informed by the responsible before limitation is cancelled.

Rights of erasure
a) Obligation of erasure
You can demand the responsible to erase forthwith personal data concerning you. The responsible is obliged to erase these data immediately for one of the following reasons:

  • personal data concerning you are not required any more for the scope they have been collected for or processed in any form
  • you revoke your consent which is the base for processing according to art. 6 sect. 1 lit. a or art. 9 sect. 2 lit.a DSGVO and there is no other legal base for processing
  • you object processing according to art. 21 sect. 1 DSGVO and if there are no overriding legitimate reasons for the processing or you object processing according to art. 21 sect. 2 DSGVO.
  • personal data concerning your person have been processed illegally.
  • erasure of personal data is necessary to fulfill a legal obligation according to the law of the Union or the law of the member state relevant to the responsible.
  • personal data concerning you have been collected in the framework of services offered by the Information society according to art. 8 sect. 1 DSGVO.

Information of third parties
If the responsible has made public personal data concerning you and is obliged to erase them according to art. 17 sect. 1 DSVGO he takes the appropriate measures considering the availability of technology and implementation costs including technical measures to inform the responsibles of data processing who are processing the personal data that you as the person concerned have required the erasure of all links referring to the personal data or copies or replicas of these.

c) Exceptions
The right to erasure does not exist to the extent that processing is required to exercise the right of free expression and information; fulfillment of a legal obligation requiring processing according to the Union‘s law or the member state‘s law to which the responsible is subject to, or to perform a task in public interest or exercising public authority transferred to this responsible for public reasons in the field of public health care according to art. 9 sect. 2 lit. h and i as well as art. 9 sect. 3 DSGVO; for the scope of archival purposes, scientific or historical research or statistical purposes according to art. 89 sect. 1 DSGVO as far as the right indicated in section a) would presumably make impossible the realization of the aims of this processing or seriously impair them, or the assertion, exercise or defense of legal claims.

Right of briefing
If you have asserted the right to correction, erasure or limitation of data processing in front of the responsible he is obliged to inform all recipients to whom personal data concerning you have been disclosed of the correction or erasure of the data or the limitation of processing, be it that it turns out to be impossible or is linked to an unreasonable amount of effort. You have the right to be briefed about these recipients by the responsible.

Right of transferability of data
You have the right to obtain personal data concerning you which you have provided to the responsible in a structured, common, machine readable format. You also have the right to transfer these data to another responsible without impediment by the responsible to whom the personal data were given, as far as

1) processing is founded on consent according to art. 6 sect1. lit.a DSGVO or art. 9 sect. 2 lit.a DSGVO and

2) processing uses automatic procedures.

On the basis of this right you also have the right to claim that personal data concerning you are transferred by a responsible directly to another responsible as far as this technically feasable. Freedoms and rights of other persons must not be infringed.

The right of transferability does not apply for processing personal data required for the execution of a task of public interest or public authority which has been transferred to the responsible.

Right of revocation
You have the right to revoke the processing of personal data concerning you at any time for reasons resulting from your specific situation according to art. 6 sect.1 lit.e orf DSGVO or art. 49 sect.1 lit.a DSGVO. This is also valid for profiling backed by on these regulations.
The responsible is not processing your personal data any more, be it that he can give mandatory reasons for the protection of the processing outweighing your interests and freedom, or that processing serves to assert, exercise or defend legal claims.
If personal data concerning you are processed for direct advertising you have the right to contradict at any time the processing of personal data concerning you aiming at such direct advertising; this applies also to profiling as far as it is connected to such direct advertising.
In the case of contradiction to the processing aiming at direct advertising  personal data concerning you are not processed any more by the responsible.
You have the possibility to exercise your right of contradiction by automatic procedure using technical specification in the context of using services of the Information society regardless of directive 2002/58/EC.
Right to revoke the declaration of consent concerning the data protection regulation 
You have the right to revoke at any time your consent concerning the data protection regulation. By this revocation of consent the legality of processing realized until the time of revocation is not affected.

Automatic decision making in individual cases including profiling
You have the right to not being submitted to a decision taken only by automatic processing – including profiling – when and if it unfolds legal effects or affects you significantly in a similar way. This does not apply if the decision for contradiction or fulfillment of a contract between you and the responsible is allowed by Union law or the laws of member states to which the responsible is subject and these regulations contain appropriate measures to safeguard your rights and freedoms as well as your legitimate interests or is taken with your explicit consent.

Right to appeal to a supervisory authority
Notwithstanding an administrative or judicial legal remedy you have the right to appeal to a supervisory authority, especially in the member state of your usual residence, working place or the place of the presumed violation in case you think that the processing of personal data concerning you violates the DSGVO. The supervisory authority where the appeal is placed informs the complainant of the state and results of the complaint including the possibility of a judicial remedy according to art. 78 DSGVO.

The supervissory authority for data protection responsible for the JOHO MVZ Wiesbaden-City is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163
65021 Wiesbaden-Ctel. 49 611 1408-0
e-mail: poststelle@datenschutz.hessen.de
www.datenschutz.hessen.de