Privacy Statement

We are very pleased about your interest in our company, Taking Medical History Questions - Hannes Eichinger und Pablo Hagemeyer GbR (hereinafter "We").

We take the protection of your data very seriously and treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy statement.

The following provisions inform you about the type, scope, duration and purpose of the processing of personal data by us as the responsible provider of this website as well as data protection-relevant third-party components used by us for optimization purposes and to increase the quality of use.

We have taken several technical, contractual and organizational measures to ensure that the applicable data protection regulations are complied with and to protect the data we manage against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. Please note, however, that Internet-based data transmissions (e.g. communication by e-mail) are generally subject to security gaps, so that an absolute protection cannot be guaranteed. For this reason, each person concerned is free to transmit personal data to us by alternative means, such as telephone.

I. Definitions

Our data protection declaration is based on the terms used by the European directive and regulation authority when issuing the EU General Data Protection Regulation (GDPR). Our data protection declaration should be easy to read and understand for the public as well as for our users and business partners. In order to guarantee this, we would like to explain the terms used in advance.

We use the following terms in this Privacy Policy:

  • a) Personal Data

    Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Art. 4(1) GDPR).

  • b) Data Subject

    Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

  • c) Processing

    Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Art. 4(2) GDPR).

  • d) Restriction of Processing

    Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future (Art. 4(3) GDPR).

  • e) Profiling

    Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. (Art. 4(4) GDPR).

  • f) Pseudonymization

    Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person (Art. 4(5) GDPR).

  • g) Controller or Controller responsible for the processing

    Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (Art. 4(7) GDPR).

  • h) Processor

    Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller (Art. 4(8) GDPR).

  • i) Recipient

    Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients (Art. 4(9) GDPR).

  • j) Third Party

    Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data. (Art. 4(10) GDPR).

  • k) Consent

    Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. (Art. 4(11) GDPR).

II. Name and Address of the Controller

Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

Taking Medical History Questions - Hannes Eichinger und Pablo Hagemeyer GbR

Auguststr. 1

10117 Berlin

Deutschland

Tel.: +49 30 2809 7645

E-Mail: medicalhistory@posteo.de

Website: https://www.takingmedicalhistoryquestions.com

III. Information on the Processing of Personal Data

Insofar as personal data are processed when using our website, these data will be deleted or blocked as soon as the purpose of their storage is obsolete. In addition, storage can occur if this has been stipulated by the European or national legislator in Union regulations, laws or other regulations to which the controller is subject. The data shall also be blocked or deleted if a storage period stipulated by the aforementioned provisions expires, unless it is necessary for further storage of the data for the conclusion or performance of a contract.

1. Processing of personal data by the Taking Medical History Questions - Hannes Eichinger and Pablo Hagemeyer GbR

  • a) Server Data

    Our website collects a number of general data and information each time the website is accessed by you or by an automated system. In order to enable you to visit the website and to guarantee its stability and security, the following data is collected, used and stored in so-called log files for a short time:

    • information regarding the applied browser types and versions,
    • information regarding the operation system applied by the accessing system,
    • the website, from which the accessing system reaches our website (so called Referrer),
    • the subwebsites, which are addressed by an accessing system from our website,
    • the date and the time the website was accessed,
    • the Internet-Protocol-Address (IP-Address),
    • the internet-service-provider of the accessing systems and
    • other similar data and information, which in case of attacks on our information-technology systems serve as protection.

    The anonymous data of the server-log files will be saved separately from the personal data provided by you. When using this general data and information, we do not draw any conclusions about you.

    The legal basis for the temporary storage of the data is Art. 6 (1) lit. f) GDPR.

  • b) Cookies

    Our website uses cookies. Cookies are text files which are stored on a computer system via an Internet browser and which are saved when you visit our website. When a user visits a website, a cookie may be stored on the user's computer.

    Cookies contain characteristic sequences of signs that enable the browser to be uniquely identified when the website is accessed again. However, this does not mean that we will gain immediate knowledge of your identity.

    The use of cookies enables us to provide you with more user-friendly services on this website, which would not be possible without them. Some elements of our website require that the accessing browser can be identified even after a website change.

    This cookie is used to save your preferred settings so that they can be made available immediately when you visit the website again. These may include language settings or other preferences. It also serves to facilitate the completion of forms. The stored information is automatically deleted at the end of the session.

    Our legitimate interest in the processing of personal data pursuant to Art. 6(1) lit. f) GDPR also arises from these purposes.

    We also use cookies on our website, which enable us to analyse your surfing behaviour in order to optimize our services for you. The data collected in this way is pseudonymized by technical precautions. It is therefore no longer possible to relate the data to you. These data are not stored together with other personal data of you.

    When you visit our website, an information banner informs you about the use of cookies for analysis purposes and refers you to this data protection declaration. In this context, we will also inform you how to prevent the storage of cookies in the browser settings. The purpose of using technically necessary cookies is to simplify the use of websites for you. For these it is necessary that the browser is recognized also after a website change. You can deactivate the setting of cookies by our website at any time by means of an Internet browser setting and contradict the setting of cookies permanently. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible within all common Internet browsers. If you deactivate the setting of cookies in the Internet browser, not all functions of our website may be fully usable.

    The legal basis for the processing of personal data with the use of cookies for analysis purposes is, if you have consented to this, Art. 6 (1) lit. a) GDPR.

  • c) Registration on our Website

    You have the opportunity to register on our website by providing personal data. Which personal data is transmitted to us in this case is determined by the respective input form mask that is used for registration.

    The following data is collected as part of the registration process:

    - First name, last name

    - Email address

    When you register on our website, the IP address assigned by your Internet Service Provider (ISP), the date and time of registration are also stored. This data is stored in order to prevent misuse of our services and, if necessary, to enable us to investigate criminal offences that have been committed. In this respect, the storage of this data is necessary for our security. These data will not be transferred to third parties unless there is a legal obligation to do so or the data is used for criminal prosecution.

    Your registration with voluntary indication of personal data serves us to offer you contents or services which, due to the nature of the matter, can only be offered to registered users. Registered persons are free to modify the personal data provided during registration at any time or to delete their data completely from our database.

    On request, we will provide you with information about which personal data about you is stored at any time. Furthermore, we will correct or delete personal data at your request or notice, provided there are no legal storage obligations to the contrary. All our employees are available to you as contact persons in this regard.

    The legal basis for the processing of the data is, if you have consented to this, Art. 6(1) lit. a) GDPR.

    If the purpose of registration is to fulfil a contract to which you are a party or to carry out pre-contractual measures, the additional legal basis for processing the data is Art. 6(1) lit. b) GDPR.

    The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. This applies to the data collected during the registration process if the registration on our website is cancelled or modified.

  • d) E-Mail Contact

    You will find an e-mail address on our website which can be used for electronic contact. If you contact us by e-mail, the personal data transmitted by e-mail will be stored by us.

    In this context, we do not transfer the data to third parties. The data will be used exclusively for the processing of the conversation.

    The legal basis for processing the data transmitted in an e-mail is Art. 6(1) lit. f) GDPR. If the purpose of the e-mail contact is to conclude a contract, the additional legal basis for the processing is Art. 6(1) lit. b) GDPR.

    The processing of personal data, which is processed in the case of e-mail contact, solely allows us to process your contact. This is our legitimate interest in the processing of the data.

    The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data sent to us by e-mail, this is the case when the respective conversation with the user has been terminated. The conversation is terminated when it can be inferred from the particular circumstances that the matter in question has been conclusively resolved.

    If you contact us by e-mail, you can object to the storage of your personal data at any time. In such a case the conversation cannot be continued. All personal data stored in the course of contacting you will be deleted in this case.

2. Processing of personal data by third parties

In order to make our website as pleasant and comfortable as possible for you as a user, we occasionally use the services of external service providers. In the following you have the opportunity to inform yourself about the data protection regulations for the use and application of the services and functions used, in order to be able to exercise your rights with the service providers if necessary.

  • a) Use of Google Analytics (with anonymization function)

    On this website we have integrated the component Google Analytics (with anonymization function). Google Analytics is a web analysis service. Web analysis is the collection and evaluation of data about the conduct of visitors to websites. A web analysis service collects data on, among other things, from which website a person concerned came to a website (so-called referrers), which subpages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is mainly used to optimize a website and to analyse the costs and benefits of Internet advertising.

    The operating company of the Google Analytics component is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

    By being certified according to the EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active Google guarantees that the data protection regulations of the EU are complied with when processing data in the USA.

    For web analysis via Google Analytics, we use an anonymization function which shortens and anonymizes the IP address of your Internet connection if you access our website from a member state of the European Union or another state party to the Agreement on the European Economic Area.

    The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Google uses the data and information obtained, e.g. to evaluate the use of our website, to compile online reports for us showing the activities on our websites and to provide other services in connection with the use of our website.

    Google Analytics places a cookie on your computer. What cookies are has already been explained above. When the cookie is placed, Google is able to analyse the use of our website. Each time you access one of the individual pages of this website on which a Google Analytics component has been integrated, the Internet browser on your computer is automatically caused by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as your IP address, which Google uses, among other things, to track the origin of visitors and clicks and subsequently to enable commission accounting.

    The cookie is used to store personal information, such as the access time, the location from which an access was made and the frequency of visits to our website by you. Each time you visit our website, this personal data, including the IP address of the Internet connection you are using, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may transfer the personal data collected through this technical process to third parties.

    You can prevent the placement of cookies by our website, as described above, at any time by means of an Internet browser setting and disagree with the setting of cookies permanently. Such a setting of the Internet browser used would also prevent Google from setting a cookie on your computer. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.

    Furthermore, you have the possibility to object to and prevent the collection of data related to the use of this website and generated by Google Analytics. To do this, you must download and install a browser add-on from the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information on visits to Internet pages may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google as a contradiction. If your information technology system is later deleted, formatted or newly installed, the browser add-on must be reinstalled in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by you or another person within your control, there is a possibility of reinstalling or reactivating the browser add-on.

    The legal basis for the use of Google Analytics is Art. 6(1) lit. f GDPR. Our legitimate interest is the analysis, optimization and economic operation of our site.

    Further information and Google's applicable privacy policy can be found at https://policies.google.com/privacy?hl=en&gl=en and https://marketingplatform.google.com/about/analytics/terms/us/ Google Analytics is explained in more detail at this link https://www.google.com/intl/de_de/analytics/.

  • b) Use of Google Fonts

    We use Google Fonts on this website to display our content correctly and graphically appealing across all browsers. Google Fonts serves the standardized representation of fonts. When you call up our website, the required fonts (=Web Fonts) are loaded by your browser into its cache (= buffer memory).

    When you download the fonts from Google's servers, your browser establishes a connection to Google. At this point, Google receives information that your IP address has visited our website. When you visit the website, however, no cookies are set for this purpose.

    If your browser does not support Google Fonts, a standard font will be used by your computer. Betreibergesellschaft der Google Fonts Komponente ist die Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA. Die Google LLC ist unter dem EU-US Privacy Shield zertifiziert.

    The use of Google Fonts is in the interest of a standardized and appealing presentation of our website. This constitutes a legitimate interest within the meaning of Art. 6(1) lit. f) GDPR.

    Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's data protection declaration: https://www.google.com/policies/privacy/.

  • c) Payment service provider Billwerk

    For the management of your payments we cooperate with the accounting platform "Billwerk" (Billwerk GmbH, Mainzer Landstr. 33a, 60329 Frankfurt), which supports us completely or partly with the accounting of payments.

    Billwerk collects and processes your payment data for the purpose of processing payments in accordance with Billwerk's data protection regulations.

    The collection and processing of personal data is carried out to enable the contract between you and us and thus to implement pre-contractual measures in accordance with Art. 6 Para. 1 lit. b) DS-GVO. The data will only be transferred if this is necessary for the processing.

    Details on data protection at Billwerk can be found on the Billwerk website at https://billwerk.io/data-protection.

3. Rights of Data Subjects

With regard to the data processing described above, data subjects have the following rights:

  • a) Right of information about your personal data stored by us (Art. 15 GDPR)

    Any data subject has the right to be provided, at any time and free of charge, by the controller with information on the personal data relating to him which have been stored and with a copy of such information. In addition, the European.

    Directive and Regulation Authority has granted the data subject access to the following information:

    • Processing purposes,
    • the categories of personal data processed,
    • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations,
    • if possible, the proposed term for which the personal data will be stored or, if that is not possible, the criteria for defining that term,
    • the right to have personal data relating to him corrected or deleted or to have the processing restricted by the controller or to object to such processing,
    • right of appeal to a supervisory authority,
    • if the personal data are not collected from the data subject: All available information about the origin of the data,
    • the existence of automated decision-making, including profiling, in accordance with Art. 22(1) and (4) GDPR and, at least in these cases, relevant information on the logic involved and the scope and intended impact of such processing on the data subject.

    The data subject also has the right to know whether personal data have been transferred to a third country or to an international organisation. If this is the case, the data subject shall also have the right to obtain information on the appropriate guarantees in connection with the transfer.

    If a data subject wishes to exercise this right to information, he or she can contact one of our employees at any time.

  • b) Right to correct or complete incorrect or incomplete data (Art. 16 GDPR)

    Any data subject has the right to demand the correction, without delay, of incorrect personal data concerning him or her. Furthermore, the data subject shall have the right, having regard to the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary statement.

    If a data subject wishes to exercise this right of rectification, he or she can contact one of our employees at any time.

  • c) Right to the immediate deletion of personal data (Art. 17 GDPR)

    Any data subject has the right to demand that the controller erase the personal data concerning him or her without delay, if one of the following reasons applies and if the processing is not necessary:

    • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
    • The data subject revokes his consent on which the processing was based pursuant to Art. 6(1) lit. a) GDPR or Art. 9(2) lit. a) GDPR and there is no other legal basis for the processing;
    • The data subject objects to the processing pursuant to Art. 21(1) GDPR and there are no priority legitimate reasons for the processing or the data subject objects to the processing pursuant to Art. 21(2) GDPR;
    • The personal data have been processed illegally;
    • The deletion of personal data is necessary to fulfil a legal obligation under European Union law or the law of the Member States to which the data controller is subject.
    • The personal data have been collected in relation to information society services offered pursuant to Art. 8(1) GDPR.

    If one of the above mentioned reasons applies and a person concerned wishes to have personal data stored by us deleted, he or she can contact one of our employees at any time. The employee will ensure that the request for deletion is complied immediately.

    If the personal data has been made public by Taking Medical History Questions - Hannes Eichinger und Pablo Hagemeyer GbR and if our company is responsible according to Art. 17(1) GDPR, Taking Medical History Questions - Hannes Eichinger und Pablo Hagemeyer GbR, taking into account the available technology and the implementation costs, shall take appropriate measures, also of a technical nature, to inform other persons responsible for data processing who process the published personal data that the data subject has requested the deletion of all links to this personal data or copies or replications of this personal data from these other persons responsible for data processing, insofar as the processing is not necessary. The employee of Taking Medical History Questions - Hannes Eichinger und Pablo Hagemeyer GbR will take the necessary steps in individual cases.

  • d) Right to the immediate restriction of processing (Art. 18 GDPR)

    Any data subject has the right to demand that we restrict the processing if one of the following conditions applies:

    • The correctness of the personal data is disputed by the person concerned for a period of time that enables us to verify the correctness of the personal data.
    • The processing is unlawful, the data subject refuses to delete the personal data and instead requests the restriction of the use of the personal data.
    • We do not require the personal data for processing purposes any longer, but the data subject needs it to assert, exercise or defend legal claims.
    • The data subject has filed an objection to the processing pursuant to Art. 21(1) GDPR and it is not yet known whether our legitimate reasons prevail over those of the data subject.

    If one of the above conditions applies and a person concerned wishes to request the restriction of personal data stored by us, he or she can contact one of our employees at any time. The employee will arrange for the processing to be restricted.

  • e) Right to data portability (Art. 19 GDPR)

    Any data subject has the right to receive the personal data concerning him or her provided by the data subject in a structured, common and machine-readable format. The data subject also has the right to transfer this data to another data controller without being impeded by us, provided that the processing is based on consent pursuant to Art. 6(1) lit. a) GDPR or Art. 9(2) lit. a) GDPR or on a contract pursuant to Art. 6(1) lit. b) GDPR and that the processing is carried out using automated procedures, provided that the processing is not necessary for the performance of a public interest task or in the exercise of official authority entrusted to us.

    Furthermore, when exercising his right to data transferability pursuant to Art. 20(1) GDPR, the data subject shall have the right to obtain that the personal data be transferred directly by us to another person responsible, insofar as this is technically feasible and insofar as this does not impair the rights and freedoms of other persons.

    To exercise the right to data transfer, the person concerned can contact any of our employees at any time.

  • f) Right of objection (Art. 21 GDPR)

    Any data subject has the right to object at any time, for reasons relating to its particular situation, to the processing of personal data concerning him or her pursuant to Article 6(1) lit.e) or lit. f) GDPR. This also applies to profiling based on these provisions.

    In the event of an objection, we will no longer process the personal data unless we can prove compelling reasons for the processing worthy of protection which predominate the interests, rights and freedoms of the person concerned, or the processing serves to assert, exercise or defend legal claims.

    If we process personal data for the purpose of direct advertising, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling as far as it is connected with such direct advertising. If the data subject objects to our processing for direct marketing purposes, we will no longer process the personal data for these purposes.

    In addition, the data subject has the right to object to the processing of personal data relating to him/her by us for scientific or historical research purposes or for statistical purposes pursuant to Art. 89(1) GDPR for reasons arising from particular circumstances, unless such processing is necessary for the performance of a task in the public interest.

    To exercise the right to object, the data subject may contact any of our employees at any time. The data subject is also free to exercise his or her right of objection regarding the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

  • g) Automated individual decision-making, including profiling (Art. 22 GDPR)

    Any data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects upon him or her or significantly affects him or her in a similar way, unless the decision is (1) necessary for the conclusion or performance of a contract between the data subject and us, or (2) permitted by law of the European Union or of the Member States to which we are subject, and provided that such law contains adequate measures to safeguard the rights and freedoms and the legitimate interests of the data subject, or (3) with the explicit consent of the data subject.

    Where the decision (1) is necessary for the conclusion or performance of a contract between the data subject and us, or (2) is taken with the explicit consent of the data subject, we shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

    To exercise the right relating to automated decision-making, the person concerned can contact any of our employees at any time.

  • h) Revocation right

    Any data subject has the right to revoke his/her consent to the processing of personal data at any time.

    If the data subject wishes to revoke his/her consent, he/she can contact one of our employees at any time.

  • i) Right to file complaints with the supervisory authority

    Any data subject has the right to complain to a supervisory authority, in particular in the Member State in which he/she is located or working or at the alleged place of infringement, if he/she considers that the processing of his/her personal data is contrary to the GDPR.

    The supervisory authority with which the complaint was filed shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

IV. Contact

Please use our contact form for your data protection concerns or contact our staff responsible for data protection at the e-mail address: medicalhistory@posteo.de

Stand: August 2019