Privacy Policy
With this data protection declaration we would like to inform you about the type, scope and purpose of the processing of personal data (hereinafter also referred to as "data"). Personal data are all data that are personally related to you, e.g. B. Name, address, email address or your user behavior. The data protection declaration applies to all data processing operations carried out by us, both as part of our core activity and for the online media we maintain.
Who is responsible for data processing
Responsible for data processing is:
Medical Care Center
Praxis Dr. Eisert
Dr. med. Ortwin Eisert
Eberstädter Str. 5b
64367 Mühltal
Deutschland
+49 6151 14357
datenschutz@mcc-expert.com
www.mcc-expert.com/impressum/
Processing of your data in the context of the health services we provide
If you are our patient or business partner or are interested in our services, the type, scope and purpose of the processing of your data depends on the contractual or pre-contractual relationships that exist between us. In this sense, the data processed by us includes all data that are or have been provided by you for the purpose of using the contractual or pre-contractual services and that are required to process your request or the contract concluded between us. Unless otherwise stated in the further information in this data protection declaration, the processing of your data and its transfer to third parties is limited to the data required to answer your inquiries and / or to fulfill the contract concluded between you and us, to safeguard our rights and are necessary and appropriate for the fulfillment of legal obligations. We will inform you of the data required for this before or as part of the data collection. Insofar as we use third-party providers to provide our services, the data protection notices of the respective third-party providers apply.
Special categories of data
If you are a patient with us or send us an inquiry because you are interested in the health services we offer, so-called special categories of data may also be affected by the data processing. This includes, in particular, information about your health, possibly with reference to your sex life or your sexual orientation, genetic and biometric information, as well as information from which your racial or ethnic origin is derived (Art. 9 Para. 1 GDPR). We process this data exclusively for the purposes of your health care or to protect your vital interests. If we need the information just mentioned for purposes other than those just mentioned (health care, protection of vital interests), we will inform you in detail before we process this data and then obtain your express consent.
If it is necessary to fulfill the contract concluded between us, to protect your vital interests or due to legal requirements, we will transmit your data to third parties, such as authorities, medical facilities, laboratories, accounting offices and tax consultants, in compliance with our professional requirements for confidentiality.
Affected data:
- Inventory data (e.g. names, addresses)
- Payment data (e.g. bank details, invoices)
- Contact details (e.g. email address, telephone number, postal address)
- Contract data (e.g. subject of the contract, duration of the contract)
Special categories of personal data:
- Health data
- Genetic data
- Biometric data
- Sex life or sexual orientation data
- Data showing racial and ethnic origin
Affected people: Patients, interested parties, business and contractual partners
Processing purpose: Processing of contractual services, communication and answering contact inquiries, office and organizational procedures
Legal basis: Fulfillment of the contract and pre-contractual inquiries, Article 6 (1) (b) GDPR, legal obligation, Article 6 (1) (c) GDPR, legitimate interest, Article 6 (1) (f) GDPR
Deletion: See the point: "When do we delete your data?". In addition, we would like to draw your attention to the fact that we are legally obliged to keep patient files for a period of 10 years, § 630 f BGB. We have to keep blood transfusions available for 15 years and X-rays for 30 years. You can find here an Overview of our obligation to retain your health data. In addition, potential liability for damages may make it necessary to retain your data until the 30-year limitation period has expired.
Your rights under the GDPR
According to the GDPR, you have the following rights, which you can assert at any time from the person responsible named in Section 1 of this data protection declaration:
- Right to information: You have the right to request information from us about whether and which data we process from you.
- Right to rectification: You have the right to request the correction of incorrect data or the completion of incomplete data.
- Right to erasure: You have the right to request that your data be deleted.
- Right to restriction: In certain cases you have the right to request that we only process your data to a limited extent.
- Right to data portability: You have the right to request that we transmit your data to you or another person in charge in a structured, common and machine-readable format.
- Right to complain: You have the right to complain to a supervisory authority. The supervisory authority of your usual place of residence, your place of work or our company headquarters is responsible.
Right of withdrawal
You have the right to revoke your consent to data processing at any time. To do this, contact datenschutz@mcc-expert.com.
Right to object
You have the right to object at any time to the processing of your data, which we base on our legitimate interest in accordance with Article 6 (1) (f) GDPR. If you make use of your right of objection, we ask you to explain the reasons. We will then no longer process your personal data unless we can prove to you that there are compelling legitimate reasons for data processing that outweigh your interests and rights.
Regardless of the above, you have the right to object to the processing of your personal data for advertising and data analysis purposes at any time.
Please send your objection to datenschutz@mcc-expert.com.
When do we delete your data?
We delete your data when we no longer need it or when you tell us to. This means that - unless otherwise stated in the individual data protection information in this data protection declaration - we will delete your data,
- if the purpose of the data processing has ceased to exist and the respective legal basis stated in the individual data protection information no longer exists, e.g.
- after termination of the contractual or membership relationships between us (Art. 6 Para. 1 lit. a GDPR) or
- after the loss of our legitimate interest in further processing or storage of your data (Art. 6 Para. 1 lit.f GDPR),
- if you make use of your right of withdrawal and no other legal basis for processing within the meaning of Art. 6 Para. 1 lit. b-f GDPR applies,
- if you make use of your right of objection and there are no compelling legitimate reasons preventing the deletion.
However, if we (certain parts) of your data still have to keep it for other purposes, for example because of tax retention periods (usually 6 years for business correspondence or 10 years for accounting documents) or the assertion, exercise or defense of legal claims based on contractual agreements If relationships (up to four years) are required or the data is used to protect the rights of another natural or legal person, we will only delete (part of) your data after these deadlines have expired. However, until these deadlines have expired, we limit the processing of this data to these purposes (fulfillment of the storage obligations).
Webhosting
We use a provider to host our website, on whose server our website is stored and made available for retrieval on the Internet (hosting). The provider can process all of the data transmitted via the browser you are using that is generated when you use our website. This includes in particular your IP address, which the provider needs in order to be able to deliver our online offer to the browser you are using, as well as all the entries you have made via our website. In addition, the provider we use can raise
- the date and time of access to our website
- Time zone difference to Greenwich Mean Time (GMT)
- Access status (HTTP status)
- the amount of data transferred
- the internet service provider of the accessing system
- the type of browser you are using and its version
- the operating system you are using
- the website from which you may have accessed our website
- the pages or sub-pages that you visit on our website.
The aforementioned data are stored as log files on our provider's servers. This is necessary to ensure the stability and security of the operation of our website.
Affected data:
- Content data (e.g. posts, photos, videos)
- Usage data (e.g. access times, websites clicked on)
- Communication data (e.g. information about the device used, IP address)
Affected people: Users of our website
Processing purpose: Playing our website, ensuring the operation of our website
Legal basis: Legitimate interest, Art. 6 Para. 1 lit. f GDPR
Web host commissioned by us:
Profihost
Service provider: Profihost AG, Expo Plaza 1, 30539 Hannover
Website: https://www.profihost.com/
Privacy Policy: https://www.profihost.com/datenschutzerklaerung
Contact
Insofar as you address us via e-mail, social media, telephone, fax, post, our contact form or in any other way and provide us with personal data such as your name, your telephone number or your e-mail address or further information about yourself or If you make your request, we process this data to answer your request within the framework of the pre-contractual or contractual relationship that exists between us.
Affected data:
- Inventory data (e.g. names, addresses)
- Contact details (e.g. email address, telephone number, postal address)
- Inhaltsdaten (Texte, Fotos, Videos)
- Contract data (e.g. subject of the contract, duration of the contract)
Affected people: Interested parties, customers, business and contractual partners
Processing purpose: Communication and answering contact inquiries, office and organizational procedures
Legal basis: Fulfillment of the contract and pre-contractual inquiries, Article 6 (1) (b) GDPR, legitimate interest, Article 6 (1) (f) GDPR
How your data is handled in the application process
If you apply to us, we will process the personal data you have transmitted to us in the application process, such as your name, address, place of residence, age, application photo, email and telephone number, professional career including schools, training, studies. If you send the data by e-mail or via a contact form on our online presence, the processing takes place electronically. If you send your application via the contact form, the transfer of your data is encrypted according to the state of the art. If you send your data by email, we would like to point out that the transmission is usually unencrypted. If an employment contract is concluded after the application process, we will save your data for the purpose of processing the employment relationship in compliance with the statutory provisions.
Affected data:
- Inventory data (e.g. names, addresses)
- Payment data (e.g. bank details, invoices)
- Contact details (e.g. email address, telephone number, postal address)
- Contract data (e.g. subject of the contract, duration of the contract)
Affected people: Applicants
Processing purpose: Handling of the application process
Legal basis: Fulfillment of the contract and pre-contractual inquiries, Art. 6 Paragraph 1 lit. b GDPR, legal obligation, Art. 6 Paragraph 1 lit. c GDPR
Deletion: If an employment contract is not concluded, your data will be deleted after the application process has been completed or at the latest 2 months after it has been concluded. This does not apply if statutory provisions prevent deletion or if the further storage of your data is necessary for the purpose of providing evidence, for example in proceedings under the General Equal Treatment Act (AGG). The application process is considered complete when the rejection is sent to you.
Web analysis and statistics
We use web analysis services to record and statistically evaluate the flow of visitors to our website. Such services collect, among other things, data on the website from which you accessed our website (so-called referrer), which pages of our website you accessed, how long you visited our pages and which interactions you made there. In addition, data is collected on the browser, computer system and type of device you use. In addition, demographic information, such as age or gender, can also be recorded as pseudonymous values via such a service. If you have consented to the collection of your location data, these can also be processed, depending on the provider.
Your IP address is shortened using a so-called IP masking process so that the IP address can no longer be assigned to your visit to our website. Otherwise, no clear data such as names or e-mail addresses are saved. Neither we nor the service we use knows the identity of the visitors to our website.
Your data is stored on the website's servers and is not passed on to the analysis tool provider and therefore remains in the European area and is therefore subject to the GDPR.
Affected data:
- IP address of the requesting computer,
- Date and time of access,
- Name and URL of the file called up,
- Website from which access is made (referrer URL),
- Browser used and, if applicable, the operating system of your computer and the name of your access provider
Affected people: Users of our online offers
Processing purpose:
- Ensuring a smooth connection to the website,
- Ensuring comfortable use of our website,
- Evaluation of system security and stability as well as
- for further administrative purposes
Legal basis: If we have asked for your consent before using the respective service, this is the legal basis, Article 6 (1) (a) GDPR. In addition, we use the respective service on the basis of our legitimate interest in analyzing the flow of visitors to our website in order to be able to continuously improve the functions, offers and the user experience, Article 6 (1) (f) GDPR.
We use the following web analysis services:
Matomo Analytics (ohne Cookies)
Service provider: InnoCraft Ltd. 150 Willis St, 6011 Wellington, Neuseeland
Website: https://matomo.org/
Privacy Policy: https://matomo.org/privacy/
When using Matomo, the data recorded by the analysis tool is not transmitted to the service provider, but rather remains on our server. In addition, no cookies are used in the variant we use. Rather, returning users are recognized with the help of a so-called “digital fingerprint”. This is saved anonymously and changed every 24 hours. It is not possible to draw conclusions about the identity of individual users.
You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.
Your visit to this website is currently being recorded by Matomo web analysis. Deselect the checkbox above for opt-out.
YOAST SEO
Zur Unterstützung der Suchmaschinen-Optimierung der Seite nutzen wir das Plugin „YOAST SEO“. Das Tool speichert laut WP-Support (https://wordpress.org/support/topic/yoast-gdpr/) keine personenbezogenen Daten und ist somit DSGVO-Konform.
Content services
We use certain services to be able to display certain content or graphics (videos, images, music, fonts, maps) on our website. The services we use process the IP address assigned to you at the time of your visit to our website, as this is the only way to display the respective content in the browser you are using. In addition, the providers of these services can set additional cookies on your device, which collect information about your usage behavior, your interests, the device and browser you are using, as well as the time and duration of your session. The providers regularly use this data for analysis, statistical and marketing purposes. This information can also be combined with information from other sources. This applies in particular if you yourself have an account with the service provider and are logged in there at the time of the session.
We would like to point out that, depending on the country in which the service provider named below is based, the data specified below can be transmitted to and processed on servers outside the European Union. In this case, there is a risk that the level of data protection stipulated by the GDPR will not be complied with and that your rights will not be able to be enforced or can only be enforced with difficulty.
Affected data:
- Usage data (e.g. access times, websites clicked on)
- Communication data (e.g. information about the device used, IP address)
Affected people: Users of our website
Processing purpose: Playing our Internet pages, offering content, ensuring the operation of our Internet pages
Legal basis: Consent via cookie consent banner, Article 6 (1) (a) GDPR, legitimate interests, Article 6 (1) (f) GDPR
We use the following content services:
Google Maps
We use Google Maps on our website. Here, Google collects and processes the visitor's IP address. If you visit a website on which Google Maps is integrated, regardless of whether you are actually using Google Maps or you are logged into your Google account, your IP address and your location data (the latter usually not without your consent) transmitted to Google. Your IP address will be assigned to your Google account if you are logged in there when you visit our website.
Service provider: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Headquarters in the EU: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Website: https://www.google.de/maps
Privacy Policy: https://policies.google.com/privacy
Opt-out option: https://tools.google.com/dlpage/gaoptout?hl=de
Safety measures
We use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser when you visit our website. Usually it is a 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed key or lock symbol in the lower status bar of your browser.
We also use suitable technical and organizational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
Topicality and changes to this data protection declaration
Diese Datenschutzerklärung ist aktuell gültig und hat den Stand Januar 2023. Aufgrund geänderter gesetzlicher bzw. behördlicher Vorgaben kann es notwendig werden, diese Datenschutzerklärung anzupassen.
This data protection declaration was created with the help of the data protection generator from SOS Recht. SOS Law is an offer from Mueller.legal Rechtsanwälte Partnerschaft based in Berlin.
Legal advice is provided by the law firm Kleber I Knüpfer I Collegen - lawyers and notaries based in Darmstadt.
Contact
-
MEDICAL CARE CENTER
Dr. Ortwin Eisert
Eberstädter Str. 5b
64367 Mühltal - +49 6151 14357
- +49 6151 144854
- office@mcc-expert.com
-
Online-Services
Office Hours
Mo. | 08:30 - 13:00 Uhr |
Di. | 08:30 - 13:00 Uhr |
Mi. | 08:30 - 12:00 Uhr |
Do. | 08:30 - 13:00 Uhr 16:00 - 17:00 Uhr |
Fr. | 08:30 - 12:00 Uhr |
© 2023, Dr. Ortwin Eisert.