1. Privacy policy for medneo.com

This privacy policy explains the type, scope and purpose of personal data processing within our website and within the web pages, functions, content and external websites connected with it, e.g. our social media profile (hereinafter collectively referred to as the ‘website’).

Personal data includes all information relating to an identified or identifiable natural person, e.g. name, address, e-mail address, IP address. With respect to other terms used, e.g. ‘processing’ or ‘controller’, we refer to the definitions in Article 4 of the EU General Data Protection Regulation (GDPR).

 

1.   Controller and data protection officer

The controller pursuant to Article 4[7] of the GDPR is

     medneo GmbH

     Hausvogteiplatz 12

     D-10117 Berlin

datenschutz@medneo.com

     Phone: +49 (30) 814501-700

 

You can contact medneo GmbH’s data protection officer at

     medneo GmbH

     Datenschutz (Data Protection)

     Hausvogteiplatz 12

     D-10117 Berlin

 

2.   Informational use

If you use our website purely for informational purposes, the data outlined below relating to the website or access to a file is collected, stored and processed in a log file:

  • the IP address and accessing machine;
  • the date and time of access;
  • the name and URL of the file retrieved;
  • the browser type used;
  • the name of the internet access provider;
  • the number of bytes transmitted; and
  • the status of the page visit.

This data is collected and processed for the purposes of enabling the use of our website (establishing a connection), permanently ensuring system security and stability, and to facilitate the technical administration of the network infrastructure and the optimisation of our website (the legal basis is point [f] of Article 6[1] of the GDPR). Beyond that, this data is only used for internal statistical purposes and to improve the website (the legal basis is point [f] of Article 6[1] of the GDPR). For security reasons (e.g. to clarify any misuse or fraud proceedings), this data is temporarily stored and then erased provided that legal retention periods do not require it to be stored for longer. In these cases, data is suppressed for other uses. It is not otherwise used or shared with third parties.

 

3.   Further use

In addition to the purely informational use of this website, there is the option of getting in touch with us via the contact form. When doing so, we collect, store and process the following data:

  • name and title;
  • e-mail address;
  • and other personal data that is sent to us in your message.

This data is collected and processed exclusively for the purposes of correspondence with you and to process your issue (the legal basis is point [f] of Article 6[1] of the GDPR) and is then erased, provided that there are no legal retention obligations. This data is also not shared with third parties without your explicit consent. Your name is used exclusively for the purposes of addressing you personally.

 

4.   Sharing personal data

We do not share your personal data with third parties without your explicit consent. We only deviate from this if there is a legal obligation or if this is required for us to enforce our rights (point [f] of Article 6[1] of the GDPR).

We sometimes use external service providers to process personal data, such as IT service providers (NORDSONNE IDENTITY, Linienstraße 153
, 10115 Berlin) and e-mail service providers (‘MailChimp’, Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA). These have been carefully selected by us and commissioned in writing. Service providers are strictly bound to our instructions and are regularly reviewed. Personal data is not shared with third parties, and service providers do not process personal data outside of the existing contractual relationship.

If we process data in a third country (i.e. outside the European Union [EU] or the European Economic Area [EEA]), or if processing takes place as part of us engaging third-party services or as part of the disclosure or transfer of data to third parties, this only takes place in order to fulfil our (pre-)contractual duties based on your consent, a legal obligation or our legitimate interests. Subject to legal or contractual permissions, we only process data in a third country, or allow data to be processed in a third country, if the particular conditions of Article 44 et seq. of the GDPR have been met. This means that processing takes place based on certain guarantees, for example, the officially recognised level of data protection in accordance with the EU (e.g. through the ‘Privacy Shield’ for the USA) or in compliance with officially recognised special contractual obligations (‘standard contractual clauses’). The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement, which provides an additional guarantee of complying with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).

 

5.   Storing personal data

Unless otherwise explicitly specified as part of this privacy policy, data stored by us is erased if it is no longer required for its specific purpose, and erasure is not subject to any legal retention periods. If data is not erased because it is required for other legally permissible purposes or because it is subject to legal retention obligations, the processing of such data is restricted accordingly. This means that data is locked and not processed for other purposes. As an example, this applies to data which must be stored for reasons pertaining to commercial or tax law.

In particular, based on the legal provisions in Germany, data is stored for 6 years pursuant to Section 257[1] of the German Commercial Code (Handelsgesetzbuch, HGB) (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and 10 years pursuant to Section 147[1] of the German Tax Code (Abgabenordnung, AO) (books, records, management reports, accounting documents, commercial and business letters, documents relevant for tax purposes, etc.) Other retention obligations remain unaffected by this.

 

6.   Your rights

You may assert the following rights against the above-mentioned controller:

  • a right to obtain information relating to the personal data processed that relates to you free of charge and to have a copy of this data compiled, as well as information relating to its origin and recipients, the purpose of data processing and the retention period (Article 15 of the GDPR);
  • where applicable, a right to obtain the rectification (Article 16 of the GDPR), erasure (Article 17 of the GDPR) or restriction of processing/suppression (Article 18 of the GDPR) of inaccurate or incomplete data;
  • a right to object to processing, provided it is based on a legitimate interest of medneo GmbH (point [f] of Article 6[1] of the GDPR) and you provide reasons that oppose processing (Article 21 of the GDPR); and
  • a right to request that data provided by you is sent to you or another controller (Article 20 of the GDPR).

If you have given us consent to process your personal data, you can withdraw it at any time with future effect. The legality of data processing carried out before consent is withdrawn remains unaffected by the withdrawal.

Corresponding requests can be sent to:

medneo GmbH

Datenschutz (Data Protection)

Hausvogteiplatz 12

D-10117 Berlin

E-mail:datenschutz(at)medneo.com

You also have the right to lodge a complaint with a data protection supervisory authority concerning inadmissible data processing, particularly in the member state/federal state in which you reside, in which you work, in which the alleged breach took place or in which medneo GmbH has its head office (Berliner Beauftragte für Datenschutz und Informationsfreiheit [‘Berlin Commissioner for Data Protection and Freedom of Information’], Friedrichstraße 219, 10969 Berlin, mailbox(at)datenschutz-berlin.de; https://www.datenschutz-berlin.de/index.html).

 

7.   Cookies

In addition to the above-mentioned data processing processes, ‘cookies’, small text files, are also saved on your machine. Cookies are not harmful to your computer and don’t contain viruses. Cookies are used to make our website more user-friendly, effective and secure.

Temporary cookies, and/or ‘session cookies’ or ‘transient cookies’ are primarily used. These are cookies that are deleted after a user leaves a website and closes their browser. The shopping basket contents in an online shop, or a login status, can be saved in such a cookie, for example.

‘Permanent’ or ‘persistent’ cookies are also used; these remain stored even after the browser is closed and are only deleted after a set period of time. As an example, user interests, which are used for reach measurement or marketing purposes, can be saved in such a cookie. ‘Third-party cookies’ are cookies that are used by providers other than the controller who operates the website.

You can change your browser settings so that you are notified about cookies being placed on your machine, and so that you accept or reject cookies only in certain cases or reject cookies in general, and in order to enable cookies to be automatically deleted when you close your browser. Disabling cookies can restrict the functionality of this website. A general objection can be made to the use of cookies for the purposes of online marketing for a number of services – including tracking services in particular – via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. You can also reject the use of cookies used for reach measurement and advertising purposes via the Network Advertising Initiative opt-out page (http://optout.networkadvertising.org/) and also via the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

 

8.   Google Analytics

On the basis of our legitimate interests (i.e. interest in analysing, optimising and economically operating our website, point [f] of Article 6[1] of the GDPR), we use Google Analytics, a web analysis service from Google LLC (‘Google’). This service uses cookies, which are stored on your end device. The information collected by the cookie about your use of this website is generally sent to a Google server in the USA and saved and processed there.

We only use Google Analytics if IP anonymisation is enabled (‘_ananymizeIp()’). This means that your IP address is truncated by Google within the Member States of the European Union or in other signatory states to the Agreement on the European Economic Area such that it no longer contains any personal references. A full IP address is only sent to a Google server in the USA and truncated there in exceptional cases. According to information provided by Google, the IP address sent from the user’s browser will not be merged with other Google data.

Google uses this information on our behalf to evaluate the use of our website, to compile reports about the activities within our website and to provide other services associated with the use of this website and internet use. In doing so, pseudonym user profiles may be created based on the processed data.

You can prevent cookies from being saved by changing your respective browser settings; you can also prevent the data generated by the cookie relating to your use of the website from being captured and processed by Google by downloading and installing the browser plug-in available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

You can find more information about data processing by Google as a controller, as well as settings and objection options on Google’s web pages:

Google is certified under the Privacy Shield Agreement, which provides an additional guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

 

9.   Google AdWords

We use the ‘Google AdWords’ service from ‘Google Inc.’ (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; ‘Google’) on our website to promote our offerings on external sites. The analytics service facilitates the statistical evaluation of the total number of users that have clicked on one of our ads who were redirected to certain sites into which AdWords has been integrated. We do not receive any information that can personally identify users. Processing is based on the legitimate interest in targeted advertising and the analysis of the effects and efficiency of this advertising, as per point [f] of Article 6[1] of the GDPR.

If you click on a Google ad, a cookie will be placed on your machine. These cookies have limited validity (expiring every 30 days) and therefore cannot be used for personal identification. The cookies allow the browser to be recognised again. If you visit certain pages on our website and the cookie has not yet expired, the fact that you have clicked on the advert and have been directed to the page via an advert can be recognised by us and by Google. Each Google AdWords customer receives a different cookie. There is therefore no way to trace the cookies via the websites accessed by AdWords customers. We do not process personal data ourselves in this context; we only receive statistical evaluations from Google. Your browser automatically establishes a connection with Google servers when you access our website. We have no control over the specific scope and use of the data. If you are signed into Google when you use the website, the visit to our site and the data collected by AdWords can be assigned to your user account and saved. To prevent Google from assigning the above-mentioned data to your account, sign out before you visit our website. Even if you don’t have an account, it cannot be excluded that your data will be shared with, and processed by Google.

You can find more information and Google’s privacy policy at: https://www.google.de/policies/privacy/

You can prevent cookies from being saved by changing your browser settings. Please note that in this case, you may not be able to use all of this website’s functions properly. You can also opt out of personalised ads in the Google Ads settings. You can find instructions on how to do this at https://support.google.com/ads/answer/2662922?hl=de. You can also disable the use of cookies by third-party providers by accessing the Network Advertising Initiative opt-out page at https://www.networkadvertising.org/choices/ and following the further information relating to opting out there.

 

10. Google remarketing/marketing services

We use the marketing and remarketing service (‘Google marketing services’) from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (‘Google’) on the basis of our legitimate interests (i.e. interest in analysing, optimising and economically operating our website, point [f] of Article 6[1] of the GDPR).

Google marketing services allow us to display adverts for and on our website in a targeted way, in order to only show users adverts that have the potential of being interesting based on previous website visits. For these purposes, when accessing our website and other websites on which Google marketing services are active, code is run directly by Google and ‘(re)marketing tags’ (hidden images or code, also known as ‘web beacons’) are integrated into the web pages. These are used to store an individual cookie, i.e. a small file, on the user’s device. This file records which websites the user has visited, what content they were interested in and what offers they clicked on as well as technical information about the browser and operating system, referring web pages, the time of the visit and other information relating to the use of the website. Users’ IP addresses are also collected through Google Analytics, whereby the IP address is truncated within European Union Member States or in other signatory states to the Agreement on the European Economic Area and only sent to a Google server in the USA in full and truncated there in exceptional cases. According to information provided by Google, the IP address is not merged with user data within the scope of any other Google services. If the user then visits other websites, adverts may be shown that are tailored to the user’s interests.


For this purpose, Google creates pseudonym user profiles unless a user explicitly permits Google to process data without pseudonymisation. The information collected by Google marketing services about the user is sent to Google and stored on Google servers in the USA.
You can find more information about how Google uses data for marketing purposes on the following overview page: https://www.google.com/policies/technologies/ads; Google’s privacy policy is available at https://www.google.com/policies/privacy.
Unless otherwise specified in our privacy policy, we process user data if users communicate with us on social media and on platforms, e.g. by publishing posts on our online profiles or by sending us a message.

If you would like to object to Google marketing services adverts that are based on interests, you can use Google’s settings and opt-out options: http://www.google.com/ads/preferences.

Google is certified under the Privacy Shield Agreement, which provides an additional guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

 

11. Social media plug-ins

We use social media plug-ins within the scope of our website, and based on our legitimate interests in analysing, optimising and economically operating our website (point [f] of Article 6[1] of the GDPR):

  • Facebook (Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you reside in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
  • Google+ (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States)
  • Xing (Xing AG, Gänsemarkt 43, 20354 Hamburg)
  • Linked in (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043)

You can recognise the specific plug-in provider by the logo shown on each plug-in button. We use the ‘two-click solution’ here. No personal data is shared with the plug-in provider if you simply visit our website. The plug-in is only activated, and data sent to the plug-in provider, when you click on the provider’s button. If the plug-in provider is based in the USA, your data may be sent there, and stored and processed there. We have no control over which data the provider specifically processes for what purposes nor over how they do so. We also do not obtain any information with respect to storage and erasure. The plug-in provider regularly saves and processes your personal data for the purposes of advertising, market research and website design, and may create a user profile to do so. Individual providers also carry out processing to inform other network users about your activities.

If you are signed into the respective provider when you use the plug-in, the visit to our website and all of your interactions in connection with the plug-in can be assigned to your user account and saved. To prevent the plug-in provider from assigning the above-mentioned data to your account, sign out before you use the plug-in. Even if you don’t have an account with the respective provider, it cannot be excluded that your data will be shared with, and processed by, such providers.

You can find more detailed information relating to the scope and purpose of data processing by the respective plug-in provider in the providers’ respective privacy policies.

You can essentially object to the respective provider processing data by contacting them. Please see the providers’ websites to do so.

Facebook is certified under the Privacy Shield Agreement, which provides an additional guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

Google is certified under the Privacy Shield Agreement, which provides an additional guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

LinkedIn is certified under the Privacy Shield Agreement, which provides an additional guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

 

12. Online profiles on social media

 

We have online profiles on social networks and platforms which allow us to communicate with active customers, interested parties and users and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of the respective operator apply. 

 

2. Privacy policy for medneo's scheduling service

This privacy policy explains the type, scope and purpose of personal data processing when using our service to schedule appointments (hereinafter referred to as "appointment service") at medneo diagnostic centres. 

The appointment service can be used by telephone, online or on site at the diagnostic centres. 

1. Controller and data protection officer

The person responsible in accordance with Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is medneo Deutschland GmbH, Hausvogteiplatz 12, D-10117 Berlin (hereinafter referred to as "medneo"), e-mail: datenschutz(at)medneo.com, phone: +49 (30) 814501-700. 

You can contact the data protection officer of medneo Deutschland GmbH at 

medneo Germany GmbH
Data protection
Hausvogteiplatz 12
D-10117 Berlin
e-mail: datenschutz(at)medneo.com
phone: +49 (30) 814501-700

2. Data processing by medneo

When using medneo's scheduling service, we record your name, your contact details (address, e-mail address, telephone number), your date of birth, referral data (questions about the examination, suspected diagnosis, referring doctor, type of health insurance or billing) and information about your state of health (contraindications, preliminary examinations).  

This information is necessary for the selection of the correct examination date and for the preparation and planning of the examination procedure. 

The legal basis for data processing is your consent in accordance with Art. 6 (1) (a), 9 (2) (a) of the GDPR. Data processing will therefore only take place if you give your express consent. Since health data is also collected as part of the termination service, your consent is required for the provision of the service. Depending on the type of contact, consent is given by telephone, online or in writing.  

If you contact us by telephone, we may also ask you to consent to the recording of the telephone conversation. If you expressly consent to this, we will record the telephone call for training purposes. The legal basis in this respect is Art. 6 (1) (a), 9 (2) (a) of the GDPR. 

The giving of consent is voluntary. You can revoke your consent at any time with effect for the future. 

Your personal data will be forwarded within the framework of the appointment service to those doctors and health care institutions with whom an examination appointment is made and who carry out your examinations or treatments. 

In addition, we use IT and technology service companies to operate and maintain the technical infrastructure. In particular, we use the services of Doctena Germany GmbH, Platz vor dem Neuen Tor, 10115 Berlin to provide online scheduling functions. All of the service companies involved are working exclusively on our behalf and have committed themselves to strict confidentiality. 

In addition, the data will only be passed on to third parties if you have consented to the transfer or if there is a legal obligation to do so.  

The data will be stored for a period of up to three months, unless you agree to longer storage on the basis of a separate declaration of consent. Telephone calls recorded for training purposes will be deleted after three months. 

You can request deletion of the data at any time. We will also delete the data if we should no longer offer our termination service. 

3. Your data protection rights 

In addition to the right to revoke the consent you have given us, you have the right to information in accordance with Art. 15 of the GDPR, to correction in accordance with Art. 16 of the GDPR, to deletion in accordance with Art. 17 of the GDPR, to restriction of processing in accordance with Art. 18 of the GDPR, the right of objection in accordance with Art. 21 of the GDPR and the right to data transferability in accordance with Art. 20 of the GDPR, provided the respective legal requirements are met.  

In addition, there is a right of appeal to the data protection supervisory authorities. The data protection supervisory authority responsible for us is the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.

3. Privacy policy – Applying to medneo

Preamble

As part of the direct application process, medneo processes personal data pursuant to Article 4(2) of the General Data Protection Regulation (GDPR). medneo includes medneo GmbH as well as affiliated companies under Section 15 of the Stock Corporation Act (Aktiengesetz, AktG), medneo Deutschland GmbH and medneo Schweiz AG. medneo is to be qualified as a controller under data protection law within the meaning of Article 4(7) of the GDPR. Data processing is required to carry out pre-contractual measures at the applicant’s request, and is therefore lawful pursuant to point (b) of Article 6(1) of the GDPR.

Protecting and keeping your data confidential is particularly important to medneo. Of course, your data is exclusively processed in accordance with the respectively applicable data protection regulations, with particular reference to the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

This privacy policy also corresponds with any legal regulations that are binding with the entry into force of the EU General Data Protection Regulation (GDPR). The GDPR applies from 25 May 2018 onwards. medneo will never share your personal data with unauthorised third parties for advertising, marketing, or other purposes. Should you have any questions about this privacy policy, please send an e-mail to datenschutz(at)medneo.com

1. What is personal data?

Personal data is any information that can be used to draw conclusions about you personally or about factual circumstances, or that can be used to identify you.

 

2. What data is collected?

  1. The following data is collected and processed for the automated processing of your application:
    1. Name, surname, e-mail and possibly also address/town or city, date of birth, title, telephone number, citizenship
    2. Additional questions that relate to the respective vacancy (e.g. driver’s licence)
    3. CV, with particular reference to information relating to professional experience and education
    4. Skills (e.g. Photoshop, MS Office)
    5. Application photo
    6. Qualifications, awards and language skills
    7. Motivational cover letter
    8. Files and documents that you may have uploaded
  2. We store written and electronic communication that has taken place between you and medneo. We also process comments and assessments given to you as part of your application process.

 

3. Purpose of data collection

medneo processes your data for the purposes of exchanging information between applicants and medneo. Please note that we send you electronic notifications for new job vacancies at medneo for direct marketing purposes.

 

4. What are cookies?

  1. medneo uses ‘cookies’ when operating this website. They are used to make your online application process more user-friendly, effective and secure. Cookies are small text files that are saved on your computer. Session-related ‘session cookies’ are deleted as soon as you leave our website again. Permanent cookies stay on your computer until they are deleted by your browser (e.g. to allow you to return to a current application process at a later date). You can prevent cookies from being installed by changing your browser settings. Cookies may be required to maintain the website. The use of such cookies does not require approval and these therefore cannot be disabled. Cookies that are used to ‘analyse’ your behaviour on our website are only used with your consent. If we use cookies that require approval, the first time you visit our website you will be shown a cookie banner that you can click on to accept the use of cookies that require approval. If you want to change your cookie settings at a later point in time, you can do so by making changes on the website under ‘cookies’.
  2. Below is a list of the cookies used.
PHPSESSID Session Cookie Functionality This cookie is used to identify the user when Prescreen is used. The cookie is mandatory for correct functionality. The cookie is no longer valid once the browser is closed. jobbase.io
REMEMBERME Persistent Cookie Functionality This cookie is used to restore an expired session. The cookie expires after 2 weeks. jobbase.io

 

5. Is data shared with third parties, or collected by third parties?

Data collected as part of your application is neither disclosed nor shared with unauthorised third parties, where ‘unauthorised’ particularly includes instances where your consent is not given. With the exception of our employees who process your data as part of the application process, we share your personal data only with the following recipients:

As part of the application process, medneo is supported by technical IT service providers headquartered in the EU. The service providers act as a processor pursuant to Article 28 of the GDPR.

 

6. Storage periods

  1. Personal data from rejected applicants is stored for a maximum period of six months, starting on the day the application is rejected. If you prefer to have a longer storage period as part of your application process (e.g. to continue your application at a later date), we ask that you change your settings accordingly when registering.
  2. Longer storage periods may apply if data is required for medneo to assert, exercise or defend legal claims. Data is stored for as long as this is required to fulfil this purpose.

 

7. Your rights with respect to your data

  1. You have the right to obtain information relating to what personal data we process concerning you, and a right to rectification, erasure, restriction of processing and to data portability, free of charge. To assert this right or to obtain additional information about this, please send an e-mail to datenschutz(at)medneo.com
  2. In principle, our privacy policy and our responsibility and liability in relation to it does not extend to third-party websites that we include links to or to which you are redirected. Furthermore, we are also not responsible for data processing that is carried out by the operators of such websites in these cases.

 

8. Option of withdrawal

You can withdraw the consent given under data protection law at any time with future effect. To use the option of withdrawing your consent, please send an e-mail todatenschutz(at)medneo.com.

 

9. Agreement validity (severability)

If parts of this privacy policy and terms of use are unlawful, ineffective, invalid or unenforceable, the remaining provisions shall remain unaffected with respect to effectiveness and validity.

 

10. Complaints to relevant supervisory authorities

If you believe that we are processing your data in contravention of applicable legal provisions, you may lodge a complaint with German data protection authorities or other responsible supervisory authorities, with particular reference to those in the Member State in which you have your place of residence, place of work, or where medneo GmbH’s head office is located (Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstraße 219, 10969 Berlin, mailbox(at)datenschutz-berlin.de; https://www.datenschutz-berlin.de/index.html).

 

11. Contact details for the company that is the controller under data protection law

     medneo GmbH

     Datenschutz (Data Protection)

     Hausvogteiplatz 12

     D-10117 Berlin

     E-Mail: datenschutz(at)medneo.com

4. Information regarding data processing in the course of an examination or a treatment carried out at a medneo diagnostic centre

As a patient of a facility providing treatment, your personal data is processed by the facility providing the treatment and by medneo Deutschland GmbH. We would like to inform you about this data processing and the responsible bodies.

1. Data processing by the facility providing the treatment

With this information, we would like to inform you about data processing by the facility providing the treatment during an examination or treatment carried out at a medneo diagnostic centre. Please also note the data protection information of the facility providing the treatment. The contact details of each treatment facility can be found on the patient forms that you receive before the examination.

Data processing is carried out for the performance of the diagnostic and therapeutic services by the physicians in the facility providing the treatment. The legal basis is Article 6 paragraph 1 sentence 1 point b), Article 9 paragraph 2 point h) of the General Data Protection Regulation (GDPR), in conjunction with Section 22 paragraph 1 No. 1 point b) of the Federal Data Protection Regulation (BDSG). medneo Deutschland GmbH (medneo) will process your personal data by order of the respective facility providing the treatment (Article 28 of the General Data Protection Regulation ‘DSGVO’).

Every time an appointment is arranged and every time an examination or a treatment is carried out, the following data will be collected: Information about you (name, date of birth, address, contact details, insurance data, details of those bearing the costs) and about your state of health (referral details, consultation details, contraindications, preliminary findings, diagnoses, image data) as well as information from the examination or treatment carried out (medical history data, examination protocols, image data, diagnoses, findings, billing information). This information will be stored verifiably with reference to the patient in the information systems of medneo and, when applicable, of the facility providing the treatment.


Your personal data can be forwarded to the following recipients:

  • Physicians working in the facility providing the treatment or who are affiliated with the facility in a service provider association or professional association
  • Physicians who will create a second report at your request and your consent for data transmission
  • Physicians, with whom the medical facility cooperates to obtain a second opinion for quality assurance, provided that you have consented to this data transfer; the list of corresponding physicians can be viewed at the reception of the medneo diagnostic centre,
  • The outpatient/inpatient healthcare facilities that continue to provide treatment;
  • Your health insurance scheme, competent National Association of Statutory Health Insurance Physicians (Kassenärztliche Bundesvereinigung) or the Social Accident Insurance Institution (Berufsgenossenschaft) for the billing of the services; billing data will only be forwarded to external billing service providers if you have consented to this separately;
  • Laboratory physicians and/or histologists, provided that the treatment requires such diagnostics;
  • medneo Deutschland GmbH as a service provider for the planning and carrying out of the examination and treatment, the follow-up regarding your examination results and the documentation of the service;
  • IT and Technology Service providers for the operation and maintenance of the infrastructure with which the treating facility cooperates, among other things all integrated service companies have undertaken to maintain strict confidentiality.

Moreover, data will only be passed on to third parties if you have consented to the transfer or if there is a legal obligation to do so (e.g. public health department, health insurance medical service [medizinischer Dienst der Krankenkassen, MDK]). The data will be retained in accordance with the statutory storage period and is subsequently erased.

 

2. Data processing by medneo

Data processing for radiation protection and quality assurance

medneo (medneo Deutschland GmbH, Hausvogteiplatz 12 10117 Berlin, Germany) as a diagnostic equipment carrier as well as radiation protection responsible is obliged to ensure documentation and quality assurance. When applying ionising radiation, medneo is obliged to store all treatment data (in regards to article 85 radiation protection law ‘Strahlenschutzgesetz) and to transmit this data to medical or dentistry services for quality assurance (in regards to paragraph 128 radiation protection act ‘Strahlenschutzverordnung’). This data contains information of the exculpatory indication, the point in time and way of appliance, information of the exposition, the result, image data and all other examination data. As a result, everything has to be stored for a duration of 10 year for adults as well as up to the age of 28 years if the patient is not at full age at the point of the examination (in regards to paragraph 85 section 2 radiation protection law ‘Strahlenschutzgesetz). When applying non-ionising radiation, medneo is obliged to document and store examination data (kind of examination, used diagnostic devices and their technical settings, potential occurred secondary effects, education documentation and consents) as well as image data in regards to paragraph 2 sentence 3 in conjunction with attachment 2 of the enactment of the prevention of harmful effects of applying non-ionising radiation in humans ‘Verordnung zum Schutz vor schädlichen Wirkungen nichtionisierender Strahlung bei der Anwendung am Menschen (NiSV)’. The legal basis for data processing to document and quality assurance is article 6 paragraph 1 point c), paragraph 2 point i) DSGVO of the radiation protection law and radiation protection act ‘Strahlenschutzgesetz’ and ‘Strahlenschutzverordnungen’.

 

Data processing for the service provision

In addition to carrying out data processing as part of examination and treatment, medneo (medneo Deutschland GmbH, Hausvogteiplatz 12 10117 Berlin) may provide you with further services on the base of your consent to the data processing.

In this case, the data processing is carried out by your consent in regards to article 6 paragraph 1 sentence 1 point a), article 9 paragraph 2 point a) DSGVO for the purpose of the service provision. Particularly your contact and insurance data (name, date of birth, address, contact details, insurance details, cost barer) will be stored as well as information regarding the examination or treatment (medical history data, examination protocols, image data, reports, billing information) due to be accessible for you at a later point in time, to be forwarded to other healthcare providers on your request as well as to schedule future appointments in a medneo diagnostic center. Data will be stored for a duration of five years, unless you request a longer storage duration. You are free to request data erasing at any point in time. medneo is also erasing your data, if medneo would be unable to provide additional services. The consent is not mandatory. You can cancel the consent at any point in time for future purposes.

We use your postal address to contact you in regards to future services medneo provides. Therefore the data processing is carried out in legitimate interest in regards to article 6 paragraph 1 point f) DSGVO. You are allowed to file an objection without giving any reasons against the data processing in relation to the described purposes above.

 

Data processing in an anonymised way

In case you have given permission for the data processing, we will process your data regarding your health condition (referral data, educational questions, contraindications, previous results, diagnoses, image data) as well as information in relation to the examination itself or the treatment (medical history data, examination protocols, image data, diagnosis, reports, billing information) in an anonymised way for the purpose of product development and improvement, for teaching purposes as well as to proceed with scientific studies.

For that, we erase all person-identifiable information from the data sets and process them strictly separate to the original data. This is secured through technical as well as organisational measures. In that way it is guaranteed that your identity stays confidential. We erase the anonymised data once it is not needed for the described purposes.

The legal base is article 6, paragraph 1 sentence 1 point a), article 9 paragraph 2 point a) DSGVO. There is no obligation for consent. Withdrawing is possible with immediate effect at any point in time in the future.


Your personal data may be forwarded to the following recipients:

  • Physicians and dentistry services for quality assurance in regards to paragraph 128 radiation protection act respectively the protection act of harmful radiation effects of non-ionising radiation in humans (NiSV);
  • Other healthcare facilities on your behalf;
  • IT and technology service providers with which medneo is cooperating for the operation and maintenance of the infrastructure, etc.; all service providers involved are subject to a strict obligation of Confidentiality.

Moreover, the data will only be passed on to third parties if you have consented to the transfer or if there is a legal obligation to do so. 

 

3. Your data protection rights

You have the following data protection rights vis-à-vis the facility providing the treatment and medneo, depending on the specific circumstances of the case in question:

  • to obtain information about the personal data concerning you that are processed by us as well as to request access to your personal data or copies of such data. This includes access to the purpose of use, the category of the data used, the recipients of such data and those entitled to access it, as well as, if possible, the planned duration of the data storage or, if this is not possible, the criteria for determining this duration;
  • To request rectification, erasure or restriction of processing of your personal data, for instance when (i) the data is incomplete or inaccurate, (ii) the data is no longer necessary for the purposes for which it was collected, or (iii) the consent on which the processing was based has been withdrawn; where the data is processed by third parties, we will forward your requests to rectify, erase or restrict the processing to those third parties, unless this proves impossible or involves a disproportionate effort;
  • To refuse consent, or – without any effect on the lawfulness of the data processing that has occurred prior to the revocation–
  • to revoke your consent to the processing of your personal data at any time;
  • To request personal data concerning you, and which you have provided to us in a structured, commonly used and machine-readable format and to transmit such data to another person without any hindrance from us; you also have the right, if applicable, to request that we directly transmit the personal data to another person, if this is technically feasible;
  • To request not to be  subject to a decision based solely on automated processing, if this decision produces legal effects concerning you or similarly significantly affects you; if such an automated decision is taken by way of derogation, you have the right to obtain information on the logic involved as well as on the significance of the envisaged consequences;
  • To communicate with the data protection supervisory authority and to lodge a complaint with that authority, where necessary. The contact address is: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin.

4. Contact

If you have any questions about data processing by medneo, medneo’s data protection officer will be happy to assist you:

medneo Deutschland GmbH
Datenschutz
Hausvogteiplatz 12
10117 Berlin
datenschutz@medneo.com

If you have any questions about data processing by the facility providing the treatment, please contact the data protection officer of that facility, provided that the facility has designated a data protection officer. You can find the contact details of the facility providing the treatment in the patient form that you receive before the examination.

 

 

5. Information about legal retention periods

Retention periods based on an overview provided by Berlin Doctors’ Council (Ärztekammer Berlin, https://www.aerztekammer-berlin.de/10arzt/30_Berufsrecht/08_Berufsrechtliches/04_Praxisorga/20_Merkblatt_Aufbewahrungsfristen.pdf)

B

  • Balance sheets, accounting documents (Section 147 of the German Tax Code [Abgabenordnung, AO]): 10 years
  • Blood donations (documentation): 15, 20, 30 years
  • Blood product application (documentation): 15, 30 years

 

C

  • Certificate of incapacity: 1 year
  • Cytological findings and preparations: 10 years

 

D

  • Doctor’s records: 10 years
  • Doctor’s letters (internal and external): 10 years
  • Drug prescriptions part III, parts I to III of incorrectly issued drugs prescriptions: 3 years
  • Drugs register/EDP print-outs, index card: 3 years

 

E

  • Early detection of cancer for children/women/men: 10 years
  • ECG strips; also long-term ECG: 10 years
  • EEG strips: 10 years

 

I

  • Index cards and other medical records, including separate examination results: 10 years

 

L

  • Laboratory journal, laboratory findings: 10 years

 

O

  • Occupational health record based on the Radiation Protection Ordinance (Strahlenschutzverordnung) and the X-Ray Regulation (Röntgenverordnung): up to 75 years old; minimum 30 years old

 

P

  • Patient assessments: 10 years

 

R

  • Radiation examination: 10 years
  • Radiation treatment (records, calculations): 30 years
  • Referral letter (Section 4 No. 12 of the KV Berlin accounting regulations): 1 year (4 years)
  • Results of genetic examinations and analyses under the Genetic Diagnostics Act (Gendiagnostikgesetz, GenDG): 10 years

 

S

  • Sexually transmitted diseases: 10 years
  • Sonographic examinations: 10 years

 

X

  • X-ray examinations: 10 years
  • X-ray treatment (records, calculations): 30 years