Notes and agreements of my-med-24 on data protection
A. Content of this section and responsible authority, subject to Change
(1) In this section “partners“ find in accordance with section 1 of the preamble of the “General Terms and Conditions” of my-med-24 GmbH & Co. KG for registered providers of medical and health-related services” as well as actual and potential patients and other customers of the partner in accordance with section 2 of the preamble of these “General Terms and Conditions (“patients”) the notes on data protection provided by my-med-24 as well as the agreements to data protection, which “partners” and “patients” agree to a) in the case of an online conclusion of a contract by clicking with the mouse and actively placing a check mark in the respective field or b) “partners” in case of a written conclusion of the contract by signing the subscription agreement including the relevant contract components whose annex 3 (“notes and agreements on data protection”) are part thereof, with my-med-24, in order to use their online portal and services. Without agreeing to these notes and agreements, the use of the online portal and the services through a “partner” or “patient” (both are hereinafter called “users”) is not possible.
(2) my-med-24 reserves the right to change these notes and agreements regarding the data protection from time to time while taking the statutory stipulations into consideration.
(3) “Responsible authority“ in the sense of the Federal Data Protection Act (BDSG) is my-med-24 GmbH & Co. KG, Relenbergstrasse 59, 70174 Stuttgart, that is registered in the companies’ register of the district court Stuttgart under HRA 733471 (“my-med-24”). Tax ID: 95138/19602; VAT ID no.: DE312962512.
Personally liable partner of my-med-24 GmbH & CO. KG is my-med-24-Verwaltungs GmbH, Relenbergstrasse 59, 70174 Stuttgart, that is registered in the companies’ register of the district court Stuttgart under HRB 761307. Tax ID: 95138/19598; VAT ID no.: DE312962504. CEO is Mrs Ute Breyer. Phone number: +49 (0)711 4600 600, Fax: +49 (0) 711 658 12 373, email: firstname.lastname@example.org.
B. Protective purpose, external websites, partner and third-party entries
(1) “Personal data” is individual information about personal or factual circumstances (i.e. name, age, gender, occupation, health status, address, bank details, credit card numbers, IP addresses etc.) of a specific person or identifiable natural person (of the “contact person”). Partners, who register on the online portal or agree to a subscription, provide the requested personal information on the registration mask or the “registration form” (annex 4 of the subscription), in order to use the online portal. Furthermore, they provide personal information on a voluntary basis and personal information of a third party in a significant extent. my-med-24 ascribes particular importance to the protection of personal information and the personal rights of its users and contract partners, as well as all third parties and adheres strictly to the legal stipulations on data protection within its reach. “Personal data” is not stored, processed or used if the Federal Data Protection Act (BDSG) or other statutory stipulations do not allow it or the “contact person” has not agreed.
(2) The online portal contains however direct or indirect links on the website, which are outside the reach and area of responsibility of my-med-24 (external websites). my-med-24 hereby expressively declares that no illegal content was detectable at the time of the placement of the link to the “external websites”. my-med-24 does not have influence on the subsequent and current design, the content, and the authorship of the linked “external websites”. A continuous uninterrupted notice of these circumstances is either impossible and/or technically impossible and cannot be expected. my-med-24 does not assume liability for the content and the adherence to the legal data protection regulations on the part of the operator of the linked pages after the link was placed for the first time.
(3) Section 2 - The same applies to partner and third-party entries on the online portal of my-med-24. The “partners” of my-med-24 who register on the online portal and take advantage of the respective services of my-med-24 in order to show their offers to a broad interested public in an individual form and offer potential patients an option for information or contact to the respective “partners”, in order to book an appointment and to use the offered services, are obliged by contract to ensure that their information is in line with the applicable law and adheres to the respective professional and family law, the copyright and trademark law, competition law, the data protection law, the telemedia act, and the criminal law and does not infringe the rights of a third party. This also applies to all information, data, pictures and videos, as well as the links to “external websites” and the related content. As far as partners or “patients” provide information about a third party (i.e. their employees), they are required to ensure that the respective third party agrees to providing the information and provides the required data protection consent, trademark rights and other consents. my-med-24 does not have the organizational, technical and economic possibilities to ensure that partner and third party entries meet these requirements on its online portal at all times, particularly after the first activation. For illegal, faulty or incomplete content and particularly damages from the collection, processing and use of such content, the “partner” or “patient” who requested the entry from the partner or other third parties or the operator of the external website, to which this partner or third party entry refers to, is solely liable, not my-med-24.
C. cookies, web beacons, “Google Analytics”, “Google AdWords”
(2) The online portal my-med-24 furthermore uses so-called “web beacons” in order to make its use more user-friendly, more effective and safer and in order to allow the analysis of the online portal. Web beacons are used for the same reason by the service partner of my-med-24 as i.e. Google Analytics, Google AdWords and Stripe. Web beacons are small graphics in HTML emails or websites, allowing the record and analysis of log data. Web beacons are downloaded upon opening a web document, which allows the respective operator of respective servers to see when and how often an email was opened or a website was used and which IP address the “user” has. “Users” can counteract this by opening emails offline, by using an email program that does not support HTML emails or does not display the HTML code, or which completely or partially blocks external graphics. Certain browser extensions, such as for instance AdBlock, make Web beacons visible and enable the blocking of them to a certain extent. If these measures are taken by the “user”, it may be possible that not all functions of the online portal can be used.
D. Data protection declaration for the use of “Stripe” as payment method
The online portal of my-med-24 uses “Stripe”, a software platform and service of Stripe, Inc., 85 Berry Street, Suite 550, San Francisco, CA 94107, USA and Stripe Payments Europe, Ltd., C7O A&I Goodbody lfsc, North Wall Quay, Dublin 1, Northern Ireland 662880, in order receive certain payment analysis and benchmarking services and other company services, which are offered by Stripe and the associated companies. my-med-24 uses Stripe to accept payments and carry out other financial transactions in order administer subscriptions and to carry out transaction reports.
Which “personal data” of the respective “user” of the online portal Stripe collects and uses depends on the nature of use of the payment service and subscription administration through the “user”. Stripe receives “personal data” possibly not only directly transmitted by the “user”, but also under recording of the use of its services, e.g. the use of technologies, such as cookies and web beacons (see C. (1) and (2) above). Stripe also receives data from third parties, such as his financial partners or identity checking services. The “users” can read more about the details in the English and German language on the website of www.stripe.com/en/privacy. “Users” can also find out how they can avoid receiving emails from Stripe, access their personal data and change it.
E. Information, correction, deletion and blocking
(1) my-med-24 provides information to “contact persons” see B. (1) upon request about the collected data and its origin, the recipient or the category of recipients, to whom the data was passed on, as well as the purpose of the data storage, if no right to withhold information is in place according to section 34 paragraph 1 sentence 4 Federal Data Protection Act or any other legal stipulation because the interest in preserving commercial confidentiality is greater than interest in information of the “concerned party”. my-med-24 is authorized to provide this information electronically. Together with the request for information the “contact person” has to provide sufficient information on the individualization of his/her person and the kind of “personal data” requested.
(2) “Personal data” in accordance with B. (1) are to be corrected if they are incorrect. “Partners” of my-med-24 are obligated to maintain current and correct “personal data” and correct it independently if necessary, which is possible in the area “my profile” of the online portal at all times. For other persons such as “partners”, only the legal stipulations, particularly section 35 Federal Data Protection Act applies.
(3) “Partners” are not entitled to a claim with respect to the correction, deletion or blocking of information and data, including “personal data”, which they entered in any form in their profile or when having provided the information or if entered in any other way into the online portal of my-med-24. Unless it is proven in an individual case that due to the not carried out correction, deletion or blocking, unacceptable disadvantages will be suffered. Every “partner” may edit, change and delete the information and data which was entered in his/her profile or when having provided information or if entered in any other way into the online portal of my-med-24 independently during the contract period in the area “my profile” of the online portal in the mentioned timely and contextual extent. For other persons than “partners” only the statutory stipulations apply, particularly section 35 of the Federal Data Protection Act.
(4) All information, correction, deletion and blocking requests, as well as objections against the use of data, are to be addressed to the stated address of my-med-24 by using the stated contact data mentioned under section A. (3).