Data protection

1. Introduction

In this data protection declaration (“Privacy Policy”) we would like to inform you about the processing of your personal data when you use our services (hereinafter collectively “med-healths Services”).

This privacy statement describes who is responsible for the processing of your personal data (data control). It also describes how we process your personal data, on what legal basis we do this and what rights you have in relation to the processing of your personal data, how you can exercise these rights and how you can contact us if you have any questions about have our privacy practices.

Please note that med-healths itself does not perform any medical work. All medical activities, including but not limited to medical consultations, advice, recommendations and treatment plans (collectively “Telemedicine Services”) are provided solely by independent physicians (“Physicians”).

2. Who is responsible for the processing of your personal data?

2.1 Responsibilities under the med-healths Platform and med-healths Services

DMS Digital Medical Supply USA GmbH, registration number HRB 192856, Julie-Wolfthorn-Straße 1, 10115 Berlin (“med-healths”, “we” or “us”) provides registered or otherwise authenticated users (“users”) ) the technical platform (“Med-Healths Platform”) in USA, via which users can access selected Med-Healths Services. In this respect, Med-Healths is responsible for processing personal data that takes place as part of the provision of the Med-Healths Platform and the Med-Healths Services.

2.2 Responsibility in the context of telemedicine services

If telemedicine services are provided by doctors, Med-Healths only provides the technical and administrative requirements for the implementation of the respective telemedicine service. This means that Med-Healths processes your personal data in this context exclusively in accordance with the agreements with the doctors.

The implementation and provision of telemedicine services is the sole responsibility of the doctors. The contractual partners of the treatment contract are exclusively the users and the doctors. The doctors act as independent controllers with regard to all processing of personal data that they undertake in the context of the provision of telemedicine services. At the beginning of a consultation, you will be informed of the identity and contact details of the doctors. The doctors also provide you with information about their data processing .

2.3 Get Contact

If you have any questions, comments or complaints regarding the processing of your personal data in connection with your use of the services, you are welcome to contact us at any time using this form or contact our data protection officer at [email protected].

3. What personal data do we collect in the course of providing the Med-Healths Services?

This section describes the categories of personal information that is collected and processed about you in connection with the Med-Healths Services. You are not obliged to provide personal data. However, if you do not provide your Personal Information, we may not be able to provide you with Med-Healths Services or, as the case may be, our provision of Med-Healths Services may be delayed.

3.1. usage data

Med-Healths processes the following personal information about you, collectively referred to as Usage Data.

Registration Data: Personal data you provide through your account, e.g. E.g. name, first name, date of birth, gender, address, e-mail address, telephone number and type of insurance, further information on the insurance, e.g. insurance number.
Identification Data: For identification purposes, Med-Healths may request additional information, such as a photograph of you and relevant documents proving your identity.
Usage Data: Technical information generated through your use of the Med-Healths Services. This includes IP address, credentials, operating system and device type and version, connection type, time settings, language settings, device type and version, and application logs.

3.2. health data

If you wish to receive telemedicine services from a doctor through us, you will be asked to provide data about your physical and/or mental health so that we can arrange a medical consultation for you. You provide this information primarily by completing the appropriate symptom form on the Med-Healths Platform or by submitting information about your health profile. This could be, for example, information that you are suffering from an illness, or your medical history, or your physiological or medical condition.

We also collect data on consultations with doctors, e.g. B. Date and time of appointments, type and length of an appointment, waiting time, result of an appointment (e.g. prescription, referral, sick leave), price category of an appointment, whether the appointment was for you or your child and diagnosis codes. We also collect data from prescriptions you receive to enable you to forward and redeem the prescription. We may also access your medical records for supervisory and quality control purposes, provided you have given your consent to do so.

The personal data described in this section is hereinafter referred to as “health data”.

3.3 Further data processing

If you use other selected Med-Healths Services via the Med-Healths Platform, we process the personal data required for this. Details on data processing can be found at the appropriate place in the Med-Healths platform.

4. For what purposes and on what legal basis are your personal data processed?

4.1. Providing our services to you

In connection with the provision of the Services, Med-Healths will process your Usage Data for the following specific purposes: (i) to enable you to register and authorize you to log in and use your user account; (ii) to verify your identity and age; (iii) to operate and maintain the Med-Healths Platform, e.g. B. Features such as video calling and consultation systems, booking systems and management systems needed for your medical consultations, e.g. B. to let doctors know who you are and what symptoms you have before a consultation; (iv) to enable you to pay for the service and to settle and assert claims that have arisen in connection with the telemedicine services provided by the doctors, manage; (v) to administer your prescriptions, including forwarding such data to a pharmacy of your choice; (vi) to maintain your profile and manage your choices; (vii) for quality control purposes (e.g. to ensure a high level of healthcare services provided by physicians and to follow up inquiries, requests and complaints); (viii) to otherwise provide the Services to you in accordance with our Terms and Conditions. follow up on requests and complaints); (viii) to otherwise provide the Services to you in accordance with our Terms and Conditions. follow up on requests and complaints); (viii) to otherwise provide the Services to you in accordance with our Terms and Conditions.

The legal basis for all of the purposes described under (i) to (vii) above is the performance of the contract with you as described in our General Terms and Conditions (within the meaning of Article 6(1)(b) GDPR) and maintaining our legitimate interests Interests (within the meaning of Art. 6 Para. 1 Letter f GDPR). Insofar as your health data is processed for the purposes described under (iii) to (vi), the processing takes place on the basis of your express consent (according to Art. 9 Para. 2 Letter a DSGVO).

4.2. Marketing products and services and improving your experience as a user

With your consent, Med-Healths processes certain Usage Data to provide you with news, updates, and promotional content via email and other electronic communication channels such as in-app and push notifications. These communications are based on what we know about you as a user, e.g. which features you are most likely to use and which previous communications you have shown interest in, as well as basic demographic and geographic data about you, e.g. B. your age, your gender, the region in which you live and whether you use the service for yourself or for your children. However, health data is not used for such communications. With your consent, we may also send you health-related communications such as health recommendations, tips and relevant,

You can unsubscribe from promotional communications from us at any time by adjusting your preferences in your account settings or by using the unsubscribe link at the bottom of each email.

4.3. Complying with legal obligations, defending against claims and responding to legal process

Med-Healths may also process your personal data to the extent necessary to fulfill its legal obligations under applicable law (pursuant to Article 6(1)(c) GDPR), e.g. B. in accordance with accounting and bookkeeping regulations and where we have a legitimate interest in defending ourselves against claims or otherwise responding to a judicial proceeding as set out in Art. 6 para. 1 let. f DSGVO is provided for (and if health data is affected, according to Art. 9 Para. 2 Letter f DSGVO).

4.4. Evaluation, further development and improvement of the quality of our services

Med-Healths may process your personal information to further develop and improve the Med-Healths Services and the systems used to provide the Med-Healths Services. For example, we use your personal data to make the Med-Healths platform more user-friendly and to simplify the so-called user journey by personalizing the user experience based on your data and requirements. We also use your personal information to introduce or improve features that we consider relevant to our users or to conduct quality improvement projects aimed at facilitating and improving the telemedicine services provided by the doctors. Our legal basis for processing your personal data for the purposes described above is our legitimate interest in further developing and improving the services (Article 6 (1) (f) GDPR). If health data is affected, we will only process it with your consent (Article 9 (2) (a) GDPR).

With your consent, Med-Healths may aggregate your personal data in order to process it in an anonymous form, e.g. B. to develop new functions for our Med-Healths platform, tailor our services to the individual needs of users, optimize our user journey and generally improve the user experience of the Med-Healths platform.

4.5 To find out if users found us through ads on our advertising partners’ websites and to compensate our advertising partners for doing so

As soon as you click on one of our ads on our advertising partner’s website, you will first be redirected to our website and then to an app store. We create a log file on our website with the following information: an irreversibly hashed version of your IP address and information about your device (e.g. “Macintosh; Intel Mac OS X 10_14_6”); the timestamp of your request; and the name of the advertising campaign.

When you create an account to use our Med-Healths Services, we also create an irreversibly hashed version of your IP address and device information (e.g., “Macintosh; Intel Mac OS X 10_14_6”).

We match the hash values ​​in these two log files to determine how many users signed up for an account on our Med-Healths platform after clicking one of our ads on our advertising partners’ websites.

We store the hashes for a period of one week after the hash is created. We do not combine this data with other data, in particular not with your account data, your name or your health data.

We use the result of this comparison for the following purposes only: (1) to determine how many users have registered for an account to use our Med-Healths Services after a specific marketing campaign and (2) to compensate our advertising partner; the amount of remuneration that the advertising partner receives depends on the number of successful registrations that have been made after clicking on our ad on the advertising partner’s website.

Our legal basis for processing your personal data for the purposes described above is our legitimate interest in (1) knowing how many users have registered for an account to use our Med-Healths Services following a specific marketing campaign, and (2) our Remunerate advertising partners according to the agreement we have concluded with them (Article 6 (1) (f) of the GDPR).

5. How long do we keep your personal data?

We only process your personal data for as long as is necessary for the purposes for which the relevant information is processed in accordance with Article 4 above. This means we will keep it for as long as is necessary to provide you with the Services, comply with our respective legal obligations, defend against claims, etc., as detailed above.

Therefore, Usage Data (as defined in Article 3.1 above) is typically retained for two (2) years. Other personal data will generally be deleted or made anonymous no later than one (1) month after your account with us has been closed, unless the data must be stored in order to fulfill legal obligations (in particular in order to comply with storage obligations, which include the storage of certain tax-relevant business letters or – require documentation for up to ten (10) years). In addition, if legal or disciplinary proceedings are instituted, your personal data will be retained until the end of such proceedings, including any appeal periods, and then deleted or archived where permitted by applicable law.

If we process your data on the basis of your consent, we will delete or anonymise your data if you withdraw your consent (unless there is a legal obligation, e.g. as a result of statutory retention requirements, or there is a legal authority to keep this data for a longer period of time ).

6. Third parties with whom your personal information may be shared

6.1. Service Providers of Med-Healths

In order to be able to offer you the services, Med-Healths uses other companies in the Med-Healths Group or external service providers who offer services in the areas of hosting and technical infrastructure (servers, databases, external computing power) as well as marketing and payment platforms. In particular, Med-Healths engages its parent company Med-Healths International AB (a Sweden-based company) for the IT services used to deliver the Med-Healths Services and the related Med-Healths Platform. These service providers process personal data in their capacity as processors on behalf of Med-Healths for the sole purpose of providing the services requested by Med-Healths and only in accordance with Med-Healths instructions.

6.2. insurance companies

If you have been referred to us by your insurer or are insured with an insurer that Med-Healths works with, we may share information that you have used the Services, the outcome of the health consultations and other information about your medical condition with your insurer, but only if you have given your separate consent, which you will be asked for via your insurance company when using our services. This data protection declaration does not apply to the processing of personal data by your insurance company. Please contact your insurance company if you would like more information about how your insurance company processes your personal data.

7. Will the data be transferred to other countries outside the EEA?

Your personal health information (ie information about symptoms and consultations) is always kept within the European Economic Area (“EEA”) and is never transferred to recipients outside of the EEA.

However, we occasionally use services whose providers are based in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union. If this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we at Med-Healths have taken appropriate precautions to ensure an appropriate level of data protection for any data transfers. These include the standard contractual clauses of the European Union or binding internal data protection regulations.

Where this is not possible, we base the data transfer on exceptions of Art. 49 GDPR, in particular your express consent or the necessity of the transfer to fulfill the contract or to carry out pre-contractual measures.

If a transfer to a third country is planned and there is no adequacy decision or suitable guarantees, it is possible and there is a risk that authorities in the respective third country (e.g. secret services) may gain access to the transferred data in order to collect and analyze it, and that the enforceability of your rights as a data subject cannot be guaranteed. If you obtain your consent via the cookie banner, you will also be informed of this.

8. Use of Cookies; in-app tracking; Customer Relationship Management (CRM)

You can find more information on the use of cookies in our cookie information and in the cookie banner.

Within the Med-Healths App, we process basic data such as the IP address, Internet connection or language settings with the consent of the users required for the use of the Med-Healths Services.

Users can also give their consent for tracking for product analysis and marketing purposes within the Med-Healths App. Based on this consent, we may then process personal data such as IP address, device information, device ID and interaction within the Med-Healths App for internal product optimization or to evaluate the effectiveness of marketing campaigns. Special categories of personal data such as health data are not processed for these purposes.

We currently do not use any external trackers for product optimization unless users have given their consent.

We use the service provider Braze for our Customer Relationship Management (CRM). We use the system to segment and send communication with our users, e.g. B. for marketing based on user consent or to send important service messages. No personal data is processed outside the EU/EEA.

9. Online presence in social networks

We maintain online presences in social networks in order to communicate with users and interested parties and to provide information about our services.

User data is usually processed by the relevant social networks for market research and advertising purposes. In this way, usage profiles can be created based on the interests of the users. For this purpose, cookies and other identifiers are stored on the users’ computers. Based on these usage profiles, e.g. B. Advertisements within social networks but also on third-party websites.

As part of the operation of our online presence, it is possible for us to access information such as statistics on the use of our online presence that is provided by the social networks. These statistics are aggregated and may contain, in particular, demographic information and data on interaction with our online presence and the contributions and content distributed via it. Please refer to the list below for details and links to the data of the social networks that we, as the operator of the online presence, can access.

The legal basis for data processing is Article 6 Paragraph 1 Clause 1 Letter f GDPR, based on our legitimate interest in effective user information and communication with users, or Article 6 Paragraph 1 Clause. 1 lit. b GDPR in order to stay in contact with our users and to inform them as well as to carry out pre-contractual measures with future users and interested parties.

The legal basis for the data processing carried out by the social networks under their own responsibility can be found in the data protection information of the respective social network. Under the links below you will also receive further information on the respective data processing and the possibilities of objection.

We would like to point out that data protection inquiries can be made most efficiently with the respective provider in the social network, since only these providers have access to the data and can take appropriate measures directly. Below is a list of information about the social networks on which we operate online presences:

Facebook (USA and Canada: Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA; all other countries: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland) operation of the Facebook fan
page in joint responsibility on the basis of an agreement on joint processing of personal data (so-called Page Insights supplement regarding the person responsible) Information on the processed Page Insights data and contact options in the event of data protection inquiries: https://www.facebook.com /legal/terms/information_about_page_insights_data Privacy Policy: https://www.facebook.com/about/privacy/ Opt-Out: https://www.facebook.com/settings?tab=ads andhttp://www.youronlinechoices.com.

Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
Privacy Policy: https://help.instagram.com/519522125107875

Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland)
Privacy Policy: https://twitter.com/de/privacy Opt-Out: https://twitter.com/personalization .

LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
Operation of the LinkedIn company site in joint responsibility on the basis of an agreement on the joint processing of personal data (so-called Page Insights Joint Controller Addendum) Information on the processed Page Insights data and contact options in the event of data protection inquiries: https://legal.linkedin.com/pages-joint-controller-addendum Data protection declaration: https://www.linkedin.com/legal/privacy-policy Opt-Out: https:// www.linkedin.com/psettings/guest-controls/retargeting-opt-out .

10. Your rights as a data subject and as a user: in the med-healths Services

You have various rights with respect to the personal information we hold about you, which you can exercise depending on the requirements and limitations of applicable data protection laws. You can contact us at any time to:

  • Request access to and information about the personal data processed in connection with your use of the med-healths Services. You have the right to obtain a copy of the personal data being processed. For additional copies that you request, we may charge a reasonable fee based on administrative costs;
  • ask us to correct inaccurate information about you;
  • request the erasure of your personal data;
  • ask us to restrict the processing of your personal data where you believe that (a) there is an error in that data, (b) our processing is unlawful, or (c) we no longer need to process that data for a particular purpose, unless because we are prohibited from deleting the data because we have to fulfill a legal or other obligation or you do not want the deletion;
  • to object to the processing of your personal data where the legal basis for our processing of your personal data is our legitimate interests. We will comply with your request unless we have compelling legitimate grounds for processing that outweigh your interests and rights, or we need to continue processing the data to establish, exercise or defend a legal claim. In addition, there may be no right of objection, in particular if the processing of your personal data is necessary in order to carry out pre-contractual measures or to fulfill a contract that has already been concluded;
  • if we are using your personal data based on your consent, to exercise your right to withdraw your consent at any time and free of charge.

This also applies if you wish to unsubscribe from marketing communications. However, please note that if you withdraw your consent to the use of Health Information for the purposes described in Article 4.1 above, med-healths will no longer be able to provide the med-healths Services to you; or request the transfer of your personal data to another personal data controller by receiving your personal data, to the extent that it has been provided by you, in a commonly used electronic format for subsequent transmission to another party to be able to (right to data portability).

If you wish to contact us about any of the above rights, please contact us via our website or by email to [email protected]. As mentioned above, the doctors act as independent controllers in relation to any processing of your personal data that takes place in the context of the provision of the telemedicine services. Therefore, please contact the doctor concerned if you wish to make an application or exercise any of your rights in relation to the telemedicine services.

11. Right to lodge a complaint with the data protection authority

We hope that we were able to explain to you with this data protection declaration how we handle your personal data. However, if you have any questions, please do not hesitate to contact us using the contact details set out in Article 8 above. We would also like to point out that you have the right to lodge a complaint with a data protection authority if you believe that the processing of your personal data is incorrect or not in accordance with the law. Responsible in these cases are in particular (a) the data protection authority of your place of residence or (b) the data protection authority responsible for us, ie the Berlin Commissioner for Data Protection and Freedom of Information.