Data Privacy Policy DIE RADIOLOGIE

Data Privacy Policy

Information on data protection

Information obligation according to Art. 13 EU-GDPR (European General Data Protection Regulation) to process personal data from affected persons. Our data protection guidelines follow the purpose limitation principle set out in the GDPR. Accordingly, personal data is only processed by us for predetermined, clear and legitimate purposes. In addition, this data will not be processed in a way that is incompatible with the original purposes (Art. 5 GDPR). At the latest when personal data is no longer required for the purposes for which it is processed, we will delete this data. As part of our activities as a medical service provider, we are legally obliged to collect and store personal data. In accordance with Art. 13 GDPR, we inform the affected person at the time of processing data. Further information on personal data processing in the context of our medical services can be found below.

1. Contact to the responsible body
Die Radiologie - Radiologische, Strahlentherapeutische und Nuklearmedizinische PartG
Dr. med. Philipp Remplik, Prof. Dr. med. Mike Notohamiprodjo
Sonnenstr. 17, 80331 München
Tel: 089/550596-0
Mail: info@die-radiologie.de

2. Contact to the Data Protection Officer

Herr Dennis Feiler
Claudius-Keller-Straße 3c, 81669 München
Tel: 089 461487-0 / Fax: 089 461487-11
Mail: datenschutz{at}dfcsystems.de

3. Purposes and legal basis of data processing

The collection, processing and storage of your personal data serves the purpose of providing medical services and billing in accordance with the legal regulations. The legal basis for the data collection as well as the documentation and archiving obligations are the professional code for doctors and other legal guidelines.

4. Duration of storage

The data recorded for the purpose of providing medical services and billing are stored for a minimum of 10 years and a maximum of 30 years in accordance with the legal regulations mentioned under point 3.

5. Data collected when visiting the website
When you visit our website www.die-radiologie.de and the subpages, i.e. if you use it for information purposes only, without you registering or otherwise providing us with information, your web browser automatically sends information to the server of our website. This logging data is stored on the web server in a log file. The following information is collected and stored without any action on your part:

  • IP-address
  • Date and Time of the request
  • Time difference to Greenwich Mean Time (GMT)
  • Adress (URL) of the accessed website
  • Status/HTTP-Status-Code
  • Data transfer
  • Website from which the request comes (Referer)
  • Identification of the Webbrowsers
  • Operating System
  • Version of WEB-Browser

The above data is processed by us for the following purposes: Ensuring a smooth connection to the website, ensuring comfortable use of our website, evaluating system security and stability and for other administrative purposes.

Only pseudonymised IP addresses are stored in their log files. For this purpose, an IP address 123.123.123.XXX is stored in the log file instead of the actual IP address of the visitor, e.g. 123.123.123, where XXX is a random value between 1 and 254. It is no longer possible to establish a personal reference. The log files are automatically deleted after 7 days.

5.1. Data collected when using our contact form

You can contact us via a form provided on the website (contact form), this is for the purpose of general inquiries and / or scheduling medical examinations. The following personal data is collected:

  • Salutation
  • Surname
  • First name (voluntary)
  • E-mail address
  • Telephone number
  • Optionally, it is possible to send an image file of the referral form of the attending physician
  • voluntary disclosure of the health insurance company
  • optional possibility of selecting the planned examination, choice of examination location, preferred examination date and callback time to confirm the examination date
  • Free text field for more information

It is necessary to provide the title, name, e-mail address, telephone number and information in the free text field (* mandatory fields) so that we know who sent the request in order to be able to answer it or to schedule and confirm desired medical services. The other information can be provided voluntarily and is used to schedule medical services. The other information can be provided voluntarily and is used to schedule medical services. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR on the basis of your voluntarily given consent, which takes place when you fill out the contact form and actually contact us by sending the message.

The personal data collected by us for the use of the contact form will be forwarded to the address info@die-radiologie.de in the form of an e-mail generated from the data of the contact form and deleted after processing.

5.2. Disclosure of data

We will only pass on your personal data to third parties if:

  • You have given your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR
  • this is done on the basis of Art. 6 para. 1 lit. b GDPR is necessary for the purpose of the contract
  • legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR for the economic and effective operation of our business operations
  • for disclosure pursuant to Art. 6 Para. 1 S. 1 lit. c GDPR there is a legal obligation

We take appropriate legal, organizational and technical measures to ensure the protection of your personal measures in accordance with the GDPR. If providers of services and content are based in third countries and the provisions of the GDPR do not apply to them, we only transmit personal data such as the IP address if there is an adequate level of data protection, user consent or any other legal basis.

6. Cookies and server-side storage of session information

Cookies are small text files that are stored on your hard drive, assigned to the browser you are using. They can be thought of as small "notepads" on which the place that sets the cookie remembers certain information, e.g. about the technical status of the currently running connection. Most browsers accept cookies automatically. However, you can configure your browser settings in such a way that, for example, the acceptance of individual or all cookies is rejected or a message always appears before a new cookie is created. However, the complete deactivation of cookies may result in you not being able to use all the functions of our website.

6.1. Use of cookies on our website

This website is operated with the help of the online content management system (CMS) TYPO3 (typo3.org) and its content is maintained by our employees.

The CMS usually does not set cookies. In individual cases, individual extension modules may set session cookies to ensure their functionality. The session cookies are deleted when you close the browser.

Furthermore, we use cookies to statistically record the use of our website and to optimize our offer for you. These cookies enable us to automatically recognize that you have already been with us when you visit our site again. The Google Analytics cookie for recognizing a visitor is stored for 2 years and is not deleted, especially after leaving the site.

7. Recording and evaluation of accesses

The measures listed below and used by us to record user access to our website are carried out on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR. With the recording measures used, we want to ensure a needs-based design and the continuous optimization of our website.

7.1. Google Analytics

We use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as "Google") to design and continuously optimize our pages to meet your needs. Google is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection law.

This data is transmitted to a Google server in the USA and stored there. The possibility given by Google Analytics to analyze user behavior across devices (cross-device tracking by user ID) is NOT used by us.

The IP addresses are also anonymized so that an assignment is not possible. You may refuse the use of cookies by selecting the appropriate settings on your browser. The data collected in Google Analytics is automatically deleted after 14 months. For more information on terms of use and data protection, please see www.google.com/analytics/terms/de.html" or policies.google.com. As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent Google Analytics from collecting data by clicking on this link. This will set an opt-out cookie that will prevent your data from being collected when you visit this website in the future. The opt-out cookie is only valid in this browser and only for our website and is stored on your device.

7.2 Matomo (formerly "Piwik")

Scope and description of the processing of personal data

Our website uses "Matomo" (formerly "Piwik"), a web analytics service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. Matomo stores cookies on your device, which enable an analysis of your use of our website.

Our website uses Matomo with the setting "Anonymize Visitors' IP addresses". As a result, IP addresses are processed in abbreviated form, thus excluding direct personal references. The software is set in such a way that the IP addresses are not stored completely, but 2 bytes of the IP address are masked (e.g. 192.168.xxx.xxx). In this way, it is no longer possible to assign the abbreviated IP address to the calling computer.

8. Integration of third-party services and content

On the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO content or service offers from third-party providers, e.g. to integrate videos, program codes or fonts. These third-party providers can only provide content, i.e. send it to your browser, if they perceive your IP address.

For more information on the purpose and scope of data collection and processing by the content and service provider, please refer to the privacy policies of the respective provider. There you will also find information about your rights and setting options to protect your privacy, in particular about opt-out. For the service provider Google, you will find corresponding information under google.de/intl/de/policies/privacy.

8.1. Integrated external services and content on our website

We integrate fonts via Adobe Typekit (http://www.typekit.com), Typekit is a service provided by Adobe Systems Incorporated, Adobe Systems Software Ireland Limited: 4-6 Riverwalk, City West Business Campus, Saggart, Dublin 24, Ireland.

We integrate videos from the "Youtube" platform (https://youtube.com).

Google Maps
This site uses the Google Maps map service. The provider of this service is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In order to use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. More information on the handling of user data can be found in Google's privacy policy:
https://policies.google.com/privacy?hl=de&gl=de 

8.2 Our activities on social networks

In order for us to be able to communicate with you in social networks and inform you about our services, we are represented there with our own pages. We are not the original provider (responsible party) of the social networks, but only use these services within the scope of the possibilities offered to us by the social network.

The processing operations of personal data are carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in order to communicate with you in a contemporary manner or to be able to inform you about our services.

Since we do not have access to the databases of the provider of the social network, we would like to point out that you must assert your rights directly with the respective provider. For further information on the processing of your data in the social networks and the possibility of exercising your right of objection or revocation (so-called opt-out), we have listed below the contact details of the respective provider of social networks used by us:

Facebook
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
https://www.facebook.com/about/privacy

Instagram
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
http://instagram.com/legal/privacy/

LinkedIn
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
https://www.linkedin.com/legal/privacy-policy

9. Applicant data

Our career portal Karriere und Stellenangebote - Die RADIOLOGIE (die-radiologie.de) offers a variety of attractive jobs and the possibility of online application. The processing is necessary for the initiation of the employment relationship in accordance with Art. 88 GDPR in conjunction with § 26 para. 1 BDSG.

Recipients of the data:

Internal: Human Resources Department, Supervisors, Management.

External: For the online application process, we use the services (platform) of Bite GmbH (www.b-ite.de). The service provider is contractually obligated by us to comply with the applicable data protection regulations.

Storage period: 6 months for applications. A deletion takes place after 6 months, unless consent to longer storage has been obtained.

Provision prescribed or required: Without the provision of the personal data of the data subject, no application process and employment is possible.

Data transfer to a third country: There is no transfer to third countries.

10. easyRadiology portal for patients and referring physicians

As a patient or referring physician of DIE RADIOLOGIE, you have protected access to our easyRadiology portal (Access for patients and referring physicians – DIE RADIOLOGIE (die-radiologie.de)).

Access via login on the DIE RADIOLOGIE website. The following personal data is collected for the operation and use of our easyRadiology portal:

  • Registration data: surname, first name, date of birth, telephone number, e-mail
  • IP address
  • Login data (e-mail address, name, login code, date of birth)
  • Access log
  • Change log for data changes (journal)

The legal basis for the processing is the consent of the patient and referring physician in accordance with Art. 6 para. 1 lit. b GDPR as well as our legitimate interest in improving the stability and functionality of the easyRadiology portal solution in accordance with Art. 6 para. 1 lit. f GDPR.

Data transfer to a third country: There is no transfer to third countries.

11. Nelly – Digital patient onboarding

As a patient at DIE RADIOLOGIE, you have the opportunity to easily and conveniently digitally complete your patient admission and answer questions relevant to the examination in advance of the examination. With your consent, you will receive a link by E-Mail or SMS and will receive protected access to our digital patient onboarding Nelly. The following personal, treatment-relevant and technical data is collected:

  • Registration data: Last name, first name, date of birth, telephone number, E-Mail
  • Anamnesis data (questions relevant to the examination)
  • IP address of your device
  • Access log
  • Change log for data changes (journal)

The legal basis for processing is the patient's consent and also our legitimate interest in improving the organizational processes of DIE RADIOLOGIE are in accordance with Article 6 Paragraph 1, lit. f of the GDPR (General Data Protection Regulation).

Recipient of the data: We use external service providers to operate and maintain our digital patient registration, who act as our processors. All external service providers are contractually obliged to process your data confidentially in accordance with the applicable provisions of the General Data Protection Regulation (GDPR).

Storage period: The personal data collected as part of the Nelly digital patient onboarding is stored in accordance with the statutory retention requirements in accordance with SGB V (German Book of Social Law), MBO-Ä (Professional Regulations for Doctors) and the StrlSchG (Radiation Protection Act).

Provision required: As part of the fulfillment of our medical services and information obligations, the processing of the above mentioned data is legally, organizationally and technically necessary. Without providing your personal data, we cannot offer the digital patient onboarding services.

Data transfer to a third country: There is no transfer to third countries.

12. Appointment request via WHATSAPP

As a patient of DIE RADIOLOGIE, you have the opportunity to request an appointment via WhatsApp. To ensure data processing that complies with data protection regulations, we use the Superchat service from SuperX GmbH (Berlin, Germany, www.superchat.de/datenschutz), which enables encrypted data transmission via WhatsApp.  If you use WhatsApp to communicate with us, the terms of use and data protection rules of the respective service provider apply, over which DIE RADIOLOGIE has no influence. By using this service, you agree to the storage of the data from your transfer for the appointment request. If we cannot find an appointment, we will delete your message without saving it. This type of scheduling is on a voluntary basis.

The following data is collected when requesting an appointment: last name, first name, date of birth, address, telephone number, picture of the referral slip with information on the reason for the referral and the referring doctor.

The legal basis for processing is the patient's consent in accordance with Art. 6 Para. 1 lit. b GDPR as well as our legitimate interest in improving the organizational processes of DIE RADIOLOGIE in accordance with Art. 6 Para. 1 lit. f GDPR.

Recipient of the data: We use external service providers to operate and maintain our digital appointment request via WhatsApp, who act as our processors. All external service providers are contractually obliged to process your data confidentially in accordance with the applicable provisions of the General Data Protection Regulation (GDPR).

Storage period: The personal data collected as part of the appointment request via WhatsApp will be stored in accordance with the statutory retention requirements in accordance with SGB V (Social Code), MBO-Ä (Model Professional Regulations for Doctors) and the StrlSchG (Radiation Protection Act).

Provision mandatory or required: As part of the fulfillment of our medical services and information obligations, the processing of the above-mentioned data is legally, organizationally and technically necessary. Without providing your personal data, we cannot offer the appointment request service via WhatsApp.

Data transfer to a third country: There is no transfer to third countries.

13. Data Security

We use the SSL method to transmit the data between your browser and our web server. As a result, the data to be transmitted is encrypted and therefore cannot be read by third parties. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the status bar of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

14. Information about your rights

14.1 Information:

You have the right to information at any time in order to find out which data is stored.

14.2. Correction:

You have the right to have your data corrected at any time.

14.3. Deletion:

You have the right to have the data deleted at any time, unless this contradicts other legal regulations on storage.

14.4. Objection:

You have the right to object to the processing, use and data portability of your data at any time. However, as part of our medical service provision, we are legally obliged to document and store your personal data as well as data about the medical service performed on you!

14.5. Complaint:

You have the right to complain to the competent data protection supervisory authority. Why do we need your data? The collection of the necessary data serves to provide our medical services for your health. Failure to do so would mean that we would not be able to receive treatment.

Do you have any questions about data protection?

We will be happy to provide you with more information.

Call us: Tel. 089 550 596 0 or write to us via our contact form

Thank you for your understanding!

DIE RADIOLOGIE

Munich, July 2023