1. General information on data processing
In the following we inform you about the processing of your personal data by us, our data protection principles and your rights as the person concerned. This data protection declaration applies to the use of our websites and our easyRadiology portal solution as well as to the establishment and implementation of a customer relationship. It also applies to any contact you enter into with us when you create a customer account and use our easyRadiology portal solution to provide your diagnostic and image data. The data protection declaration also applies if we expressly refer to it elsewhere.
Responsible body is:
Radiologische, Strahlentherapeutische und Nuklearmedizinische PartG 1432
Dr. med. Rainer Beck, Dr. med. Thomas Eck, Dr. med. Andreas Forster, Dr. med. Ernst Habersbrunner, Dr. med. Barbara Häussler, Priv.-Doz. Dr. med. Patrick Hein, Priv.-Doz. Dr. med. Holger Hetterich, Dr. med. Thomas Hilbertz, Priv.-Doz. Dr. med. Harun Ilhan, Dr. med. Christoph Krolak, Dr. med. Ulrich Mädler, Prof. Dr. med. Mike Notohamiprodjo, Dr. med. Philipp Remplik, Dr. med. Tobias Rother, Dr. med. Michael Röttinger, Dr. med. Philipp Rupprecht, Prof. Dr. med. Tobias Saam, Priv.-Doz. Dr. med. Gerwin Schmidt, Dr. med. Heinrich Schorer, Dr. med. Ullrich Schricke, Dr. med. Armin Seifarth, Dr. med. Johannes Stieß, Dr. med. Martin Strauswald, Priv.-Doz. Dr. med. Frederik Strobl, Prof. Dr. med. Andrei Todica, Dr. med. Thomas Winter
Medical Director: Dr. med. Philipp Remplik
Sonnenstr. 17, 80331 Munich/Germany
Telephone: +49 . 89 . 550 596 460
You can reach our data protection officer at:
Mr. Dennis Feiler, c/o DFC-SYSTEMS GmbH
Einsteinring 28, 85609 Aschheim/Germany
We only process personal data that is collected within the scope of this data protection declaration in accordance with the applicable legal provisions on data protection, in particular the EU General Data Protection Regulation (EU GDPR) and the (new) Federal Data Protection Act (BDSG) issued for this purpose.
1.1. Data Collection and Source of Data
We collect the data that you make available to us when using our website and that you have given us your consent to use. In addition, we collect data as part of the establishment and design of a customer relationship with you as a customer or to provide our services.
If you enter into a so-called "contact relationship" with us (e.g. inquiries via a contact form), we collect and process this data - insofar as this is necessary or appropriate according to Art. 6 lit. f) GDPR. We collect data when you create a customer account to the extent that you enter. Personal information that we collect and store in this way may include:
- IP address and technical usage data when accessing website content;
- Name and contact details (telephone numbers, e-mail address) as part of the establishment of a contact and customer relationship;
- Username and password when registering for the easyRadiology application.
All personal data is only collected within the framework of the legal permission or if you have given us your consent.
1.2. Use and disclosure of personal information in general
We use your personal data to enable you to use our easyRadiology portal solution and to establish and fulfill a supplier relationship with you as a customer (digital provision of your diagnostic and image data). If you enter into a contact or supplier relationship with us, we use your data to establish and fulfill or process this relationship.
Overall, it may also be necessary for us to pass on your data to an external service provider as part of order processing (e.g. for services relating to the operation and maintenance of the easyRadiology portal solution). Only service providers are used who confirm in writing that the order processing is carried out in accordance with the applicable requirements of the EU GDPR (European General Data Protection Regulation) and who have their place of business within the EU. Your personal data will not be sold to third parties or marketed in any other way. Data transfers to third countries do not take place.
2. Purposes of data processing
Data processing takes place exclusively for the aforementioned purposes. We process the aforementioned personal data in accordance with the provisions of the EU GDPR and the Federal Data Protection Act (BDSG).
2.1. Processing for the fulfillment of contractual or pre-contractual obligations (Art. 6 Para. 1 lit. b) GDPR
The processing of personal data takes place for the use of our website and the easyRadiology portal solution by you, for the fulfillment of a supplier relationship with you as a customer and for a contact relationship. The purposes of the data processing and the necessity are primarily based on the purpose specifically determined by the aforementioned legal relationships.
In the context of a customer and supplier relationship with you as a customer, this includes in particular the justification, design, fulfillment and advice regarding the services you use. Processing also takes place to process your inquiries and to initiate customer relationships or a comparable contact relationship. In addition, your data will be processed to enable the use of the easyRadiology portal solution if you log into the easyRadiology portal solution with your data.
For the aforementioned purposes, it may also be necessary for us to pass on your data to external service providers as part of order processing for operating the easyRadiology portal solution.
2.2. Processing as part of a balancing of interests (Article 6 (1) (f) GDPR)
Insofar as it is necessary for our purposes, we process your data beyond the actual fulfillment of the contract to protect our legitimate interests or those of third parties:
- Use of technically necessary cookies (essential) to ensure the optimal functionality of the website and a user-friendly and effective design of our website.
- Possible data security measures on our website, such as in particular the storage of IP addresses, provided that the specific threat situation makes this appear appropriate.
- Justification and fulfillment of contact relationships within the scope of expediency.
2.3. Processing within the scope of your consent (Art. 6 Para. 1 lit. a GDPR)
If you give us your consent to the processing of your personal data in accordance with the existing specifications, we will process this data within the consent. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of the consent up to the revocation.
2.4. Processing based on legal requirements (Article 6 (1) (c) GDPR)
We process your personal data to the extent that we are subject to a legal obligation, such as:
- the legal storage obligations or information or monitoring obligations towards state institutions within the framework of existing laws.
3. Data transfer to third parties
Within our company, the people who are entrusted with processing your data have access to it within the scope of necessity or reasonable expediency. Service providers and vicarious agents used by us, such as service providers in the field of IT services and telecommunications, can also access the personal data for these purposes if they comply with our written data protection instructions and general data secrecy within the scope of order processing and - if applicable - telecommunications secrecy true.
In particular, we will not transmit any personal data to third parties for the purposes of advertising or address trading.
4. Data transfer to a third country or to international organizations
A data transfer to countries outside the EU or the EEA (“third country”) does not take place. The same applies to the use of our websites from locations outside the EU or the EEA.
5. Duration of data storage
When using our websites and the easyRadiology portal solution, we store the IP address and usage data for the duration of the usage process. In addition, the IP address is stored to the extent that this is appropriate for data security and the investigation or prevention of security or data protection breaches, whereby the appropriateness depends on the specific threat situation. In this case, the IP addresses are only stored for as long as this is appropriate for the aforementioned purposes, usually no longer than three months. In the event of a criminal complaint or criminal prosecution or the enforcement of claims against persons who carry out security or data protection violations, the data can be stored and used until the claims have been finally clarified or enforced.
We store the data to justify, design and fulfill a contract with you as a customer. The data will be deleted as soon as they are no longer required. The data can be stored for the time in which claims can be asserted against us. If we are legally obliged to store it, e.g. due to tax or commercial obligations, we store the data for the respective period (up to 10 years). The storage of your findings and image data takes place within the framework of the legal requirements for medical service providers (SGB, BMV-Ä, StrlSchV).
Within the framework of a contact relationship, the contact data and the communication data are stored and used insofar as this is necessary for the respective communication purpose or appropriate.
6. Processing when using the website
6.1. Data processing and logging of access from the Internet
For technical reasons, your Internet browser automatically transmits data to our web server when you access our website. The web server automatically saves a server log file of the transmitted data. For example, the name and URL of the retrieved data, IP address and date and time of retrieval are recorded. This data is processed for the purpose of enabling the use of the website, ensuring and optimizing the trouble-free operation of the website.
Some of the websites use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted.
We use technically necessary cookies (essential) in order to be able to provide the service you have called up in a safer, more effective and more user-friendly manner.
You can set your browser so that you only allow cookies in individual cases, activate the automatic deletion of cookies when closing or exclude acceptance for certain cases or in general.
If you do not want your activities to be recorded, you can use the "Do Not Track" setting in your web browser. If you have activated this setting, no usage data will be saved about your visit.
6.3. Google Analytics
We use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). Google is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Cookies (see Section 4) are set by Google Analytics.
The information collected about your use of this website includes:
- Browser type/version
- operating system used
- Referrer URL (the previously visited page)
- Host name of the accessing computer (IP address)
- Time of server request, pages viewed
- Location information
This data is transmitted to a Google server in the USA and stored there. We do NOT use the possibility provided by Google Analytics to analyze user behavior across devices (cross-device tracking by user ID).
The information is used to evaluate the use of the website, to compile reports on website activities and to enable market research statements and the needs-based design of our Internet pages. Under no circumstances will your IP address be merged with other Google data.
7. Consent Management Tool
We use a consent management tool on our website, which sets a technically necessary cookie when you visit our website. The tool enables you to give your consent to data processing via the website, in particular the setting of cookies. You can also use the tool to exercise your right of withdrawal for consent that has already been given.
The tool stores the consent you gave when you visited the website.
8. Provision of Data
As part of the customer relationship with you, you must provide the personal data that is required for the establishment, implementation, termination and fulfillment of the associated obligations or that we are legally obliged to collect. Without this data, we will generally not be able to enter into, carry out and end a supplier relationship with you.
9. Your rights as a data subject
Every data subject has the right to information under Article 15 GDPR, the right to correction under Article 16 GDPR, the right to deletion under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR.
The restrictions under §§ 34 and 35 Federal Data Protection Act (BDSG) apply to the right to information and the right to erasure. Finally, you have a right of appeal to the data protection supervisory authority responsible for you.
Information on the right of objection according to Art. 21 GDPR
If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
You can revoke your consent to the processing of personal data at any time. Please note that the revocation only applies to the future. Processing that took place before the revocation is not affected.
If you have any questions about the processing of your personal data or your aforementioned rights, you can contact our data protection officer.