Privacy Policy

We believe that data protection should be transparent, intelligible and, most importantly, fair to all parties. The aim of this privacy policy is therefore on the one hand to inform you which of your personal data we collect and use, whether this data may be disclosed to third parties and, if so, to which, how long we store your data and what rights you have if you have any objection to our reasonable use of your data. If you still have any questions after you have read this comprehensive privacy policy, please do not hesitate to contact us using the contact details below.

1. Name and contact details of the controller

Controller for the data processing:

Medical Helpline Worldwide GmbH
Otto-Lilienthal-Straße 18
28199 Bremen
Germany

You can contact us by post, by email at [email protected] or by telephone on +49 421 240 110-0.

2. Data protection officer

You can contact our data protection officer using the following contact details:

IT-Kanzlei Lutz
Stefan Lutz, LL.M.
IT Lawyer
Teerhof 59
28199 Bremen
Germany

Tel.: +49 421 408 926-60
E-Mail: [email protected]  [email protected]
Website: www.hb-law.de

3. Collection of personal data during use for information purposes

3.1 Whenever you access our website, we collect the following information about your computer: Your computer’s IP address, the request from your browser and the time of the request. The status and the transferred data volume in the context of this request are also recorded. We also collect product and version information about the browser used and your computer’s operating system. We also record the website from which our website was accessed. Your computer’s IP address is only stored for the duration of your use of our website, following which it is immediately deleted or anonymised by being truncated. We use this data for operating our website, particularly for identifying and correcting errors on our website, determining the number of visitors to our website and carrying out updates or improvements. The legal basis for this processing is Art. 6 (1) (f) GDPR.

4. Cookies & Local Storage

4.1 Sometimes, we also collect information about your use of our website by using browser cookies. These are small text files that are stored on your data carrier and that store certain settings and data about your browser to exchange with our system. A cookie usually contains the name of the domain from which the cookie data was sent and information about the age of the cookie and an alphanumeric identifier. Cookies allow our system to recognise the user’s device and make any predefined settings available immediately. Once a user accesses the platform, a cookie is transmitted to the respective user’s computer hard disk. Cookies help us to improve our website and provide you with a better service more tailored to you. They allow us to recognise your computer if you return to our website, and thus:

• to store information about your preferred activities on the website and thereby tailor our website to your individual interests. This includes e.g. adverts that correspond to your personal interests.
• to speed up processing your enquiries.

4.2 The cookies we use only store the data specified above about your use of the website. This is not done by an assignment to you personally, but by allocating an identification number to the cookie ("cookie ID"). The cookie ID is not aggregated with your name, your IP address or similar data that would allow the cookie to be assigned to you.

4.3 There is a distinction between session cookies, which are deleted as soon as you close your browser, and persistent cookies, which are stored beyond the individual session. In relation to the function of cookies, there is a further distinction between:

• Technical cookies: These are necessary to navigate the website, use basic functions and guarantee the security of the website; they neither collect information about you for marketing purposes nor store which websites you have visited;
• Performance cookies: These collect information about how you use our website, which pages you visit and e.g. if any errors occur when using the website; they do not collect any information that could identify you - all data collected is anonymous and is only used to improve our website and to find out what our users are interested in;
• Advertising cookies, Targeting cookies: These are used to provide the website user with relevant advertising on the website or third-party promotions and to determine the effectiveness of these promotions; advertising and targeting cookies are stored for a maximum of 13 months;
• Sharing cookies: These are used to improve the interactivity of our website with other services (e.g. social networks); sharing cookies are stored for a maximum of 13 months.

4.4 Each use of cookies which is not technically necessary constitutes data processing which is only permitted with your express and active consent in accordance with § 25 (1) of the Telecommunications and Telemedia Data Protection Act (TDDDG) and which also only happens in compliance with this statutory provision. This particularly applies to the use of advertising, targeting or sharing cookies. Furthermore, we only transmit your personal data that has been processed by cookies to third parties if you have given your express consent to this in accordance with § 25 (1) TDDDG.

4.5 On our website we use the following cookie:

 4.6 You can specify whether cookies can be placed and retrieved using you browser settings. For example, you can completely deactivate the storage of cookies in your browser, restrict it to certain websites or configure your browser so that it automatically notifies you as soon as a cookie is to be placed and asks you to confirm this. You can block or delete individual cookies. However, for technical reasons, this may result in some features of our website being impaired and no longer functioning fully.

4.7 If cookies are used on our website only with your consent, you can also make the settings specified in 4.6 in our Cookie Consent Tool.

5. Data security

5.1 All information you send to us is stored on servers located within the European Union. Unfortunately, the transferring information via the internet is not completely secure; therefore, we cannot guarantee the security of the data transmitted to our website via the internet. However, we implement technical and organisational measures to secure our website and other systems against loss, destruction, access, modification or the dissemination of your data by unauthorised persons. Particularly, we transfer your personal data in an encrypted format. We use the coding systems SSL (Secure Socket Layer) and TLS (Transport Layer Security) for this.

6. No disclosure of your personal data

6.1 We do not disclose your personal data to third parties unless you have consented to the disclosure of the data or we are entitled or obliged to disclose data due to statutory provisions and / or official regulations or court orders. In this context, information may particularly be provided for the purposes of criminal prosecution, averting danger or enforcing intellectual property rights.

7. Data protection and third-party websites

7.1 The website may contain hyperlinks to and from third-party websites. If you follow a hyperlink to one of these websites, please note that we cannot accept any responsibility or liability for third-party content or privacy policies. Please familiarise yourself with the respective privacy policies before you transmit personal data to these websites.

8. Use of our website's features

8.1 In addition to using our website for purely informative purposes, we also offer various services that you can use if you are interested. You will usually need to provide additional personal data for this, which we use in order to provide the respective service. If other details are optional, these are identified accordingly.

8.2 When contacting us by email or using the contact form, we will store your email address and, if you have provided it, your name and your telephone number so that we can answer your questions (legal basis is Art. 6 (1) sentence 1 (b) GDPR).

9. Use of our online application form

9.1 If you wish to apply for our product online, you need to provide your personal data that we require to process your application in order for the contract to be concluded. The details required are marked separately; any other details are optional. We process the data you have provided in order to process your application. We may also disclose your payment details to our bank. The legal basis for this is Art. 6 (1) sentence 1 (b) GDPR. The legal basis for the essential shopping basket cookie and the session cookie when registering for our shop is § 25 (2) (2) TDDDG.

A customer account will be created that you can use e.g. to store and release medical data. You can object to the storage of data at any time.

If you have given us your consent, we may also process the data you have provided in order to inform you about further products in our range that may be of interest to you or to send you emails containing technical information.

9.2 We are obliged to store your address, payment details and order details for a period of ten years on the basis of commercial law and tax law provisions. However, we shall restrict processing after two years, i.e. your data will only be used in order to comply with statutory obligations.

9.3 In order to prevent unauthorised third parties from accessing your personal data, particularly financial data, the ordering process is encrypted using TLS technology.

10. Social Media Profile

10.1 We have presences on several social media platforms. We use the following providers:

10.1.1 Instagram, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, privacy policy at privacycenter.instagram.com/policy

10.1.2 Facebook, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, privacy policy at www.facebook.com/privacy/center

10.2 We use the technical platform and services of the providers for these information services. Please note that you are responsible for your use of our profiles on social media platforms and the features of such profiles. This particularly applies to the use of the interactive features (e.g. comment, share, like). When visiting our profiles, the providers of the social media platforms collect data including your IP address and other information which is available in the form of cookies on your device. This information is used to provide us, as operators of the accounts, with statistical information about your interaction with us. The legal basis is your consent: for placing cookies, this is § 25 (1) TDDDG; for subsequent data processing it is Art. 6 (1) (a) GDPR.

10.3 The data collected about you in this context is processed by the platforms during which it may be transferred to countries outside the European Union, particularly the USA.  Alle der vorgenannten Anbieter sind unter dem EU-U.S. Data Privacy Framework zertifiziert. Darüber hinaus besteht ein Angemessenheitsbeschluss der EU-Kommission und wir haben mit den Anbietern die EU Standardvertragsklauseln (SCC) abgeschlossen. We do not know how the social media platforms use the data resulting from your visit to our account and interaction with our postings for their own purposes, how long this data is stored and whether data is disclosed to third parties. The data processing may differ depending on whether you are registered and logged in to the social network or visit the site as a non-registered and / or anonymous user. When you access a post or the account, the IP address assigned to your device is transmitted to the provider of the social media platform. If you are currently logged in as a user, a cookie on your end device can be used to track how you have navigated the internet. Buttons embedded in websites enable the platforms to record your visits to these website pages and assign them to your respective profile. This data can be used to offer content or advertising tailored to you. If you wish to avoid this, you should log out or deactivate the "stay logged in" function, delete the cookies on your device and restart your browser.

10.4 As the provider of the information service, we also only process the data resulting from your use of our service that you provide to us and that requires interaction. For example, if you ask a question that we can only answer by email, we will store your information in accordance with our general data processing principles, which we describe in this privacy policy. The legal basis for processing your data on the social media platform is Art. 6 (1) sentence 1 (f) GDPR.

10.5 To exercise your rights as a data subject, you can contact us or the provider of the social media platform. If one party is not responsible for responding or needs to obtain the information from the other party, we or the provider will then forward your request to the respective partner. Please contact the provider of the social media platform directly for questions about profiling and the processing of your data when using the website. For questions about the processing of your interaction with us on our website, please use the contact details provided above.

10.6 What information the social media platform receives and how it is used is described by the respective providers in their relevant privacy policies (see link in the table above). Here, you will also find information on contact options as well as on the settings options for advertisements. You can find more information about social networks and how you can protect your data at www.youngdata.de.

11. Third party provider tools

11.1 Use of Matomo
11.1.1 We use the web analysis service Matomo on this website to analyse and check the use of our website. Using the statistics obtained, we are able to improve our offer and present it in a more interesting way for you as the user.

11.1.2 We use a version of Matomo that does not require cookies. Therefore, no Matomo cookies are stored on your computer for the purpose of web analysis. For the analysis of website usage, your IP address and information such as time stamp, web pages visited and your language settings are recorded. We store the information collected in this way on our server.

11.1.3 This website uses Matomo with the extension “anonymizeIP”. This means that IP addresses are processed in abbreviated form and a direct link to a person is excluded. The IP address provided by your browser using Matomo will not be linked with other data collected by us. The legal basis for the use of Matomo is Art. 6 (1) sentence 1 (f) GDPR.

You can prevent the use of Matomo by unchecking the following box and activating the opt-out plugin:

In this case, an opt-out cookie preventing Matomo from storing user data will be placed in your browser in accordance with § 25 (1) TDDDG. If you delete your cookies, this will result in the Matomo opt-out cookie also being deleted. You will need to reactivate the opt-out when you visit our site again.

11.1.5 The program Matomo is an open source project. You can find the third-party provider’s information on data protection at matomo.org/privacy-policy/.

11.2 Einsatz von Cloudflare

11.2.1 Unsere Webseite nutzt Dienste von Cloudflare, Inc. ("Cloudflare"), welche in Deutschland von der Cloudflare Germany GmbH, Rosental 7, c/o Mindpsace, 80331 München bereitgestellt werden, um die Sicherheit und Leistung der Webseite zu erhöhen. Rechtsgrundlage hierfür ist Art. 6 Abs. 1 lit. f DSGVO. Sie können der Datenverarbeitung widersprechen, indem Sie die Seite nicht mehr nutzen.

11.2.2 Die von uns eingesetzten Dienste sind:

• Cloudflare CDN: Ein Content Delivery Network, das die Ladezeiten unserer Webseite verbessert, indem Inhalte von einem Server geliefert werden, der geografisch näher am Benutzer liegt.
• Cloudflare Universal SSL Certificate: Bietet eine verschlüsselte Verbindung zwischen Ihrem Browser und unserer Webseite, um die Sicherheit Ihrer Daten zu gewährleisten.
• Cloudflare Web Application Firewall (WAF): Schützt unsere Webseite vor bösartigen Angriffen und Sicherheitsbedrohungen.
• Cloudflare Turnstile: Ein CAPTCHA-System, das dabei hilft, automatisierte Zugriffe durch Bots zu erkennen und zu verhindern, ohne dass echte Nutzer CAPTCHA-Rätsel lösen müssen.

11.2.3  Cloudflare kann Zugriff auf einige Ihrer Daten haben, wie Ihre IP-Adresse, Systemkonfigurationsinformationen und andere Informationen über den Verkehr zu und von der Webseite, um diese Dienste bereitzustellen. Diese Daten werden verarbeitet und können außerhalb des Europäischen Wirtschaftsraums, z. B. in den USA, gespeichert werden. Cloudflare ist unter dem Trans-Atlantic Data Privacy Framework zertifiziert, was bedeutet, dass es sich verpflichtet hat, einen Datenschutzstandard einzuhalten, der mit den europäischen Datenschutzvorschriften vergleichbar ist. Aus diesem Grund hat die europäische Kommission einen Angemessenheitsbeschluss für die USA erlassen, welcher einen etwaigen Datentransfer dorthin legitimiert. Darüber hinaus haben wir mit Cloudflare Standardvertragsklauseln (SCCs) geschlossen, welche Sie unter www.cloudflare.com/cloudflare_customer_SCCs-German.pdf einsehen können.

11.2.4 Für weitere Informationen über die Datenschutzpraktiken von Cloudflare verweisen wir auf die Datenschutzerklärung von Cloudflare unter https://www.cloudflare.com/privacypolicy/.

11.3 Einbindung von YouTube Videos

11.3.1 Wir haben YouTube-Videos in unser Online-Angebot eingebunden, die auf YouTube.com gespeichert sind und von unserer Website aus direkt abspielbar sind. Rechtsgrundlage für die Anzeige der Videos ist Art. 6 Abs. 1 S. 1 lit. a DSGVO, d. h. die Einbindung erfolgt nur nach Ihrer Einwilligung. Das erforderliche Cookie für das Abspielen der Videos setzen wir nach § 25 Abs. 2 Nr. 2 TDDDG, da dies zwingend technisch erforderlich ist.

11.3.2 Durch den Besuch auf der Website erhält YouTube die Information, dass Sie die entsprechende Unterseite unserer Website aufgerufen haben. Zudem werden die oben genannten grundlegenden Daten wie IP-Adresse und Zeitstempel übermittelt. Dies erfolgt unabhängig davon, ob YouTube ein Nutzerkonto bereitstellt, über das Sie eingeloggt sind, oder ob kein Nutzerkonto besteht. Wenn Sie bei Google eingeloggt sind, werden Ihre Daten direkt Ihrem Konto zugeordnet. Wenn Sie die Zuordnung mit Ihrem Profil bei YouTube nicht wünschen, müssen Sie sich vor Aktivierung des Buttons ausloggen. YouTube speichert Ihre Daten als Nutzungsprofile und nutzt sie für Zwecke der Werbung, Marktforschung und/oder bedarfsgerechten Gestaltung seiner Website. Eine solche Auswertung erfolgt insbesondere (selbst für nicht eingeloggte Nutzer) zur Erbringung von bedarfsgerechter Werbung und um andere Nutzer des sozialen Netzwerks über Ihre Aktivitäten auf unserer Website zu informieren. Ihnen steht ein Widerspruchsrecht gegen die Bildung dieser Nutzerprofile zu, wobei Sie sich zur Ausübung dessen an YouTube richten müssen.

11.3.3 Die erhobenen Informationen werden auf Servern von Google, auch in den USA, gespeichert. Google LLC (die Muttergesellschaft) ist unter dem EU-U.S. Data Privacy Framework zertifiziert. Darüber hinaus besteht ein Angemessenheitsbeschluss der EU-Kommission und wir haben mit dem Anbieter die EU Standardvertragsklauseln (SCC) abgeschlossen.

11.3.4 Weitere Informationen zu Zweck und Umfang der Datenerhebung und ihrer Verarbeitung durch YouTube erhalten Sie in der Datenschutzerklärung. Dort erhalten Sie auch weitere Informationen zu Ihren Rechten und Einstellungsmöglichkeiten zum Schutze Ihrer Privatsphäre: www.google.de/intl/de/policies/privacy.

12. Recipients or categories of recipients

12.1 If we disclose your personal data to third parties, you will be explicitly informed of this by way of a description of the respective data processing (e.g. when using our contact form). For technical and organisational processing, we also use external service providers with which we have concluded appropriate order processing contracts within the meaning of Art. 28 GDPR. These include e.g. service providers for web hosting, sending emails, the maintenance and servicing of our IT systems etc.

13. Storage period

13.1 We store your data for as long as this is necessary for achieving the respective purpose but for no longer than any statutory provisions require us to do so (e.g. we are required under commercial law to retain business correspondence, which may include emails, for 10 years).

13.2 As soon as the reason for storage lapses or a prescribed storage period expires in accordance with the above provisions, the personal data shall be routinely blocked or deleted.

14. Your rights

14.1 You have extensive rights in relation to the processing of your personal data. Firstly, you have a comprehensive right of access and can request the correction and / or erasure and / or blocking of your personal data. You can also request a restriction of processing and have a right of objection and a right to data portability. If you wish to assert one of your rights and / or obtain more information about this, please contact us at [email protected].

14.2 You also have the right to complain to a supervisory authority. If you have any questions, comments or queries regarding the collection, processing and use of your personal data by us, please do not hesitate to contact us using the contact details provided.

15. No obligation to provide personal data

15.1 he conclusion of contracts with us is not dependent upon you providing us with your personal data in advance. For you as the customer, there is essentially no statutory or contractual obligation to provide us with your personal data; however, we may only be able to provide certain offers to a limited extent or may not be able to provide them at all if you do not provide the necessary information. If, in exceptional circumstances, this should be the case with regard to the products and services we offer as specified above, we will inform you of this separately.