Data protection
Data protection declaration for the use of the online offer of hcc gmbh and the myCare2x network, the websites, functions and content connected to them as well as external online presences and social media profiles
Responsible:
Joachim Mollin / hcc gmbh
Pastor Antholzner Str. 6
85614 Kirchseeon
info@hccgmbh.com
General
The protection of your personal data is very important to us. It is important to us to inform you about what personal data is collected, how it is used and what design options you have. With regard to the definition of the terms used, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Our data processing collects, processes or uses only the personal data required for a meaningful and economical use of our offer. Technical and organizational measures ensure that data protection regulations are observed. Our employees handle this data responsibly and consciously and are bound to secrecy. That is why we guarantee you the security and protection of all personal data and the strictest compliance with all provisions of the GDPR.
Types of online offers / processing of data
Our online offer is divided into:
Informational websites
Informative websites that give you an overview of what hcc gmbh has to offer and its myCare2x family of solutions. On these pages you will find information on how to contact us by email or telephone.
Websites to evaluate our solution
Websites where you can try our solution. You can access these websites using a user name and password provided by us. On these websites they work with fictitious personal data, which they can supplement with entries that are not personally assigned to them. We reserve the right to delete these entries without giving reasons or information.
Apps of the mcx:connect family (Android or iOS)
The use of these apps is only possible with an existing registration on our servers. If you use these apps, our servers temporarily record the IP address of your device and other technical features, such as the requested content (Art. 6 Para. 1 b GDPR).
In this app you have the option of dictating text as well as entering data using the keyboard. Voice input (Google) or dictation (Apple) is a functionality that the operating system makes available to our apps. When used, the language is processed by a third party (e.g. Apple or Google) as the person responsible and the result is delivered to our apps and output in the input field. For details on the functionality and how you can switch use on or off, please contact the respective operating system manufacturer.
In order to be able to use the apps on your device, the apps must be able to access various functions and data on your end device. This requires that you grant certain permissions (Art. 6 Para. 1 a GDPR). The authorization categories are programmed differently by the various manufacturers. So e.g. For example, with Android, individual permissions are grouped into permission categories, and you can only agree to the permission category as a whole. Please note, however, that in the event of an objection you may not be able to use all the functions of our apps or may not be able to use the apps at all.
If you have granted permissions, we only use them to the extent described below:
The apps need access to the Internet via Wi-Fi or cellular to get network connections, update content and use camera, microphone, USB, photos, videos, news content, etc. The apps need access to the storage in order to store photos/media/files there, which are required for the purpose of providing the apps and for displaying the content and actions. The apps do not access your personal files (photos, music, etc.). Push notifications are messages that are sent from the app to your device and are displayed there with priority. Some of our apps use push notifications if you gave your consent when installing the app or when using it for the first time (Art. 6 Para. 1 a GDPR).
Portal offer mcx:alexa
The portal offer mcxalexa.com requires registration. Registration is linked to verification by a confirmation email. On this portal you can optionally enter further personal data. For the purpose of carrying out and processing the associated service, it is necessary to collect personalized data and pass it on to third parties. This data is only stored to the extent required for order processing and is only passed on to the portal participants selected by the user.
You can connect to the portal via our skill offer at Amazon for the operation of Amazon Alexa services. It is possible to access location data from the Alexa devices. You can also give us permission to send you notifications on your Alexa device.
You have given us your consent to the processing of these skills by confirming the email sent (Art. 6 Para. 1 a GDPR). When using these services, the language is processed by Amazon as the controller and the result is delivered to our services and processed. For details on the functionality, please contact Amazon.
In order to be able to use the skills on your device, the skills must be able to access various functions and data on your end device. For this it is necessary that you grant these authorizations (Art. 6 Para. 1 a DSGVO).
The skills need access to the Internet via WiFi to get network connections, update content and use camera, microphone, photos, videos, news content, etc. The skills do not access your personal data (photos, music, etc.).
To connect Amazon Alexa, we only use services offered by Amazon that are offered on Amazon servers in the EU. Additional internal services may be used by Amazon. In this context, we refer to the paragraph on data transfers to third countries.
Persons under the age of 18
Persons under the age of 18 should not transmit any personal data to us without the consent of their parents or guardians. We do not request any personal data without this consent, do not collect it and do not pass it on to third parties.
encryption
All personal data is encrypted using SSL/TSL encryption over the Internet. We secure our website and other systems through technical and organizational measures against loss, destruction, access, modification or distribution of data by unauthorized persons. Access is only possible after entering a personal account and password. You should always treat this access information confidentially and close the browser window when communication with the portal is terminated, especially if the computer used is shared with others.
Disclosure of Personal Information
There is no transfer of data to third parties for advertising purposes. Address marketing by hcc gmbh does not take place at any time.
Terms used
CIS
HIS is a hospital information system
Personal Data is any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or one or more special features, are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
processing is any process or series of processes carried out with or without the aid of automated processes in connection with personal data. The term is broad and encompasses practically every handling of data.
As the person in charge is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data.
Cooperation with processors and third parties
If, as part of our processing, we disclose data to other people and companies (contract processors or third parties), transmit it to them or otherwise grant them access to the data, this is only done on the basis of legal permission, you have consented, a legal obligation provides for this or on the basis of our legitimate interests such as the use of agents, web hosts, etc.
If we commission third parties to process data on the basis of a so-called order processing contract, this is done in accordance with Art. 28 GDPR.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or this happens as part of the use of third-party services or disclosure or transmission of data to third parties, this only takes place if it is to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if the special requirements (Art. 44 et seq. GDPR) are met. Example: Processing on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to that of the EU (for the USA through the Privacy Shield ) or in compliance with officially recognized special contractual obligations.
Rights of data subjects
You have the right (Art. 15 GDPR) to request confirmation as to whether the data in question is being processed and information about this data as well as further information and a copy of the data.
You have the right (Art. 16 GDPR) to request the completion of the data concerning you or the correction of incorrect data concerning you.
You have the right (Art. 17 GDPR / Art. 18 GDPR) to demand that the data in question be deleted immediately, or alternatively to demand that the processing of the data be restricted.
You have the right (Art. 20 GDPR) to request that you receive the data that you have provided to us and to request that it be transmitted to other responsible parties. You can therefore receive the data you have provided to us in a common machine-readable format such as CSV and, if necessary, transmit it to others
You also have the right (Article 77 GDPR) to lodge a complaint with the competent supervisory authority.
Right to object
The user can object to the aforementioned use and processing of the data at any time by sending a message to the above address (Art. 21 GDPR). The objection can be made in particular against processing for direct advertising purposes. Insofar as we are obliged to do so by law or by court order, we transmit data to the respective authorities entitled to receive information. Data for billing and accounting purposes are not affected by an objection or deletion.
right of withdrawal
You have the right to revoke your consent with effect for the future (Art. 7 Para. 3 GDPR)
Cookies and the right to object to direct advertising
As cookies are small files that are stored on users' computers. Different information can be stored within the cookies. A cookie is primarily used to store information about a user or the device on which the cookie is stored during or after their visit to an online offer. As temporary cookies or session cookies or transient cookies , are cookies that are deleted after a user leaves an online offer and closes his browser. as permanent or persistent refers to cookies that remain stored even after the browser is closed. For example, the login status can be saved if users visit it after several days. The interests of the users can also be stored in such a cookie, which are used for range measurement or marketing purposes. As a third-party cookie refers to cookies that are offered by providers other than the person responsible for operating the online offer.
We can use temporary and permanent cookies and hereby clarify this.
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in their browser's system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of the online offer or completely prevent its use.
JavaScript
JavaScript is used to call up the application and transmit the collected parameters to our servers.
deletion of data
The data processed by us will be deleted (Art. 17 and 18 GDPR) or their processing restricted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted.
hosting
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online offer.
Here we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data from customers, interested parties and visitors to this online offer on the basis of our legitimate interests in an efficient and secure provision of our online offer (Art. 6 Para. 1 DSGVOü / Art. 28 GDPR).
Collection of access data and log files
We, or our hosting provider, collect data about every access to the server on which this service is located on the basis of our legitimate interests (Art. 6 Para. 1 DSGVO). The access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL, IP address and the requesting provider.
For security reasons, log file information is stored for a maximum of 7 days and then deleted. Data whose further storage is required for evidence purposes are excluded from deletion until the respective incident has been finally clarified.
Provision of contractual services
We process inventory data, contract data to fulfill our contractual obligations and services (Article 6 (1) GDPR). The entries marked as mandatory in online forms are required for the conclusion of the contract.
When using our online services, we store the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests, as well as to protect users from misuse and other unauthorized use. In principle, this data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so (Article 6 (1) GDPR).
The data is deleted after statutory warranty and comparable obligations have expired; the necessity of storing the data is checked every three years. In the case of legal archiving obligations, the deletion takes place after their expiry. Information in any customer account remains until it is deleted.
Administration, office organization, contact management
We process data in the context of administrative tasks and organization of our operations and compliance with legal obligations. We process the same data that we process in the context of providing our contractual services (Art. 6 Para. 1, Art. 28 GDPR). Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in processing lies in maintaining our business activities, performing our tasks and providing our services. The deletion of the data with regard to contractual services and contractual communication corresponds to the information given.
Furthermore, on the basis of our business interests, we store information on suppliers, organizers and other business partners, e.g. for the purpose of later contact. We store this mostly company-related data permanently.
registration function
Users can optionally create a user account. As part of the registration, the required mandatory information is communicated to the users. The data entered during registration will be used for the purpose of using the offer. If users have terminated their user account, their data will be deleted with regard to the user account, subject to their storage being necessary for commercial or tax reasons (Article 6 (1) GDPR). It is the user's responsibility to back up their data before the end of the contract in the event of termination. We are entitled to irretrievably delete all of the user's data stored during the contract period.
When using our registration and login functions and using the user account, we save the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests, as well as the user's protection against misuse and other unauthorized use. In principle, this data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so (Article 6 (1) GDPR).
contact
When contacting us, the user's details are processed to process the contact request and its processing (Article 6 (1) GDPR). User information can be stored in a customer relationship management system or comparable inquiry organization.
We delete the requests if they are no longer necessary. We review necessity every two years. Furthermore, the statutory archiving obligations apply.
Online presence in social media
We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to be able to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
We process user data if they communicate with us within social networks and platforms or send us messages.
Integration of third-party services and content
Within our online offering, based on our legitimate interests (Art. 6 Para. 1 GDPR), we use content or service offerings from third-party providers in order to integrate their content and services, such as videos or fonts.
This always presupposes that the third-party providers of this content perceive the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is therefore required for the display of this content. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics) for statistical or marketing purposes. Through the pixel tags information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information can also be stored in cookies on the user's device and contain, among other things, technical information about the browser and operating system, referring websites, visiting times and other information on the use of our online offer, as well as being linked to such information from other sources.
vimeo
We embed videos from the Vimeo platform provided by Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA. Privacy Policy: https://vimeo.com/privacy.
youtube
We embed videos from the YouTube platform provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
Google Maps
We integrate maps from the Google Maps service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
Twitter
Within our online offer, functions and content of the Twitter service can be integrated, offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. This can include, for example, content such as images, videos or text and buttons with which users can express their liking for the content, the authors of the content or subscribe to our posts. If the users are members of the Twitter platform, Twitter can assign the above-mentioned content and functions to the user profiles there. Twitter is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy Policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization.
Functions and content of the LinkedIn service can be used within our online offer. This can include, for example, content such as images, videos or text and buttons with which users can express their liking for the content, the authors of the content or subscribe to our posts. If the users are members of the LinkedIn platform, LinkedIn can assign the above-mentioned content and functions to the user profiles there. Privacy Policy: https://linkedin/de/privacy,