How we handle your data and your rights
– Information in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR) –
in the following we inform you about the processing of your personal data by us and the claims and rights to which you are entitled according to the data protection regulations.
Which data is processed in detail and in which way it is used depends largely on the services requested or agreed services.
1. Who is responsible for data processing and whom can I contact?
The responsible department is:
am Klinikum Peine
Virchowstraße 8 h
You can reach our company data protection officer at:
2. What sources and data do we use?
We process personal data that we receive from you in the course of our business relationship. In addition, we process - as far as necessary for the provision of our services - personal data which we have received from other companies (e.g. SCHUFA) in a permissible form (e.g. for the processing of orders, for the fulfilment of contracts or on the basis of a consent given by you). On the other we process personal data that we have permissibly obtained and are permitted to process from publicly accessible sources (e.g. debtor lists, commercial and association registers, press, media).
Relevant personal data are personal details (name, address and other contact details, date and place of birth and nationality) and authentication data. When you book an appointment, we typically record, i. a., name, address, telephone number, e-mail address and date/time of the appointment.
3. What do we process your data for (purpose of processing) and on what legal basis?
We process personal data in accordance with the provisions of the European Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG):
3.1 For the fulfilment of contractual obligations (Article 6 para. 1b GDPR)
The processing of personal data (Article 4 No. 2 GDPR) is carried out for the provision and mediation of our services, in particular for the execution of our contracts or pre-contractual actions with you and the execution of your orders, as well as all activities necessary for the operation and administration of a company.
The purposes of data processing are primarily based on the specific product or order and include, among other things, online appointment booking and online appointment management.
Further details regarding the purpose of data processing can be found in the respective contract documents and terms and conditions.
3.2 As part of the balancing of interests (Article 6 para. 1f GDPR)
As far as necessary, we process your data beyond the actual fulfilment of the contract in order to protect legitimate interests of us or third parties, such as in the following cases:
- Ensuring IT security and IT operation
- checking and optimising procedures for analysing needs and addressing customers directly
- advertising or market and opinion research, provided that you have not objected to the use of your data
- Assertion of legal claims and defence in the event of legal disputes
- Measures for building and plant security (e.g. access controls)
- measures to secure the right to the premises
- measures for business management and further development of services and products
- Prevention and investigation of criminal offences.
3.3 Based on your agreement (Article 6 para. 1a GDPR)
If you have given us your consent to process personal data for specific purposes (e.g. transfer of data, evaluation of user data for marketing purposes), the legality of this processing is based on your consent. A given consent can be revoked at any time. This also applies to the revocation of declarations of consent that were issued to us prior to the validity of the GDPR, i.e. before 25 May 2018.
Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.
3.4 Due to legal requirements (Article 6 para. 1c GDPR) or in the public interest (Article 6 para. 1e GDPR)
Furthermore, as a company we are subject to various legal obligations, i.e. legal requirements (e.g. commercial laws, tax laws). The purposes of processing include, among other things, the fulfilment of fiscal monitoring and reporting obligations as well as the assessment and management of risks.
4. Who receives my data?
Within our company, access to your data is granted to those entities that need it to fulfil our contractual and legal obligations. Processors commissioned by us (Article 28 GDPR) may also receive data for the aforementioned purposes. These are companies in the categories of IT services, logistics, printing services, telecommunications, debt collection, consulting and advisory services, and sales and marketing.
With regard to the passing on of data to recipients outside our company, it should be noted that we only pass on information about you if required by law, if you have given your consent or if we are authorised to provide information.
Under these conditions, recipients of personal data may be, for example
5. How long will my data be stored?
As far as necessary, we process and store your personal data for the duration of our business relationship, which for example also includes the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations, which result from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The periods of retention or documentation stipulated there are two to ten years.
Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are usually three years, but in certain cases can be up to thirty years.
6. Is data transferred to a third country or to an international organisation?
Data will only be transferred to third countries (countries outside the European Economic Area - EEA) if this is necessary for the execution of your orders, is required by law or if you have given us your consent. We will inform you separately about details, if required by law.
7. What data protection rights do I have?
Every data subject has the right of information under Article 15 GDPR, the right of rectification under Article 16 GDPR, the right of deletion under Article 17 GDPR, the right to restrict processing under Article 18 GDPR and the right to data transferability under Article 20 GDPR. With regard to the right of information and the right of deletion, the restrictions under Articles 34 and 35 BDSG apply. In addition, there is a right of appeal to a data protection supervisory authority (Article 77 GDPR together) in conjunction with Article 19 BDSG.
8. Is there an obligation to provide data?
Within the scope of our business relationship, you only need to provide us with personal data that is necessary for the establishment, execution and termination of a business relationship or that we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or execute the order, or we will no longer be able to execute an existing contract and may have to terminate it.
9. To what extent is there automated decision-making in individual cases?
As a matter of principle, we do not use a fully automated decision-making process in accordance with Article 22 of the GDPR. Should we use these procedures in individual cases, we will inform you of this separately if this is required by law.
10. To what extent is my data used for profiling (scoring)?
As a matter of principle, we do not use profiling in accordance with Article 22 GDPR. Should we use this procedure in individual cases, we will inform you of this separately if this is required by law.
Information about your right of objection according
to Article 21 of the EU-GDPR
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 paragraph 1e GDPR (data processing in the public interest) and Article 6 paragraph 1f GDPR (data processing based on a balancing of interests); this also applies to profiling within the meaning of Article 4 No. 4 GDPR based on this provision, which we use for credit rating or for advertising purposes
If you lodge an objection, we will no longer process your personal data unless we can prove compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
In individual cases, we process your personal data for the purpose of direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purpose of such direct marketing, including profiling, insofar as it is related to such direct marketing.
If you object to processing for the purposes of direct marketing, we will no longer process your personal data for those purposes.
The objection can be made without any formality and should be addressed if possible, to:
am Klinikum Peine
Virchowstraße 8 h