Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national privacy laws of the Member States, as well as other provisions on privacy, is:

EU-PATIENTEN.DE
National Contact Point for cross-border healthcare
National Association of Statutory Health Insurance Funds
German Liaison Agency Health Insurance – International (DVKA)
Pennefeldsweg 12c
53177 Bonn
Tel.: 0228 9530-0
Fax: 0228 9530-600
e-mail: post@dvka.de
Internet: www.dvka.de

Name and address of the data protection officer

Name and address of the local representative of the data protection officer of the National Association of Statutory Health Insurance Funds:

Carolin Birker
Pennefeldsweg 12c
53177 Bonn
Tel.: 0228 9530-717
e-mail: Datenschutz@dvka.de

I. General information regarding data processing

1. The extent of the processing of personal data

As a matter of principle, we only collect and use our users’ personal data where this is necessary in order to make available a properly-functioning website, along with our content and services. As a rule, our users’ personal data are only collected and processed with the user’s consent. An exception applies in cases in which prior consent cannot be obtained for de facto reasons and the data may be processed in accordance with statutory provisions. In individual cases, however, these websites may contain links to other providers not covered by this Privacy Policy.

2. The legal basis for the processing of personal data

The legal basis for the processing of personal data is Article 6(1)(a) of the EU’s General Data Protection Regulation (GDPR) in cases where we obtain the data subject’s consent for a specific purpose of processing.

The legal basis for the processing of personal data necessary for the performance of a contract to which the data subject is party is Article 6(1)(b) GDPR. This also applies to the implementation of steps that are required prior to entering into a contract.

Where the processing of personal data is required for compliance with a legal obligation to which our company is subject, the legal basis is Article 6(1)(c) GDPR.

Where the processing of personal data is required in order to protect the vital interests of the data subject or of another natural person, the legal basis is Article 6(1)(d) GDPR.

Where processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, the legal basis for processing is Article 6(1)(f) GDPR.

3. Data erasure and storage period

The data subject’s personal data are erased or blocked as soon as the purpose for which they were stored ceases to apply. They may be stored beyond this if provided for by the European or national legislature in regulations within Union law, in acts of law or other provisions to which the controller is subject. The data will also be barred or erased if a storage period prescribed by these provisions expires, unless there is a continued need to store the data to enter into a contract or for the performance of a contract.

II. Making the website available and creating logfiles

1. Description and scope of data processing

Each time you visit our website, our system collects data and information from the operating system of the requesting computer by automated means.

This entails collecting the following data:

• information on the browser type and version used,
• the user’s IP address, and
• the date and time of the request.

The data are also stored in our system’s logfiles. These data are not stored together with other personal data pertaining to the user.

2. The legal basis for data processing

The legal basis for the temporary storage of the data and logfiles is Article 6(1)(f) GDPR.

3. The purpose of the data processing

The system needs to temporarily store the IP address in order to make the website available to the user’s computer. This necessitates the storage of the user’s IP address for the duration of the session. Logfiles are used for storage in order to ensure that the website can function properly. We also need the data in order to ensure that our IT systems are properly secure. The data are not evaluated for marketing purposes in this context. These purposes also include our legitimate interests in data processing pursuant to Article 6(1)(f) GDPR.

4. The duration of storage

The data will be erased as soon as they are no longer required in order to achieve the purpose for which they were collected. Where the data are stored in order to make the website available, this takes place when the respective session is ended. Data that are stored in logfiles are erased after seven days at the latest in this case.

5. Right to lodge an objection and elimination

It is vital to store the data in order to make the website available, and the data must be stored in logfiles in order to operate the website. Users therefore have no possibility to file an objection.

III. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files which are stored on the user’s computer system in or via a browser. If a user visits a website, a cookie can be stored on his or her operating system. This cookie contains a characteristic string enabling the browser to be unambiguously identified the next time the website is visited.

Users visiting our website are informed by a banner that cookies are used for analysis purposes, and are referred to this Privacy Policy.

Matomo statistics (formerly PIWIK) – analytics cookies

The provider uses Matomo, an open-source software solution which statistically analyses users’ visits. Matomo uses cookies stored on users’ computers enabling an analysis of how users use the website. The information that the cookie generates regarding the use of this service is stored on the provider’s server in Germany. The IP address is immediately anonymised after processing and before it is stored. Users can use the appropriate settings in their browser to prevent cookies being installed.

2. The legal basis for data processing

The legal basis for the processing of personal data using technically-necessary cookies is Article 6(1)(f) GDPR.

The legal basis for the processing of personal data using cookies for analytical purposes is Article 6(1)(a) GDPR, providing the user has consented accordingly.

3. The purpose of data processing

The purpose of using technically-necessary cookies is to make it simpler for users to use websites. Some functions on our website cannot be provided if we do not use cookies. The user data that are collected by technically-necessary cookies are not used to create user profiles.

Analytics cookies are used in order to improve the quality of our website and its content. These cookies enable us to learn how the website is used and to continually improve our services.

The following data are stored:

• information on the browser type and version used,
• the user’s operating system,
• the user’s Internet service-provider,
• the user’s IP address in anonymised form,
• the date and time of access,
• websites from which the user’s system reaches our website, and
• websites referred to by the user’s system via our website.

These purposes also constitute our legitimate interests in processing the personal data pursuant to Article 6(1)(f) GDPR.

4. Duration of storage; right to lodge an objection and elimination

Cookies are stored on the user’s computer, from where they are transmitted to our website. You as a user therefore also have complete control over how cookies are used. You can change your browser settings to deactivate or restrict cookie transmission. Cookies that have already been stored can be erased at any time. This can also be carried out by automated means. If cookies are deactivated for our website, this might prevent all the website’s functions being used to the full.

IV. Contact form and contact by e-mail

1. Description and extent of data processing

Our website provides forms enabling you to contact us by electronic means. Where users do so, the data entered in the templates are transmitted to us and stored. Your consent to the processing of the data is obtained as part of the transmission procedure, and this Privacy Policy is referred to.

Alternatively, you can make contact using the e-mail address provided. In this case, the user’s personal data are stored that are transmitted with the e-mail.

No data are forwarded to third parties in this connection. The data are only used to process the conversation. If the data need to be passed on to third parties, we will seek your consent beforehand. This also means that they may not be processed by third parties without your consent. You can find more details about this at “Privacy Policy for enquiries to EU-PATIENTEN.DE”.

2. The legal basis for data processing

The legal basis for processing the data if the user’s consent has been obtained is Article 6(1)(a) GDPR.

The legal basis for processing the data provided whilst sending an e-mail is Article 6(1)(f) GDPR. If the e-mail contact is intended to conclude a contract, the additional legal basis for processing is Article 6(1)(b) GDPR.

3. The purpose of data processing

We only process personal data from the input form in order to process the establishment of contact. If you contact us by e-mail, this also constitutes the legitimate interests pursued in processing the data. The other personal data processed during sending are used in order to prevent the contact form being misused and to ensure that our IT systems are secure.

4. The duration of storage

The data will be erased as soon as they are no longer required in order to achieve the purpose for which they were collected. With regard to the personal data from the input screen of the contact form and the data that were forwarded by e-mail, this is the case when the respective conversation with the user has been ended. The conversation is considered ended when the circumstances permit the conclusion that the matter in question has been finally clarified.

5. Right to lodge an objection and elimination

Users may withdraw their consent to the processing of personal data at any time. Users contacting us by e-mail may withdraw consent to the storage of their personal data at any time – by post or e-mail. The conversation may not be continued in such cases. All personal data that were stored during contact are erased in such cases.