+49 (0)8041 / 799 01-46
Request
Appointment

Data protection

MedVital Gesundheitszentrum

Data protection

Your contact person as the controller within the meaning of the European General Data Protection Regulation (“GDPR”) and other national data protection laws of the member states, as well as other data protection regulations, is:

 

MedVital GmbH & Co. KG

Stefanie-von-Strechine-Str. 6

83646 Bad Tölz

Phone: +49 (0)8022 / 925 41-00

Email: info@medvital-residenz.de

www.medvital-residenz.de

 

(hereinafter referred to as “we,” “us,” or “our”).

 

Contact details of the data protection officer

 

The protection of your personal data is of utmost importance to us. To reflect this importance, we have commissioned a consulting firm specializing in data protection and data security to handle these key issues. Our data protection officer also comes from this highly experienced group of experts.

 

MAGELLAN Kleinkind Rechtsanwaltsgesellschaft mbH, Raiffeisenallee 9, 82041 Oberhaching / www.magellan-legal.de

 

Please contact our data protection officer at MAGELLAN Rechtsanwälte directly with any questions regarding data protection and data security.

 

Email: datenschutz_medvital@magellan-legal.de / Phone: +49 (0)8022 / 925 41-00

 

  • General information on data processing

  1. Scope

We generally only process your personal data to the extent necessary for the functional provision of our website, as well as our content and services.

 

  1.  Legal basis

If we obtain your consent to process your personal data, the legal basis for such processing is Article 6 (1) (a) of the EU GDPR.

If your personal data is processed to fulfill a contract with you or in the context of initiating a contractual relationship, the legal basis for the processing is Art. 6 (1) (b) of the EU GDPR.

If the processing of personal data is necessary to fulfill a legal obligation incumbent upon us, the legal basis for the processing is Art. 6 (1) (c) of the EU GDPR.

If your personal data is processed to protect the legitimate interests of us or a third party, whereby your interests, fundamental rights, and freedoms do not outweigh the former interest, the legal basis for the processing is Art. 6 (1) (f) of the EU GDPR.

 

  1. Storage period

Your personal data will be deleted as soon as the purpose for storage no longer applies or, if you are entitled to a right of withdrawal, you declare that you withdraw your consent. Storage may also occur if this has been stipulated by European or national legislators in EU regulations, laws, or other provisions to which we are subject. In this case, however, your personal data will be blocked.

 

  1. External Links

If we provide links to external websites, this privacy policy does not apply to the processing of your personal data by the controller of the linked website. We therefore recommend that you read the privacy policy on the external website you visit. If this link requires a legal basis for the resulting processing of your personal data, this is your consent pursuant to Art. 6 (1) (a) GDPR, which you give by clicking the link.

Typically, the following personal data is processed by clicking the link (hyperlink):

  • IP adress
  • Screen resoltution
  • Browser used
  • Bandwidth
  1. Data processing on our website

 

  1. Website functions

 

  1. Provision of the website and creation of log files

  • Description and scope

When providing our website, we process your personal data to enable error-free delivery of our website to your PC or mobile device. In some cases, your personal data must be stored for the duration of a session.

We also temporarily store your personal data in log files to ensure the functionality of our website and the security of our IT systems. Your personal data is not processed in any other way in log files.

The following personal data is processed for the provision of the website and to create log files:

  • IP address
  • Date of access
  • Time of access
  • Previously visited website
  • Browser used
  • Operating system used
  • Legal basis

 

Legitimate interest, Art. 6 (1) (f) EU GDPR.

  • Purpose

 

The purpose of data processing is to provide the website, ensure its functionality, and ensure the security of the IT systems used for this purpose.

This purpose also represents our legitimate interest.

 

  • Storage period

Your personal data will be stored in log files for a period of 7 days. Furthermore, your personal data will only be stored for the duration of the session when providing the website.

  • Possibility of objection and removal

 

The processing of your personal data and the storage of your personal data in log files is essential for the provision of the website, ensuring its functionality, and safeguarding the IT systems used. You therefore have no right to object.

  1. Technically Necessary Cookies
  • Description and Scope

 

We process your personal data as part of technically necessary cookies because many functions and services on our website, which facilitate your use of our website or make it possible in the first place, do not function properly without cookies (so-called “technically necessary cookies”).

Using these technically necessary cookies, we sometimes store your personal data, which is only used to implement these functions and services. Your personal data is not processed for any other purpose.

A list of the technically necessary cookies we use, their purpose, storage period, and further information can be found in our cookie banner.

The following personal data is processed as part of the use of technically necessary cookies:

  • IP adress
  • Language settings of your browser
  • Browser used
  • Shopping card information
  • Legal basis

Legitimate interest, Section 25 (2) TDDDG in conjunction with Article 6 (1) (f) GDPR.

  • Purpose

 

The purpose of data processing is to provide the functions and services of our website.

This purpose also represents our legitimate interest.

  • Storage period

 

Usually for the duration of the respective session, unless otherwise stated in the detailed information in the list of technically necessary cookies we use.

  • Opt out and delete

Technically necessary cookies are stored on your PC or mobile device and transmitted from there to our website. Therefore, you have full control over the use of technically necessary cookies.

You can deactivate or restrict the transmission of cookies by changing the settings in your browser. You can delete cookies that have already been stored at any time. This can also be done automatically. If cookies are deactivated for our website, you may no longer be able to fully use all of the website’s functions.

 

  1. Technically non-essential cookies

 

If technically unnecessary cookies are used within the scope of the functions and services of our website, you will find a list of these cookies, their purpose, storage period and further information in our cookie banner.

  1. eCommerce

Email contact

  • Description and scope

The following personal data is processed within the scope of the contact form and email contact:

  • Email adress
  • Content of the message
  • Legal basis

Legitimate interest, Art. 6 (1) (f) GDPR.

  • Purpose

The purpose of data processing is to process your inquiry.

  • Retention period

Your personal data will be stored until the purpose no longer applies. This usually occurs when your inquiry is processed, unless longer retention periods apply.

  • Right to object and removal

You have the right to object to the future processing of your personal data when contacting us. In this case, however, we will not be able to process your inquiry any further. All personal data stored during the contact process will be deleted in this case, unless statutory retention periods prevent deletion. In this case, your personal data will be blocked until the end of the statutory retention periods.

  1. Marketing
  1. Direct Marketing
  • Description and Scope

We process your personal data as part of direct marketing campaigns if the narrow scope of special laws allows us to contact you for advertising purposes without your consent. We also process your personal data if you have consented to such advertising.

The following personal data is processed as part of direct marketing:

  • Title
  • First name
  • Last name
  • Postal address
  • Email adress
  • Telephone number
  • Legal basis

 

Legitimate interest, Art. 6 (1) (f) GDPR (post).

Consent, Art. 6 (1) (a) GDPR (post, email, telephone).

Legitimate interest, Section 7 (3) Unfair Competition Act (UWG) (email).

  • Purpose

 

The purpose of data processing is to conduct direct marketing campaigns and send offers and additional information.

  • Storage period

Your personal data will be stored until you object to the processing. Information on this can be found in the respective advertising message.

  • Right of objection and removal

You can object to the processing of your personal data for direct marketing campaigns at any time with effect for the future.

  1. Web analysis using Google Analytics

 

  • Description and scope

 

For web analysis purposes, we use the Google Analytics platform to collect key figures from our website and to analyze your browsing behavior.

When individual pages of our website are accessed, the following data is stored:

  • IP adresse;
  • Browser used
  • Operating system used
  • Screen resolution
  • Mouse and keyboard behavior.
  • Legal basis

 

Consent, Section 25 (1) TDDDG in conjunction with Article 6 (1) (a) EU GDPR.

  • Purpose

The purpose of data processing is to analyze your surfing behavior. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness.

  • Storage Period

A detailed list of the storage period for each “tracking cookie” we use can be found in our cookie banner.

  • Opt-out and Removal Options

You can revoke your consent to the processing of your personal data in the context of the use of Google Analytics at any time with effect for the future by proceeding as follows:

  1. Changing consent settings on our website

On our website, we offer you the option of easily withdrawing consent to the processing of your personal data when using Google Analytics.

To do so, simply click the cookie button on the left side of the website.

  1. Changing your browser settings

Alternatively, you can generally deactivate or restrict the transfer of cookies by changing your browser settings. You can delete previously stored cookies at any time. This can also be done automatically. If technically necessary cookies for our website are also deactivated, you may no longer be able to fully use all of the website’s functions.

  • Browser Add-on

If you do not want your personal data processed by Google Analytics, you can also install the Google Analytics Opt-out Browser Add-on. This add-on instructs the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) running on web pages to prevent information from being sent to Google Analytics.

If you want to disable Google Analytics, visit the page below and install the Google Analytics Opt-out Add-on for your browser. Detailed information on installing and uninstalling the add-on can be found in the relevant help resources for your browser.

Browser and operating system updates may prevent the Opt-out Add-on from working as intended. For more information on managing add-ons for Chrome, please visit the pages below. If you are not using Chrome, please check with your browser manufacturer to ensure that add-ons work properly in the browser version you are using.

The latest versions of Internet Explorer occasionally load the Google Analytics Opt-out Add-on after personal data has already been sent to Google Analytics. Therefore, if you use Internet Explorer, the add-on will install cookies on your computer. These cookies ensure that any collected data is immediately deleted from the server that collected the data. Make sure that third-party cookies are not disabled for Internet Explorer. If you delete your cookies, the add-on will reset these cookies within a short time to ensure that your Google Analytics browser add-on continues to function properly.

The Google Analytics Opt-out Browser Add-on does not prevent personal data from being sent to the website or to other tracking services.

For more information on terms of use and privacy, see:

http://www.google.com/analytics/terms/de.html bzw. unter

https://support.google.com/analytics/answer/6004245?hl=de.

IP anonymization is also activated on our website.

 

  1. Data protection and law
  1. Exercise of your data subject rights according to Art. 12 et seq. of the EU GDPR
  • Description and scope

In the context of processing your data subject rights, we process your personal data. We process the contact details you provide in this context exclusively for the purpose of processing and responding to your message and for the subsequent documentation of the lawful processing within the scope of our accountability.

In the context of processing your data subject rights, the following personal data is processed:

  • First name;
  • Last name;
  • Postal adress;
  • Email address;
  • Legal basis

Legal obligation, Art. 6 (1) (c) in conjunction with Art. 12 et seq. of the EU GDPR.

Legitimate interest for subsequent documentation, Art. 6 (1) (f) of the EU GDPR.

  • Purpose

Legally compliant processing of your data protection rights.

  • Retention period

3 years after completion of the respective process, Section 41 BDSG in conjunction with Section 31 (2) No. 1 OWIG.

  • Right to object and removal

You have the right to object to the processing of your personal data in the future at any time as part of the processing of your data protection rights. In this case, however, we cannot continue to process your data protection rights.

Documentation of the legally compliant processing of your data protection rights is mandatory. Consequently, you have no right to object.

  1. Legal defense and enforcement
  • Description and scope

We process your personal data if you assert legal claims against us or we assert claims and rights against you.

  • Legal basis

Legitimate interest, Article 6 (1) (f) of the EU GDPR.

  • Purpose

The purpose of data processing is to defend against unjustified claims and to enforce and assert claims and rights.

This also constitutes our legitimate interest.

  • Retention period

Your personal data will be stored until the purpose no longer applies. This usually occurs when the respective decision becomes legally binding.

  • Right to object and removal

The processing of your personal data for the purposes of legal defense and enforcement is absolutely necessary for legal defense and enforcement. Consequently, you have no right to object.

  1. Further data processing besides our website
  1. Facebook fan page
  1. Description and scope

As part of operating our Facebook fan page, we process your personal data in order to contact and interact with users and visitors of the social network “Facebook.” We also occasionally publish information about our company and related offers.

If you contact us directly via our Facebook fan page (e.g., via a Messenger message), the data you provide will be processed solely for the purpose of recording and responding to your customer/prospective customer inquiry.

We are also able to compile statistics on visits to our Facebook fan page. This information is compiled by Meta (“Facebook Insights”) and enables us to market our activities more effectively and specifically.

With regard to Facebook Insights data, we are jointly responsible for data processing with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we have entered into an agreement with Meta Platforms Ireland Limited regarding which of us processes which obligations under the EU GDPR.

The essential contents of this agreement can be viewed at:

https://www.facebook.com/legal/controller_addendum as well as https://www.facebook.com/legal/terms/page_controller_addendum

You can find out which data Meta uses for usage analysis in connection with our Facebook fan page and which information Meta provides for data processing in connection with the Facebook Insights function here:

https://de-de.facebook.com/legal/terms/information_about_page_insights_data

Further information on how Meta Platforms Ireland Limited processes your personal data can be found at:

https://www.facebook.com/about/privacy sowie https://de-de.facebook.com/legal/terms/information_about_page_insights_data

  1. Legal basis
 
Legitimate interest, Article 6 (1) (f) GDPR.
  1. Purpose

The purpose of data processing is to analyze your visitor behavior on our Facebook fan page, to tailor our Facebook fan page to your interests, and to process inquiries.

  1. Storage Period

Information on the storage period of your personal data at Meta Platforms Ireland Limited can be found at:

https://www.facebook.com/about/privacy

  1. Right to Object and Removal

If you do not want your personal data to be collected as part of the operation of our Facebook fan page, you have the option of objecting to the future processing of your personal data as part of the operation of our Facebook fan page at any time. In this case, we will forward your objection request to Meta Platforms Ireland Limited.

  1. Instagram Channel
  1. Description and Scope

As part of the operation of our Instagram channel, we process your personal data in order to contact and interact with users and visitors of the social network “Instagram.” We publish information about our company there.

If you contact us directly via our Instagram channel (e.g., via a direct message), the data you provide will only be processed for the purpose of recording and responding to your customer/prospective customer inquiry.

We are also able to compile statistics on visits to our Instagram channel. This information is compiled by Meta (“Instagram Insights”) and enables us to market our activities more effectively and specifically.

With regard to Instagram Insights data, we are jointly responsible for data processing with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we have entered into an agreement with Meta Platforms Ireland Limited regarding which of us processes which obligations under the EU GDPR.

The essential contents of this agreement can be viewed at:

https://www.facebook.com/legal/controller_addendum as well as https://www.facebook.com/legal/terms/page_controller_addendum

You can find out which data Meta uses for usage analysis in connection with our Instagram channel and which information Meta provides for data processing in connection with the Instagram Insights function here:

https://de-de.facebook.com/legal/terms/information_about_page_insights_data

Further information on how Meta Platforms Ireland Limited processes your personal data can be found at:

https://privacycenter.instagram.com/policy/ as well as https://de-de.facebook.com/legal/terms/information_about_page_insights_data

  1. Legal basis

Legitimate interest, Article 6 (1) (f) GDPR.

  1. Purpose

The purpose of data processing is to analyze the success of our Instagram channel, tailor our Instagram channel to your interests, and process inquiries.

  1. Storage Period

Information on the storage period of your personal data at Meta Platforms Ireland Limited can be found at:

https://privacycenter.instagram.com/policy/

  1. Possibility of objection and removal

If you do not want your personal data to be collected as part of the operation of our Instagram account, you have the option to object to the future processing of your personal data as part of the operation of our Instagram channel at any time. In this case, we will forward your objection request to Meta Platforms Ireland Limited.

LinkedIn page

  1. Description and scope

As part of operating our LinkedIn page, we process your personal data to connect and interact with users and visitors of the social job network LinkedIn. We publish information about our company there.

If you contact us directly via our LinkedIn page (e.g., by sending us a message), the data you provide will only be processed for the purpose of recording and responding to your inquiry.

We are also able to compile statistics on visits to our LinkedIn page. This information is compiled by LinkedIn (“Page Insights”) and enables us to market our activities more effectively and specifically.

With regard to Page Insights data, we are jointly responsible for data processing with LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. For this purpose, we have entered into an agreement with LinkedIn Ireland Unlimited Company regarding which of us processes which obligations under the EU GDPR.

The essential content of this agreement can be viewed at:

https://legal.linkedin.com/pages-joint-controller-addendum

You can find out which data LinkedIn uses to analyze usage in connection with our LinkedIn page and which information LinkedIn provides for data processing in connection with the Page Insights function here:

https://www.linkedin.com/help/linkedin/answer/a547077/linkedin-page-analytics-overview?lang=de

Further information on the processing of your personal data by LinkedIn Ireland Unlimited Company can be found at:

https://de.linkedin.com/legal/privacy-policy

  1. Legal basis

Legitimate interest, Article 6 (1) (f) GDPR.

  1. Purpose

The purpose of data processing is to analyze the success of our LinkedIn page and to design our LinkedIn page according to your interests and to process inquiries.

  1. Storage period

Information on how long LinkedIn Ireland Unlimited Company stores your personal data can be found at:

https://www.linkedin.com/legal/privacy-policy

  1. Possibility of objection and removal

If you do not want your personal data to be processed by LinkedIn, you have the option to object to the processing of your personal data in the context of the operation of our LinkedIn page at any time in the future.

Information on how LinkedIn processes your personal data can be found at:

https://de.linkedin.com/legal/privacy-policy

  1. Xing page
  1. Description and scope

As part of operating our Xing page, we process your personal data to contact and interact with users and visitors of the social network “Xing.” We also occasionally publish information about our company and related offers.

If you contact us directly via our Xing page, the data you provide will only be processed for the purpose of recording and responding to your inquiry.

We are also able to compile statistics on visits to our Xing page. This information is compiled anonymously by Xing and enables us to market our activities more effectively and specifically.

Information on how Xing processes your personal data can be found at:

https://privacy.xing.com/de/datenschutzerklaerung/druckversion

 

  1. Legal basis

Legitimate interest, Article 6 (1) (f) GDPR.

  1. Purpose

The purpose of data processing is to analyze the success of our Xing page and to design our Xing page according to your interests and to process inquiries.

  1. Storage period

Information on the storage period of your personal data at New Work SE can be found at:

https://privacy.xing.com/de/datenschutzerklaerung/druckversion

  1. Possibility of objection and removal

If you do not want your personal data to be collected as part of the operation of our Xing page, you have the option to object to the processing of your personal data for the purpose of operating our Xing page at any time in the future.

Information on the processing of your personal data by Xing can be found at:

https://privacy.xing.com/de/datenschutzerklaerung/druckversion

  1. Appointments via Doctolib
  1. Description and scope

When scheduling doctor appointments via Doctolib, we process the following personal data:

  • Appointment type;
  • Date;
  • First name;
  • Last name;
  • Previous visit.
  1. Legal basis

Performance of the contract, Article 6 (1) (b) of the EU GDPR.

  1. Purpose

The purpose of data processing is to schedule your doctor’s appointment.

  1. Storage period

Your personal data will be stored until the purpose no longer applies, unless longer retention periods apply.

  1. Possibility of objection and removal

You have the right to object to data processing for scheduling your doctor’s appointment at any time. In this case, your personal data will be deleted, and we will then no longer be able to consider you for scheduling a doctor’s appointment.

  1. Appointment by Telephone
  1. Description and Scope

 

When scheduling doctor’s appointments by telephone, we process the following personal data:

  • Appointment type;
  • Date;
  • First name;
  • Last name;
  • Reason for visit.

 

  1. Legal basis

Performance of the contract, Article 6 (1) (b) of the EU GDPR.

  1. Purpose

The purpose of data processing is to schedule your doctor’s appointment.

  1. Storage period

Your personal data will be stored until the purpose no longer applies, unless longer retention periods apply.

  1. Possibility of objection and removal

You have the right to object to data processing for scheduling your doctor’s appointment at any time. In this case, your personal data will be deleted, and we will no longer be able to consider you when scheduling a doctor’s appointment.

  1. Recipient categories

Within our company, personal data is transferred to those departments and units that need it to fulfill the aforementioned purposes. In addition, we sometimes use various service providers and transmit your personal data to other trusted recipients. These may include, for example:

  • Printing companies;
  • Lettershops;
  • Scanning services;
  • Banks;
  • IT service providers;
  • Cooperations partners;
  • Lawyers, tax advisors, and courts.
  • Transfer to third countries

As part of the processing of your personal data, we may transfer your personal data to trusted service providers in third countries. Third countries are countries located outside the European Union (EU) or the European Economic Area (EEA).

We only work with service providers who can provide us with appropriate guarantees for the security of your personal data and guarantee that your personal data will be processed in accordance with strict European data protection standards. A copy of these appropriate guarantees is available for inspection at our premises.

If we transfer personal data to third countries, this is done on the basis of a so-called adequacy decision of the European Commission or, if no such decision exists, on the basis of so-called standard data protection clauses, which have also been issued by the European Commission.

  • Your rights

You have the following rights with regard to us:

  1. Right to information

You have the right to information about whether and which of your personal data is processed by us. In this case, we will also inform you about

  • the purpose of the processing;
  • the data categories;
  • the recipients of your personal data;
  • the planned storage period or the criteria for the planned storage period;
  • your other rights;
  • unless you have provided us with your personal data: all available information about its origin: where applicable: the existence of automated decision-making, as well as information about the logic involved, the scope, and the intended effects of the processing
  • where applicable: the existence of automated decision-making, as well as information about the logic involved, the scope and the envisaged effects of the processing.
  1. Right to rectification

You have the right to rectification and/or completion if your personal data processed by us is incorrect or incomplete.

  1. Right to restriction of processing

You have the right to restrict processing if

  • we verify the accuracy of your personal data processed by us;
  • the processing of your personal data is unlawful;
  • You need your personal data processed by us for legal action after the purpose no longer applies;
  • You have objected to the processing of your personal data and we are examining this objection.
  1. Right to erasure

You have the right to erasure if

  • we no longer need your personal data for its original purpose;
  • you withdraw your consent and there is no other legal basis for processing your personal data;
  • you object to the processing of your personal data and – unless it is for direct marketing purposes – there are no overriding reasons for further processing;
  • the processing of your personal data is unlawful;
  • the deletion of your personal data is required by law;
  • Your personal data was collected as a minor for information society services.
  1. Right to information

If you have exercised your right to rectification, erasure or restriction of processing, we will inform all recipients of your personal data of this rectification, erasure or restriction of processing.

  1. Right to data portability

You have the right to receive your personal data processed by us based on your consent or for the performance of a contract in a structured, common, and machine-readable format and to transmit it to another controller. If technically feasible, you have the right to have us transmit this data directly to another controller.

  1. Right of objection

If there are specific reasons, you have the right to object to the processing of your personal data. In this case, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing.

If your personal data is processed for direct marketing purposes, you have the right to object at any time.

  1. Right of withdrawal

You have the right to revoke your consent at any time. Revoking your consent does not affect the legality of any previous processing based on your consent.

  1. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the competent supervisory authority if you believe that our processing of your personal data violates the EU GDPR.

The responsible supervisory authority for us is:

Bavarian State Office for Data Protection Supervision (BayLDA)

Promenade 18

91522 Ansbach

Telephone: +49 (0) 981 180093-0

Fax: +49 (0) 981 180093-800

Email: poststelle@lda.bayern.de