We take the protection of your data seriously
§1 Information on the collection of personal data and provider identification
(1) Below we provide information on the collection of personal data when using this website. Personal data is all data that can be related to you personally, e.g. name, address, email addresses, user behaviour.
(2) The data controller within the meaning of Article 4 (7) of the EU General Data Protection Regulation (DS-GVO) is MVZ PAN INSTITUT GmbH
Zeppelinstr. 1 D-50667 Cologne
In the PAN Klinik am Neumarkt (see our imprint). Our data protection officer is Dr. iur. Andreas Pinheiro LL.M., email@example.com.
(3) If we use commissioned service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective procedures below. We also specify the defined criteria for the storage period.
§2 Rights, in particular to information and revocation
(1) You have the following rights vis-à-vis us with regard to the personal data concerning you:
- right of access,
- right of rectification or erasure,
- right to restrict processing,
- right to object to processing,
- right to data portability.
(2) If you have consented to the use of data, you can revoke this consent at any time. Where the lawfulness of processing is based on consent, it will remain valid until revocation is exercised.
(3) All information requests, requests for information or objections to data processing are to be sent by email to firstname.lastname@example.org or to the address mentioned under §1 para. 2.
(4) You can ask us to delete your data at any time. There may be legal retention periods that allow us to keep your data until the expiry of, for example, 10 years (for billing data).
(5) If your data is incorrect, you have the right to have it corrected by us. We will comply with this request without delay.
(6) You have the right to receive from us your personal data that you have provided to us in a readable format, insofar as this is technically possible, in order to make it available to another company (right to data portability).
(7) You have the right to complain to the supervisory authority responsible for you. A list of data protection officers and their contact details can be found under the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
§3 Data security
(1) We maintain current technical measures to ensure data security, in particular to protect your personal data from dangers during data transmission and from third party access. These are adapted to the current state of the art.
§4 Collection of personal data in the case of informative use and contact
(1) In the case of merely informative use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to access our website, we collect the following data, which is technically necessary to display our website to you and to ensure its stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f DS-GVO):
- IP address
- date and time of the request
- time zone difference to Greenwich Mean Time (GMT)
- content of the request (specific page)
- access status/HTTP status code
- amount of data transferred in each case
- website from which the request came
- operating system and its interface
- language and version of the browser software
(2) If you contact us by email or through the contact form, your email address, name and, if you so indicate, your telephone number will be stored by us. The purpose of this storage is only to contact you in order to answer your questions.
(3) The legal basis for the collection of data is the consent you have given by visiting our website and confirming the cookie banner or sending the contact form (Art. 6 para. 1 lit. a GDPR).
(4) We will only use your data for advertising purposes to the extent permitted by law. In particular, we will only use your email address for direct marketing of our own similar goods or services. You can object to the use of your data for advertising purposes at any time in writing or in text form (email to email@example.com). We refer here to our legitimate interest in advertising our products to our customers in accordance with Art. 6 (1) lit. f GDPR.
(5) In addition to the above data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and linked to the browser you are using, which provide certain information to the party setting the cookie (in this case, us). Cookies cannot execute programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.
(2) This website uses the following types of cookies, the scope and functionality of which are explained below:
- Transient cookies (temporary use)
- Persistent cookies (time-limited use)
- Third-party cookies
(3) Transient cookies are automatically deleted when you close the browser. This includes in particular the session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognised when you return to the site. Session cookies are deleted when you log out or close your browser.
(4) Persistent cookies are automatically deleted after a certain period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
(5) You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all the features of this website.
(7) The following cookies are used:
Consent to the cookie declaration
This cookie is set by Youtube and registers a unique ID to track users based on their geographic location.
Used by Google DoubleClick and stores information about how the user uses the website and whether the user has seen other advertisements before visiting the website. This is used to present users with ads that are relevant to them according to their user profile.
This cookie is set by Youtube. Used to track information from embedded YouTube videos on a website.
Sync and corrections from n17t01
These cookies are set by Youtube and are used to track views of embedded videos.
§6 Data transfer for the maintenance of the website
(1) We will not pass on your personal data to third parties, unless we inform you about a transfer.
(2) Our IT service providers have access to the data stored by us in order to correct errors and to be able to perform the necessary technical and organisational measures. Here we refer to our legitimate interest in securing our IT in accordance with Art. 6 (1) lit. f GDPR or in fulfilling statutory dutys in accordance with Art. 6 (1) lit. c GDPR.
(3) The IT service provider(s) were carefully selected by us and commissioned in writing. They are bound by our instructions and are regularly inspected by us. These data are not passed on to third parties by the service providers.
(4) Your data will not be passed on outside the EU area (EEA).
§7 Social media plug-ins
(1) We currently use the following social media plug-ins: Facebook, Twitter. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognise the provider of the plug-in by the mark on the box above its initial letter or logo. We give you the opportunity to communicate directly with the provider of the plug-in through the button. Only when you click on the marked field and thereby activate it, does the plug-in provider receive the information that you have accessed the corresponding page of our online offer. In addition, the data mentioned under §4 of this declaration will be transmitted. In the case of Facebook, according to the respective providers in Germany, the IP address is anonymised immediately after collection. By activating the plug-in, your personal data will be transmitted to the respective plug-in provider and stored there (for US providers in the USA). Since the plugin provider collects data in particular through cookies, we recommend that you delete all cookies through your browser's security settings before clicking on the greyed-out box.
(2) We have neither influence on the collected data and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information about the deletion of the collected data by the plugin provider.
(3) The plug-in provider stores the data collected about you as usage profiles and uses these for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is performed in particular (also for non-logged-in users) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Through the plug-ins, we offer you the opportunity to interact with the social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 p. 1 lit. f DS-GVO.
(4) The data transfer takes place irrespective of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, the data we collect is directly assigned to your account with the plug-in provider. If you click on the activated button and link to the page, for example, the plugin provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, in order to avoid an assignment to your profile with the plugin provider.
(5) Further information on the purpose and scope of the data collection and its processing by the plugin provider can be found in the data protection declarations of these providers communicated below. There you will also receive further information about your rights in this regard and setting options for protecting your privacy.
(6) Addresses of the respective plug-in providers and URL with their privacy notices:
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; www.facebook.com/policy.php; further information on data collection: www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other as well as www.facebook.com/about/privacy/your-info. Facebook has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-context.
c) Twitter, Inc, 1355 Market St, Suite 900, San Francisco, California 94103, USA; twitter.com/privacy. Twitter has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-context.
(1) With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The goods and services advertised are identified in the consent form. When registering to use the user account, you can choose whether you would like to subscribe to the MVZ-PAN newsletter. To do this, you must tick the box in front of "Subscribe to newsletter".
(2) For the registration to our newsletter we use the so-called double opt-in procedure. This means that after your registration we will send you an email to the email address you provided, asking you to confirm that you would like to receive the newsletter. If you do not confirm your registration within 24 hours, your data will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the time of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
(3) The only mandatory information for sending the newsletter is your email address. After your confirmation, we store your email address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 p. 1 lit. a DS-GVO.
(4) You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter email, through this form on the website, by email to firstname.lastname@example.org or by sending a message to the contact details given in the imprint.
(5) We would like to point out that we evaluate your user behaviour when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons, also known as tracking pixels. These are single-pixel image files that link to our website and thereby enable us to evaluate your user behaviour. This is done by collecting the data mentioned in §4 and by web beacons that are assigned to your email address and linked to a unique ID. Links received in the newsletter also contain this ID. The data is only collected pseudonymously, i.e. the IDs are not linked with your other personal data, so that a direct personal reference is excluded. The information collected in this way is stored by the newsletter provider on its server.
(6) You can object to this tracking at any time by clicking on the separate link contained in each email or by informing us at email@example.com.
(7) Such tracking is not possible even if you have deactivated the display of images by default in your email program. In this case, however, the newsletter will not be displayed in full and you may not be able to use all the functions. When you view the images manually, the tracking mentioned above takes place.
§9 Newsletter service provider MailChimp
(1) This website uses the services of MailChimp to send newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. MailChimp is a service with which, in particular, the dispatch of newsletters can be organised and evaluated. If you enter data to receive the newsletter (e.g. email address), this data is stored on MailChimp's servers in the USA.
(2) MailChimp has a certification according to the "EU-US Privacy Shield". The "Privacy Shield" is an agreement between the European Union (EU) and the USA, which is intended to ensure compliance with European data protection standards in the USA.
(3) Using MailChimp we can evaluate our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (so-called web beacon) connects to MailChimp's servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information is collected (e.g. time of access, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. They are used exclusively for the statistical evaluation of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
(4) The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of MailChimp after you unsubscribe from the newsletter. Data that is stored by us for other purposes (e.g. email addresses for the member area) remains unaffected by this.
§10 Webtracking - Google Analytics
(1) This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, if you have given your consent to do so. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymisation is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
(2) The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data.
(4) This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are processed in a shortened form, which means that they cannot be traced back to a specific person. Insofar as the data collected about you has a personal reference, this is accordingly immediately excluded and the personal data is thereby immediately deleted.
(5) We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. For the exceptional cases where personal data is transferred to the US, Google has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-context.
(6) The legal basis for the use of Google Analytics is your consent, i.e. Art. 6 (1) p. 1 lit. a DS-GVO.
(8) This website also uses Google Analytics for a cross-device analysis of visitor flows, which is done through a user ID. You can deactivate the cross-device analysis of your usage in your customer account under "My data", "Personal data".
§11 Use of the Google Tag Manager:
(1) Google Tag Manager is a solution provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") that allows marketers to manage website tags through an interface.
(2) The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not collect any personal data. The tool triggers other tags, which in turn can collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags implemented with the Google Tag Manager. www.google.de/tagmanager/use-policy.html
(3) The legal basis for the transfer of personal data to Google is your consent, i.e. Article 6 (1) sentence 1 lit. a DS-GVO. Click here to be excluded from collection by Google Tag Manager.
§12 PLUGIN: Youtube
(1) We have integrated Youtube videos of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") into our online offer, which are stored on www.YouTube.com and can be played directly from our website. These are all embedded in "enhanced privacy mode", which means that no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos, the data mentioned in paragraph 2 are transmitted. We have no influence on this data transmission.
(2) By visiting the website, YouTube (Google) receives the information that you have called up the corresponding sub-page of our website. In addition, the data mentioned under §4 of this declaration will be transmitted. This happens irrespective of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not want to be connected to your profile on YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or designing its website in line with requirements. Such an evaluation is performed in particular (also for non-logged-in users) for the provision of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right, you must contact YouTube.
(3) The legal basis for the transmission of personal data to Youtoube (Google) is your consent, i.e. Art. 6 para. 1 S. 1 lit. a DS-GVO.
§13 PLUGIN: Integration of Google Maps
(1) We use the Google Maps service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") on this website. This allows us to show you interactive maps directly in the website and you can use the map function conveniently.
(2) By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, the data mentioned under §4 of this declaration will be transmitted. This happens irrespective of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or to tailor its website to your needs. Such an evaluation is performed in particular (also for non-logged-in users) for the provision of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right, you must contact Google.
(3) The legal basis for the transfer of personal data to Google is your consent, i.e. Art. 6 (1) sentence 1 lit. a DS-GVO.
§14 Use of jQuery
(1) Our website uses the Java Script extension jQuery, which is reloaded from the website code.jquery.com. This involves calling program libraries from StackPath servers.
(2) When you access a page, your browser loads the required program libraries into your browser cache. For this purpose, the browser you use must connect to StackPath's servers in the USA. The use of jQuery is in the interest of an optimised and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR.
§15 Use of Google Adwords Conversion
(1) We use the offer of Google Adwords to draw attention to our attractive offers using advertising media (so-called Google Adwords) on external websites. We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. We do this to show you advertisements that are of interest to you, to make our website more interesting to you and to provide a fair calculation of advertising costs.
(2) These advertising materials are delivered by Google through so-called "ad servers". For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as the display of ads or clicks by users, can be measured. If you access our website through a Google ad, Google Adwords will store a cookie on your PC. These cookies usually expire after 30 days and are not intended to identify you personally. The analysis values stored for this cookie are usually the unique cookie ID, the number of ad impressions per placement (frequency), the last impression (relevant for post-view conversions) and the opt-out information (marking that the user no longer wishes to be addressed).
(3) These cookies allow Google to recognise your Internet browser. When a user visits certain pages of an Adwords customer's website and the cookie stored on their computer has not yet expired, Google and the customer can recognise that the user has clicked on the ad and been redirected to that page. A different cookie is assigned to each Adwords customer. Cookies can accordingly not be tracked on the websites of Adwords customers. We ourselves do not collect and process any personal data in the above advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data through the use of the advertising material, in particular we cannot identify any users on the basis of this information.
(4) Your browser automatically establishes a direct connection with the Google server due to the marketing tools used. We have no influence on the scope and further use of the data collected by Google through the use of this tool and accordingly inform you according to our state of knowledge: Through the integration of AdWords Conversion, Google receives the information that you have called up the relevant part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can associate the visit with your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out and store your IP address.
(1) Our websites use plugins of the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA.
(2) When you visit one of our pages equipped with a Vimeo plugin, a connection to the servers of Vimeo is established. This tells the Vimeo server which of our pages you have visited. In addition, Vimeo receives your IP address. This also applies if you are not logged in to Vimeo or do not have an account with Vimeo. The information collected by Vimeo is transmitted to the Vimeo server in the USA.
(3) If you are logged into your Vimeo account, you allow Vimeo to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your Vimeo account.
(5) (6) The use of vimeo takes place in the interest of a representation of our online offer video. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR.
§17 JAMEDA Appointment Plugin
(1) We offer patients the opportunity to book an appointment for our consultation online through our website using the Jameda Appointment Plugin (hereinafter "jameda"). For this purpose we use the service of the company jameda GmbH, St.-Cajetan-Str. 41 81669 Munich). The system provides you with free times in our appointment calendar.
(2) In order to be able to use the service from jameda to make an appointment, it is necessary that you provide your name, email address and telephone number. This personal data is transmitted to Jameda and added to the appointment calendar stored with us. A verification of your person takes place by telephone through an SMS confirmation code (2-factor authentication). After the examination Jameda informs then the contracting doctor of the MVZ about the date. Your data will then be entered into our patient management system.
(3) Your data entered in the form will be forwarded to jameda and processed there exclusively for the purpose of making an appointment. A passing on of the data for commercial purposes is excluded.
(4) The use of the plugin is based on your consent under Art. 9 (1) lit. a GDPR. You transmit this by clicking the button "Book appointment bindingly" and ticking the data protection information.
(5) Your consent is freely revocable in accordance with Art. 7 (4) GDPR.
(6) With regard to data processing at Jameda, we refer to the data protection declaration of Jameda at www.jameda.de/jameda/datenschutz.php
(7) Your data will only be stored in our patient administration software for as long as is necessary or as long as we are bound by statutory retention periods (§630f BGB - 10 years). The last deadline only applies if a doctor-patient relationship has been established. Otherwise, your data will be deleted on a regular basis after 6 months.
§18 Data collection for the purpose of application
(1) We offer vacancies on our homepage. If you apply for a position, we will store your application materials received by mail or email until the application process is complete.
(2) If we do not decide in your favour, we will destroy your application documents 4 months after the application deadline. We refer here to our legitimate interest in an efficient legal defence under Art. 6 para. 1 lit. f GDPR in connection with §14 para.3 AGG. The preclusive period for such actions is 3 months.
(3) The processing of your applicant data is based on §26 para. 1 BDSG, as it is necessary for the establishment of an employment relationship.