fbpx

General Data Protection Regulation

 

Responsible body:
medi-login UG (haftungsbeschränkt)
Kornstraße 17a
42719 Solingen, Germany
E-Mail: info@derma-to-login.com
Phone: +49 (0) 176 57757323

CEO: Frau Dr. med. Estefania Lang
Local Court Wuppertal, HRB-29114

Data Protection Officer:
Dr. med. Estefania Lang
datenschutz@derma-to-login.com

 

medi-login UG (haftungsbeschränkt) is a young company that offers high-quality services from doctors for doctors and medical students as well as learning materials. We want you, as a user of our services, to understand how we use information and what options you have to protect your data. We are aware of the importance and sensitivity of your data and thank you for your trust. The responsible handling of your data is an important concern for us. If you have any questions, please do not hesitate to contact us.

 

1. Basic information on data processing and legal bases

1.1. These data protection provisions inform users about the type, scope and purpose of the process of storing personal data by the responsible provider, medi-login UG (limited liability). They apply to the website operated by the provider www.derma-to-login.com (hereinafter referred to as "medi-login"). These data protection provisions apply regardless of the domains, systems, platforms and devices used on which derma-to-login is listed.

1.2. With regard to the terms used, such as "personal data", "user" or "processing", we refer to Art. 4 of the General Data Protection Regulation (valid for Germany).

1.3. We process personal data of users exclusively in compliance with the relevant data protection regulations. In accordance with Art. 13 DSGVO, we will inform you of the legal basis for our data processing. If the legal basis is not mentioned in these data protection provisions, the following applies: The legal basis for processing personal data with separate consent is Article 6 (1) (a). and Art. 7 DSGVO, the legal basis for the processing of data for the performance of our services and implementation of contractual measures is Art. 6 Paragraph 1 lit. b. DSGVO, the legal basis for the processing of personal data in order to fulfill our legal obligations is Article 6 Paragraph 1 lit. DSGVO and the legal basis for the processing of personal data to safeguard our legitimate interests is Art. 6 Para. 1 lit.f. DSGVO.

2. Transfer of data to third parties and third party providers

2.1. We are entitled, within the framework of legal regulations, to commission other companies and persons to perform tasks on our behalf that require the disclosure of personal data. This includes, for example, companies that specialize in payment processing, dispatch of goods, dispatch of newsletters, etc.

2.2. A transfer of personal data to third parties takes place only on the basis of legal permits and within the framework of the legal requirements. We only pass on user data to third parties if this is, for example, based on Art. 6 Para. 1 lit. b. DSGVO is required for contractual purposes, or if we use services within the scope of our legitimate interests (Art. 6 Para. 1 lit. f. DSGVO). If we commission third parties with the processing of data within the framework of a so-called "order processing contract", this is done on the basis of Art. 28 DSGVO.

2.3. If we use the services of third parties to provide our services, we take suitable legal precautions as well as technical and organizational measures to ensure the protection of personal data in accordance with the relevant statutory provisions.

2.4. Personal data can also be transferred to servers outside the EU or to trustworthy third parties who are based outside the EU so that they can process this data on our behalf. You should be aware that many countries do not offer the same legal protection for personal information as you enjoy in the EU. While your personal information is in another country, it can be accessed by courts, law enforcement, and national security agencies in that country in accordance with its laws. Subject to such legitimate access requests, we promise that anyone who processes your personal information outside of the EU must take measures to protect it and only process it in accordance with our instructions and in accordance with applicable EU law. Therefore, we only have data processed in a third country if the special requirements of Art. 44 ff. DSGVO are met.

Which personal data we collect

Provision of contractual services / user account

3.1. We process inventory data (e.g. names, addresses and other contact details), contract data (e.g. payment information, services used) to fulfill our contractual obligations and services in accordance with Art. 6 Paragraph 1 lit. DSGVO.

3.2. In order to be able to use our offer to the full extent, registration is required. As part of setting up a corresponding user account, you must enter a password in addition to your email address. This information is used for login and secure identification on our site.

3.3. In addition, we may ask you for further personal information such as first and last name, desired specialty, address or gender, e.g. as part of a survey or within your user accounts. If this information is not necessary to provide our services, it is always voluntary. We will use this information to tailor our offer to you.

3.4. When you register and log in to your user account and when you use our online services, we save the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests and the interest of the user in protection against misuse and unauthorized use according to Art. 6 Para. 1 lit. f. DSGVO.

4. Contact form

4.1. If you have any questions, we offer you the opportunity to contact us using a form provided on the website. It is necessary to provide a valid email address so that we know who sent the request and so that we can answer it. Further information can be provided voluntarily. The data processing for the purpose of contacting us is carried out in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO on the basis of your voluntarily given consent.

5. Comments and contributions

5.1. If users enter comments or other contributions, their IP addresses are stored on the basis of our legitimate interests in accordance with Art. 6 Paragraph 1 lit. f. DSGVO. This is done for our safety in the event that someone posts illegal content.

6. Access data and log files

6.1. Automated access logs are kept on our servers, i.e. access data is collected. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requested provider .

6.2. If you have created a user account with us and use our online learning program “medi-login”, we automatically collect usage statistics regarding the learning success controls of our online learning program and the pages visited within our platform. This information is used for statistical analysis of your personal learning needs. For this purpose, anonymized overall statistics are created.

6.3. The data is collected exclusively on the basis of our legitimate interests in accordance with Article 6 (1) (f) DSGVO, namely to maintain and improve our services as well as for security reasons (e.g. clarifying acts of abuse).

7. Cookies

7.1. We use cookies on our website. Cookies are information that is transferred from our web server or third-party web servers to the user's web browser and stored there for later retrieval. Cookies can be small files or other types of information storage.

7.2. The use of cookies serves on the one hand to make the use of our offer attractive for you. We use so-called session cookies to recognize that you have already visited individual pages on our website. These are automatically deleted after leaving our site. In addition, we use temporary cookies to optimize user-friendliness, which are stored on your end device for a specified period of time. If you visit our site again to use our services, it is automatically recognized that you have already visited us and which entries and settings you have made so that you do not have to re-enter them.

7.3. The data processed by cookies are required for the purposes mentioned to safeguard our legitimate interests (interest in the analysis and optimization of our online offer) in accordance with Art. 6 Para. 1 S. 1 lit.f DSGVO.

7.4. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, if you completely deactivate cookies, you may not be able to use all the functions of our website.

8. Google Analytics

8.1. On the basis of our legitimate interests (ie interest in the analysis, optimization and economic operation of medi-login within the meaning of Art. 6 Para. 1 lit. f. DSGVO), we use Google Analytics, a web analysis service from Google Inc. 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; hereinafter “Google”. In this context, pseudonymised usage profiles are created and cookies (see section 10) are used. The information generated by the cookie about your use of derma-to-login such as browser type / version, operating system used, referrer URL (the previously visited page), host name of the accessing computer (IP address) and time of the server request transferred to a Google server and stored there.

8.2. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and the needs-based design of this website. The IP addresses are anonymized so that an assignment is not possible (IP masking).

8.3. We also use Google Analytics to show advertisements placed by Google and its partners only to users who have also shown an interest in our online offer or who have certain characteristics that suggest an interest in our online offer (so-called "Google -Analytics-Audiences ").

8.4. You can prevent the installation of cookies by setting the browser software accordingly; however, we point out that in this case not all functions of this website can be used to their full extent.

8.5. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on https://tools.google.com/dlpage/gaoptout?hl=de

8.6. As an alternative to the browser plug-in or within browsers on mobile devices, please click on the following link to set an opt-out cookie that will prevent Google Analytics from collecting data on the website in the future (this opt-out cookie only works in this browser and only for this domain, delete your cookies in this browser, you have to click this link again): Deactivate the recording of Google Analytics

9. Integration of content and services from third parties

On the basis of our legitimate interests according to Art. 6 Paragraph 1 lit. f. DSGVO (interest in the analysis, optimization and economic operation of our online offer), as well as partially to fulfill our contractual obligations according to Art. 6 Paragraph 1 lit. b DSGVO we use various content or services from third parties. This always means that the providers of this content and services receive the IP address of the user, since you cannot send the content to the browser without the IP address. We strive to only use content and services whose providers only use the IP address to provide the content and services.

9.1. We use content and services from the following providers:

        Videos from the "YouTube" platform operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.Data protection declaration: https://www.google.com/policies/privacy/

 

        Maps from the "Google Maps" service provided by third-party provider Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://www.google.com/policies/privacy/

 

        Videos from the “Vimeo” platform of the provider Vimeo, Inc., 555 West 18th Street, New York, New York 10011 Data protection declaration: https://vimeo.com/privacy

10. Data security

10.1 All communication between your browser and our services takes place via an encrypted TLS connection to protect your information from unauthorized access by third parties. Only selected administrators have access to the data and only insofar as it is necessary to maintain the services.

10.2. We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

11. Deletion of data

11.1. The data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention requirements. If the user data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to user data that must be kept for commercial or tax law reasons.

12. Betroffenenrechte

12.1. Sie haben das Recht:

  • gemäß Art. 7 Abs. 3 DSGVO Ihre einmal erteilte Einwilligung gegenüber uns mit Wirkung für die Zukunft zu widerrufen.
  • gemäß Art. 15 DSGVO auf Antrag unentgeltlich Auskunft über Ihre von uns verarbeiteten personenbezogenen Daten zu verlangen.
  • gemäß Art. 16 DSGVO unverzüglich die Berichtigung unrichtiger oder Vervollständigung Ihrer bei uns gespeicherten personenbezogene Daten zu verlangen.
  • gemäß Art. 17 DSGVO die Löschung Ihrer bei uns gespeicherten personenbezogenen Daten zu verlangen, soweit nicht die Verarbeitung zur Ausübung des Rechts auf freie Meinungsäußerung und Information, zur Erfüllung einer rechtlichen Verpflichtung, aus Gründen des öffentlichen Interesses oder zur Geltendmachung, Ausübung oder Verteidigung von Rechtsansprüchen erforderlich ist.
  • gemäß Art. 18 DSGVO die Einschränkung der Verarbeitung Ihrer personenbezogenen Daten zu verlangen.
  • gemäß Art. 20 DSGVO Ihre personenbezogenen Daten, die Sie uns bereitgestellt haben, in einem strukturierten, gängigen und maschinenlesebaren Format zu erhalten oder die Übermittlung an einen anderen Verantwortlichen zu verlangen.
  • gemäß Art. 77 DSGVO sich bei einer Aufsichtsbehörde zu beschweren. In der Regel können Sie sich hierzu an die Aufsichtsbehörde Ihres üblichen Aufenthaltsortes oder Arbeitsplatzes oder unseres Sitzes wenden.

12. Rights of Data Subjects

12.1. You have the right:

        to revoke your consent once given to us with effect for the future in accordance with Art. 7 Para. 3 DSGVO.

        In accordance with Art. 15 DSGVO, to request information about your personal data processed by us free of charge.

        to immediately request the correction of incorrect or incomplete personal data stored by us in accordance with Art. 16 DSGVO.

        to request the deletion of your personal data stored by us in accordance with Art. 17 DSGVO, unless processing to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend Legal claims is required.

        to request the restriction of the processing of your personal data in accordance with Art. 18 DSGVO.

        In accordance with Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another person responsible.

        To complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence or work or our headquarters.

13. Right to Object

13.1. If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit.f DSGVO, you have the right to object to the processing of your personal data in accordance with Art. 21 DSGVO, provided there are reasons for doing so which arise from your particular situation or the objection is directed against direct mail. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.

13.2. If you would like to make use of your right of revocation or objection, an email to our above-mentioned email address is sufficient.

14. Changes to the privacy policy

14.1. We reserve the right to change these data protection regulations from time to time in order to take account of a changed legal situation or the expansion of the functional scope of our website. You should therefore read the data protection regulations regularly in order to be informed about the protection of your data. By continuing to use our services, you agree to the current version of this data protection declaration.

Status: July 2018