TCMASSIST

Menu

Privacy policy

Contact

We are glad that you visit our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to inform you at this point which of your personal data we collect when you visit our website and for what purposes it is used.

This privacy policy applies to the website Digitales Zeugs UG which is accessible under the domain www.tcmassist.org as well as the various subdomains (“our websites” ) and application.

Who is responsible and how do I reach you?

The person responsible for the processing of personal data is

Digitales Zeugs UG

What is it about?

Information about our health is extremely sensitive data. As such

they must be protected with the utmost care. Respect for privacy is a fundamental right and one of the core values of Digitales Zeugs UG.

Digitales Zeugs UG is committed to compliance with national and European regulations for the protection of

Protection of personal data and in particular the General Data Protection Regulation (“GDPR”)

comply.

Digital Stuff UG has been committed to protecting all patient data from the beginning,

Protect health care professionals and institutions that use our services.

Personal information (including health information) about patients is collected by a

Hoster with physical infrastructure and managed services provider hosted.

DEFINITIONS

The following terms used in this Privacy Notice (the “Notice”) are defined below.

“Privacy Notice”) are used and begin with a capital letter shall have the meaning set forth herein.

SUBJECT MATTER OF THE DATA PROTECTION NOTICE

This privacy notice provides information about how Digitales Zeugs UG employees and associated therapists and their staff process your personal data.

DATA CONTROLLER & PROCESSOR

DATA PROCESSOR

The controller is the person or body that determines the means and purposes of the processing. the processing. The processor, on the other hand, processes the data on behalf of the controller and acts under the supervision of the controller.

.

Depending on the type of data processed, Digitales Zeugs UG acts partly as a controller and partly as a processor.

Digitales Zeugs UG acts in its capacity as controller in particular for processing operations related to the creation and management of user accounts, the navigation of users on the website and the use of the platform.

The therapists, i.e. the subscribers of the services, act in their capacity of

for the processing of personal data in the course of treatment or follow-up treatment or follow-up care and billing of patients.

Digitales Zeugs UG then acts as a processor.

Regardless of whether Digitales Zeugs UG acts as a controller or processor, Digitales Zeugs UG shall take all appropriate measures to ensure the protection and confidentiality of personal data processed by it in accordance with the provisions of the GDPR.

This privacy policy meets the legal requirements for transparency in the processing of personal data. This is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behavior when visiting a website. Information for which we cannot (or can only with a disproportionate effort) establish a reference to your person, e.g. by anonymization, is not personal data. The processing of personal data (e.g. collection, retrieval, use, storage or transmission) always requires a legal basis and a defined purpose.

Stored personal data are deleted as soon as the purpose of the processing has been achieved and there are no legitimate grounds for further retention of the data. We inform you about the specific storage periods or criteria for storage in the individual processing operations. Irrespective of this, we store your personal data in individual cases for the assertion, exercise or defense of legal claims and in the event of statutory retention obligations.

Who gets my data?

We only share your personal data that we process on our website and application with third parties if this is necessary for the fulfillment of the purposes and is covered by the legal basis in the individual case (e.g. consent or safeguarding legitimate interests). In addition, we disclose personal data to third parties in individual cases if this serves the assertion, exercise or defense of legal claims. Possible recipients may then include, for example, law enforcement agencies, lawyers, auditors, courts, etc.

Insofar as we use service providers for the operation of our website, who process personal data g on our behalf as part of commissioned processing, they may be recipients of your personal data. For more information on the use of processors and web services, please refer to the overview of individual processing operations.

Digitales Zeugs UG does not share medical information with any commercial or advertising company.

Internal use: Personal user data may be used by the employees of Digitales Zeugs UG within the scope of their respective responsibilities and

and used solely for the purpose of fulfilling the purposes stated in this privacy policy.

Digitales Zeugs UG also uses the services of for some activities related to its activity.

Sub-processors listed here.

Accentoris AG, Switzerland

Teamwins SAS, Argentina

Do you use cookies?

Cookies are small text files that are sent by us to the browser of your end device during your visit to our website and stored there. As an alternative to the use of cookies, information can also be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, on the other hand, enable us to perform various analyses, so that we are able, for example, to recognize the browser you are using when you visit our website again and to transmit various information to us (non-essential cookies). With the help of cookies, we can, among other things, make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your terminal device. They cannot run programs or contain viruses.

We provide information about the respective services for which we use cookies in the individual processing operations. Detailed information on the cookies used can be found in the cookie settings or in the Consent Manager of this website.

Domain

Name

Description

Storage duration

www.google.com

_GRECAPTCHA

Safety check service

approx. 6 months

tcmassist.org

cookielawinfo-checkbox-analytics

Cookie Consent Tool

approx. 12 months

tcmassist.org

cookielawinfo-checkbox-other

Cookie Consent Tool

approx. 12 months

tcmassist.org

cookielawinfo-checkbox-functional

Cookie Consent Tool

approx. 12 months

tcmassist.org

cookielawinfo-checkbox-necessary

Cookie Consent Tool

approx. 12 months

tcmassit.org

cookielawinfo-checkbox-performance

Cookie Consent Tool

approx. 12 months

tcmassist.org

cookielawinfo-checkbox-advertising

Cookie Consent Tool

approx. 12 months

What rights do I have?

Under the conditions of the statutory provisions of the General Data Protection Regulation (GDPR), you have the following rights as a data subject:

  • Information about the data stored about you in the form of meaningful information about the details of the processing and a copy of your data;
  • Correctionofincorrect or incomplete data stored by us;
  • Deletion of the data stored by us, insofar as the processing is not necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
  • Restriction ofprocessing, insofar as the accuracy of the data is disputed, the processing is unlawful, we no longer need the data and you object to their deletion because you need them for the assertion, exercise or defense of legal claims or you have objected to the processing.
  • Data portability, insofar as you have provided us with personal data within the scope of consent or on the basis of a contract and these have been processed by us using automated procedures. You will receive your data in a structured, common and machine-readable format or we will transfer the data directly to another responsible party, as far as this is technically feasible.
  • Object to the processing of your personal data if there are grounds for doing so that arise from your particular situation or if the objection is directed against direct advertising. The right to object does not exist if overriding compelling legitimate grounds for the processing are demonstrated or if the processing is carried out for the assertion, exercise or defense of legal claims. Where the right to object does not exist for individual processing operations, this is indicated there.
  • Revocation of yourconsent with effect for the future.
  • Complain toa supervisory authority if you believe the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or our company headquarters.

How is my data processed in detail?

In the following, we inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. An automated decision in individual cases, including profiling, does not take place.

Provision of the website

Nature and scope of processing

When you call up and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which the access is made (referrer URL)
  • Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider

Our website is not hosted by ourselves, but by the service providers Metanet and Vultr, who process the aforementioned data on our behalf for the purpose of operating the website.

Purpose and legal basis

The processing is carried out to protect our overriding legitimate interest to display our website and ensure security and stability . The collection of data and storage in log files is mandatory for the operation of the website. There is no right to object to the processing. Insofar as the further storage of the log files is required by law, the processing is based on Art. 6 para. 1 lit. c GDPR. There is no legal or contractual obligation to provide the data, however, calling up our website is not technically possible without providing the data.

Storage duration

The aforementioned data will be stored for the duration of the display of the website [sowie aus technischen Gründen darüber hinaus für maximal [7 Tage]].

Deployment of the application

Nature and scope of processing

When you call up and use our application, we collect the personal data that your browser automatically transmits to our server. The following information is stored:

  • User account:

– Last name (and maiden name),

First names,

– Password (hash value),

– E-mail address,

– Phone number,

– Account data: Date and time of account creation and deletion.

Display of the appointment history in the user account

– Visualization and management of the user’s treatment appointments (made directly through the website appointments, through the appointment calendars of health professionals

  • Dates

– Details and documents related to in connection with the appointment.

– Documents of the users and their relatives

– Last name (and maiden name), first names;

– Other shared documents

– Provision of health-related information about the services

– First and last name (and maiden name),

– E-mail address,

– Phone number, user ID, city

– Reason for the appointment with the doctor,

– Status of the appointment (pending, expired, canceled, confirmed),

– Appointment ID

– Name, first name,

– Date of birth,

– Gender,

– Further treatment and referrals of the patient

– Name, first name

– Date of birth

– Patient gender

– History of the appointment

– Information about the appointment

– Appointment notes

– Medical documents handed over by the patient

– Name (and maiden name), first name

– Dates history

– Documents transmitted by the health care professional

  • Settlements

– Invoices

– Billed treatments and prices

– Health insurance

Our application is not hosted by ourselves, but by the service providers Amazon Web Services and Vultr, which process the aforementioned data on our behalf for the purpose of operating the application.

To comply with the provisions for personal health data

Digital Stuff UG uses Amazon Web Services and Vultur.com to host health data.

ALL PERSONAL HEALTH DATA IS HOSTED WITHIN THE EUROPEAN UNION.

EUROPEAN UNION

Cross-border transmission: In order to provide its services, Digitales Zeugs UG may use service providers located outside the European Union.

located outside the European Union to provide their services. When the

transfer is made to a third country where the level of protection for personal data is equivalent by legislation, Digitales Zeugs UG will ensure that the necessary measures are taken in accordance with the GDPR.

Purpose and legal basis

The processing is carried out to provide the functions of our practice software. This includes scheduling appointments, maintaining a patient record and billing for services.

Storage duration

The aforementioned data will be stored for the duration of the existence of the therapist account. After a therapist account is closed, the data is deleted after 6 months.

Contact form

Nature and scope of processing

On our website we offer you to contact us via a provided form. The information collected via mandatory fields is required to process the request. In addition, you may voluntarily provide additional information that you believe is necessary to process the contact request.

When using the contact form, your personal data will not be passed on to third parties.

Purpose and legal basis

The processing of your data by using our contact form is done for the purpose of communication and processing your request based on your consent . Insofar as your inquiry relates to an existing contractual relationship with us, the processing is carried out for the purpose of fulfilling the contract. There is no legal or contractual obligation to provide your data, but the processing of your request is not possible without providing the information of the mandatory fields. To the extent that you do not wish to provide this information, please contact us by other means.

Storage duration

If you use the contact form on the basis of your consent, we store the collected data of each request for a period of three years, starting with the completion of your request or until you revoke your consent.

[If you use the contact form in the context of a contractual relationship, we store the collected data of each request for a period of [three years] from the end of the contractual relationship].

Newsletter

Nature and scope of processing

If you register on our website to receive our newsletter, we collect your e-mail address and your name and store this information together with the date of registration and your IP address. You will then receive an e-mail in which you must confirm your subscription to the newsletter (double opt-in). If you do not confirm the registration within 72 hours, it will automatically expire and the data will not be processed for the newsletter mailing.

To send the newsletter, we use Mailchimp, which processes your personal data on our behalf. The new standard contractual clauses were also concluded with Mailchimp.

Purpose and legal basis

We process your data for the purpose of sending newsletters on the basis of your consent. By unsubscribing from the newsletter, you can declare your revocation at any time with effect for the future. There is no legal or contractual obligation to provide your data, but it is not possible to send the newsletter without providing your data.

Storage duration

After registration for the newsletter, we store the data for a maximum of 72 hours until the registration is confirmed. After successful confirmation, we store your data until you revoke your consent (unsubscribe from the newsletter) and for technical reasons beyond that for a maximum of 7 days.

Customer account registration

Nature and scope of processing

In the context of order processing (for the processing of product sales), we collect your personal data for the registration of a customer account and a password set by yourself. In addition, you may voluntarily provide additional information that you believe is necessary for the processing of the order.

Your personal data will only be passed on to third parties (e.g. shipping service providers / forwarding agents) and order processors if this is necessary for the processing of the order.

Purpose and legal basis

We process your personal data for the purpose of registering a customer account to fulfill a contract with you. There is a contractual obligation to provide your data as far as it relates to the mandatory fields, since this information is necessary to identify you and for the fulfillment of the contract on our part. There is no legal obligation to provide the data. Without the provision of this information, the order in our online store and thus a contract conclusion is not possible. For the additional information provided voluntarily, there is no obligation to provide. Ordering in our online store is possible even without disclosing the voluntary data.

The supplementary processing of your password for the registration of the permanent user account is carried out for the purpose of providing a customer account and for the presentation of your previous purchases as well as for the storage of your purchase-related data (e.g. storage of invoice address, various delivery addresses) on the basis of your consent. By deleting your customer account, you can declare your revocation at any time with effect for the future.

Storage duration

If you order as a guest, we store your personal data until the complete processing of your order (end of contract). When registering a permanent customer account, we store the purchase-related data beyond the end of the contract, until the revocation of your consent (deletion of the customer account). In both cases, your data will only be stored further if there are legal obligations to retain it (for example, tax and commercial law).

Presence on social media platforms

We maintain so-called fan pages or accounts or channels on the networks mentioned below in order to provide you with information and offers within social networks as well and to offer you further ways to contact us and find out about our offers. In the following, we inform you about which data we or the respective social network process from you in connection with the call and use of our fan pages/accounts.

Data we process from you

If you wish to contact us via messenger or direct message via the respective social network, we generally process your user name via which you contact us and, if necessary, store other data provided by you insofar as this is required to process/respond to your request.

(Processing is necessary to protect the legitimate interests of the controller).

(Static) usage data that we receive from the social networks

We receive automated statistics regarding our accounts via Insights functionalities. The statistics include, among other things, the total number of page views, likes, details on page activities and post interactions, reach, video views, and details on the proportion of men/women among our fans/followers.

The statistics contain only aggregated data that cannot be related to individual persons. You are not identifiable to us through this.

What data the social networks process from you

In order to view the content of our fan pages or accounts, you do not have to be a member of the respective social network and, to this extent, no user account for the respective social network is required.

Please note, however, that the social networks also collect and store data from website visitors without a user account when the respective social network is called up (e.g. technical data in order to be able to display the website to you) and use cookies and similar technologies, over which we have no control. For details, please refer to the privacy policy of the respective social network.

Insofar as you wish to interact with the content on our fan pages/accounts, e.g. comment on, share or like our postings/contributions and/or contact us via messenger functions, prior registration with the respective social network and the provision of personal data is required.

We have no influence on the data processing by the social networks within the scope of their use by you. To our knowledge, your data is stored and processed in particular in connection with the provision of the services of the respective social network, as well as for the analysis of user behavior (using cookies, pixels/web beacons and similar technologies) on the basis of which advertising based on your interests is played both within and outside the respective social network. It cannot be ruled out that your data will be stored by the social networks outside the EU/EEA and passed on to third parties.

For information on, among other things, the exact scope and purposes of the processing of your personal data, the storage period/deletion, and guidelines on the use of cookies and similar technologies in the context of registration and use of the social networks, please refer to the privacy policy/cookie policy of the social networks. There you will also find information about your rights and the possibility to object.

Facebook page

When you visit our Facebook page, Facebook collects, among other things, your IP address and other information that is present on your PC in the form of cookies. This information is used to provide us, as operators of the Facebook pages, with statistical information about the use of the Facebook page. For more information, Facebook provides the following link: https://facebook.com/help/pages/insights.

By means of the transmitted statistical information, it is not possible for us to draw conclusions about individual users. We use them only to respond to the interests of our users and to continuously improve and ensure the quality of our online presence.

We collect your data via our fan page only to realize a possible provision for communication and interaction with us. This collection usually includes your name, message content, comment content, and the profile information you “publicly” provide.

The processing of your personal data for our above-mentioned purposes is based on our legitimate business and communication interest in offering an information and communication channel .

Due to the fact that the actual data processing is carried out by the provider of the social network, our access to your data is limited. Only the provider of the social network is authorized to fully access your data. Due to this, only the provider can directly take and implement appropriate measures to fulfill your user rights (information request, deletion request, objection, etc.). The most effective way to assert the corresponding rights is therefore directly against the respective provider.

We are jointly responsible with Facebook for the personal content of the fan page. Data subject rights can be asserted with Facebook Ireland as well as with us.

The primary responsibility for the processing of Insights Data lies with Facebook and Facebook complies with all obligations under the GDPR with respect to the processing of Insights Data, Facebook Ireland provides the essence of the Page Insights Supplement to Data Subjects.

We do not make any decisions regarding the processing of Insights Data and any other resulting information, including legal basis, identity of the responsible party and storage period of cookies on user terminals.

Further instructions can be found directly at Facebook (Supplemental Agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.

Google CDN

Nature and scope of processing

We use Google CDN to properly deliver the content of our website. Google CDN is a service of Google Ireland Limited, which acts as a content delivery network (CDN) on our website.

A CDN helps to provide content of our online offer, especially files such as graphics or scripts, faster with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Google CDN.

Purpose and legal basis

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision and optimization of our online offer.

Storage duration

The concrete storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. For more information, please see the Google CDN Privacy Policy: https://policies.google.com/privacy.

Google Fonts

Nature and scope of processing

We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offering. To obtain these fonts, you connect to Google Ireland Limited servers, and your IP address is transmitted.

Purpose and legal basis

The use of Google Fonts is based on our legitimate interests, i.e. interest in a uniform provision and optimization of our online offer.

Storage duration

The concrete storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. For more information, see the Google Fonts privacy policy: https://policies.google.com/privacy.

Google reCAPTCHA

Nature and scope of processing

We have integrated components of Google reCAPTCHA on our website. Google reCAPTCHA is a service of Google Ireland Limited and enables us to distinguish whether a contact request originates from a natural person or is automated by means of a program. When you access this content, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. Furthermore, Google reCAPTCHA records the user’s dwell time and mouse movements to distinguish automated requests from human ones. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Google reCAPTCHA.

Purpose and legal basis

The use of the service is based on our legitimate interests, i.e. for protection when submitting forms.

Storage duration

The concrete storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. For more information, see the Google reCAPTCHA privacy policy: https://policies.google.com/privacy?hl=en-US.

Google Tag Manager

Nature and scope of processing

We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags through one interface and allows us to control the exact integration of services on our website

This allows us to flexibly integrate additional services to evaluate user access to our website.

Purpose and legal basis

The use of Google Tag Manager is based on our legitimate interests, i.e. interest in optimizing our services.

Storage duration

The concrete storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. For more information, see the Google Tag Manager privacy policy: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

Data Dog

Nature and scope of processing

We use Datadog to monitor the functioning of our application and make sure that everything works without problems.

This allows us to flexibly integrate additional services to evaluate user access to our website. No user-specific data is collected in the process.

Purpose and legal basis

The use of Data Dog is based on our legitimate interests, i.e. interest in optimizing and maintaining our services.

Storage duration

The specific storage period of the processed data cannot be influenced by us, but is determined by Data Dog. For more information, see the Data Dog privacy policy:

Google Analytics

Nature and scope of processing

We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offer. This includes, for example, the number of views of our online offer, visited subpages and the length of stay of visitors.

Google Analytics uses cookies and other browser technologies to evaluate user behavior and recognize users.

This information is used, among other things, to compile reports on website activity.

Purpose and legal basis

We process data using Google Analytics for the purpose of optimizing our website and for marketing purposes based on your consent.

Storage duration

The concrete storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. For more information, please see the Google Analytics privacy policy: https://policies.google.com/privacy.

YouTube video

Nature and scope of processing

We have integrated YouTube video on our website. YouTube Video is a component of the video platform of YouTube, LLC, where users can upload content, share it over the Internet and get detailed statistics.

YouTube Video allows us to integrate content from the platform into our website.

YouTube Video uses cookies and other browser technologies to analyze user behavior, recognize users and create user profiles. This information is used, among other things, to analyze the activity of the content listened to and to generate reports. If a user is registered with YouTube, LLC, YouTube Video can associate the videos played with the profile.

When you access this content, you connect to servers of YouTube, LLC, Google Ireland Limited, Gordon House, Barrow Street Dublin 4 Ireland, where your IP address and possibly browser data such as your user agent are transmitted.

Purpose and legal basis

The use of the service is based on your consent.

Storage duration

The concrete storage period of the processed data cannot be influenced by us, but is determined by YouTube, LLC. For more information, please see the YouTube Video Privacy Policy: https://policies.google.com/privacy.

Jira (only in the support area)

Nature and scope of processing

We use “Jirra” to organize “support requests”. This helps us to correctly allocate your request and provide you with fast service.

We process your personal data for the purpose of registering a customer account to fulfill a contract with you. There is a contractual obligation to provide your data as far as it relates to the mandatory fields, since this information is necessary to identify you and for the fulfillment of the contract on our part. There is no legal obligation to provide the data. Support is not possible without the provision of this information. For the additional information provided voluntarily, there is no obligation to provide.

The supplementary processing of your password for the registration of the permanent user account is carried out for the purpose of providing a customer account and for the presentation of your previous purchases as well as for the storage of your previous inquiries on the basis of your consent. By deleting your customer account, you can declare your revocation at any time with effect for the future.

Storage duration

If you order as a guest, we store your personal data until the complete processing of your request (end of contract). When registering a permanent customer account, we store the data beyond the end of the contract, until the revocation of your consent (deletion of the customer account). In both cases, your data will only be stored further if there are legal obligations to retain it (for example, tax and commercial law).

Auth0

Nature and scope of processing

For registration we use the external authentication service Auth0. During registration, email and self-selected username are stored at Auth0.
Terms of use Auth0
Privacy policy Auth0

Storage duration

When registering a permanent customer account, we store the data beyond the end of the contract, until the revocation of your consent (deletion of the customer account). In both cases, your data will only be stored further if there are legal obligations to retain it (for example, tax and commercial law).

Düsseldorf 10/3/2023 Digital Stuff UG