General Director Albert Hirtz · Data Protection Officer TÜV SÜD Akademie GmbH E-Maildatenschutz@apoplexmedical.com 3. Legal basis of processing and duration of storage
We process data that we receive from the data subject himself or in the course of commissioned processing from a data controller. Personal data is processed exclusively on the basis of the possibilities set out in Article 6 DSGVO. For our purposes, this is the case if the data subject has given consent to the processing of personal data concerning him or her for one or more specific purposes or if the processing is necessary for the performance of a contract to which the data subject is a party. In addition, processing may be necessary for the performance of pre-contractual measures taken at the request of the data subject or a third party authorized to do so. The data will be deleted as soon as the purpose of their collection has been fulfilled and no other legal or contractual retention obligations, for example in the course of an instruction from the controller in the case of commissioned processing, need to be observed. The data will not be deleted as long as it is required for the assertion, exercise or defense of legal claims. 4. Purpose of data collection, processing, use
4.1 Affected services We require and use personal data to fulfill pre-contractual, contractual or post-contractual and legal obligations. For this purpose, data from suppliers with the respective contact persons (supplier management), data from customers with the respective contact persons (customer management) and data from third parties (processing on behalf) are collected, processed and used.
Order processing - SRAclinic, SRADOC/SRA24 By analyzing the ECG data transmitted to us, we process personal health data. For this purpose, pseudonymized ECG data are transmitted electronically from the attending physician to our analysis software. This transmits the results, also electronically, back to the attending physician. The entire process is encrypted.
4.2 Processing of personal data 4.2.1 Customer management data: name and address (doctor/clinic in general and of the contact person), telephone, fax, mail addresses, customer number, bank details, payment methods, contract data, purchased products. 4.2.2 Supplier management data: name and address, telephone, fax, mail addresses, supplier number, bank details, contract data. 4.2.3 Order processing (according to the client's instructions): numeric/alphanumeric pseudonym, age, gender, ECG raw data. Order data is generally deleted after 12 weeks unless otherwise instructed by the client. 5. Recipient
We use the data within our company exclusively for the fulfillment of pre-contractual, contractual or legal obligations. In certain cases (service and scientific purposes), we pass on data to order processors or other third parties for this purpose. Other third parties are partners who, for example, assist in the performance of medical studies. In the case of the transfer of personal health data, this is done exclusively anonymously and only with the consent of the patient. The person concerned is thus no longer identifiable. 6. Rights of the data subject
You have the right to information and there are rights to rectification, erasure or restriction of processing. You also have the right to lodge a complaint with the competent supervisory authority (Art. 15 DSGVO). You can revoke an already granted consent to the processing of personal data at any time with effect for the future. The revocation is to be addressed to the office mentioned under 1. Since we work exclusively with pseudonymized data in the area of stroke risk analysis, we do not know the real identity of the patients. The provision of information and the exercise of the other rights listed here can therefore only be carried out by your attending physician or intuition.
6.1 Information as to whether personal data relating to you is being processed and, if this is the case, information on the purposes of processing and the categories of personal data that are being processed as well as on the recipients/categories of recipients, the planned duration of storage of your personal data, the origin of the data insofar as it was not collected by the data subject himself and, if applicable, the existence of automated decision-making. Depending on the facts of the case, the information will be provided verbally, upon request also in writing or electronically and, if possible, in the form of a copy of the personal data (Art. 15 para. 3, DSGVO). 6.2 Correction of inaccurate or incomplete personal data concerning you (Art. 16 DSGVO) 6.3 Erasure of personal data concerning you if they are no longer necessary for the purposes for which they were collected or otherwise processed; if you have withdrawn consent and there is no other legal basis for the processing; if you have objected to the processing (Art. 21 GDPR); if the personal data have been processed unlawfully; if erasure is necessary for compliance with a legal obligation under Union law or the law of the Member States to which the controller is subject and none of the grounds for further processing/storage set out in Art. 17(3) GDPR is relevant (Art. 17 GDPR). 6.4 Restriction of processing (Art. 18 DSGVO), if the accuracy of the personal data is contested, for a period enabling us to verify the accuracy of the personal data, or if the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data, or if we no longer need the personal data for the purposes of processing but you need it for the assertion, exercise or defense of legal claims, or if you have objected to the processing as long as it has not yet been determined whether the legitimate grounds on our part override your interests (Art. 18 DSGVO) 6.5 Data portability/receipt of the personal data concerning you that you have provided to us in a structured, common and machine-readable format, as well as to the transfer of this data to another controller without hindrance from us, provided that the processing of the personal data is based on your consent or a contract and the processing is carried out by means of automated procedures (Art. 20 DSGVO). 7. Automated decision, data transfer to third countries No processing based exclusively on an automated decision - including profiling - takes place. The data will not be transferred to third countries/countries outside the European Union. 8. Website
If the opportunity for the input of personal or business data (email addresses, name, addresses) is given, the input of these data takes place voluntarily. The use and payment of all offered services are permitted - if and so far technically possible and reasonable - without specification of any personal data or under specification of anonymized data or an alias. The use of published postal addresses, telephone or fax numbers and email addresses for marketing purposes is prohibited, offenders sending unwanted spam messages will be punished. We expressly reserve the right to take legal action against the senders of so-called spam mails in the event of violations of this prohibition.
apoplex medical technologies GmbH Zweibrücker Straße 185, 66954 Pirmasens