Data Protection Information

miralytik healthcare consulting GmbH takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal regulations of the relevant data protection laws, in particular the EU General Data Protection Regulation (GDPR) as well as this data protection explanation. 

This data protection information covers the use of miralytik’s digital services, including our social media profiles on PCs, smartphones, tablets and all other Internet-enabled mobile devices. 

The digital services may contain links to other third party service provider websites that are not covered by this privacy statement.

1. Note on the data controller - Who is responsible for the collection of data?
The data controller for the processing of your personal data is 

miralytik healthcare consulting GmbH
represented by the managing directors Dr. med. Sebastian Fenger and Tibor Tinschmann
Steinstraße 27 
20095 Hamburg

If you have any questions about data protection with us, please write to us at the aforementioned postal address, with the addition "Data protection" or at the e-mail address directly to our Data Protection Officer Malte Rheingans.

2.    Purposes and legal basis of data processing - What do we use your data for?

2.1   Data processing for the provision of contractual services
We process personal data in order to process the contractual relationships and to be able to submit contractual offers tailored to your requirements. The collection of the data takes place in particular for the conclusion and/or for the performance of a contract. 

We collect with all forms obligatorily only those personal data, which are absolutely necessary for the completion of the contractual relations and/or for your information inquiry. This information is marked with an asterisk. The collection of data, which is not absolutely necessary, but in which we are interested in order to optimise the fulfilment of the purpose, is only optional. In this case you decide on a voluntary basis if and which data you want to give us. 

For your order we may need your correct name, address and payment data. We ask for your e-mail address and telephone number so that we can communicate with you in the event of questions or problems regarding the service you have commissioned. 
The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

2.2   User Area
On some of our websites we offer the possibility to register for a user area by entering personal data. For this we need the following information: First name and surname, e-mail address, password if applicable and, in addition, possibly further data for establishing contact. The data in the user area can be viewed, edited and deleted using your e-mail address and password. In case you have forgotten your password for the customer area, you will find the link "Forgot password" on the login page. You can set a new password by entering your e-mail address. The personal data entered by you will only be processed within the scope of using the respective user area in order to be able to offer you the associated services.

The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

2.3   Newsletter
With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The respective content of a newsletter is explained in the respective declaration of consent.  If you would like to receive a newsletter offered by us, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. For this purpose, we will send you an e-mail with a confirmation link (double opt-in) to the e-mail address you have entered. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. 

Your e-mail address is the only mandatory information for sending the newsletter. In addition, we store the IP addresses you use and the dates of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to clarify any possible misuse of your personal data. We do not collect any further data in this context. We use these data exclusively for the dispatch of the requested newsletter. We use the services of Newsletter2Go to send the newsletter. You can read their privacy policy here: When working together with the order processor, we comply with the applicable data protection laws.

Data processing takes place on the basis of your consent pursuant to Art. 6 Para. 1 lit. a GDPR. You can revoke your consent to the sending of a newsletter at any time and cancel the respective subscription. You can declare your revocation by clicking on the link provided in every e-mail or by sending us a message via the contact details mentioned under point 1. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

2.4   Cookies
We may use so-called cookies on some of our websites, among other things to be able to offer you website-specific services, to recognize you when you visit our website again, and/or to adapt our offer to your personal preferences.

Cookies are small text files that are stored on a visitor's computer and contain data on the respective user in order to enable access to various functions.  Both session cookies and persistent cookies are used on our website. A session cookie is temporarily stored on your computer as you navigate through the site. A session cookie is deleted as soon as you close your Internet browser or as soon as your session has expired after a certain period of time. A persistent cookie remains on your computer until it is deleted. The storage of a cookie ensures that you do not have to repeatedly enter your personal settings and preferences every time you visit our website. This saves you time and makes using our website more convenient for you.

You can delete permanently installed cookies via the settings of your browser. Most browsers accept cookies automatically - so if you want to suppress the use of cookies, you may have to actively delete or block cookies or prevent the storage of cookies by setting your browser software. Please note, however, that if you choose not to accept cookies, you may still be able to visit our website, but some features may not work as intended.

The use of the aforementioned cookies is in the interest of a uniform presentation and functionality of our websites. The data processing is based on Art. 6 para. 1 lit. f GDPR, which permits the processing of data to safeguard the legitimate interests of the data controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.
2.5   Data processing to protect legitimate interests
We also process your data if it is necessary to protect the legitimate interests of us or of third parties. This may be the case to guarantee IT security and IT operation; for support inquiries; in the event of legal disputes, to be able to understand and prove the facts of the case; for market and opinion polls; to statistically evaluate the use of our website; to promote other products from us or our cooperation partners.

The basis for data processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the data processing listed above.
2.6   Data processing for marketing purposes
If your data is used for marketing purposes for our products and for other products of our cooperation partners, we may obtain your consent. The data will then be processed on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time. The lawfulness of the data processing processes already carried out remains unaffected by the revocation.

In addition, we use your e-mail address for product recommendations if you have already ordered something from us. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter. In this way, we want to send you information about products from our range that might interest you based on your last purchases from us. In doing so, we comply strictly with the legal requirements. If you no longer wish to receive product recommendations or promotional messages from us, you can object to this at any time. A message in text form to the contact data mentioned under section 1 (e.g. e-mail, fax, letter) is sufficient for this. The basis for data processing is Art. 6 Para. 1 lit. f GDPR, which permits the processing of data to safeguard the legitimate interests of the person responsible, provided that the interests or fundamental rights and freedoms of the person concerned do not prevail.

2.7   Log files
Each time our websites are accessed, usage data is transmitted by the respective Internet browser and stored in log files, the so-called server log files. The stored data records contain the following data: Browser type and browser version, operating system used, referrer URL, time of server request, shortened IP address.

These data cannot be assigned to specific persons. This data will not be merged with other data sources. We reserve the right to subsequently check this data if we become aware of concrete indications of illegal use.

The data processing is based on Art. 6 para. 1 lit. f GDPR, which permits the processing of data to safeguard the legitimate interests of the data controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.

2.8   Data processing for the fulfilment of legal obligations
In addition, we process your data to fulfil legal obligations (e.g. regulatory requirements, commercial and tax storage and proof obligations). The basis for data processing is Art. 6 para. 1 lit. c GDPR, which permits processing to fulfil a legal obligation.

3.    Categories of receipt of personal data
Your personal data will only be passed on to third parties or otherwise transmitted if this is necessary for the purpose of contract processing or billing or if you have given your prior consent or if there is a legal basis for the passing on of such data.

Insofar as it is necessary for the purpose of contract processing or for the dispatch and delivery of products, data will be passed on to partner companies which have been commissioned to support contract processing. Our partners undertake to comply with and observe the provisions of data protection law. Furthermore, our partners are not permitted to use the data in any other way than to process the contract. 

Service providers who support us in providing our services to you are cooperation, sales and marketing partners, software (SaaS) providers, IT service providers, in particular service providers for software and hardware maintenance, hosting providers and e-mail service providers.

4.    Duration of data storage
In principle, we delete your data as soon as it is no longer required for the above-mentioned purposes, unless temporary storage is still necessary. We store your data on the basis of legal proof and storage obligations, which result among other things from the German Commercial Code and the German Tax Code, according to which the storage periods are up to ten full years. In addition, we keep your data for the period during which claims can be asserted against our company (statutory limitation period of three or up to thirty years).

5.    Data Security
Your personal data will be transmitted securely by us through encryption. We use the coding system SSL (Secure Socket Layer). You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. Furthermore, we secure our websites and other systems by technical and organizational measures against loss, destruction, access, alteration or distribution of your data by unauthorized persons.

6.    Rights of the data subject
Within the framework of the applicable legal provisions, you have the right to obtain information free of charge at any time about your personal data stored by us, its origin and recipients and the purpose of the data processing and, if applicable, the right to correct, block or delete this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time using the contact details given in section 1. You may also have the right to restrict the processing of your data and to have the data disclosed in a structured, common and machine-readable format. If you have given us your consent to process personal data for specific purposes, you can revoke your consent at any time with effect for the future. If we process your data to protect legitimate interests, you may object to such processing for reasons arising from your particular situation. You can also contact a data protection supervisory authority (right to appeal). The authority responsible for us is

Freie und Hansestadt Hamburg
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Prof. Dr. Johannes Caspar
Klosterwall 6
20095 Hamburg