Privacy
Data Privacy Policy
We, the miralytik healthcare consulting GmbH (miralytik) take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal regulations of the relevant data protection laws, in particular the EU General Data Protection Regulation (GDPR) as well as this Data Privacy Policy.
This Data Privacy Policy covers the use of miralytik's services, including our social media profiles, via all internet-enabled end devices. The digital services may contain links to other websites and/or services of third party service providers to which this data protection declaration does not apply.
1. Note on the data controller - Who is responsible for the collection of data?
The data controller for the processing of your personal data is
miralytik healthcare consulting GmbH
represented by the managing directors Dr. med. Sebastian Fenger and Tibor Tinschmann
Sachsenstraße 22
20097 Hamburg
info@miralytik.de
If you have any questions about data protection with us, please write to us at the aforementioned postal address, with the addition "Data protection" or directly to our Data Protection Officer, Mr. Malte Rheingans at miralytik@cogito.consulting | https://cogito.consulting.
2. Purposes and legal basis of data processing - What do we use your data for?
2.1 Data processing for the provision of contractual services
We process personal data in order to process the contractual relationships and to be able to submit contractual offers tailored to your requirements. The collection of the data takes place in particular for the conclusion and/or for the performance of a contract.
We collect with all forms obligatorily only those personal data, which are absolutely necessary for the completion of the contractual relations and/or for your information inquiry. The collection of data, which is not absolutely necessary, but in which we are interested in order to optimise the fulfilment of the purpose, is only optional. In this case you decide on a voluntary basis if and which data you want to give us.
For the conclusion and/or for the performance of a contract we may need your correct name, address and payment data. We ask for your e-mail address and telephone number so that we can communicate with you in the event of questions or problems regarding the service you have commissioned.
The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
2.2 User Area
On some of our websites we offer the possibility to register for a user area by entering personal data. For this we need the following information: First name and surname, e-mail address, password if applicable and, in addition, possibly further data for establishing contact. The data in the user area can be viewed, edited and deleted using your e-mail address and password. In case you have forgotten your password for the customer area, you will find the link "Forgot password" on the login page. You can set a new password by entering your e-mail address. Alternatively, you may be able to request a new password through us. The personal data entered by you will only be processed within the scope of using the respective user area in order to be able to offer you the associated services.
The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.
2.3 Data processing for communication purposes
In addition to the contract data, we process your communication data (names of contact persons, address, telephone number, fax number, e-mail address) in order to be able to contact you and communicate with you within the contractual relationship. Personal data that you provide to us by e-mail or via the contact form on this website will only be processed for correspondence with you or only for the purpose for which you have made the data available to us.
For communication via the contact form on our website, we need at least your full name and your e-mail address. If you would like us to call you back, we also need your telephone number.
Provided that you are interested in our services, the basis for data processing is Art. 6 para. 1 p. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. Furthermore, we have an interest in processing and, if applicable, answering your enquiry and the processing of your data for this purpose is based on Art. 6 (1) p. 1 lit. f GDPR, which permits the processing of data to protect the legitimate interests of the controller, unless the interests or fundamental rights and freedoms of the data subject outweigh these interests.
2.4 Newsletter
With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The respective content of a newsletter is explained in the respective declaration of consent. If you would like to receive a newsletter offered by us, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. For this purpose, we will send you an e-mail with a confirmation link (double opt-in) to the e-mail address you have entered. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. Your e-mail address is the only mandatory information for sending the newsletter. In addition, we store the IP addresses you use and the dates of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to clarify any possible misuse of your personal data. We do not collect any further data in this context. We use these data exclusively for the dispatch of the requested newsletter.
Data processing takes place on the basis of your consent pursuant to Art. 6 Para. 1 lit. a GDPR. You can revoke your consent to the sending of a newsletter at any time and cancel the respective subscription. You can declare your revocation by clicking on the link provided in every e-mail or by sending us a message via the contact details mentioned under point 1. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
2.5 Cookies
We may use so-called cookies to provide website-specific services. Cookies are small text files that are stored on a visitors' computer and contain data about the respective user in order to provide access to various functionalities.
Websites may use both session cookies and persistent cookies. A session cookie is temporarily stored on the computer used while navigating through the website. A session cookie is deleted as soon as the Internet browser is closed or as soon as the session has expired after a certain time. A persistent cookie remains on the computer until it is deleted.
We may work with third parties on some of our offers and therefore cookies from partner companies may also be stored when you visit such a website (third-party cookies). We may inform you in advance about the use of such cookies and the scope of the data stored or retrieved in each case.
We may use cookies that are necessary to enable us to provide the services owed by us or to ensure the functionality of our services. The legal basis for the use of these cookies is § 25 para. 2 no. 2 TTDSG. Any processing of personal data carried out in this context is then based on Art. 6 para. 1 p. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures, or on Art. 6 para. 1 p. 1 lit. f GDPR, which permits data processing to safeguard the legitimate interests of the controller, unless the interests or the fundamental rights and freedoms of the data subject override the interest of the controller in the data processing. Our interest then lies in ensuring the provision of the functions of our services.
For the use of other, non-essential cookies, we may obtain your consent. The cookies are then used on the basis of the consent pursuant to §25 para. 1 TTDSG, and any processing of personal data carried out in this context pursuant to Art. 6 para. 1 p. 1 lit. a GDPR. Data subjects can revoke their consent at any time. The lawfulness of the data processing already carried out on the basis of consent remains unaffected by the revocation.
2.6 Data processing in the context of our LinkedIn company page
We have a company page on the social network linkedin.com of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn") and are provided with so-called page analytics by LinkedIn. We are jointly responsible with LinkedIn for this operation of the LinkedIn company page within the meaning of Art. 26 GDPR.
The type and scope of the information processed or provided by LinkedIn, the associated purposes of the data processing by LinkedIn, its lawfulness as well as information on the exercise of data subject rights can be found in LinkedIn's data privacy policy at the URL https://www.linkedin.com/legal/privacy-policy and in the joint responsibility agreement, which can be found at the URL https://legal.linkedin.com/pages-joint-controller-addendum. Page analytics involves aggregated data that allows us to understand how people interact with our pages. The generation and provision of these page analytics is the responsibility of LinkedIn, over which we have no control. LinkedIn assumes all obligations under the GDPR with regard to the processing of insights data (including Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR).
The purpose of the data processing by us of the data provided by LinkedIn is the statistical evaluation of the use of our company page. This enables us, for example, to determine preferred visiting and posting times and to use this data to optimise our posts and our company page. In addition, we process personal data made publicly available on LinkedIn (e.g. clear names in the user profile) as well as data directly related to activities on our company page (e.g. contributions, posts, likes, marks), also for the purpose of communication.
The basis for the above data processing is nature 6 para. 1 p. 1 lit. a GDPR. Insofar as a corresponding consent has been given to LinkedIn, this consent can be revoked at any time with effect for the future. Insofar as consent has been granted to us in this regard, this consent can be revoked at any time with effect for the future. Otherwise, the basis for our data processing is nature 6 para. 1 p. 1 lit. f GDPR, which permits the processing of data to protect the legitimate interests of the controller, provided that the interests or fundamental rights and freedoms of the data subject are not overridden. Our interest is to provide content and communication with LinkedIn users and to improve the reach and effectiveness of our posts.
The rights of access, rectification, deletion, restriction of processing and data portability of stored insights data can be asserted against LinkedIn, as LinkedIn has assumed the corresponding obligations:
LinkedIn Ireland Unlimited Company
Wilton Place
Dublin 2
Ireland
Privacy policy https://www.linkedin.com/legal/privacy-policy
2.7 Online presence in other social networks
We have set up online presences in various social networks to communicate with you, interested parties and customers and to inform them about our services and current offers. In addition to our interaction with you, the social networks process data from visitors to their websites for the purpose of market research and advertising, i.e. that from the respective visit or usage behaviour and the preferences and interests of a visitor derived from this, a user profile may be created by the respective operator of the social network. Such user profiles can be used, among other things, to display advertisements within the respective social network and possibly on other websites, which are individually adapted to the respective user profile. Cookies (see above) may be stored on the visitors' devices, with the help of which data on usage behaviour can be collected. The collection of this data can, especially in the case of logged-in members of the respective social network, also be realized across several browsers and/or end devices used by a user. Even if a visitor does not have a profile with the respective social network, it cannot be ruled out that personal data on this visitor will be stored when visiting the respective website. Requests for information regarding the data stored in social networks via our online presence or the use of other relevant rights of data subjects can be addressed to the provider of the respective service. Only the providers of the social networks have access to the respective data stored there and can provide the corresponding information, etc. With regard to the purpose and scope of data processing by the various social networks, we refer additionally to their respective data protection notices and the respective contact options:
New Work SE
Am Strandkai 1
20457 Hamburg
Deutschland
Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung
Twitter Inc.
One Cumberland Place
Fenian Street
Dublin 2, D02 AX07, Ireland
Privacy policy: https://twitter.com/privacy
Opt-out: https://twitter.com/personalization
The processing of data in the context of our online presence in social networks is done, insofar as we are responsible under data protection law, on the basis of our legitimate interest in effective information and direct communication with interested parties. The basis for data processing is Article 6 (1) S. 1 lit. f GDPR. Our interest is to provide content and communicate with users of the respective social networks and to improve the reach and effectiveness of our posts.
2.8 Matomo
We may use the web analytics service Matomo to analyse the use and optimise our website. When used, Matomo creates an internal hash value for each visitor to the respective website, which is calculated from various factors such as the anonymised IP address, the resolution, the browser, the plugins used and the operating system. Unlike other statistical programmes, Matomo does not transmit any data to a third-party server. The IP address transmitted by the browser via Matomo is neither merged with other data collected by us nor passed on to third parties and is only stored anonymously. Within the scope of our web analysis with Matomo, no tracking cookies are set on the computer. If individual pages of our website are called up, the following data are processed: two bytes of the IP address of the calling system (anonymous), browser type and version, operating system used, the website called up, the website from which our website is visited (referrer URL) - if the browser does not prohibit this, the pages and files called up on our website, if applicable. the website visited after ours (when clicking on an external link on our website), the date and time of access, the time spent on the website, the frequency with which the website is accessed, the location (country).
The use of Matomo described above is based on Art. 6 para. 1 p. 1 lit. f GDPR. We have a legitimate interest in analysing user behaviour in order to optimise our website and identify errors.
2.9 Data processing for applications
Via our websites and our contact data provided there, applications for jobs in our company can be sent to us. Insofar as personal data is transmitted to us in this way or in any other way when applications are submitted, we process this data for the purpose of reviewing, processing and responding to the application and, if necessary, for preparing the employment relationship.
The basis for data processing is either Art. 88 para. 1 GDPR, § 26 para. 1 BDSG (new) which permits the processing of data for the decision on the employment, for the establishment as well as for the performance of employment relationships or - if the data subject has given consent - Art. 6 para. 1 p. 1 lit. a GDPR. Data subjects may revoke their consent at any time with effect for the future. An informal communication by e-mail to us is sufficient for this purpose. The lawfulness of the data processing operations already carried out remains unaffected by the revocation.
2.10 Data processing to protect legitimate interests
We also process your data if it is necessary to protect the legitimate interests of us or of third parties. This may be the case to guarantee IT security and IT operation; for support inquiries; in the event of legal disputes, to be able to understand and prove the facts of the case; for market and opinion polls; to statistically evaluate the use of our website; to promote other products from us or our cooperation partners.
The basis for data processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the data processing listed above.
2.11 Data processing for analysis, advertising or market research purposes
In case we use your data for advertising purposes, we may obtain your consent. The data processing is then based on your consent ( Art. 6 para. 1 S. 1 lit. a GDPR). You can revoke your consent at any time. The lawfulness of the data processing operations already carried out remains unaffected by the revocation.
Furthermore, we may use your e-mail address for recommendations or enquiries if we already have a contractual relationship. You will receive these recommendations from us regardless of whether you have subscribed to a newsletter. We would like to provide you with information about our services that may be of interest to you on the basis of your enquiry or contractual relationship with us. In this context, we strictly comply with the legal requirements. If you no longer wish to receive any recommendations or promotional messages from us, you can object to this at any time. A notification in text form to the contact data mentioned under point 1 (e.g. e-mail, fax, letter) is sufficient for this purpose.
The basis for the above data processing is Art. 6 para. 1 p. 1 lit. f GDPR, which permits the processing of data to protect the legitimate interests of the controller.
2.12 Other data processing based on your consent
It may also happen that we ask for your consent to process personal data. Any granting of consent and the relevant data processing is voluntary and you will not suffer any disadvantages if you do not consent.
The data processing is then carried out on the basis of your consent in accordance with Art. 6 para. 1 s. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future. An informal notification to us is sufficient for this purpose. The legality of the data processing operations already carried out remains unaffected by the revocation.
2.13 Log files
Each time our websites are accessed, usage data is transmitted by the respective Internet browser and stored in log files, the so-called server log files. The stored data records contain the following data: Browser type and browser version, operating system used, referrer URL, time of server request, shortened IP address.
These data cannot be assigned to specific persons. This data will not be merged with other data sources. We reserve the right to subsequently check this data if we become aware of concrete indications of illegal use.
The data processing is based on Art. 6 para. 1 lit. f GDPR, which permits the processing of data to safeguard the legitimate interests of the data controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.
2.14 Data processing for the fulfilment of legal obligations
In addition, we process your data to fulfil legal obligations (e.g. regulatory requirements, commercial and tax storage and proof obligations).
The basis for data processing is Art. 6 para. 1 lit. c GDPR, which permits processing to fulfil a legal obligation.
1. Recipients of the personal data
Personal data will only be passed on or otherwise transferred to third parties if this is necessary for the purpose of performing the contractual relationship, or if prior consent has been given, or if there is any other legal basis for the transfer.
Your data will be forwarded to the relevant department and the relevant employees within our company in order to answer your enquiries, for communication purposes or to carry out the order or to fulfil contractual obligations.
Service providers that support us in the context of the aforementioned processing of your data are Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn (Server-Hosting), IONOS SE, Elgendorfer Str. 57, 56410 Montabaur ((Exchange-)Server-Hosting), 5 POINT AG, Saalbautraße 27, 64283 Darmstadt (SaaS-Software) and other sales and marketing partners, software (SaaS) providers, IT service providers, in particular service providers for software and hardware maintenance, and e-mail service providers.
Insofar as it is necessary for the purpose of performing the contract, data is passed on to third party companies. The basis for this is then rt. 6 para. 1 S. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.
In addition, data may be passed on to third parties commissioned to provide consulting services, such as consulting firms or law firms, tax consultants, auditors or other similar consulting service providers. These are usually not acting as order processors, but they are subject to statutory or contractually agreed confidentiality obligations.
2. Duration of data storage
In principle, we delete your data as soon as it is no longer required for the above-mentioned purposes, unless temporary storage is still necessary. We store your data on the basis of legal proof and storage obligations, which result among other things from the German Commercial Code and the German Tax Code, according to which the storage periods are up to ten full years. In addition, we keep your data for the period during which claims can be asserted against our company (statutory limitation period of three or up to thirty years).
3. Data Security
Your personal data will be transmitted securely by us through encryption. We use the coding system SSL (Secure Socket Layer). You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. Furthermore, we secure our websites and other systems by technical and organizational measures against loss, destruction, access, alteration or distribution of your data by unauthorized persons.
4. Rights of the data subject
Within the framework of the applicable legal provisions, data subjects have the right at any time to free information about their personal data stored by us, its origin and recipients and the purpose of the data processing and, if applicable, a right to correction or deletion of this data.
For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time using the contact details given in section 1.
Data subjects may also have a right to restrict the processing of their data and a right to receive the data they have provided in a structured, common and machine-readable format.
If you have given us consent to process personal data for specific purposes, you may withdraw your consent at any time with future effect. If we process your data to protect legitimate interests, you may object to this processing on grounds relating to your particular situation. If we cannot substantiate compelling legitimate reasons for further processing that outweigh your interests, rights and freedoms, or if we process the data in question from you for the purpose of direct marketing, we will then no longer process your data.
In addition, data subjects have the possibility of contacting a data protection supervisory authority (right of complaint).You can also contact a data protection supervisory authority (right to appeal). The authority responsible for us is
Freie und Hansestadt Hamburg
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Prof. Dr. Johannes Caspar
Klosterwall 6
20095 Hamburg
