This data protection declaration is intended to inform the users of our website as well as our customers and partners about the nature, scope and purpose of the collection and use of personal data by us and by companies commissioned by us.
In addition, the separate “Patient and Data Protection Information ECG Data” applies to the processing of ECG data. You can access this under the heading “Data protection information for the device”.
We take the protection of your data very seriously. Therefore, we treat your personal data confidentially and in accordance with the statutory provisions and this privacy policy. When you use this website, various personal data are collected. Personal data is data with which you can be personally identified. This Privacy Policy explains what information we collect and how we use it. It also explains how and for what purpose this is done. The central regulation is the General Data Protection Regulation (GDPR). This not only defines the requirements for data protection, but also terms such as “personal data” or “processing”. You can read exactly how the GDPR defines the terms.
We would like to point out that data transmission on the Internet (e.g. communication by e- mail) can have security gaps. Complete protection of data against access by third parties is not possible. And finally, there are always new requirements. Therefore, we reserve the right to change the security and data protection measures at any time, especially if this becomes necessary due to technical developments. In these cases, we will also adapt this information on data protection accordingly, if necessary. Please therefore note the current version of this data protection information.
I. Data protection at a glance
1 General information
The following notices provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified. For detailed information on the subject of data protection, please refer to our privacy policy listed below this text.
2. Data collection on this website
Who is responsible for the data collection on this website?
The data processing on this website is carried out by the website operator. You can find the contact details of the website operator in the section “Information about the responsible party” in this data protection declaration.
How do we collect your data?
On the one hand, your data is collected when you provide it to us. This can be, for example, data that you enter in a contact form.
Other data is collected automatically or after your consent when you visit the website by our IT systems. This is mainly technical data (e.g. internet browser, operating system or time of page view). The collection of this data takes place automatically as soon as you enter this website.
What do we use your data for?
Part of the data is collected to ensure error-free provision of the website. Other data may be used to analyse your user behaviour. And finally, we need this when we enter into a contractual relationship with you.
What rights do you have regarding your data?
You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have a right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
You can contact us at any time with regard to this and other questions on the subject of data protection. More information can be found in this data protection declaration under V.
3. External hosting
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster’s servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.
The hoster is used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).
Our hoster will only process your data to the extent that this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data.
We use the following hoster:
Elbnetz GmbH, Hegestraße 40, 20251 Hamburg
We have concluded a contract on order processing with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
II. Note on the responsible body
Responsible for the processing is the
dpv-analytics GmbH, Schloßstraße 12, 22041 Hamburg, Registered at Hamburg Local Court, HRB 153940, Represented by its managing directors: Dr. med. Stephan Kranz and Dr. Philip Nölling
Since the protection of your data is particularly important to us, we have appointed a special external data protection officer for this purpose:
ARTANA Digital GmbH
Prof. Dr. Christian Rauda
Alstertwiete 3
20099 Hamburg
Our data protection officer can be reached at +49 40 537981260 or datenschutz@dpv-analytics.com
III. Storage period
Unless a more specific storage period has been stated within this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.
IV. SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
V. Your rights
1.Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke an already given consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
2. Right to object to the collection of data in specific cases and to direct marketing (Art. 21 GDPR)
If the data processing is based on Art. 6 (1) e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection under Article 21(1) of the GDPR).
If their personal data are processed for the purpose of direct marketing, they have the right to object at any time to the processing of personal data concerning them for the purpose of such marketing; this also applies to the examinee, insofar as it is related to such direct marketing. If they object, their personal data will subsequently no longer be used for the purpose of direct advertising (objection pursuant to Art. 21 (2) GDPR).
3. Right of data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine- readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
4. Information, deletion and correction/supplementation
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if applicable, a right to correction or deletion of this data. For this as well as for further questions on the subject of personal data, you can contact us at any time.
5. Right to restrict processing
You have the right to request the restriction of the processing of your personal data. For this purpose, you can contact us at any time. The right to restriction of processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of erasure.
- If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.
- If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, such data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
6. Objection to advertising e-mails
The use of contact data published within the framework of the imprint obligation for the purpose of sending advertising and information material not expressly requested is hereby prohibited. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.
7. Right of appeal to the competent supervisory authority
If you notice something with which you do not agree, we would be pleased if you give us the chance to find a solution. If this is not possible, you as the person concerned have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement. The right of complaint exists without prejudice to other administrative or judicial remedies. For our company, please refer to the Hamburg Commissioner for Data Protection and Freedom of Information: mailbox@datenschutz.hamburg.de
VI. Data collection on this website
1. Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and browser version
- operating system used
- referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data is not merged with other data sources.
The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of his website – for this purpose, the server log files must be collected.
2. Cookies
We use cookies to operate our website to ensure the technical functionality of our website and to understand how visitors use our website. We also use them to personalise our websites for users and to manage our advertising efforts.
A cookie is a small text file that is stored on your end device when you access our website through your browser. If you call up our website again later, we can read out these cookies again. Cookies are stored for different periods of time. You have the option at any time in your browser to set which cookies it should accept, but this may result in our website no longer functioning properly. Furthermore, you can delete cookies yourself at any time. If you do not do this, we can specify when saving how long a cookie should be stored on your computer. Here we have to distinguish between so-called session cookies and permanent cookies. Session cookies are deleted from your browser when you leave our website or when you close the browser. Persistent cookies are stored for the duration that we specify when storing them.
We use cookies for the following purposes:
- Technically necessary cookies that are required for the use of the functions of our website. Without these cookies, certain functions could not be provided.
- Analytics cookies, which are used to analyze your user behavior. For details, please read the information on “Google Analytics”.
- Third Party Cookies. Third-party cookies are stored by third parties whose features we include on our website to enable certain functions. They can also be used to analyse user behaviour. For details, please read the information on forms, product recommendations and Google Analytics.
Most browsers that our users use allow you to set which cookies should be stored and allow you to delete (certain) cookies again. If you restrict the storage of cookies to certain websites or do not allow cookies from third-party websites, it may under certain circumstances mean that our website can no longer be used to its full extent. Here you will find information on how to adjust the cookie settings for the most common browsers:
- Google Chrome (google.com/chrome/answer/95647?hl=en)
- Internet Explorer (https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d)
- Firefox (https://support.mozilla.org/en-US/kb/third-party-cookies-firefox-tracking-protection)
- Safari (https://support.apple.com/en-gb/guide/safari/sfri11471/mac)
3. Request by e-mail, telephone or fax (including applications)
If you contact us by e-mail, telephone or fax, your enquiry including all personal data arising from it (name, enquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after processing your request has been completed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
4. Contact form
If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested.
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions – in particular retention periods – remain unaffected.
VII. External links
Our website contains links to external Internet sites. We have no influence on externally linked contents and do not assume any liability for them. The respective provider is responsible for the content of the linked pages. At the time of linking, we have checked the pages for possible legal violations. At that time, we were not aware of any illegal content. If we become aware of any legal violations, we will remove the links in question immediately.
VIII. Consent Administration
We use the consent management service Usercentrics, of Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany (Usercentrics). This enables us to obtain and manage the consent of website users for data processing. The processing is necessary for the fulfilment of a legal obligation (Art. 7 para. 1GDPR) to which we are subject (Art. 6 para. 1 p. 1 lit. c GDPR). The following data is processed for this purpose:
- Date and time of access
- Browser information
- Device information
- Geographical location
- Cookie preferences
- URL of the visited page
The functionality of the website is not guaranteed without the processing.
Usercentrics is a recipient of your personal data and acts as a processor for us. The processing takes place in the European Union. For more information on how to object to and remove your data from Usercentrics, please visit: https://usercentrics.com/de/datenschutzerklaerung/.
Please see our general comments above about deleting and disabling cookies.
IX. Other services
The services listed below pass on personal data to recipients in third countries. Third countries in the sense of data protection law are all countries outside the European Union (EU) or the European Economic Area (EEA). Countries whose level of data protection has already been formally recognised as adequate by the EU Commission are excluded.
However, data is only transferred to third countries if this is necessary to fulfil our contractual obligations, is required by law or we have received consent. Beyond that, we do not transfer personal data to countries outside the EU or the EEA or to international organisations.
a. Font Awesome (local hosting)
This site uses Font Awesome for consistent font display. Font Awesome is installed locally. A connection to servers of Fonticons, Inc. does not take place.
For more information about Font Awesome, please see the Font Awesome Privacy Policy at: https://fontawesome.com/privacy .
b. Google services
We use services of the company Google, which is based in the USA, among other places.
Google adopted the standard contractual clauses newly revised by the EU in October 2021 and enables European customers to use its services in a legally secure manner. We have concluded a corresponding agreement and a commissioned data processing contract with Google.
Google Analytics
We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The storage of Google Analytics cookies and the use of this analysis tool are based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in analysing user behaviour in order to optimise both our website and our advertising.
The following data can be collected with Google Analytics:
- Session duration – time spent on a website, after 20 minutes it ends as it is assumed that the user has not closed the page.
- Jump Rate- If someone comes to a page and leaves without interacting, that counts as a jump.
- Orders, creation of accounts
- Viewing contact information
- Viewing ratings
- Playing media
- Updating the page
- Add to favorites
- Content sharing (social media)
- Campaign tracking – analysis of the user’s origin (e.g. e-mail, Google search)
Google Analytics also links this data to search queries and demographic data not collected on this site.
We expressively point out that the information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. If IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link (https://tools.google.com/dlpage/gaoptout?hl=en). Alternatively, you can also follow this link: Deactivate Google Analytics. For more information on terms of use and privacy, please visit www.google.com .
Google Data Studio
We use the software “Google Data Studio” based on Art. 6 para. 1 p. 1 lit. f DS-GVO, to protect our legitimate interests in the analysis, optimization, and economic operation of our online offer, to visualize data regarding user behavior on our website in the form of graphical reports. In doing so, we use data from the web analytics service Google Analytics.
For more information on using Google Data Studio, please visit
https://support.google.com/datastudio/answer/6283323?hl=de&ref_topic=6267740
Google Tag Manager
We use the Google Tag Manager based on Art. 6 para. 1 p. 1 lit. f DS-GVO, to protect our legitimate interests in the analysis, optimization, and economic operation of our online offer, to visualize data regarding user behavior on our website in the form of graphical reports. The Google Tag Manager is an auxiliary service and processes personal data itself only for technically necessary purposes. The Google Tag Manager takes care of loading other components, which in turn may collect data. The Google Tag Manager does not access this data.
For more information about Google Tag Manager, please see Google’s privacy policy.
Google Web Fonts (local hosting)
This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. A connection to Google servers does not take place.
For more information about Google Web Fonts, please visit https://developers.google.com/fonts/faq and read Google’s privacy policy: https://policies.google.com/privacy?hl=en
c. Zoho CRM
Personal data that you have provided to us through a contact form, a contact request (via website, email, telephone, fax or in person), a newsletter subscription or direct business relations are processed and maintained by us with the help of a customer relationship management system (CRM system). We use the customer relationship management system Zoho CRM, a service of ZOHO CORPORATION B. V. (Hoogoorddreef 15, 1101 BA, Amsterdam, The Netherlands). Zoho Corporation Pvt. Ltd (Estancia IT Park, Plot No. 140 & 151, GST Road, Vallancherry Village, Chengalpattu Taluk, Kanchipuram District 603 202, India) is involved in providing Zoho.
Please note that although there is no adequate level of data protection in India as a third country and no adequacy decision by the EU Commission, Zoho Corporation Pvt. Ltd has provided guarantees to ensure an adequate level of data protection. Specifically, we enter into a contract for order processing with ZOHO CORPORATION B. V. and Zoho Corporation Pvt. Ltd based on the EU standard contractual clauses for order processing in third countries. For details about Zoho’s privacy practices and how to protect your personal information, please refer to Zoho’s privacy policy at: https://www.zoho.eu/privacy.html.
dpv-analytics GmbH disclaims all warranties and liability for the use of zoho CRM and any resulting breach of confidentiality to the fullest extent permitted by law.
d. Microsoft Teams
We use Microsoft Teams. In doing so, we process the following data:
- Communication data (e.g. your email address, if you provide it in a personalized way)
- Personal master data (if you specify this yourself)
- Contents of the online meeting (if you appear in person with contributions in speech and / or writing).
- Authentication data
- Log files, log data
- Metadata (e.g. IP address, time of participation, etc.)
- Profile data (e.g. your user name, if you provide this yourself)
Microsoft Teams is part of Microsoft Office 365. Microsoft Teams is a collaboration tool that also includes a video conferencing feature. Microsoft Office is software produced by Microsoft Corporation, One Microsoft Way Redmond, WA 98052-6399 USA. Through the video conferencing feature of Microsoft Teams, we can offer you participation via video / audio. In doing so, we use the following modes in Microsoft Teams: In the normal Teams meeting, audio inputs and video recordings are prevented during the meeting by our Microsoft Teams settings. We carry out the data processing on the basis of a legitimate interest in accordance with Art. 6 (1) f) GDPR. Our legitimate interest for data processing may be a contract initiation or a contractual relationship with you.
Microsoft Teams is part of the Office 365 cloud application, for which a user account must be created. Likewise, Microsoft reserves the right to process customer data for its own business purposes. This poses a data protection risk for Microsoft Teams users. We have entered into data protection agreements and EU standard contracts with the provider Microsoft to guarantee a minimum level of data protection. Please note that we have no control over Microsoft’s data processing activities. To the extent that Microsoft Teams processes personal data in connection with Microsoft’s legitimate business operations, Microsoft is an independent data controller for such use and, as such, is responsible for compliance with all applicable laws and obligations of a data controller.
For more information about the purpose and scope of data collection and processing by Microsoft Teams, please see the Microsoft privacy statements at https://www.microsoft.com/en-us/trust-center/privacy and Microsoft Teams at https://docs.microsoft.com/en-us/microsoftteams/teams-privacy. There you will also find further information about your rights in this regard. Microsoft also processes your personal data in the USA. EU standard contracts with Microsoft on Office 365 and Teams are in place to ensure an adequate level of data protection. The EU Standard Contractual Clauses are available at https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF
The dpv-analytics GmbH disclaims all warranties and liability for any use of Microsoft Teams and any resulting breach of confidentiality to the fullest extent permitted by law.
Patient and data protection information ECG data
You are using the smart digital screening system for atrial fibrillation with the “dpv-ritmo” device. It records your ECG data.
Note: The device is and remains the property of dpv-analytics GmbH. It is only provided temporarily for the purpose of recording data.
These are evaluated by dpv-analytics GmbH, Schloßstraße 12, 22041 Hamburg, Germany, (“dpv”). The ECG data is evaluated by dpv using a screening analysis, which serves the sole purpose of detecting atrial fibrillation. It does not provide any other information from the ECG data such as an infarct analysis. dpv-analytics GmbH is a company founded by physicians. They know that trust is important. Therefore, dpv would like to inform you compactly in the following about what happens with your ECG data at dpv and what rights you have in this respect.
Responsible for the processing of your personal data is:
dpv-analytics GmbH
Schloßstraße 12
22041 Hamburg
Germany
info@dpv-analytics.com
+49 40 3503131-0
dpv processes your personal data only for the purpose of screening atrial fibrillation according to your consent (Art. 6 para. 1 p. 1 lit. a, Art. 9 para. 2 lit. a) GDPR). Your personal data will only be disclosed to third parties if you have expressly consented to such disclosure (Art. 6 para. 1 p. 1 lit. a GDPR) or if data protection law permits such disclosure.
The ECG data collected using the “recorder” attached to your skin are entered directly into dpv’s CE-certified IT system via a USB interface and diagnostically assessed. The data is hosted exclusively on servers located in Germany. Every employee of dpv is subject to medical confidentiality and is instructed on this. dpv uses ECG data in pseudonymized form within the scope of its own research for the development and improvement of its products. The report on the evaluation of the ECG data will be stored by dpv like a medical record for a period of ten (10) years, unless a longer legal retention period applies. The data will not be used by dpv for automated decision making. Any disclosure of this data to third parties requires the consent of the insured person/user. With regard to your data, you may have the rights according to Art. 15 (information), Art. 16 (correction) Art. 17 (deletion), Art. 18 (restriction of processing), Art. 20 (data portability), Art. 21 (right to object) and Art. 77 (right to complain to a supervisory authority) of the EU General Data Protection Regulation. The competent supervisory authority is: The Hamburg Commissioner for Data Protection and Freedom of Information.
Last modified on 26.10.2020