Privacy policy

INTRODUCTION AND TERMS

1. INTRODUCTION

We process personal data in the operation of our web pages www.mycoronaschnelltest.de (hereinafter referred to as “web page”). We treat this data confidentially and process it in accordance with the applicable laws – in particular the Basic Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG). With our data protection regulations we want to inform you which personal data we collect from you, for which purposes and on which legal basis we use them and, if applicable, to whom we disclose them. In addition, we will explain to you what rights you have to protect and enforce your privacy.

2. TERMS

Our data protection regulations contain technical terms used in the DSGVO. For your better understanding, we would like to explain these terms in simple words in advance:

2.1 Personal data

“Personal data” means all information relating to an identified or identifiable person (Art. 4 No. 1 FADP). Information relating to an identified person may, for example, be the name or the e-mail address. However, personal data also includes data for which the identity is not immediately apparent but which can be determined by combining one’s own or third-party information and thus finding out who the person is. A person becomes identifiable, for example, by providing his or her address or bank details, date of birth or user name, IP address and/or location data. Relevant here is all information that in any way allows an inference to a person.

2.2 Processing

Art. 4 No. 2 DSGVO defines “processing” as any operation involving personal data. This applies in particular to the collection, recording, organisation, organisation, filing, storage, adaptation or modification, reading, querying, use, disclosure, transmission, dissemination or any other form of provision, comparison or linkage, restriction, deletion or destruction of personal data.

RESPONSIBLE COMPANY AND DATA PROTECTION OFFICER

3. RESPONSIBLE FOR DATA PROCESSING

Company: medi Produkt & Service GmbH, private practice Schnelltestzentrum Prenzlauer Berg (“we”)

Legal representative: Lutz Grotehöfer (Managing Director medi Produkt & Service GmbH)

Address: Potsdamer Straße 58, 10785 Berlin

Phone: +49 30 – 810 75- 0

e-mail: info@mycoronaschnelltest.de

4. DATA PROTECTION OFFICER

We have appointed a data protection officer for our company.

You can reach him at:

Hendrik Schisler
DEAG German Entertainment AG
Potsdamer Strasse 58
10785 Berlin
Germany

Phone: +49 30-81075-0

e-mail: info@deag.de

PROCESSING FRAME

5. PROCESSING FRAMEWORK: WEBSITE

Within the framework of the website with the URL www.mycoronaschnelltest.de, we process the personal data of you listed in detail under points 6 – 15 below. We only process data of yours that you actively provide on our website (e.g. by filling out forms) or that you automatically provide when you use our offer.

Your data will be processed exclusively by us and will not be sold, lent or passed on to third parties. If we use the help of external service providers to process your personal data, this is done within the framework of so-called order processing, in which we, as the client, are authorised to issue instructions to our contractor. For the operation of our website we use external service providers for hosting, as well as for maintenance, care and further development. Should further external service providers be used for individual processing operations listed in sections 6 – 15, they will be named there.

We host our website at the external provider HostPress GmbH (Bahnhofstr. 34, 66571 Eppelborn, Germany). A data transfer to third countries does not take place and is not planned. We will provide information about exceptions to this principle in the processing operations described below.

THE PROCESSING OPERATIONS IN DETAIL

6. PROVISION OF THE WEBSITE AND SERVER LOG FILES

6.1 Description of processing

Whenever you access the website, we automatically collect information that your browser sends to our server. This information is also stored in the so-called log files of our system. These are the following data:

• Your IP address
• the browser software you use, its version and language
• the operating system you use, if actively sent by the browser
• the website from which you have accessed our website (so-called referrer)
• the sub-pages you have accessed on our website
• the date and time of your visit to our website
• Amount of data transmitted

The temporary storage of your IP address by the system is necessary in order to deliver our website to the end device of a user. For this purpose, the user’s IP address must remain stored for the duration of the session. However, your IP address is not recorded in our log files.

6.2 Purpose

Processing is carried out to enable the website to be accessed and to ensure its stability and security. Furthermore, the processing serves the statistical evaluation and improvement of our online offer.

6.3 Legal basis

The processing is necessary in order to safeguard the controller’s overriding legitimate interests (Art. 6 para. 1 letter f DSGVO). Our legitimate interest lies in the purpose stated in no. 6.2 and, insofar as we require your consent, in Art. 6 para. 1 lit. a DSGVO, which we obtain via a Cookie Consent Tool. 

6.4 Storage period

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. In the case of the collection of data for the purpose of providing the website, this is the case when the relevant session has ended. The log files are deleted after 14 months unless longer retention periods are required by law, particularly in connection with a contractual relationship.

7. CONTACT FORM AND CONTACTING BY E-MAIL

7.1 Description of processing

We have provided a contact form on our website for making contact. In this form you are asked to enter your e-mail address, your name, the subject of your request and a message to us. You can also contact us using the e-mail address provided on the website.

7.2 Purpose

By providing a contact form on our website, we want to offer you a convenient way to get in touch with us. The data transmitted with and in the contact form or your e-mail will be used exclusively for the purpose of processing and answering your request.

7.3 Legal basis

The processing is necessary in order to safeguard the controller’s overriding legitimate interests (Art. 6 para. 1 letter f DSGVO). Our legitimate interest lies in the purpose specified in Section 9.2. If the e-mail contact is aimed at the conclusion or fulfilment of a contract, data processing is carried out for the purpose of fulfilling the contract (Art. 6 para. 1 lit. b DSGVO).

7.4 Storage period

We delete the data as soon as they are no longer required for the purpose for which they were collected. This is usually the case when the respective communication with you has ended. The communication is terminated when it is clear from the circumstances that your request has been finally clarified. If legal retention periods prevent deletion, the data will be deleted immediately after expiry of the legal retention period.

 

8. TEST RESULT – CONSENT TO DIGITAL TEST PROCESSING

8.1 With your consent, we will provide you with the test result in your customer account and inform you conveniently by e-mail as soon as the test result is available. If the test result is negative, we will provide you with a certificate for retrieval. Alternatively, they can receive the test result on site. In this case, they have to wait on site until the test result is available and communicated to them. The waiting time varies depending on the test volume and is on average 10-30 minutes.

8.2 For digital retrieval via your account, we require your consent for Dr. Lars Holmer to transmit your Corona test result to medi Produkt & Service GmbH, for us to store this in your customer account, for this data to be processed on servers in a third country outside the European Union and for us to make the test result available to you for retrieval (digital retrieval). The processing of your test result data is carried out in accordance with our data protection regulations. Your consent is voluntary and you can revoke it at any time by simple declaration (by e-mail to info@mycoronaschnelltest.de).

9. COOKIES

9.1 Description of processing

Our website uses cookies. Cookies are small text files that are stored on the user’s terminal device when a website is visited. Cookies contain information that enables the recognition of a terminal device and possibly certain functions of a website. We distinguish between our own cookies, which are set, for example, when the website is called up, and external cookies, such as those set by advertising service providers and social networks. So-called “session cookies” and “persistent cookies” are used on our website. “Session cookies” are automatically deleted when you end your internet session and close the browser. Persistent cookies remain stored on your end device for a longer period of time. If cookies are technically necessary for the operation of our website, your consent is not required. However, all other cookies are only set after you have actively agreed to the use of cookies via our cookie banner or cookie consent-tool. You can find out which cookies on our website are used for which purpose and how long they are stored on your end device by checking the settings of our cookie banner or cookie consent-tool.

9.2 Purpose

We use cookies to make our website more user-friendly and to offer the functions described in clause 10.1. You can find the exact purpose of the individual cookies in the settings of our cookie banner or cookie content tool.

9.3 Legal basis

The processing is necessary with regard to technically required cookies in order to safeguard the predominant legitimate interests of the data controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in item 1.2. In the case of processing with regard to all other – i.e. non-technically necessary – cookies, the legal basis is consent (Art. 6 para. 1 lit. a DSGVO). Such consent is voluntary.

9.4 Storage period, revocation of consent

Cookies are automatically deleted at the end of a session or when the specified storage period expires. Since cookies are stored on your terminal device, you as a user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies already stored can be deleted. This can also be done automatically. If cookies for our website are deactivated, deleted or restricted, it is possible that individual functions of our website cannot be used or can only be used to a limited extent. You can revoke any consent you may have given to the use of cookies at any time in the settings of the cookie banner or the cookie content tool with effect for the future.

Edit cookie settings here.

9.5 Recipient and transfer to third countries

If third-party cookies are used, data may be transmitted to the corresponding providers of these third-party services. This may also involve a transfer to third countries outside the European Union or the European Economic Area. We provide information about the recipients of data and the transfer of data to third countries in the settings of the cookie banner/cookie content tool or in the corresponding section on the third party service or processing in these data protection provisions. 

SOCIAL NETWORKS

10. FACEBOOK PIXEL

10.1 Description of processing

Our website uses the “Facebook Pixel” service, which is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The “Facebook Pixel” enables us to place advertisements on the social network, which are targeted at those Facebook users who have shown interest in our offer – e.g. through an earlier visit to our website. The “Facebook Pixel” also enables us to track and evaluate the effectiveness and reach of our ads on Facebook by recording whether Facebook users interact with our ads on the social network by clicking on the ads and being redirected to our website. Therefore, when you visit our website, a connection to the Facebook servers is established and the “Facebook pixel” is embedded in our website. In addition, it is possible that Facebook may store a cookie on your end device (see clause 10 above). If you are logged in to Facebook or log in to Facebook later, your visit to our website will be assigned. The data collected about you using the “Facebook Pixel” is anonymous to us. They do not provide us with any conclusions about your person. However, on the part of Facebook a connection to your user profile is possible. Data processing by Facebook is carried out in accordance with the company’s data policy, which can be found at https://www.facebook.com/policy.php.

10.2 Purpose

Processing is carried out in order to carry out targeted online advertising for our own offers and to evaluate their effectiveness and reach.

10.3 Legal basis

Processing is based on consent in accordance with Art. 6 para. 1 letter a DSGVO. This is obtained by us via a cookie banner or cookie content tool. Such consent is voluntary.

10.4 Storage period and objection period; revocation of consent

We have explained the storage period and your control and setting options for cookies in section 10. You can revoke your consent with regard to “Facebook pixels” at any time in the settings of the cookie banner or the cookie content tool with effect for the future. You can object to the collection of data by the “Facebook Pixel” and the use of your data for the display of Facebook advertisements at any time. To do so, you can click on the following opt-out link: Deactivate Facebook

10.5 Recipient and transfer to third countries

By integrating the “Facebook Pixel”, personal data may be transmitted to Facebook. Facebook also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. The Privacy Shield Agreement was declared invalid by the ECJ in July 2020 (ECJ, 16.7.2020 – C-311/18 “Schrems II”). Since then, data processing has been based on the EU standard data protection clauses.

at https://www.privacyshield.gov/EU-US-Framework.

11. DATA PROTECTION REGULATION ON THE USE AND APPLICATION OF OPENSTREETMAP

11.1 Description of processing

This site uses the open source mapping tool “OpenStreetMap” (OSM) via an API. Provider is the OpenStreetMap Foundation. To use the functions of OpenStreetMap it is necessary to store your IP address. This information is usually transferred to an OpenStreetMap server and stored there. The provider of this site has no influence on this data transfer.

11.2 Purpose

OpenStreetMap is used in the interest of an appealing presentation of our online offers and in order to make it easy to find the locations we have indicated on the website. This represents a legitimate interest in the sense of Art. 6 Para. 1 lit. f DSGVO. More information on the handling of user data can be found on the OpenStreetMap data protection page and here http://wiki.openstreetmap.org/wiki/Legal_FAQ.

12. GOOGLE WEBFONTS

12.1 Description of processing

Our website uses “Google Webfonts”, a font substitution service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). With Google Web Fonts, the standard fonts of your end device are replaced with fonts from the Google catalogue when displaying our website. If your browser prevents the integration of Google Web Fonts, the text of our website will be displayed in the standard fonts of your terminal device. The Google fonts are loaded directly from a Google server. In order for this to happen, your browser sends a request to a Google server. As a result, your IP address may also be transmitted to Google in connection with the address of our website. However, Google Web Fonts does not store any cookies on your end device. According to Google, data that is processed as part of the Google Webfonts service is transferred to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not linked to data that may be associated with the use of other Google services such as the search engine of the same name or Gmail. You can find further information on data protection at Google Webfonts at https://developers.google.com/fonts/faq?hl=de-DE&csw=1. General information on data protection at Google is available at http://www.google.com/intl/de-DE/policies/privacy/.

12.2 Purpose

The processing is done to make the text on our website more readable and aesthetically pleasing.

12.3 Legal basis

The processing is necessary in order to safeguard the controller’s overriding legitimate interests (Art. 6 para. 1 letter f DSGVO). Our legitimate interest lies in the purpose stated in item 13.2. 

12.4 Recipient and transmission to third countries

By using Google Web Fonts, personal data may be transmitted to Google. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. The Privacy Shield Agreement was declared invalid by the ECJ in July 2020 (ECJ, 16.7.2020 – C-311/18 “Schrems II”). Since then, data processing has been based on the EU standard data protection clauses.

13. GOOGLE ANALYTICS

13.1 Description of processing

Our website uses “Google Analytics”, a web analysis service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). Google Analytics uses cookies (see clause 10), which enable an analysis of your use of our offer. We use Google Analytics in the version offered, “Universal Analytics”, which allows this analysis across devices by assigning the data to a pseudonymous user ID. The information generated by the cookie is usually transferred to a Google server in the USA and stored there. However, we use Google Analytics exclusively with IP anonymisation. As a result, your IP address is previously shortened by Google within member states of the European Union or in other states which are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google. The statistics created by Google Analytics record, in particular, how many users visit our website, from which country or location the access takes place, which sub-pages are called up and which links or search terms are used to reach our website. The user conditions of Google Analytics can be found at https://marketingplatform.google.com/about/analytics/terms/de/. An overview of data protection at Google Analytics is available at http://www.google.com/intl/de/analytics/learn/privacy.html. The Google data protection declaration can be viewed at https://policies.google.com/privacy?hl=de-DE. 

13.2 Purpose

The processing is done in order to be able to evaluate the use of our website. The information thus obtained is used to improve our online presence and to design it in line with requirements.

13.3 Legal basis

Processing is based on consent in accordance with Art. 6 para. 1 letter a DSGVO. This is obtained by us via a cookie banner or cookie content tool. Such consent is voluntary.

13.4 Recipient and transmission to third countries

Google Analytics is a service provider for us within the scope of an order processing. Google also processes your personal data in the USA and has subjected itself to the EU-US Privacy Shield. The Privacy Shield Agreement was declared invalid by the ECJ in July 2020 (ECJ, 16.7.2020 – C-311/18 “Schrems II”). Since then, data processing has been based on the EU standard data protection clauses.

13.5 Storage period and objection period; withdrawal of consent

We have explained the storage period and your control and setting options for cookies in section 10. You can object to data processing by Google Analytics at any time by downloading and installing the browser add-on offered by Google at https://tools.google.com/dlpage/gaoptout?hl=de. Alternatively, you have the option of clicking on the following link. This will set an opt-out cookie on your end device which will prevent the collection of your data during future visits to this website: Deactivate Google Analytics: The analysis data processed and stored with Google Analytics will be automatically deleted by us after 14 months. You can revoke your consent with regard to Google Analytics at any time in the settings of the cookie banner or the cookie content tool with effect for the future. 

14. GOOGLE TAG MANAGER

Our website uses the “Google Tag Manager”, a service of the company Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). The Google Tag Manager does not collect any personal data and does not set any cookies. This service only enables us to integrate and manage tags on our website. Tags are small code elements on our website that are useful for measuring traffic and visitor behaviour with other tools, for measuring the impact of online advertising and social channels, for using remarketing and targeting, for testing and optimising the website. Further information about the Google Tag Manager can be found here: https://www.google.com/intl/de/tagmanager/use-policy.html

15. GOOGLE ADWORD CONVERSION AND GOOGLE REMARKETING

15.1 Description of processing

Our website uses the “Google Ads Conversion” advertising service, which is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). With the help of Google Adwords Conversions we can place advertisements on external websites in order to draw your attention to our offers. Furthermore, the service enables us to determine the reach and success of individual advertising measures. Our advertisements are delivered by Google via so-called “Ad Servers”. For this purpose, Google uses so-called “Ad Server” cookies, which measure certain parameters to measure success, such as the display of the ads or clicks by users. 

If you reach our website via a Google ad, Google Ads will store a cookie on your end device. These cookies usually expire after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be contacted) are usually stored as analysis values for this cookie.

These cookies enable Google to recognise your internet browser. If a user visits certain pages of an Ads Client’s website and the cookie stored on their computer has not expired, Google and the client can recognise that the user clicked on the ad and was redirected to that page. A different cookie is associated with each AdServer client. As a result, cookies cannot be tracked through the websites of ad clients. We ourselves do not collect and process any personal data in the advertising measures mentioned above. We only receive statistical evaluations from Google. On the basis of these evaluations we can recognise which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material, in particular we cannot identify the users on the basis of this information. 

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of Ads Conversion, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can allocate the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will find out and save your IP address.

You can find further information on data protection at Google here:

http://www.google.com/ and https://services.google.com.

Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org.

15.2 Purpose

Processing is carried out in order to carry out targeted online advertising for our own offers and to evaluate their effectiveness and reach.

15.3 Legal basis

Processing is based on consent in accordance with Art. 6 para. 1 letter a DSGVO. This is obtained by us via a cookie banner or cookie content tool. Such consent is voluntary.

15.4 Storage period and right of objection

You can prevent participation in this tracking procedure in various ways: a) by making appropriate settings in your browser software, in particular by suppressing third-party cookies; b) by installing the plug-in provided by Google under the following link: https://www.google.com/settings/ads/plugin; c) by deactivating the interest-based advertisements of the providers that are part of the self-regulation campaign “About Ads” via the link http://www.aboutads.info/choices, whereby this setting is deleted if you delete your cookies; d) by permanently deactivating them in your Firefox, Internet Explorer or Google Chrome browsers under the link http://www.google.com/settings/ads/plugin, e) by means of an appropriate cookie setting. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent. You can revoke the consent you have given us at any time. Lifetime of cookies: up to 180 days.

15.5 Recipient and transfer to third countries

By integrating Google Ads Conversion and Google Remarketing, personal data may be transmitted to Google. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. The Privacy Shield Agreement was declared invalid by the ECJ in July 2020 (ECJ, 16.7.2020 – C-311/18 “Schrems II”). Since then, data processing has been based on the EU standard data protection clauses.

SECURITY MEASURES

16. SECURITY MEASURES

To protect your personal data from unauthorised access, we have provided our website with an SSL or TLS certificate. SSL stands for “Secure-Sockets-Layer” and TLS for “Transport Layer Security” and encrypts the communication of data between a website and the user’s end device. You can recognise the active SSL or TLS encryption by a small lock logo, which is displayed on the far left in the address line of the browser.

YOUR RIGHTS

17. RIGHTS CONCERNED

With regard to the data processing by our company described above, you are entitled to the following data subject rights:

17.1 Information (Art. 15 DSGVO)

You have the right to ask us to confirm whether we are processing personal data concerning you. If this is the case, you have the right, under the conditions set out in Art. 15 DSGVO, to access this personal data and the other information listed in Art. 15 DSGVO.

17.2 Correction (Art. 16 DSGVO)

You have the right to ask us to correct incorrect personal data concerning you and, if necessary, to complete incomplete personal data without delay.

17.3 Deletion (Art. 17 DSGVO)

You have the right to demand that we delete any personal data relating to you immediately if one of the reasons listed in Art. 17 DSGVO applies, e.g. if your data is no longer required for the purposes we pursue.

17.4 Restriction of data processing (Art. 18 DSGVO)

You have the right to ask us to limit the processing if one of the conditions listed in Art. 18 DSGVO is met, e.g. if you dispute the accuracy of your personal data, the data processing will be limited for the time necessary to allow us to verify the accuracy of your data.

17.5 Data transferability (Art. 20 DSGVO)

You have the right, subject to the conditions set out in Art. 20 DSGVO, to demand the surrender of the data concerning you in a structured, common and machine-readable format.

17.6 Revocation of consent (Art. 7 para. 3 DSGVO)

You have the right to revoke your consent at any time in the event of processing based on consent. The revocation is valid from the time of its assertion. In other words, it is effective for the future. In other words, the revocation of consent does not make the processing unlawful with retroactive effect. 

17.7 Complaint (Art. 77 DSGVO)

Decisions that have legal consequences for you or significantly affect you must not be based solely on automated processing of personal data, including profiling. We inform you that we do not use automated decision making, including profiling, with respect to your personal data.

17.8 Prohibition of automated decision making / profiling (Art. 22 DSGVO)

Decisions that have legal consequences for you or significantly affect you must not be based solely on automated processing of personal data, including profiling. We inform you that we do not use automated decision making, including profiling, with respect to your personal data.

17.9 Opposition (Art. 21 DSGVO)

If we process your personal data on the basis of Art. 6 Para. 1 letter f DSGVO (to safeguard overriding legitimate interests), you have the right to object to this under the conditions set out in Art. 21 DSGVO. However, this only applies insofar as there are reasons arising from your particular situation. Following an objection, we will no longer process your personal data unless we can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms. Nor do we have to stop processing if it serves to assert, exercise or defend legal claims. In any case – also irrespective of any special situation – you have the right to object at any time to the processing of your personal data for direct marketing purposes.

Status December 2020