Privacy policy website and web-app
Table of contents
- Name and address of the person responsible
- Contact details of the data protection officer
- General information about data processing
- Rights of the person concerned
- Provision of the website and creation of log files
- newsletters
- Email contact and contact form
- Application via e-mail and application form
- Company appearances in social and career-oriented networks
- hosting
- Plugins used
- Using cookies
I. Name and address of the person responsible
In simple terms: We are Eterno and want to make medical care more human — for medical practices and patients. Feel free to contact us anytime if you have any questions. The quickest way to do this is via email to datenschutz@eternohealth.de.
Responsible for this website and the web app is:
Eterno Health GmbH
c/o Mindspace
Münzstraße 12
10178 Berlin
datenschutz@eternohealth.de
II. Contact details of the data protection officer
You can contact our data protection officer at
Fresh Compliance GmbH
Schoenhauser Allee 43a
10435 Berlin
III. General information about data processing
1. Scope of processing of personal data
We process personal data from visitors to our websites www.eterno.health, www.eterno.cloud and www.eterno.group In principle, only insofar as this is necessary to provide the website and the content and services available via it. In the following privacy policy, you can find out what we do with your data and why we do this. We will also tell you how we protect your data, when the data will be deleted and what rights you have thanks to data protection.
2. Data deletion and storage period
The personal data of the data subject are generally deleted or blocked as soon as the purpose of the processing no longer applies. Processing may also take place if this has been provided for by European or national legislators. The data will also be blocked or deleted when a storage period prescribed by the above standards expires, unless there is a need for further processing of the data in order to conclude or fulfill a contract.
3. No obligation to provide personal data
If we ask you to provide personal data, you can of course refuse to do so. However, we may then be unable to answer your inquiries or provide you with certain features of our websites. This applies in particular when data is necessary to answer your inquiries (e.g. contact details) or we are required by law to collect data. Mandatory information is marked as such.
IV. Rights of the person concerned
In simple terms, you have many data protection rights. For example, you can ask us what exactly happens to your data. You can also ask us to delete your data at any time. However, due to laws, not all data may be deleted.
You can contact us at any time if you have any questions about your data protection rights or would like to assert your following rights:
Right to information:
You can request information free of charge at any time about the scope, origin and recipients of the stored personal data concerning you and the purpose of storage. If you would like to exercise your right to information, you can contact us or the data protection officer at any time.
Right to data portability:
You can receive the personal data relating to you that you have provided to us in a structured, common and machine-readable format.
Right to rectification:
You have the right to request the immediate correction of incorrect personal data concerning you. In addition, taking into account the purposes of processing, you have the right to request the completion of incomplete personal data.
Right to delete (right to be forgotten):
You can request that we delete the personal data concerning you immediately at any time. This may be subject to certain legal restrictions.
Right to object:
You have the right to object to the processing of personal data concerning you at any time. In the event of an objection, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
Right to withdraw consent:
You can withdraw your consent to the processing of personal data at any time.
Right to lodge a complaint with a supervisory authority:
You also have the right to lodge a complaint with a supervisory authority. An overview of data protection authorities in Germany can be found here. European data protection authorities can here view.
V. Provision of the website and creation of log files
In simple terms: Eterno employs a lot of people who are very familiar with data. We protect your data as best we can so that it doesn't fall into the wrong hands.
1. Description and scope of data processing
If you simply want to browse our website, we do not collect any personal data, with the exception of the data that your browser transmits to enable you to visit the website, in particular:
Information about the browser type and version used (such as Safari or Chrome)
- The user's operating system (e.g. Mac OS)
- The user's IP address (e.g. 95.91.215.example)
- date and time of access
- Websites from which the user's system accesses our website (e.g. google.de)
- Websites that are accessed by the user's system via our website
This data is stored in our system's log files. This data is not stored together with other personal data of the user.
2. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. To do this, the user's IP address must be stored for the duration of the session.
They are stored in log files to ensure the functionality of the website. We also use the data to optimize the website and ensure the security of our information technology systems. There is no evaluation of the data for marketing purposes in this context.
3. Legal basis for data processing
The legal basis for the collection and temporary storage of data is the so-called legitimate interest under Article 6 (1) (f) GDPR, Section 25 (2) No. 2 TDDDG.
4. Storage period
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the data is collected to provide the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or distorted so that it is no longer possible to assign the calling client.
VI. Newsletter
In simple terms: To stop receiving emails from us, tell us whenever you want. You can send us an e-mail for this.
1. Description and scope of data processing
You can subscribe to free newsletters on our website. When you register for the respective newsletter, the data from the input form is sent to us:
- name
- email address
To send newsletters, we use the service provider Mailchimp (Intuit Mailchimp, 405 N Angier Ave. NE, Atlanta, GA 30308 USA). The data is used exclusively for sending the newsletter.
2. Purpose of data processing
The purpose of collecting the user's email address is to deliver the newsletter to their personal email address and to respond to requests for news about our company. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the email address used.
3. Legal basis for data processing
The legal basis for the processing of data after registration for the newsletter by the user is the user's consent and thus Art. 6 (1) (a) GDPR.
4. Storage period
We only store your personal email until you unsubscribe from the newsletter. For this purpose, there is a corresponding link to unsubscribe in every email in our newsletter. This also makes it possible to withdraw consent to the storage of personal data collected during the registration process.
VII. Email contact and contact form
In simple terms: When you send us an email or fill out the contact form, we save everything that is in that email or form. Deletion is usually automatic as soon as we have helped you.
1. Description and scope of data processing
On our website, you can contact us via the e-mail address provided or the contact form. In this case, the user's personal data transmitted with the email will be stored.
2. Purpose of data processing
The data is used exclusively to carry out the conversation and in accordance with the content of the conversation.
3. Legal basis for data processing
If the user has given consent, the legal basis for processing the data is Art. 6 para. 1 lit. a GDPR. The legal basis for processing data transmitted in the course of sending an email is the so-called legitimate interest Art. 6 para. 1 lit. f GDPR. If the email contact is aimed at concluding or executing a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.
4. Storage period
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has finally been clarified.
The user has the option to withdraw his consent to the processing of personal data at any time. If users contact us via email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. Our contact details can be found in chapter I of this privacy policy.
In this case, all personal data that was stored in the course of contacting us will be deleted.
XIII. Application via application form
In simple terms, we receive personal information from you when you apply to us. This may also include data about your health or religious affiliation. You are free to decide whether to provide us with this data. You can also decide otherwise later. However, some data is required in order to be able to consider you in the application process.
1. Description and scope of data processing
An application form is available on our website, which can be used for electronic applications. To provide the application form, we use the personnel and applicant management software Personio from the service provider Personio GmbH, Rundfunkplatz 4, 80335, Munich, Germany.
If an applicant makes use of this option, the data entered in the input mask is sent to us and stored in Personio's personnel and applicant management software. This data is:
- First name
- name
- Telephone/mobile number
- email address
- salary expectation
- cv
- testimonies
- cover letter
- Other personal data that is voluntarily communicated during the application process.
We have also concluded a data protection agreement (order processing) with Personio. For more information, see Personio's privacy policy: https://www.personio.de/datenschutzerklaerung/
Alternatively, you can send us your application via email. In this case, we will collect your email address and the data you provided in the email.
After sending your application, you will receive confirmation of receipt of your application documents by email from us.
2. Purpose of data processing
The processing of personal data from the application form is for us solely to process your application and the associated recruitment decision. The data is used exclusively to process your application and to inform you about relevant job advertisements.
3. Legal basis for data processing
The legal basis for processing your data is the initiation of a contract at the request of the data subject, Art. 6 para. 1 s.1 lit. b alt. 1 GDPR and § 26 para. 1 p. 1 BDSG.
4. Storage period
If an employment contract is concluded, the transmitted data will be stored for the purpose of carrying out the employment relationship - in compliance with legal provisions. If there is no employment, the application documents will be (automatically) deleted no later than six months after completion of the application process, provided that the deletion does not conflict with our legitimate interests or you have not given your explicit consent to longer storage (applicant pool).
IX. Company appearances in social and career-oriented networks
In simple terms: You can also find out about us on Instagram, Facebook, X, YouTube and LinkedIn and write to us.
instagram
Instagram, part of Meta Platforms Ireland Limited (formerly Facebook Ireland Ltd.),
4 Grand Canal Square Grand Canal Harbour, Dublin 2 Ireland
facebook
Meta Platforms Ireland Limited (formerly Facebook Ireland Ltd.),
4 Grand Canal Square Grand Canal Harbour, Dublin 2 Ireland
X (formerly Twitter)
Twitter International Unlimited Company,
One Cumberland Place, Fenian Street, Dublin 2, Ireland
youtube
Google Ireland Limited,
Gordon House, Barrow Street Dublin 4, Ireland
LinkedIn, Unlimited Company Wilton Place, Dublin 2, Ireland
On our company website, we provide information and offer social media users the opportunity to communicate. If you carry out an action on our social media company websites (e.g. comments, posts, likes, etc.), you may make personal data (e.g. real name or photo of your user profile) public as a result. However, as we generally or to a large extent have no influence on the processing of your personal data by the companies co-responsible for the Eterno Health GmbH corporate presence — such as Instagram, Facebook, X, LinkedIn and YouTube, we are unable to provide any binding information about the purpose and scope of the processing of your data.
Our corporate presence in social and career-oriented networks is used for communication and exchange of information with (potential) customers. In particular, we use our corporate presence through social media to draw the attention of patients and potential employees to Eterno Health. The company's presence on LinkedIn is used for applications, information/PR and active sourcing.
The publications about the company website may contain the following content:
● Information about services
● Customer contact
Every user is free to publish personal data through activities. The legal basis for data processing is Art. 6 (1) (a) GDPR.
The data generated by the company website is not stored in our own systems.
Objection options
You can object to the processing of your personal data, which we collect as part of your use of our Instagram, Facebook, Twitter, LinkedIn and YouTube corporate presence, at any time and assert your data subject rights mentioned under IV of this data protection statement. To do so, send us an informal e-mail to datenschutz@eternohealth.de.
You can find further information about the processing of your personal data by Instagram and Facebook and the corresponding objection options here:
https://help.instagram.com/519522125107875
You can find further information about the processing of your personal data by X and the corresponding objection options here:
https://twitter.com/de/privacy
You can find further information about the processing of your personal data by YouTube and the corresponding objection options here:
https://policies.google.com/privacy?gl=DE&hl=de
For more information about LinkedIn's processing of your personal data, please see LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
X. Hosting
In simple terms: In order to be able to provide our website, we need storage space on a server. This server is a powerful computer that is constantly connected to the Internet so that the website can be accessed from anywhere in the world at any time. We rented storage space on this server. When you visit the website, the server stores some of your data.
The website is hosted on servers by a service provider commissioned by us.
Our service provider is Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA
The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The information stored is:
● Browser type and browser version
● Operating system used
● Referrer URL
● Host name of the accessing computer
● Date and time of the server request
● IP address
This data is not combined with other data sources. This data is collected on the basis of Art. 6 para. 1 lit. f DSGVO, § 25 para. 2 no. 2 TDDDG. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website — for this purpose, the server log files must be collected.
The website server is geographically located in the USA. In order to ensure appropriate guarantees to protect the transfer and processing of personal data outside the EU, data transmission to and data processing by Webflow is based on appropriate guarantees in accordance with Art. 46 et seq. GDPR, in particular through the conclusion of so-called standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR. There is currently an adequacy decision between the EU and the USA. For organizations certified within the scope of the EU-U.S. Data Privacy Framework, this confirms that the USA guarantees an adequate level of protection for personal data.
XI. Plug-ins used
In simple terms: In order to be able to offer you as many functions as possible, we use a few plugins. These are building blocks that you add to an existing program to expand its capabilities.
We use plugins for various purposes. The plugins used are listed below. When using our plugins, some personal data is transferred to the USA. Health data and other special categories of personal data under Article 9 GDPR are excluded; these are only processed in the EU. In order to ensure appropriate guarantees to protect the transfer and processing of personal data outside the EU, data transmission to and data processing by appropriate processors is carried out on the basis of appropriate guarantees in accordance with Art. 46 et seq. GDPR, in particular through the conclusion of so-called standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR. There is currently an adequacy decision between the EU and the USA. For organizations certified within the scope of the EU-U.S. Data Privacy Framework, this confirms that the USA guarantees an adequate level of protection for personal data.
The following plugins are used:
- Google Analytics (1600 Amphitheatre Pkwy, Mountain View, CA 94043, United States of America)
- Hotjar Ltd (Level 2, St Julian's Business Centre, 3 Elia Zammit Street, St Julian's STJ 1000, Malta)
XII. Use of cookies
In simple terms: We remember how and when you visit our website. We can also tell in which language you would like to view our website. The technology for this does not come from Eterno, but from other specialized companies.
1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user calls up a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again. We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.
We use the following three types of cookies on our website:
- Required cookies (we need these, e.g. to display the website correctly for you and to cache certain settings)
- Functional and performance-related cookies (these help us, for example, to evaluate technical data about your visit and thus avoid error messages)
- Advertising and analytic cookies (these ensure that, for example, advertising for shoes is displayed if you have previously searched for shoes)
The following data is stored and transmitted in the cookies:
- Use of website functions
- User data collected in this way is anonymized through technical measures. It is therefore no longer possible to assign the data to the calling user. The data is not stored together with other personal data of users.
- Vimeo video player: Vimeo's embeddable video player uses first-party cookies, which are necessary for the user experience. Vimeo does not use third-party analytics or advertising cookies when your video player appears on a third-party website, unless (i) the website visitor is logged into their Vimeo account and (ii) the user who embedded the video hasn't implemented the DNT parameters.
2. Purpose of data processing
The purpose of using technically necessary cookies is to make it easier for users to use websites. Some functions of our website cannot be offered without the use of cookies. For this, it is necessary that the browser is recognized even after a page change.
We need cookies for the following applications:
- Consent Log
The user data collected through technically necessary cookies is not used to create user profiles.
3. Legal basis for data processing
The legal basis for processing personal data using technically necessary cookies is Art. 6 (1) (f) GDPR, Section 25 (2) No. 2 TDDDG.
4. Duration of storage, right of objection and removal
Cookies are stored on the user's computer and transmitted from it to our site. As a user, you therefore also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
Special features of our Eterno web app
In simple terms: We are also asking for a web app. Here you can create a profile to book and prepare medical appointments. But there is much more: If you want, you can also talk to a doctor via video and create a health profile, for example.
Table of contents
- Data processing in the Eterno web app
- Provision of the app and creation of log files
- Using cookies
- Plugins used
I. Data processing in the Eterno Web App
On this page, we inform you about the data protection regulations applicable to the Eterno web application (“app” or “Eterno web app”).
1. Scope of processing
The Eterno web app is an application that
- enables users to manage health data and other data electronically and provides content, and
- Helping healthcare professionals deliver medical services.
Depending on the functionality, Eterno Health provides the Eterno web app to the user either as the person responsible for data protection law or as a contract processor for healthcare professionals.
a) Processing as a responsible person
As the controller, Eterno Health processes the user's personal data when the user uses functionalities of the app or Eterno Health processes personal data via the app for its own purposes or to analyse, improve or market its own services. This applies to the use of the following functionalities or to the following processing processes:
- Registration for the app, including creating and managing the user account.
- Using the some text functionality
- “Appointments.”
- “Medical documents” by the user to manage documents and data, including the transmission of such documents and data to health professionals; doctors can transfer documents and data from the patient record to the “Medical Documents” area.
- “Health portal” for managing health data and other data by the user.
- Video consultation for the user to participate in video consultations.
- “Prepare a medical history” to provide data to healthcare professionals so that they can complete the medical history.
- Carrying out surveys, for example, to analyze user satisfaction with Eterno Health services by sending satisfaction questionnaires via email or by notifying them in the app.
- Provision and use of a chat bot by Eterno Health to enable users to provide feedback, provide customer service services and make it easier for users to use the functionalities of the Eterno Health app and services.
- Intelligent recommendations such as personalized messages or ads about the range of services offered by service providers and/or Eterno Health, or information via email or notification in the app.
b) Processing as contract processor for health professionals
As a contract processor for healthcare professionals, Eterno Health processes the user's personal data when the user uses the following functionalities of the app:
- Appointments for doctor visits or consultations with other health professionals, including initial description of symptoms, including push notifications, emails and SMS reminders of appointments, confirmations, etc.
- Communication with the respective healthcare professional via asynchronous and synchronous communication technology
- Provision of technical resources for health professionals to carry out video consultations
- Provision of invoices from health professionals (only for privately insured users)
- Processing of the data provided by the user using the “Prepare anamnesis” function to fill out the medical history form and its further use as part of the provision of services by the health professional.
Insofar as Eterno processes personal data as a contract processor for healthcare professionals, information on this is derived from their data protection notices.
Within the app, the following data is collected for the purpose of registration:
- name
- First name
- email address
- birthdate
- gender
- Title and title
- address
- Booking reason
- Name of health insurance
- KVZ ID
- KVZ insurance number
- KVZ membership type
- Billing address
- mobile number
- Payment information
- Profile picture (optional)
In addition, Eterno Health processes the following data either as a data protection controller or as a contract processor, depending on the functionality of the app used:
- Reasons to visit a doctor's appointment
- Symptoms of complaints
- Medical history data (for patient questionnaires), including
- blood type
- severe disability
- weight
- sized
- BMI (body mass index)
- cholesterol levels
- blood pressure
- pregnancy
- Recent Complaints
- medicines
- Allergies & Reactions
- Existing diseases & examinations
- surgeries
- family anamnesis
- sustenance
- Sport/ physical activity
- sleep
- Mental health and energy
- Habits some text
- Preferred medical practice
- Preferred doctor
- Prescriptions & referral slip
- Laboratory data, & findings
- Imaging techniques
- Feedback & Support Questions
2. Purpose of processing
As the person responsible, Eterno processes personal data in order to provide users with the functionalities of the app or to analyse, improve or market its own services.
3. Legal basis for processing personal data as a controller
The legal basis for processing by Eterno Health as the person responsible for the user's health data is the user's consent in accordance with Article 6 (1) (a) GDPR in conjunction with Article 9 (2) (a) GDPR.
The legal basis for processing by Eterno Health as the controller of personal data that is not health data is the fulfilment of the contract for the use of the app in accordance with Article 6 (1) (b) GDPR or, when carrying out surveys or marketing, the legitimate interest of Eterno Health in accordance with Article 6 (1) (f) GDPR or the user's consent in accordance with Article 6 (1) (1) (a) GDPR.
4. Storage period
Until the user account is deleted, personal data will be stored exclusively for the purposes mentioned above. When the user deletes the account, all data whose receipt is not necessary to fulfill legal storage obligations or to assert, exercise or defend legal claims will be removed.
A revocation of consent or objection to data processing can be made informally at any time by e-mail to datenschutz@eternohealth.de.
5. Recipients of personal data
In simple terms: We work with other companies to ensure that our web app always works correctly. Data is also exchanged, for example when there are errors or the web app is slow. Without data exchange, Eterno doesn't work.
In order to provide all services, contract processors are engaged to take over partial services. In addition to the order processors listed under “Plugins used”, the following order processors are commissioned to deliver appointment reminders & appointment bookings:
- Doc Cirrus GmbH, Pohlstraße 20, 10785 Berlin (patient management system)
- Twilio Ireland Limited, 25-28 North Wall Quay, Dublin 1, Ireland (appointment notifications via email and SMS)
- Arztservice Wente GmbH, Frankfurter Landstraße 117, 64291 Darmstadt, Germany (patient management system)
- Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg (cloud and hosting services — hosted exclusively in Germany)
In this context, we also refer to the List of contract data processors.
II. Provision of the web app and creation of log files
In simple terms: In order for you to be able to use the web app, you need to process some of your data.
1. Description and scope of data processing
Each time you use our app, the system automatically collects data and information from the calling device.
Where possible, the following data is collected:
- Information about the browser type and version used
- The user's operating system
- The user's device
- The user's IP address
- date and time of access
This data is stored in the system's log files. This data is not stored together with other personal data of the user.
The app is hosted on servers by a service provider commissioned by us. Our service provider is:
Amazon Web Services EMEA Sàrl, 38 Avenue John F. Kennedy, L 1885 Luxembourg. The app's server is located within Germany.
2. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the app to the user's device. To do this, the user's IP address must be stored for the duration of the session.
They are stored in log files to ensure that the app works. We also use the data to optimize the app and ensure the security of our information technology systems. There is no evaluation of the data for marketing purposes in this context.
3. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 (1) (b) GDPR, Section 25 (2) No. 2 TDDDG.
4. Storage period
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the users' IP addresses are deleted or distorted so that it is no longer possible to assign the calling client.
III. Use of cookies
In simple terms: We remember how and when you visit our web app. To do this, we work together with other companies.
1. Description, scope and purpose of data processing
Our app uses cookies. The purpose of using these cookies is to provide you with optimal user experience and to “remember” you so that we can present you with as varied a website and new content as possible on your next visit. The content of a cookie is limited to an identification number.
The following data is stored and transmitted in cookies:
- language settings
- Log-in information
- performance data
- user behavior
User data collected in this way is anonymized through technical measures. It is therefore no longer possible to assign the data to the calling user. The data is not stored together with other personal data of users.
2. Legal basis for data processing
With your declaration of consent, the legal basis for processing personal data using analytical or marketing cookies is Art. 6 (1) (a) GDPR.
The legal basis for processing personal data using technically necessary cookies is Art. 6 (1) (f) GDPR.
3. Duration of storage, right of objection and removal
Cookies are stored on the user's device and transmitted from it to our app. As a user, you therefore also have full control over the use of cookies. By changing the settings on your device, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our app, it may no longer be possible to use all functions of the app to their full extent.
IV. Plug-ins used
In simple language: We also use extensions in the web app to improve the functions of the programs.
We use plugins for various purposes. The plugins used are listed below. When using our plugins, some personal data is transferred to the USA. Health data and other special categories of personal data under Article 9 GDPR are excluded; these are only processed in the EU. In order to ensure appropriate guarantees to protect the transfer and processing of personal data outside the EU, data transmission to and data processing by appropriate processors is carried out on the basis of appropriate guarantees in accordance with Art. 46 et seq. GDPR, in particular through the conclusion of so-called standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR. There is currently an adequacy decision between the EU and the USA. For organizations certified within the scope of the EU-U.S. Data Privacy Framework, this confirms that the USA guarantees an adequate level of protection for personal data.
The following plugins are used:
- Google Analytics (1600 Amphitheatre Pkwy, Mountain View, CA 94043, United States of America)
- Hotjar Ltd (Level 2, St Julian's Business Centre, 3 Elia Zammit Street, St Julian's STJ 1000, Malta)
In einfachen Worten: Wir bitten auch eine Web-App an. Hier haben Sie die Möglichkeit, ein Profil zu erstellen, um Arzttermine zu buchen und vorzubereiten. Es geht allerdings noch viel mehr: Wenn Sie möchten, dann können Sie beispielsweise auch über Video mit einem Arzt sprechen und ein Gesundheitsprofil erstellen.
I. Datenverarbeitung in der Eterno Web App
Auf dieser Seite informieren wir Sie über die für die Eterno Web-Applikation ("App" oder „Eterno Web-App“) geltenden Datenschutzbestimmungen.
1. Umfang der Verarbeitung
Die Eterno Web-App ist eine Applikation, die
- Nutzern die elektronische Verwaltung von Gesundheitsdaten und anderen Daten ermöglicht sowie Inhalte bereitstellt und
- Gesundheitsfachkräfte bei der Erbringung medizinischer Dienstleistungen unterstützt.
Je nach Funktionalität stellt Eterno Health die Eterno Web-App dem Nutzer entweder als datenschutzrechtlich Verantwortlicher oder als Auftragsverarbeiter der Gesundheitsfachkräfte bereit.
a) Verarbeitung als Verantwortlicher
Als Verantwortlicher verarbeitet Eterno Health personenbezogene Daten des Nutzers, wenn der Nutzer Funktionalitäten der App nutzt oder Eterno Health über die App personenbezogene Daten für eigene Zwecke verarbeitet oder um die eigenen Leistungen zu analysieren, zu verbessern oder zu vermarkten. Dies gilt bei der Nutzung folgender Funktionalitäten bzw. bei folgenden Verarbeitungsvorgängen:
- Registrierung für die App, einschließlich Anlegen und Verwalten des Nutzerkontos.
- Nutzung der Funktionalität some text
- „Termine“.
- „Medizinische Dokumente“ durch den Nutzer zur Verwaltung von Dokumenten und Daten, einschließlich. der Übermittlung solcher Dokumente und Daten an Gesundheitsfachkräfte; Ärzte können in den Bereich „Medizinische Dokumente“ Dokumente und Daten aus der Patientenakte übertragen.
- „Gesundheitsportal“ zum Verwalten von Gesundheitsdaten und anderen Daten durch den Nutzer.
- Videosprechstunde zur Teilnahme an Videosprechstunden durch den Nutzer.
- „Anamnese vorbereiten“ zur Bereitstellung von Daten für Gesundheitsfachfachkräfte, damit diese die Anamnese durchführen können.
- Durchführung von Umfragen z.B. zur Analyse der Zufriedenheit der Nutzer mit den Eterno Health-Diensten durch das Versenden von Fragebögen zur Zufriedenheit per E-Mail oder durch Benachrichtigung in der App.
- Bereitstellung und Nutzung eines Chat-Bots durch Eterno Health, um Nutzern zu ermöglichen, Feedback zu geben, Kundenserviceleisten zu erbringen und Nutzern die Nutzung der Funktionalitäten der App und Leistungen von Eterno Health zu erleichtern.
- Intelligente Empfehlungen wie personalisierte Nachrichten oder Anzeigen über das Dienstleistungsangebot von Leistungserbringern und/oder Eterno Health oder Informationen per E-Mail oder durch Benachrichtigung in der App.
- Sofern Sie explizit dazu eingewilligt haben: Verarbeitung der personenbezogenen Daten, einschließlich Gesundheitsdaten aus Ihrem Profil, im Rahmen eines sogenannten „lernenden Gesundheitswesens“. Ihre Daten können dabei für die Produktentwicklung und Versorgungsforschung verwendet werden, wobei eine Pseudonymisierung erfolgt, um Ihre Identität zu schützen.
b) Verarbeitung als Auftragsverarbeiter der Gesundheitsfachkräfte
Als Auftragsverarbeiter der Gesundheitsfachkräfte verarbeitet Eterno Health personenbezogene Daten des Nutzers, wenn der Nutzer folgende Funktionalitäten der App nutzt:
- Terminbuchungen für Arztbesuche oder die Konsultation anderer Gesundheitsfachkräfte inkl. erste Beschreibung von Symptomen, einschl. Push-Benachrichtigungen, E-Mails und SMS zur Erinnerung an Termine, Bestätigungen, etc.
- Kommunikation mit der jeweiligen Gesundheitsfachkraft über asynchrone und synchrone Kommunikationstechnik
- Bereitstellung der technischen Mittel für die Gesundheitsfachkraft zur Durchführung von Videosprechstunden
- Bereitstellung von Rechnungen der Gesundheitsfachkräfte (nur bei privat versicherten Nutzern)
- Verarbeitung der über die Funktionalität „Anamnese vorbereiten“ vom Nutzer bereitgestellten Daten zum Ausfüllen des Anamnesebogens und dessen weiteren Nutzung im Rahmen der Leistungserbringung durch die Gesundheitsfachkraft.
Soweit Eterno personenbezogene Daten als Auftragsverarbeiter der Gesundheitsfachkräfte verarbeitet, ergeben sich Informationen dazu aus deren Datenschutzhinweisen.
Innerhalb der App werden folgende Daten zum Zwecke der Registrierung erhoben:
- Name
- Vorname
- E-Mail-Adresse
- Geburtsdatum
- Geschlecht
- Anrede und Titel
- Adresse
- Buchungsanlass
- Name der Krankenversicherung
- KVZ ID
- KVZ-Versichertennummer
- KVZ-Mitgliedsart
- Rechnungsadresse
- Handynummer
- Bezahlinformationen
- Profilbild (optional)
Des Weiteren verarbeitet Eterno Health folgende Daten entweder als datenschutzrechtlich Verantwortlicher oder als Auftragsverarbeiter, je nach genutzter Funktionalität der App:
- Besuchsgründe für Arzttermin
- Symptome bei Beschwerden
- Anamnesedaten (für Patientenfragebogen), dazu zählen u.a.
- Blutgruppe
- Schwerbehinderung
- Gewicht
- Größe
- BMI (Body Mass Index)
- Cholesterinspiegel
- Blutdruck
- Schwangerschaft
- Aktuelle Beschwerden
- Medikamente
- Allergien & Reaktionen
- Bestehende Erkrankungen & Untersuchungen
- Operationen
- Familienanamnese
- Ernährung
- Sport/ Körperliche Betätigung
- Schlaf
- Mentale Gesundheit und Energie
- Gewohnheitensome text
- Präferierte Arztpraxis
- Präferierter Arzt
- Rezepte & Überweisungsschein
- Labor Daten, & Befunde
- Bildgebende verfahren
- Feedback & Support-Fragen
2. Zweck der Verarbeitung
Eterno verarbeitet personenbezogene Daten als Verantwortlicher, um Nutzern die Funktionalitäten der App bereitzustellen oder die eigenen Leistungen zu analysieren, zu verbessern oder zu vermarkten.
3. Rechtsgrundlage für die Verarbeitung personenbezogener Daten als Verantwortlicher
Rechtsgrundlage für die Verarbeitung durch Eterno Health als Verantwortlicher von Gesundheitsdaten des Nutzers ist die Einwilligung des Nutzers gem. Art. 6 Abs. 1 S. 1 lit. a DSGVO i. V. m. Art. 9 Abs. 2 lit. a DSGVO.
Rechtsgrundlage für die Verarbeitung durch Eterno Health als Verantwortlicher von personenbezogenen Daten, die keine Gesundheitsdaten sind, ist die Erfüllung des Vertrags über die Nutzung der App gem. Art. 6 Abs. 1 S. 1 lit. b DSGVO bzw. bei der Durchführung von Umfragen oder Vermarktung das berechtigte Interesse von Eterno Health nach Art. 6 Abs. 1 S. 1 lit. f DSGVO oder die Einwilligung des Nutzers gem. Art. 6 Abs. 1 S. 1 lit. a DSGVO.
4. Dauer der Speicherung
Die personenbezogenen Daten werden bis zur Löschung des Nutzerkontos ausschließlich zum oben genannten Zwecke gespeichert. Mit der Löschung des Accounts durch den Nutzer werden alle Daten entfernt, deren Erhalt nicht zur Erfüllung gesetzlicher Aufbewahrungspflichten oder zur Geltendmachung, Ausübung oder Verteidigung von Rechtsansprüchen erforderlich ist.
Ein Widerruf zur Einwilligung oder Widerspruch der Datenverarbeitung kann jederzeit formlos per E-Mail an datenschutz@eternohealth.de erfolgen.
5. Empfänger personenbezogener Daten
In einfachen Worten: Wir arbeiten mit anderen Firmen zusammen, damit unsere Web-App immer richtig funktioniert. Dabei werden auch Daten ausgetauscht, bspw. wenn es Fehler gibt oder die Web-App langsam ist. Ohne Datenaustausch funktioniert Eterno nicht.
Zur Bereitstellung aller Services werden Auftragsverarbeiter zur Übernahme von Teilleistungen eingeschaltet. Neben den Auftragsverarbeitern, die unter “Verwendete Plugins“ gelistet sind, werden folgende Auftragsverarbeiter zur Zustellung von Terminerinnerungen & Terminbuchungen beauftragt:
- Doc Cirrus GmbH, Pohlstraße 20, 10785 Berlin (Patientenverwaltungssystem)
- Twilio Ireland Limited, 25-28 North Wall Quay, Dublin 1, Ireland (Terminbenachrichtigungen per Email und SMS)
- Arztservice Wente GmbH, Frankfurter Landstraße 117, 64291 Darmstadt, Germany (Patientenverwaltungssystem)
- Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg (Cloud- und Hosting-Dienste - ausschließlich in Deutschland gehostet)
In diesem Kontext verweisen wir auch auf das Verzeichnis der Auftragsdatenverarbeiter.
II. Bereitstellung der Web-App und Erstellung der Logfiles
In einfachen Worten: Damit Sie die Web-App nutzen können, müssen einige Daten von Ihnen verarbeitet werden.
1. Beschreibung und Umfang der Datenverarbeitung
Bei jeder Nutzung unserer App erfasst das System automatisiert Daten und Informationen vom aufrufenden Endgerät.
Folgende Daten werden hierbei erhoben, wenn möglich:
- Informationen über den Browsertyp und die verwendete Version
- Betriebssystem des Nutzers
- Gerät des Benutzers
- IP-Adresse des Nutzers
- Datum und Uhrzeit des Zugriffs
Diese Daten werden in den Logfiles des Systems gespeichert. Eine Speicherung dieser Daten zusammen mit anderen personenbezogenen Daten des Nutzers findet nicht statt.
Die App wird auf Servern von einem durch uns beauftragten Dienstleister gehostet. Unser Dienstleister ist:
Amazon Web Services EMEA Sàrl, 38 Avenue John F. Kennedy, L 1885 Luxemburg. Der Standort des Servers der App liegt innerhalb Deutschlands.
2. Zweck der Datenverarbeitung
Die vorübergehende Speicherung der IP-Adresse durch das System ist notwendig, um eine Auslieferung der App an das Endgerät des Nutzers zu ermöglichen. Hierfür muss die IP-Adresse des Nutzers für die Dauer der Sitzung gespeichert bleiben.
Die Speicherung in Logfiles erfolgt, um die Funktionsfähigkeit der Appsicherzustellen. Zudem dienen uns die Daten zur Optimierung der App und zur Sicherstellung der Sicherheit unserer informationstechnischen Systeme. Eine Auswertung der Daten zu Marketingzwecken findet in diesem Zusammenhang nicht statt.
3. Rechtsgrundlage für die Datenverarbeitung
Rechtsgrundlage für die vorübergehende Speicherung der Daten und der Logfiles ist Art. 6 Abs. 1 S. 1 lit. b DSGVO, § 25 Abs. 2 Nr. 2 TDDDG.
4. Dauer der Speicherung
Die Daten werden gelöscht, sobald sie für die Erreichung des Zweckes ihrer Erhebung nicht mehr erforderlich sind. Im Falle der Speicherung der Daten in Logfiles ist dies nach spätestens sieben Tagen der Fall. Eine darüberhinausgehende Speicherung ist möglich. In diesem Fall werden die IP-Adressen der Nutzer gelöscht oder verfremdet, sodass eine Zuordnung des aufrufenden Clients nicht mehr möglich ist.
III. Verwendung von Cookies
In einfachen Worten: Wir merken uns, wie und wann Sie uns Sie unsere Web-App besuchen. Dazu arbeiten wir mit anderen Firmen zusammen.
1. Beschreibung, Umfang und Zweck der Datenverarbeitung
Unsere App verwendet Cookies. Der Zweck des Einsatzes dieser Cookies besteht darin, Ihnen eine optimale Benutzerführung zu bieten sowie sich an Sie „zu erinnern“, um Ihnen bei Ihrem nächsten Besuch eine möglichst abwechslungsreiche Internetseite und neue Inhalte präsentieren zu können. Der Inhalt eines Cookies beschränkt sich auf eine Identifikationsnummer.
In Cookies werden dabei folgende Daten gespeichert und übermittelt:
- Spracheinstellungen
- Log-In-Informationen
- Performancedaten
- Nutzerverhalten
Die auf diese Weise erhobenen Daten der Nutzer werden durch technische Vorkehrungen anonymisiert. Daher ist eine Zuordnung der Daten zum aufrufenden Nutzer nicht mehr möglich. Die Daten werden nicht gemeinsam mit sonstigen personenbezogenen Daten der Nutzer gespeichert.
2. Rechtsgrundlage für die Datenverarbeitung
Die Rechtsgrundlage für die Verarbeitung personenbezogener Daten unter Verwendung von Analyse- oder Marketingcookies ist mit Ihrer Einwilligungserklärung Art. 6 Abs. 1 S. 1 lit. a DSGVO.
Die Rechtsgrundlage für die Verarbeitung personenbezogener Daten unter Verwendung technisch notwendiger Cookies ist Art. 6 Abs. 1 S. 1 lit. f DSGVO.
3. Dauer der Speicherung, Widerspruchs- und Beseitigungsmöglichkeit
Cookies werden auf dem Gerät des Nutzers gespeichert und von diesem an unsere App übermittelt. Daher haben Sie als Nutzer auch die volle Kontrolle über die Verwendung von Cookies. Durch eine Änderung der Einstellungen auf Ihrem Gerät können Sie die Übertragung von Cookies deaktivieren odereinschränken. Bereits gespeicherte Cookies können jederzeit gelöscht werden. Dies kann auch automatisiert erfolgen. Werden Cookies für unsere App deaktiviert, können möglicherweise nicht mehr alle Funktionen der App vollumfänglich genutzt werden.
IV. Verwendete Plugins
In einfacher Sprache: Auch in der Web-App verwenden wir Erweiterungen, um die Funktionen der Programme zu verbessern.
Wir nutzen zu verschiedenen Zwecken Plugins. Die verwendeten Plugins sind im Folgenden aufgeführt. Bei der Nutzung unserer Plugins erfolgt zum Teil ein Datentransfer personenbezogener Daten in die USA. Gesundheitsdaten und sonstige besondere Kategorien personenbezogener Daten nach Art. 9 DSGVO sind dabei ausgenommen, diese werden nur in der EU verarbeitet. Zur Gewährleistung von geeigneten Garantien zum Schutz der Übermittlung und der Verarbeitung personenbezogener Daten außerhalb der EU erfolgt die Datenübermittlung an und Datenverarbeitung durch entsprechende Auftragsverarbeiter auf Basis geeigneter Garantien nach Art. 46 ff. DSGVO, insbesondere durch den Abschluss von sogenannten Standarddatenschutzklauseln nach Art. 46 Abs. 2 lit. c DSGVO. Derzeit besteht zwischen der EU und den USA ein Angemessenheitsbeschluss. Dieser bestätigt für im Anwendungsbereich des EU-U.S. Data Privacy Framework zertifizierte Organisationen, dass die USA ein angemessenes Schutzniveau für personenbezogene Daten gewährleisten.
Folgende Plugins werden verwendet:
- Matomo (InnoCraft Limited, 7 Waterloo Quay, PO625, 6140 Wellington, New Zealand)