Welcome to our website and thank you for your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with the applicable legal provisions for the protection of personal data, especially the EU General Data Protection Regulation (GDPR) and the country-specific laws applicable to us. With this privacy notice, we inform you comprehensively about the processing of your personal data by myon clinic GmbH (hereinafter referred to as "myon.clinic") when you use our website and about your rights.
Personal data includes all information that enables the identification of a natural person. This includes, in particular, your name, date of birth, address, phone number, email address, and IP address. Data is considered anonymous if no personal reference to the user can be established.
Mailing Address:
Balanstraße. 71a
81541 Munich
E | sales@myon.clinic
Dr. Sebastian Kraska
Marienplatz 2
80331 München
Tel.: +49 89 18917360
E-Mail: email@iitr.de
Firstly, we would like to inform you about your rights as a data subject. These rights are set out in Articles 15 – 22 GDPR and include:
– The right of access (Art. 15 GDPR)
– The right to rectification (Art. 16 GDPR)
– The right to erasure / right to be forgotten (Art. 17 GDPR)
– The right to restriction of data processing (Art. 18 GDPR)
– The right to data portability (Art. 20 GDPR)
– The right to object to data processing (Art. 21 GDPR)
To exercise these rights, please contact: privacy@myon.clinic. The same applies if you have questions about data processing in our company or if you wish to withdraw your consent. You also have the right to lodge a complaint with the competent data protection supervisory authority.
To exercise these rights, please contact: privacy@myon.clinic. The same applies if you have questions about data processing in our company or if you wish to withdraw your consent. You also have the right to lodge a complaint with the competent data protection supervisory authority.
Please note the following in relation to your right to object: If we process your personal data for direct marketing purposes, you have the right to object to this processing at any time without stating reasons. This also applies to profiling, insofar as it is related to direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection is free of charge and can be made informally to the following address: privacy@myon.clinic. If we process your data to protect legitimate interests, you can object to this processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. We will then cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or the processing is for the assertion, exercise, or defense of legal claims.
The processing of your personal data is carried out in accordance with the provisions of the GDPR and all other applicable data protection regulations. The legal bases for data processing arise, in particular, from Art. 6 GDPR. We use your data for business initiation, to fulfill contractual and legal obligations, to carry out the contractual relationship, to offer products and services, and to strengthen customer relationships, including marketing and direct marketing. Your consent also constitutes a permission to data processing under the Data Protection Act. In this context, we will inform you about the purpose of the data processing and your right to withdraw consent. If consent also covers the processing of special categories of personal data, we will expressly point this out to you within the consent process. Processing of special categories of personal data within the meaning of Art. 9 (1) GDPR may only occur if it is required by legal provisions and there is no reason to assume that your legitimate interests outweigh the processing or you have given your consent to the processing of these data pursuant to Art. 9 (2) GDPR.
We will only pass on your data within the scope of the legal provisions or based on your consent to third parties. In all other cases, no data will be disclosed to third parties unless we are obliged to do so due to mandatory legal provisions (disclosure to external bodies including supervisory authorities or law enforcement authorities).
Within our organization, we ensure that only those persons who need the relevant data to fulfill their contractual and legal obligations are authorized to handle personal data. In many cases, service providers support our specialist departments in fulfilling their tasks. The necessary data protection contracts have been concluded with all service providers.
Data is only transferred to third countries (outside the European Union or the European Economic Area) if this is required by law or if you have given us your consent. We transfer your personal data as follows to service providers or group companies outside the European Economic Area: United States of America. In such cases, the required level of data protection is ensured by EU standard contractual clauses and the binding corporate data protection rules of the service provider according to the established data protection contracts. Google services may transfer data to countries outside the EU/EEA (third country data transfer) as part of processing for the aforementioned purposes, e.g., to the USA. Countries outside the European Economic Area may not provide a data protection level comparable to European standards. Such countries, for which the Commission has not expressly established that they offer an adequate level of data protection, are referred to as "unsafe third countries". There is therefore an increased risk that government authorities may access this data. We have no influence on these processing activities.
We store your data as long as it is necessary for the respective processing. Please note that numerous retention periods require the storage of data for a specific period. This particularly concerns retention obligations under commercial or tax law (e.g., Commercial Code, Tax Code, etc.). The data will be routinely deleted after use unless it is necessary for further retention. We may also store data if you have given us your consent or in case of legal disputes and we use the evidence within the statutory limitation period which can be up to 30 years; the regular limitation period is 3 years.
We use appropriate technical and organizational security measures to optimally protect the data stored with us against accidental or intentional manipulation, loss, destruction, or unauthorized access by third parties. The security levels are continuously reviewed in collaboration with security experts and adapted to new security standards. Data exchange to and from our website is encrypted. We provide https as the transmission protocol for our website and always use current encryption protocols. If you use the contact form on our website to get in touch with us, the contents will be transmitted via https to a secure server from Site Ground where the data of the form is stored in an encrypted database. Site Ground employees do not have direct access to this data. It is also possible to use alternative communication channels.
For the establishment, execution, and termination of obligations and the fulfillment of the associated contractual and legal obligations, a range of personal data is required. The same applies to the use of our website and the various functions we offer. We have summarized the relevant details above. In some cases, legal provisions require data to be collected or made available. Please note that it will not be possible to process your request or fulfill the underlying contractual obligation without this information.
The data we process are defined by the respective context: They depend on whether you enter a request in our contact form, send us an application, or submit a complaint. Please note that we may also provide specific information at certain points for specific processing situations, such as when downloading our flyer or submitting a contact request.
When you visit our website, we collect and process the following data:
– Your IP address, which is immediately shortened by removing the last two digits
– The URL and title of the page you are viewing
– The browser you are using (name)
– Viewport or viewing area (the size of the browser window)
– Your screen resolution
– Whether Java is enabled or not
– The language enabled in your browser
For technical security reasons (particularly to protect against attacks on our web server), these data are stored in accordance with § 6 (1) S. 1 lit. f GDPR. Anonymization is carried out immediately by shortening the IP address so that no reference to the user can be established.
The provider is Webflow Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter Webflow). When you visit our website, Webflow collects various log files including your IP addresses. Webflow is a tool for creating and hosting websites. Webflow stores cookies or other recognition technologies necessary for the display of the site, to provide certain website functionalities, and to ensure security (necessary cookies). For details, please refer to the Webflow Privacy Policy: [Webflow Privacy Policy](https://webflow.com/legal/eu-privacy-policy).
The use of Webflow is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in the most reliable representation of our website. If appropriate consent has been requested, processing is based exclusively on Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time. The data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: [Webflow Privacy Policy] (https://webflow.com/legal/eu-privacy-policy)
We use Sendgrid for sending emails. The provider is Sendgrid Inc., located at 1801 CaliforniaStreet, Suite 500, Denver, CO 80202, USA. Sendgrid is a service that can organize the sending of emails. Sendgrid is used to send confirmation emails, transaction confirmations, and emails with important information related to inquiries. The data you enter for the purpose of receiving emails will be stored on Sendgrid's servers. When we send emails on your behalf via SendGrid, we use an SSL-secured connection. For all services requiring email communication, communication is received directly by SendGrid and then forwarded to our servers. For analytical purposes, the emails sent via SendGrid contain a so-called "tracking pixel" that connects to Sendgrid's servers when the email is opened. This allows us to determine whether an email message has been opened. Legal basis: Data processing is based on your consent(Art. 6 (1) lit. a GDPR). You can revoke this consent at any time. The lawfulness of the data processing operations already carried out remainsunaffected by the revocation. Storage duration: The data you provide to us forthe purpose of receiving emails will be stored by us until you unsubscribe fromthe services and will be deleted from our servers as well as from the servers of Sendgrid after you unsubscribe. Please note that your data will usually betransmitted to a SendGrid server in the USA and stored there. We have concluded a contract with Sendgrid that contains the EU standard contractual clauses.This ensures a level of protection comparable to that in the EU. SendGrid(Privacy Policy): [SendGrid Privacy Policy](https://sendgrid.com/resource/general-data-protection-regulation-2/
We use Google Fonts from Google Inc. on our website. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible. We have integrated the Google fonts locally on our web server – not on Google's servers. This means there is no connection to Google servers and therefore no data transmission or storage. This is an interactive directory with over 800 fonts provided by Google for free. However, to prevent any data transmission to Google servers, we have downloaded the fonts to our server. This way, we act in compliance with data protection regulations and do not send any data to Google Fonts.
We use the consent management service Cookiebot from Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (Usercentrics). This allows us to obtain and manage the consent of website users for data processing. The processing is necessary to fulfill a legal obligation (Art. 7 (1) GDPR) to which we are subject (Art. 6 (1) S. 1 lit. c GDPR). The following data are processed with the help of cookies:
- Your IP address (the last three digits are set to '0')
- Date and time of consent
- Browser information
- URL from which the consent was sent
- An anonymous, random, and encrypted key
- Your end-user consent status as proof of consent
The key and consent status are stored in the browser for 12 months using the cookie "CookieConsent". This keeps your cookie preference for subsequent page requests. The functionality of the website is not guaranteed without the processing. If you activate the "Bulk Consent" service feature to activate consent for multiple websites with a single end-user consent, the service will also store a separate random unique ID with your consent. If all the following criteria are met, this key is stored in the third-party cookie "CookieConsentBulkTicket" in your browser in encrypted form:
- You activate the bulk consent function in the service configuration.
- You allow third-party cookies via browser settings.
- You have disabled "Do Not Track" via browser settings.
- You accept all or at least certain types of cookies when giving consent.
Usercentrics is the recipient of your personal data and acts as a processor on our behalf. The processing takes place in the European Union. For more information on Usercentrics' objection and removal options, please visit: [Cookiebot Privacy Policy](https://www.cookiebot.com/de/privacy-policy/).
Your personal data will be continuously deleted after 12 months or immediately after the termination of the contract between us and Usercentrics. Please refer to our general instructions on the deletion and deactivation of cookies above.
On our website, you have access to a contact form that you can use to get in touch with us electronically. If you write to us via the contact form, we process the data you provide in the contact form to answer your questions and requests. We respect the principle of data minimization and data avoidance, so you only need to provide the information necessary for contacting you, namely your name, title, email address, and the nature of your request. Your IP address is also processed for technical reasons and for legal protection (and immediately shortened). All other information is voluntary and optional (e.g., for a more detailed response to your questions). If you contact us by email, we will only process the personal data provided in the email for the purpose of processing your request.
On our website, you have the option to book appointments with us. For scheduling appointments, we use the tool "Calendly". The provider is Calendly LLC, 271 17th StNW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter "Calendly").For the purpose of booking an appointment, you enter the requested data and your desired appointment in the provided form. The entered data will be used for planning, conducting, and, if necessary, for follow-up on the appointment.The appointment data will be stored for us on Calendly's servers, whose privacy policy you can view here: [Calendly Privacy Policy] https://calendly.com/de/pages/privacy
The data you enter will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for data storage ceases. Mandatory statutory provisions – especially retention periods – remain unaffected. The legal basis for data processing is Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in making the appointment scheduling as uncomplicated as possible for interested parties and customers. If consent has been requested, Art. 6 (1) lit. a GDPR is the legal basis for data processing; consent can be revoked at any time. The data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here:[Calendly DPA] https://calendly.com/pages/dpa
We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our websites. It is also integrated into Calendly by default. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). The purpose of reCAPTCHA is to check whether the data entry on our websites (e.g.,in a contact form) is done by a human or an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g., IP address, time spent on the website, or mouse movements of the user). The data collected during the analysis are forwarded toGoogle. The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place. reCAPTCHA is only loaded after you have agreed to our essential cookies. The data processing is based onArt. 6 (1) lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM. Furtherinformation on Google reCAPTCHA and Google's privacy policy can be found at the following links:https://www.google.com/intl/de/policies/privacy/ und https://www.google.com/recaptcha/intro/android.html.
We do not use purely automated processing to make decisions.
Our website uses so-called "cookies" at various points to make our offer more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser (locally on your hard drive). Cookies allow us to analyze the use of our websites by users and to design the content of the website according to the needs of visitors. Cookies also allow us to measure the effectiveness of a specific advertisement and, for example, to place it based on the user's interests. When you visit our website for the first time, a pop-up (Cookiebot) opens from which you can give your consent to the use of categories of cookies that are described below and in the Cookiebot pop-up itself. The following categories of cookies are used on our website:
- Necessary Cookies: These cookies are required for the website to function and cannot be switched off in our systems. These cookies include, for example, those used by Cookiebot to manage cookies subject to your consent. You can set your browser to block or warn you about these cookies, but some parts of the website will not work. These cookies do not store any personally identifiable information.
- Performance cookies: These cookies allow us to count visits and traffic sources so that we can measure and improve the performance of our website. They help us to know which pages are the most and least popular and to see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our website and will not be able to monitor its performance.
- Targeting cookies: These cookies may be set through our website by our advertising partners. They may be used by these companies to build a profile of your interests and show you relevant advertising on other websites. They do not store any directly personal information, but are based on the unique identification of your browser and internet device. If you do not allow these cookies, you will receive less targeted advertising.
Most of the cookies we use are "session cookies", which are automatically deleted after your visit. Persistent cookies are automatically deleted from your computer when their validity period (maximum 14 months) has expired or you delete them yourself before they expire. To revoke your consent to the use of cookies (with the exception of strictly necessary cookies, which are always activated), you can navigate to the footer of the website and deactivate categories of cookies in the cookiebot pop-up via the "Cookies settings" link. Cookies are stored on the user's computer, which then transmits them to us. As a user, you therefore have full control over the use of cookies. You can change the settings in your Internet browser to deactivate or restrict the sending of cookies. In addition, cookies already stored on your computer can be deleted at any time via an Internet browser or other software programs. All this is possible in all common Internet browsers. Please note: If you deactivate the setting of cookies on your device, you may not be able to access all functions of our website.
Based on your consent (Article 6 (1) sentence 1 lit. a GDPR), we use Google Analytics, a web analytics service provided by Google LLC ("Google"). Google uses cookies. The information generated by the cookie about the use of the website by the user is usually transmitted to a Google server in the USA and stored there. Google will use this information on our behalf to evaluate the use of our online offer by the users, to compile reports on the activities within this online offer, and to provide other services related to the use of this online offer and the use of the internet for us. The processed data can be used to create pseudonymized usage profiles of the users. We use Google Analytics only with IP anonymization activated. This means that the IP address of users within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area is shortened by Google. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by the user's browser will not be merged with other data from Google. Users can prevent the storage of cookies by adjusting their browser software settings accordingly; users can also prevent the collection of data generated by the cookie related to their use of the online offer and the processing of this data by Google as described in the "Cookies" section above. For more information about Google's data usage, settings, and opt-out options, please refer to Google's privacy policy and the information for displaying advertising by Google. The personal data of users will be deleted or anonymized after 12 months.
Our website uses the conversion tool "LinkedIn Insight Tag" from LinkedIn Ireland Unlimited Company. This tool creates a cookie in your web browser that enables the collection of data such as IP address, device and browser properties, and page events (e.g., page views). LinkedIn also collects log files (URL, referrer URL, IP address, device and browser properties, and timestamp). IP addresses are shortened or pseudonymized (if used to reach LinkedIn members across devices). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is deleted within 180 days. The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the collected personal data of website visitors on its servers in the USA and use it for its own advertising measures. For more information on LinkedIn's privacy policy, please refer to LinkedIn's privacy notices. The use of LinkedIn Insight is based on Article 6 (1) sentence 1 lit. f GDPR.
myon clinic GmbH maintains presences in "Social Media," specifically on Xing and LinkedIn. As far as we control the processing of your data, we ensure that the applicable data protection regulations are complied with. Below you will find the most important information on data protection law regarding our presences.
Responsible for the company appearances in the sense of the EU General Data Protection Regulation (EU-GDPR) as well as other data protection regulations are, in addition to myon clinic GmbH, LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) and Xing (New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany). However, you use these platforms and their functions on your own responsibility. This applies particularly to the use of interactive functions (e.g., commenting, sharing, rating). We also point out that your data may be processed outside the European Union.
We maintain the social media pages to communicate with the visitors of these pages and to inform them about our offers. We also collect data for statistical purposes to develop and optimize the content and make our offer more attractive. The required data (e.g., total number of page views, page activities, and data provided by visitors, interactions) are processed and made available to us by the social networks. We have no influence on the generation and presentation. Additionally, your personal data is processed by the social media providers for market research and advertising purposes. For example, usage profiles may be created based on your usage behavior and the resulting interests. This allows, among other things, advertisements to be placed within and outside the platforms that correspond to your interests. Cookies are typically stored on your device for this purpose. Regardless, data that is not directly collected on your end devices may also be stored in your usage profiles. The storage and analysis are also carried out across devices, especially if you are registered as a member and logged in to the respective platforms. Beyond that, we do not process any personal data. The processing of your personal data by myon clinic GmbH is based on our legitimate interest in effective information and communication according to Article 6 (1) sentence 1 lit. f GDPR. If you are asked for consent for data processing, i.e., if you declare your consent by confirming a button or similar (opt-in), the legal basis for the processing is Article 6 (1) sentence 1 lit. a, Article 7 GDPR.
If you are a member of a social network and do not want the network to collect data about you via our presence and link it with your stored member data on the respective network, you must log out of the network before visiting our social media page, delete the cookies on your device, and close and restart your browser. After a new login, you will be recognized by the network as a specific user again. For a detailed presentation of the respective processing and the opt-out options, we refer to the linked information below:
-LinkedIn Privacy Policy: https://www.linkedin.com/legal/privacy-policy;
- Opt-Out: https://www.linkedin.com/legal/cookie-policy and http://www.youronlinechoices.com;
In total, you have the following rights regarding the processing of your personal data: Right to information; right to correction; right to deletion; right to restriction of processing; right to object; right to data portability; right to complain about unlawful processing of your personal data to the competent data protection authority. However, since myon.clinic does not have full access to your personal data, you should contact the social media providers directly to assert your rights, as they have access to their users' personal data and can take appropriate measures and provide information. If you still need help, we will try to support you. Please contact privacy@myon.clinic.
Persons under 16 years of age may not transmit personal data to us or submit a consent declaration without the consent of their legal guardians. We encourage parents and guardians to actively participate in their children's online activities and interests.
Our website contains clearly recognizable links to the websites of other companies. Although we provide links to other providers' websites, we have no influence on their content, so we cannot assume any guarantee or liability for them. The respective provider or operator of the pages is always responsible for the content of these pages. The linked pages were checked for possible legal violations and recognizable infringements at the time of linking. Illegal content was not recognizable at the time of linking. Permanent content control of the linked pages is, however, unreasonable without concrete evidence of a violation of the law and will be removed immediately upon knowledge of any infringements.
We want you to feel safe when participating in digital patient monitoring within myon.clinic GmbH (hereinafter referred to as "myon.clinic"). That is why the protection of your personal data is particularly important to us.
We process your personal data in accordance with the applicable legal provisions on the protection of personal data, in particular the EU General Data Protection Regulation ("GDPR") and the country-specific data protection laws that apply to us. In this privacy policy, you will learn why and how your personal data that we collect from you or that you provide to us when you decide to use the myon.clinic services and content are processed. In particular, you will find a description of the personal data that we collect and process, as well as the purpose and legal basis on which we process the personal data and the rights you have in relation to the processing of your personal data by us.
We at myon.clinic and our partners take the protection of your personal data very seriously. All personal data that you transmit to us or make available to us will be treated by us as strictly confidential and processed exclusively for a specific purpose in compliance with the statutory data protection regulations.
Please read the Privacy Policy below carefully to ensure that you understand each provision.
Please note that in order to use the telemonitoring services and digital patient monitoring, you must also conclude a separate contract for the use of the myoncare portal with Oncare GmbH, which manufactures the myoncare portal. With regard to the processing of your personal data in the context of the use of the myoncare portal, we refer to the privacy policy of Oncare GmbH. You can view them under the following link: https://www.myoncare.com/de/privacy-policy/.
As a service provider, you are a controller within the meaning of Art. 4 No. 7 GDPR when using digital patient monitoring for certain processing operations that affect personal data of your patients. This applies in particular if you commission third parties such as device manufacturers, distributors of medical devices or laboratory service providers as part of a treatment order to collectpatient-related data and make it available via the myoncare platform.
In this case, you are obliged to inform your patients about the method of data collection and the transfer of data to the commissioned technical service providers. If there is no treatment relationship, explicit consent of the patients is required in accordance with Art. 6 (1) (a), Art. 9 (2) (a) GDPR.
The involvement of such technical service providers is always based on a data processing agreement in accordance with Art. 28 GDPR between the controller (e.g. MVZ, clinic) and the respective third-party provider.
"Personal data" means any information relating to an identified or identifiable natural person. In particular, this includes your name, birthday, address, telephone number, email address and IP address.
"Health data" means personal data relating to the physical ormental health of a natural person, including the provision of healthcareservices, which reveals information about his or her state of health.
"Anonymization/pseudonymization" data is considered "anonymous" if no personal connection to the person/user can be established. In contrast,"pseudonymised" data is data from which a personal reference or personally identifiable information is replaced by one or more identifiers or pseudonyms, but which can generally be re-identified by the identifier key.
"Digital patient monitoring" refers to the digital support of myon.clinic and its partners by querying health-relevant data and reading activity and vital data from connected wearables by means of the myoncare platform of the manufacturer Oncare GmbH (hereinafter referred to as "Oncare"). Oncare is a processor (subcontractor)within the meaning of the General Data Protection Regulation (GDPR) of myon.clinic. The data is automatically categorized and prioritized with the help of stored scores (specific clinical measures for assessing medical issues) or analyzed by you (healthcare professionals). Depending on the result, the user automatically or through you (health professionals) receives needs-basedcontent or measures.
"Provider" means you as a physician, clinic, healthcare facility or other healthcare professional acting alone or on behalf of you, the clinic or healthcare facility.
"Partner" includes all service providers and service providers within the healthcare sector who participate in the monitoring services.
"myoncare Portal" is Oncare's myoncare web portal, which is intended for professional use by portal users and serves as an interface between portal users and app users.
"myoncare PWA" is a website that looks and has the functionality of a mobile app. PWAs are built in such a way that they take advantage of the native functions of mobile devices without the user needing an app store. The goal of PWAs is to combine the difference between apps and the traditional web by bringing the benefits of native mobile apps into the browser. The PWA is based on the technology of "React Native for Web". "React Native for Web" is an open-source software for progressive web app applications. To use the myoncare PWA, patients need a computer or smartphone and an active internet connection. There is no need to download an app.
"Telemonitoring Services" include all services linked to digital patient monitoring that myon.clinic and its partners offer within the monitoring system in addition to the retrieval of health data.
myon.clinic GmbH
Balanstraße. 71a
81541 Munich
Data Protection Officer of myon.clinic GmbH
Dr. Sebastian Kraska
E-Mail: privacy@myon.clinic
Within the framework of myon.clinic, we process the following categories of personal data from you:
● E-mail address
● Date of birth
● Date of registration,
● Your IP address,
● pseudo-keys generated by the portal,
● Lifelong Physician Number (LANR) and Establishment Number (BSNR)
● Data required for the management of reimbursement, such as: Your contact details, patient's name, diagnosis, indications, treatment, treatment period.
If you are a contact person for the operation of the portal at your location/practice (e.g. IT administrator, appointed healthcare professional), you may provide us with certain personal data when you contact us to understand or discuss the features and use of the portal.
In the event of a service request, the following personal data can also be viewed by authorized myon.clinic employees:
Your personal data that you have provided to us for registration and/or login to our portal (e.g. name, date of birth, profile picture, contact details).
Authorized myon.clinic employees who may access your database for the purpose of processing a service request are contractually obligated to treat all personal data in the strictest confidence.
When processing operational data, myon.clinic acts as a data controller responsible for the lawful processing of your personal data.
We use the operational data to maintain the functionalities of the myoncare portal and to contact you directly if necessary or on your initiative (e.g. in the event of changes to terms of use, necessary support, technical problems, etc.). Furthermore, personal data (e-mail address) is processed within the framework of two-factor authentication every time you log in to the myoncare portal.
Justification of processing for operational purposes: The processing of operational data is justified on the basis of Art. 6 (1) (b)GDPR for the performance of the contract that you conclude with myon.clinic for the use of digital patient monitoring.
– Only applicable if you use myoncare tools for reimbursement –
The myoncare portal supports you in initiating your standard procedures for reimbursement of your healthcare services that are used by your patients via the myoncare app. In order to enable the reimbursement process, the myoncare portal supports the collection of your patients' personal(health) data from the myoncare portal in order to facilitate the transmission of this data to the patient's payer as part of the standard reimbursement processes (either your Association of Statutory Health Insurance Physicians and/or the patient's health insurance company).
For the purposes of reimbursement, we process the following types of personal data: patient's name, diagnosis, indications, treatment, treatment period, other data necessary for the management of reimbursement, such as: Your contact details, your lifelong doctor number (LANR) and your permanent establishment number (BSNR).
Processing of reimbursement data: myon.clinic, as the data controller, transmits the treatment data of your patient required for reimbursement to the payer (either your Association of Statutory Health Insurance Physicians and/or the patient's health insurance company), and the payer processes the reimbursement data in order to enable us to reimburse the patient.
Justification of the processing of the cost reimbursement data: The processing of the cost reimbursement data for billing with the cost bearer is carried out on the basis of §§ 295, 301 SGBV.
Creation of the doctor's letter: In addition to patient data, your personal data is also collected and stored in a structured manner on the myoncare platform and compiled in a doctor's letter for the creation of a doctor's letter. This doctor's letter requires a review by the doctor before it can be forwarded to the patient. For the preparation of the doctor's letter, the following personal data described above will be processed:
● E-mail address
● Date of birth
● Date of registration,
● Your IP address,
● pseudo-keys generated by the portal,
● Lifelong Physician Number (LANR) and Establishment Number (BSNR)
● Data required for the management of reimbursement, such as: Your contact details, patient's name, diagnosis, indications, treatment, treatment period.
Justification of data processing for the preparation of the doctor's letter: The data processing for the preparation of the doctor's letter is justified on the basis of Art. 6 (1) (b)GDPR for the performance of the contract that you conclude with myon.clinic for the use of digital patient monitoring.
Commercial store data: Personal data that is processed in connection with the use of the myoncare store – in particular in connection with the authorship, configuration or purchase of digital treatment plans ("pathways"). The store is operated by myon.clinic GmbH, a subsidiary of Oncare GmbH. The use of the Store requires the processing of your name, professional contact details and, if applicable, payment data (only for paid content). Oncare GmbH processes this data exclusively for the technical provision of the platform functions and not for its own commercial purposes. Depending on the specific processing, the data protection responsibility for the personal data processed in the store lies with either myon.clinic GmbH or Oncare GmbH as joint controllers within the meaning of Art. 26 GDPR. For processing for billing or support purposes, myon.coach may be the data controller or processor in accordance with Art. 28 GDPR. The distribution of roles is regulated in an internal agreement.
Justification of the processing: The processing is carried out in accordance with Art. 6 (1) (b) GDPR for the performance of a contract (e.g. acquisition of digital content) and on the basis of Art. 6 (1)(f) GDPR for the technical provision of the store, whereby the legitimate interest lies in a secure and functional platform.
To support medical care, external technical service providers such as medical device manufacturers, distributors of medical devices or laboratory service providers can collect patient-related data on behalf of the service provider and transmit it to the myoncare portal via interfaces. The processing of this data is carried out exclusively within the framework of defined medical treatment processes or – if no treatment relationship exists – on the basis of consent. Justification of the processing results from:
● Art. 6 para. 1 lit. b in conjunction with Art. 9 para. 2 lit. h GDPR (contract for medical care)
● or Art. 6 para. 1 lit. a, Art. 9 para. 2 lit. a GDPR (explicit consent of the patient)
Your personal data will also be processed in countries outside the European Union (EU) or the European Economic Area (EEA). This is only done to the extent necessary and in compliance with the legal requirements of the General Data Protection Regulation (GDPR). We transferpersonal data to the following third countries, subject to the consent of the contracting parties: Egypt. The recipient is a technical service provider engaged by us, who, within the framework of data processing on our behalf, provides support and maintenance services for our systems.
Legal basis for the transfer:
The transfer is based on standard contractual clauses concluded with the customer support service provider (in accordance with Art. 46 (2) (c) GDPR and your express consent in accordance with Art. 49 (1) (a) GDPR (if applicable).
In order to ensure compliance with the legal provisions of the GDPR, myon.clinic and its partners have taken appropriate technical and organisational measures. The data processing is carried out by means of computers or IT-based systems, following an organizational procedure and mode strictly aimed at the purposes indicated.
If you use additional medical functions such as integrated diagnostics, vital signs collection or laboratory services via the Platform, personal health data may be collected and processed by external third parties (e.g. medical device manufacturers, distributors of medical devices or laboratory service providers). This is done to support medical care and always on the basis of explicit consent or a treatment relationship.
The processing is carried out either within the framework of order processing or – depending on the provider – under its own responsibility under data protection law. Oncare GmbH only provides the technical connection for this purpose, without checking or medically evaluating content. Further information on the respective data processing can be obtained directly from the treating service provider or via the data protection information of the integrated third-party providers.
The myoncare portal offers registered service providers (e.g. doctors) the opportunity to offer and configure digital care pathways via a webshop functionality (e.g. in cooperation with myon.clinic) and to assign patients individually.
As part of the use of this functionality, personal data – in particular health data – is processed, such as information on indication, recommended duration of treatment or pathway assignment. This data processing serves the individualization and assignment of medical content and is carried out on the basis of Art. 6 (1) (b) and Art. 9 (2) (h) GDPR.
Oncare provides the technical infrastructure and processes the data concerned as a data controller within the meaning of Art. 4 No. 7 GDPR, insofar as the processing is necessary for the provision of the platform functions. However, the selection of content and medical design of the pathways is the sole responsibility of the respective service provider.
In so far as billing or data transmission is carried out to third parties (e.g. billing offices or platform partners such as myon.coach), such processing only takes place on the basis of corresponding agreements or legal regulations.
We do not use purely automated processing to make decisions.
We will only pass on your personal data to third parties within the framework of the legal provisions or on the basis of your consent. In all other cases, the information will not be disclosed to third parties, unless we are obliged to do so due to mandatory legal regulations (disclosure to external bodies, including supervisory or law enforcement authorities).
In certain cases, service providers support myon.clinic in the fulfilment of its tasks. The necessary order processing agreements in accordance with Art. 28 GDPR have been concluded with all service providers who are data processors for personal data.
These service providers are:
● Oncare as the manufacturer of the myoncare technology along with the myoncare app.
● Billing Service Providers.
In the event of misuse, the user's personal data may be used for legal purposes in legal proceedings or in the event of complaints.
You are also aware that myon.clinic and its partners may be required by competent authorities to hand over personal data.
myon.clinic and its partners adhere to the principles of data minimization. myon.clinic therefore only stores personal data for as long as is necessary to provide the services and achieve the purposes specified here, or to comply with statutory retention periods (e.g. §257 HGB or § 147 AO), unless further storage is necessary in the individual case for the assertion, exercise or defense of legal claims or another legal basis (e.g. consent) justifies further processing.
Various personal data are necessary for the establishment, implementation and termination of the contractual relationship with myon.clinic and the fulfilment of the associated contractual and legal obligations. We have summarized the details for you under the point above. In certain cases, personal data must also be collected or made available in accordance with the legal provisions. Please note that without providing this personal data, it is not possible to process your request or fulfil the underlying contractual obligation.
We would like to inform you about your rights as a data subject. These rights include, in particular:
● Right of access (Art. 15 GDPR): You have the right to request information about whether and how your personal data is being processed, including information about the purposes of processing, recipients, storage period and your rights to rectification, erasure and objection. You also have the right to receive a copy of any personal data we hold about you.
● Right to rectification (Art. 16 EU GDPR): You can request that we update or correct inaccurate personal data or complete incomplete personal data.
● Right to erasure / right to be forgotten (Art. 17 GDPR): You can demand that we delete your personal data collected and processed by us without undue delay. Please note, however, that we can only delete your personal data after the expiry of the statutory retention periods.
● Right to restriction of data processing (Art. 18 GDPR): You can ask us to "restrict" the use of your data if the accuracy of the data is contested, the processing is unlawful, the data is needed for legal claims, or an objection to the processing is being examined, so that we can only continue to use your data with restrictions.
● Right to data portability (Art. 20 GDPR): In general, you can request that we provide you with personal data that you have provided to us and that is processed by machine based on your consent or the performance of a contract with you, in amachine-readable form, so that it can be "ported" to a substitute service provider.
● Right to object to data processing (Art. 21 GDPR): You have the right to object at anytime to the processing of personal data concerning you that is carried out on the basis of Article 6 (1) (e) or (f) GDPR. In this case, the controller will no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to establish, exercise or defend legal claims.
If you have given your consent to the processing of your personal data, you can revoke it at any time with effect for the future. The lawfulness of the data processing operations that have already taken place remains unaffected by the revocation.
● Right to lodge a complaint (Art. 77 GDPR): In addition, you have the option of contacting a data protection supervisory authority with a complaint.
To exercise these rights, please contact us at: privacy@myon.clinic. Objection and revocation of consent must be declared intext form to privacy@myon.clinic. We will require you to provide sufficient proof of your identity to ensure that your rights are protected and that your personal data will only be disclosed to you and not to third parties.
For providers and healthcare professionals located in the United States or delivering services within the US healthcare system, the processing of patient data through the myoncare platform is also governed by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). In this context, myon.clinic may act as your “Business Associate” when processing Protected Health Information (“PHI”) on your behalf.
As a Business Associate, myon.clinic is contractually and legally obligated to:
· Use and disclose PHI only as permitted by our Business Associate Agreement (BAA) and as required by law;
· Implement appropriate administrative, physical, and technical safeguards to protect PHI from unauthorized access, use, or disclosure;
· Ensure that any subcontractors, including Oncare GmbH as the technology provider of the myoncare platform, agree in writing to safeguard PHI in compliance with HIPAA;
· Report to you any security incident or unauthorized disclosure of PHI of which we become aware;
· Make PHI available to you to enable you to meet your obligations towards patients under HIPAA (e.g., requests for access, amendment, or accounting of disclosures);
· Cooperate with you in the event of an audit or investigation by the U.S. Department of Health and Human Services (HHS).
These HIPAA obligations apply in addition to our commitments under the GDPR and other applicable data protection laws. Providers using myon.clinic in the US remain the Covered Entity under HIPAA, and myon.clinic supports you in fulfilling your HIPAA responsibilities.
We expressly reserve the right to change this Privacy Policy in the future at our sole discretion. Changes or additions maybe necessary, for example, to meet legal requirements, to comply with technical and economic developments, or to meet the interests of myon.clinic service users.
Privacy Policy of the
myon.clinic GmbH
As of September 2025
***
We want you to feel confident in the digital patient monitoring of myon.clinic. That is why the protection of your personal data is particularly important to us.
We process your personal data in accordance with the applicable legal provisions on the protection of personal data, in particular the EU General Data Protection Regulation ("GDPR") and the country-specific laws that apply to us. In this privacy policy, you will learn why and how your personal (health) data that we collect from you or that you provide to us when you decide to use the myon.clinic services and content are processed. In particular, you will find a description of the personal data that we collect and process, as well as the purpose and basis on which we process the personal data and the rights to which you are entitled as a data subject. We at myon.clinic and our partners take the protection of your personal data very seriously. All personal data that you transmit to us or make available to us will be treated by us as strictly confidential and processed exclusively for a specific purpose in compliance with the statutory data protection regulations.
Please read the Privacy Policy carefully to ensure that you understand each provision.
Please note that in order to use the telemonitoring services and digital patient monitoring, you must also conclude a separate contract for the use of the myoncare portal with Oncare GmbH, which manufactures the myoncare portal. With regard to the processing of your personal data in the context of the use of the myoncare portal, we refer to the privacy policy of Oncare GmbH. You can view these under the following link: https://www.myoncare.com/de/privacy-policy/ .
myon.clinic GmbH
Balanstraße. 71a
81541 München
Tel.: +49 89 444 51156
E-Mail: info@myon.clinic
Dr. Sebastian Kraska
E-Mail: privacy@myon.clinic
"Digital patient monitoring" refers to the digital support of myon.clinic and its partners by querying health-relevant data and reading activity, vital signs and measurement data from wearables, medical devices or affiliated laboratories using the myoncare platform. In addition to data that is actively entered by you or collected by medical staff, data can also be automatically integrated via technical service providers, device manufacturers (e.g. sleep apnea screening devices) or laboratories. These service providers act exclusively on behalf of myon.clinic or an affiliated medical service provider.
"Healthcare Provider" means your physician, clinic, healthcare facility, or other healthcare professional acting alone or on behalf of your physician, clinic, or healthcare facility.
"Partner" includes medical service providers (e.g. doctors, clinics), but also technical service providers, device manufacturers or laboratories who provide supporting technical or diagnostic services on behalf of these service providers or myon.clinic.
"myoncare App" means the mobile myoncare application of Oncare GmbH (hereinafter referred to as "Oncare") for use by patients.
"myoncare Portal" is Oncare's myoncare web portal, which is intended for professional use by portal users and serves as an interface between portal users and app users.
"myoncare PWA" is a website that looks and has the functionality of a mobile app. PWAs are built in such a way that they take advantage of the native functions of mobile devices without the need for you, as a user, an app store. Some of the myoncare app services cannot be used within the myoncare PWA, see the description below for details.
"Telemonitoring Services" include all services linked to digital patient monitoring that myon.clinic and its partners offer within digital patient monitoring in addition to the retrieval of health data.
"Caretask" Caretask is understood to be a task that is passed on to the patient. This can be a questionnaire to evaluate the general or specific state of health, the request to measure vital parameters or materials for information, education and education in the form of texts, images, videos or audio files. These are based on medical guidelines and a scientifically evaluated basis and are approved for use by licensed (specialist) doctors."Pathway" The pathway is the temporal sequence of different care tasks. These are based on clinical guidelines and are developed in cooperation with medical groups and (specialist) doctors and serve to evaluate the individual state of health of the individual patient. A pathway is an evidence-based, practice-based, multidisciplinary management tool for a specific patient group with a predictable clinical course in which the various tasks of patient care are defined, optimized and sequenced. Pathways can range from simple medication application to a comprehensive treatment plan. Pathways aim to achieve greater standardization of treatment regimens and sequencing, as well as improved outcomes from both the perspective of quality of life and clinical outcomes.
At the end of a defined period of time or when predefined medical events occur, myon.clinic generates case reports / PDF reports with the help of the myoncare platform. The content of these case reports is all the data that emerges from the individual care tasks and has been entered into the system by the patient. In addition, recorded vital signs can also be part of the case reports.
myon.clinic GmbH, a company registered with the District Court of Munich under the registration number 280310 and having its registered office at Herrenwiesstrasse 12, 82031 Grünwald, Germany (hereinafter referred to as myon.clinic), offers digital patient monitoring. For this purpose, myon.clinic develops medical content and pathways and provides them to service providers for digital patient monitoring. on the myoncare platform. Users of the myoncare app and the myoncare portal can be digitally supported by myon.clinic and partners using these pathways. The use of the myoncare PWA by the user is also made possible by myon.clinic. This privacy policy applies to all personal data processed by myon.clinic in connection with the use of the myoncare platform.
"Personal data" means any information relating to an identified or identifiable natural person. In particular, this includes your name, birthday, address, telephone number, email address and IP address.
"Health data" means personal data relating to the physical or mental health of a natural person, including the provision of healthcare services, which reveals information about his or her state of health.
We process the following categories of data in the context of your use of the myon.clinic content and services:
● Name
● Address
● Date of birth
● E-mail address
● Your IP address.
If you have consented to the respective data processing, we also process the following categories of data:
● Treatment data (e.g. profile information and health data such as symptoms, photos, information about medications taken, questionnaire responses including disease- or condition-related information, diagnoses and therapies of healthcare professionals, planned and completed tasks);
● Activity data (e.g., weight, height, steps, calories burned, sleep (in hours), heart rate, and blood pressure).
● Other contact details provided by you (e.g. telephone number);
● Cost reimbursement data (e.g. occupation, employer, health insurance/cost bearer, family doctor/referring doctor, diagnosis, indications, treatment, treatment period, other data that may be required for reimbursement of costs (in particular data according to §291a para. 2 SGB V);
● Data in the context of the myon.clinic video consultation: we refer to the "Annex – Privacy Policy for the Use of the Video Consultation of myon.clinic GmbH".
We process the personal data that you provide when registering in the myoncare app / PWA for the purpose of contacting you about problems with the myoncare app / PWA or during other interactions with us for the purpose of using the myoncare app / PWA.
Justification of processing: The processing of operational data is justified on the basis of Art. 6 (1) (b) GDPR for the performance of the contract that you conclude with myon.clinic for the purpose of using the myoncare app / PWA.
We process your treatment data in order to be able to provide you with our myon.clinic services, such as the pathways. Pathways enable physicians to care for patients in parallel, while maintaining their professional duties, while creating added value for physicians and patients alike. Your health data that you enter into the myoncare app / PWA will be used by your service provider and/or myon.clinic for advice and support for you.
We process such personal data, including your health data, both in order to be able to provide the myon.clinic services and under an agreement with and in accordance with the instructions of your service provider.
Justification of processing: The legal basis for data processing is your consent in accordance with Art. 6 (1) (a), 9 (2) (a) GDPR.
You have the option of connecting the myoncare app to specific health applications (e.g. AppleHealth, GoogleFit) that you use. To this end, you must conclude appropriate usage and data processing agreements with the providers of the health application, such as GoogleFit or AppleHealth, over which myon.clinic has no influence. This data, such as weight, height, steps, calories burned, sleep (in hours), pulse and blood pressure ("Activity Data"), will be transferred to your affiliated service providers as Portal Users if set accordingly. In order to enable activity data processing, your consent to the processing will be obtained in advance. If the connection is established after you have given your consent, activity data collected by the health application will be made available to your service provider or myon.clinic.
You can revoke your consent to share activity data at any time in the settings of the myoncare app. Please note that from this point on, your activity data will no longer be shared with myon.clinic or your service provider. Insofar as myon.clinic is obliged to continue to store your activity data due to legal retention obligations or other regulatory requirements, activity data that has already been shared will not be deleted from the myoncare portal of your affiliated service providers or myon.clinic.
Justification of processing: Your consent in accordance with Art. 6 (1) (a) and 9 (2) (a) GDPR.
The myoncare app / PWA supports the service provider in initiating standard procedures for cost reimbursement. In order to enable the reimbursement process, the myoncare app / PWA supports the collection of your personal (health) data by your service provider or by myon.clinic for the transmission of this data to your payer, if relevant. This data processing is only an initial data transfer in order to receive reimbursement from your cost bearer. The type and amount of personal data processed does not differ from other reimbursement routines of a service provider.
Your service provider or myon.clinic transmits your data required for reimbursement to your cost bearer and the cost carrier processes the reimbursement data in order to enable your service provider or myon.clinic to reimburse you.
Justification of the processing: The processing of the cost reimbursement data is carried out on the basis of your consent in accordance with Art. 6 (1) (a), 9 (2) (a) GDPR and §§ 295, 301 SGB V.
We use your contact details, treatment, activity and reimbursement data to create patient records and reports for the duration of your participation in digital patient monitoring.
Justification of processing: The processing of personal data is justified on the basis of Art. 6 (1) (b) GDPR for the performance of the contract that you conclude with myon.clinic for the purpose of using the myoncare app / PWA. Insofar as special categories of personal data are affected for the creation of digital patient records and digital reports, the data processing is carried out on the basis of your consent in accordance with Art. 6 (1) (a) and 9 (2) (a) GDPR.
We process and evaluate pseudonymized data for the purpose of quality control, performance measurement and scientific purposes.
Justification of processing: The processing of personal data is necessary on the basis of Art. 6 (1) (c) GDPR for the fulfilment of legal obligations to which myon.clinic is subject. Such obligations may result from the Medical Devices Regulation (MDR) or other regulatory requirements.
We process your personal data in anonymized/pseudonymized form in order to analyze and produce summary scientific reports in order to improve products, treatments and scientific results.
Justification of processing: Your consent in accordance with Art. 6 (1) (a), 9 (2) (a) GDPR.
Automatic triage is used to categorize and prioritize patients. This is done, for example, as part of a self-assessment, e.g. to assess the severity of the illness or during the onboarding process for the initial assessment of the clinical picture and the referral to the appropriate medical care center. It is also used to provide patients with needs-based content afterwards. In many cases, the decision as to which categorization and prioritization is made depends on standardized and validated scores (specific clinical measures for assessing medical questions) that can be calculated from the patient's answers to questionnaires. In addition, a physician's well-founded experience serves as the basis for such decisions.
Justification of processing: Your consent in accordance with Art. 6 (1) (a), 9 (2) (a) GDPR.
In addition, health-related data collected by connected device manufacturers or laboratories (e.g. vital data from medical measuring devices or laboratory diagnostics) may be processed. This data is provided via the myoncare platform as part of structured care pathways and is only available to the healthcare professionals responsible for analysis and decision support.
Justification of processing: Your consent in accordance with Art. 6 (1) (a), 9 (2) (a) GDPR and Art. 6 (1) (b) + Art. 9 (2) (h)
In order to ensure compliance with the legal provisions of the GDPR, myon.clinic and its partners have taken appropriate technical and organisational measures. The measures taken ensure, among other things, the confidentiality, integrity, availability and resilience of the systems and services in connection with data processing. In addition, the availability of personal data and access to it can be quickly restored in the event of a physical or technical incident. The data processing is carried out by means of computers or IT-based systems, following an organizational procedure and mode strictly aimed at the purposes indicated.
Your personal data will also be processed in countries outside the European Union (EU) or the European Economic Area (EEA). This is only done to the extent necessary and in compliance with the legal requirements of the General Data Protection Regulation (GDPR).
Legal basis for the transfer: The transfer is based on standard contractual clauses concluded with the customer support service provider (in accordance with Art. 46 (2) (c) GDPR and your express consent in accordance with Art. 49 (1) (a) GDPR (if applicable).
If external technical service providers (e.g., for support or maintenance services) are engaged and access to personal data cannot be excluded, a transfer is made to the following third countries: Egypt. The recipient is a technical service provider engaged by us within the framework of data processing on our behalf.
We do not use purely automated processing to make decisions.
We will only pass on your personal data to third parties within the framework of the legal provisions or on the basis of your consent. In all other cases, the information will not be disclosed to third parties, unless we are obliged to do so due to mandatory legal regulations (disclosure to external bodies, including supervisory or law enforcement authorities).
In certain cases, service providers support myon.clinic in the fulfilment of its tasks. The necessary order processing agreements in accordance with Art. 28 GDPR have been concluded with all service providers who are data processors for personal data.
These service providers are:
● Oncare GmbH as the manufacturer of the myoncare technology and the myoncare app.
● Billing Service Providers
In the event of misuse, the user's personal data may be used for legal purposes in legal proceedings or in the event of complaints.
Participants are also aware that myon.clinic and its partners may be required by authorities to hand over personal data.
myon.clinic and its partners adhere to the principles of data avoidance and data economy. myon.clinic therefore only stores personal data for as long as is necessary to provide the services and achieve the purposes specified herein or to comply with statutory retention periods. In this context, statutory maximum or minimum storage periods are taken into account. Please note that numerous retention periods require the continued storage of personal data. This applies in particular to retention obligations under commercial or tax law (e.g. Commercial Code, Tax Act, etc.). In addition, your healthcare provider must also ensure the retention of your medical records (between 1 and 30 years, depending on the type of documents).
We would like to inform you about your rights as a data subject. These rights include, in particular:
● Right of access (Art. 15 GDPR): You have the right to request information about whether and how your personal data is being processed, including information about the purposes of processing, recipients, storage period and your rights to rectification, erasure and objection. You also have the right to receive a copy of any personal data we hold about you.
● Right to rectification (Art. 16 EU GDPR): You can request that we update or correct inaccurate personal data or complete incomplete personal data.
● Right to erasure / right to be forgotten (Art. 17 GDPR): You can demand that we delete your personal data collected and processed by us without undue delay. Please note, however, that we can only delete your personal data after the expiry of the statutory retention periods.
● Right to restriction of data processing (Art. 18 GDPR): You can ask us to "restrict" the use of your data if the accuracy of the data is contested, the processing is unlawful, the data is needed for legal claims, or an objection to the processing is being examined, so that we can only continue to use your data with restrictions.
● Right to object to data processing (Art. 21 GDPR): You have the right to object at any time to the processing of personal data concerning you that is carried out on the basis of Art. 6 (1) (e) or (f) GDPR. In this case, the controller will no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms of the data subject, or the processing serves to establish, exercise or defend legal claims.
● Right to data portability (Art. 20 GDPR): In general, you can request that we provide you with personal data that you have provided to us and that is processed by machine based on your consent or the performance of a contract with you, in a machine-readable form, so that it can be "ported" to a substitute service provider;
If you have given your consent to the processing of your personal data, you can revoke it at any time with effect for the future. The lawfulness of the data processing operations that have already taken place remains unaffected by the revocation.
● Right to lodge a complaint (Art. 77 GDPR): In addition, you have the option of contacting a data protection supervisory authority with a complaint.
To exercise these rights, please contact us at: privacy@myon.clinic. Objection and revocation of consent must be declared in text form to privacy@myon.clinic.
We will require you to provide sufficient proof of your identity to ensure that your rights are protected and that your personal data will only be disclosed to you and not to third parties.
A minimum age of 18 years is required to use the services and contents of myon.clinic. If you are under 18 years of age, your parent or guardian must provide the necessary consent for data protection.
If you are a resident of the United States or if our services are provided to you within the US healthcare system, the processing of your health information is also subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Under HIPAA, myon.clinic acts as a “Covered Entity” or, where applicable, as a “Business Associate” of your healthcare provider.
Thiseans that we are required by law to maintain the privacy of your Protected Health Information (“PHI”), to provide you with this notice of our legal duties and privacy practices, and to comply with the terms of this notice.
Your HIPAA rights include, but are not limited to:
· Right of Access: You may request a copy of your PHI that we maintain.
· Right to Amend: You may request corrections if you believe that your PHI is incomplete or inaccurate.
· Right to an Accounting of Disclosures: You may request a list of certain disclosures of your PHI made by us.
· Right to Request Restrictions: You may request limitations on the use or disclosure of your PHI.
· Right to Confidential Communications: You may request to be contacted in a certain way (e.g., by mail or at a different address).
· Right to a Paper Copy: You may request a paper copy of this notice at any time.
We may use and disclose your PHI for purposes permitted by HIPAA, including treatment, payment, and healthcare operations, as well as when required by law. Any subcontractors we engage, including Oncare GmbH as the technology provider of the myoncare platform, are bound by Business Associate Agreements to protect your PHI in accordance with HIPAA requirements.
To exercise your HIPAA rights or if you have any questions about our HIPAA practices, please contact our Privacy Officer at privacy@myon.clinic
We expressly reserve the right to change this Privacy Policy in the future at our sole discretion. Changes or additions may be necessary, for example, to meet legal requirements, to comply with technical and economic developments or to meet the interests of myon.clinic users.
Privacy Policy of the
myon.clinic GmbH
As of: September 2025
***
