Data Privacy Policy

Privacy Notice (Website) of myon.clinic

Welcome to our website and thank you for your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with the applicable legal provisions for the protection of personal data, especially the EU General Data Protection Regulation (GDPR) and the country-specific laws applicable to us. With this privacy notice, we inform you comprehensively about the processing of your personal data by myon clinic GmbH (hereinafter referred to as "myon.clinic") when you use our website and about your rights.

Personal data includes all information that enables the identification of a natural person. This includes, in particular, your name, date of birth, address, phone number, email address, and IP address. Data is considered anonymous if no personal reference to the user can be established.

Responsible for Data Processing

Mailing Address:

Balanstr. 71a

81541 Munich

T | +49 (0) 89 4445 1156

F | +49 (0) 89 4445 1157  

E | sales@myon.clinic

Contact Details of the Data Protection Officer

Dr. Sebastian Kraska

Marienplatz 2

80331 München

Tel.: +49 89 18917360

E-Mail: email@iitr.de

Your Rights as a Data Subject

Firstly, we would like to inform you about your rights as a data subject. These rights are set out in Articles 15 – 22 GDPR and include:  
– The right of access (Art. 15 GDPR)  
– The right to rectification (Art. 16 GDPR)  
– The right to erasure / right to be forgotten (Art. 17 GDPR)  
– The right to restriction of data processing (Art. 18 GDPR)  
– The right to data portability (Art. 20 GDPR)  
– The right to object to data processing (Art. 21 GDPR)
To exercise these rights, please contact: privacy@myon.clinic. The same applies if you have questions about data processing in our company or if you wish to withdraw your consent. You also have the right to lodge a complaint with the competent data protection supervisory authority.

To exercise these rights, please contact: privacy@myon.clinic. The same applies if you have questions about data processing in our company or if you wish to withdraw your consent. You also have the right to lodge a complaint with the competent data protection supervisory authority.

‍Right to Object

Please note the following in relation to your right to object: If we process your personal data for direct marketing purposes, you have the right to object to this processing at any time without stating reasons. This also applies to profiling, insofar as it is related to direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection is free of charge and can be made informally to the following address: privacy@myon.clinic. If we process your data to protect legitimate interests, you can object to this processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. We will then cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or the processing is for the assertion, exercise, or defense of legal claims.

Purpose and Legal Basis of Data Processing

The processing of your personal data is carried out in accordance with the provisions of the GDPR and all other applicable data protection regulations. The legal bases for data processing arise, in particular, from Art. 6 GDPR. We use your data for business initiation, to fulfill contractual and legal obligations, to carry out the contractual relationship, to offer products and services, and to strengthen customer relationships, including marketing and direct marketing. Your consent also constitutes a permission to data processing under the Data Protection Act. In this context, we will inform you about the purpose of the data processing and your right to withdraw consent. If consent also covers the processing of special categories of personal data, we will expressly point this out to you within the consent process. Processing of special categories of personal data within the meaning of Art. 9 (1) GDPR may only occur if it is required by legal provisions and there is no reason to assume that your legitimate interests outweigh the processing or you have given your consent to the processing of these data pursuant to Art. 9 (2) GDPR.

Data Transfer / Disclosure to Third Parties

We will only pass on your data within the scope of the legal provisions or based on your consent to third parties. In all other cases, no data will be disclosed to third parties unless we are obliged to do so due to mandatory legal provisions (disclosure to external bodies including supervisory authorities or law enforcement authorities).

Data Recipients / Categories of Recipients

Within our organization, we ensure that only those persons who need the relevant data to fulfill their contractual and legal obligations are authorized to handle personal data. In many cases, service providers support our specialist departments in fulfilling their tasks. The necessary data protection contracts have been concluded with all service providers.

Transfer to Third Countries / Intention to Transfer to Third Countries

Data is only transferred to third countries (outside the European Union or the European Economic Area) if this is required by law or if you have given us your consent. We transfer your personal data as follows to service providers or group companies outside the European Economic Area: United States of America. In such cases, the required level of data protection is ensured by EU standard contractual clauses and the binding corporate data protection rules of the service provider according to the established data protection contracts. Google services may transfer data to countries outside the EU/EEA (third country data transfer) as part of processing for the aforementioned purposes, e.g., to the USA. Countries outside the European Economic Area may not provide a data protection level comparable to European standards. Such countries, for which the Commission has not expressly established that they offer an adequate level of data protection, are referred to as "unsafe third countries". There is therefore an increased risk that government authorities may access this data. We have no influence on these processing activities.

Data Retention Period

We store your data as long as it is necessary for the respective processing. Please note that numerous retention periods require the storage of data for a specific period. This particularly concerns retention obligations under commercial or tax law (e.g., Commercial Code, Tax Code, etc.). The data will be routinely deleted after use unless it is necessary for further retention. We may also store data if you have given us your consent or in case of legal disputes and we use the evidence within the statutory limitation period which can be up to 30 years; the regular limitation period is 3 years.

Secure Data Transmission

We use appropriate technical and organizational security measures to optimally protect the data stored with us against accidental or intentional manipulation, loss, destruction, or unauthorized access by third parties. The security levels are continuously reviewed in collaboration with security experts and adapted to new security standards. Data exchange to and from our website is encrypted. We provide https as the transmission protocol for our website and always use current encryption protocols. If you use the contact form on our website to get in touch with us, the contents will be transmitted via https to a secure server from Site Ground where the data of the form is stored in an encrypted database. Site Ground employees do not have direct access to this data. It is also possible to use alternative communication channels.

Obligation to Provide Data

For the establishment, execution, and termination of obligations and the fulfillment of the associated contractual and legal obligations, a range of personal data is required. The same applies to the use of our website and the various functions we offer. We have summarized the relevant details above. In some cases, legal provisions require data to be collected or made available. Please note that it will not be possible to process your request or fulfill the underlying contractual obligation without this information.

Data Categories, Data Sources, and Data Origin

The data we process are defined by the respective context: They depend on whether you enter a request in our contact form, send us an application, or submit a complaint. Please note that we may also provide specific information at certain points for specific processing situations, such as when downloading our flyer or submitting a contact request.

When you visit our website, we collect and process the following data:  
– Your IP address, which is immediately shortened by removing the last two digits  
– The URL and title of the page you are viewing  
– The browser you are using (name)  
– Viewport or viewing area (the size of the browser window)  
– Your screen resolution  
– Whether Java is enabled or not  
– The language enabled in your browser  

For technical security reasons (particularly to protect against attacks on our web server), these data are stored in accordance with § 6 (1) S. 1 lit. f GDPR. Anonymization is carried out immediately by shortening the IP address so that no reference to the user can be established.

‍Webflow

The provider is Webflow Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter Webflow). When you visit our website, Webflow collects various log files including your IP addresses. Webflow is a tool for creating and hosting websites. Webflow stores cookies or other recognition technologies necessary for the display of the site, to provide certain website functionalities, and to ensure security (necessary cookies). For details, please refer to the Webflow Privacy Policy: [Webflow Privacy Policy](https://webflow.com/legal/eu-privacy-policy).

The use of Webflow is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in the most reliable representation of our website. If appropriate consent has been requested, processing is based exclusively on Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time. The data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: [Webflow Privacy Policy] (https://webflow.com/legal/eu-privacy-policy)

SendGrid

We use Sendgrid for sending emails. The provider is Sendgrid Inc., located at 1801 CaliforniaStreet, Suite 500, Denver, CO 80202, USA. Sendgrid is a service that can organize the sending of emails. Sendgrid is used to send confirmation emails, transaction confirmations, and emails with important information related to inquiries. The data you enter for the purpose of receiving emails will be stored on Sendgrid's servers. When we send emails on your behalf via SendGrid, we use an SSL-secured connection. For all services requiring email communication, communication is received directly by SendGrid and then forwarded to our servers. For analytical purposes, the emails sent via SendGrid contain a so-called "tracking pixel" that connects to Sendgrid's servers when the email is opened. This allows us to determine whether an email message has been opened. Legal basis: Data processing is based on your consent(Art. 6 (1) lit. a GDPR). You can revoke this consent at any time. The lawfulness of the data processing operations already carried out remainsunaffected by the revocation. Storage duration: The data you provide to us forthe purpose of receiving emails will be stored by us until you unsubscribe fromthe services and will be deleted from our servers as well as from the servers of Sendgrid after you unsubscribe. Please note that your data will usually betransmitted to a SendGrid server in the USA and stored there. We have concluded a contract with Sendgrid that contains the EU standard contractual clauses.This ensures a level of protection comparable to that in the EU. SendGrid(Privacy Policy): [SendGrid Privacy Policy](https://sendgrid.com/resource/general-data-protection-regulation-2/

‍Google Fonts

We use Google Fonts from Google Inc. on our website. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible. We have integrated the Google fonts locally on our web server – not on Google's servers. This means there is no connection to Google servers and therefore no data transmission or storage. This is an interactive directory with over 800 fonts provided by Google for free. However, to prevent any data transmission to Google servers, we have downloaded the fonts to our server. This way, we act in compliance with data protection regulations and do not send any data to Google Fonts.

‍Cookiebot

We use the consent management service Cookiebot from Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (Usercentrics). This allows us to obtain and manage the consent of website users for data processing. The processing is necessary to fulfill a legal obligation (Art. 7 (1) GDPR) to which we are subject (Art. 6 (1) S. 1 lit. c GDPR). The following data are processed with the help of cookies:  
- Your IP address (the last three digits are set to '0')  
- Date and time of consent  
- Browser information  
- URL from which the consent was sent  
- An anonymous, random, and encrypted key  
- Your end-user consent status as proof of consent  

The key and consent status are stored in the browser for 12 months using the cookie "CookieConsent". This keeps your cookie preference for subsequent page requests. The functionality of the website is not guaranteed without the processing. If you activate the "Bulk Consent" service feature to activate consent for multiple websites with a single end-user consent, the service will also store a separate random unique ID with your consent. If all the following criteria are met, this key is stored in the third-party cookie "CookieConsentBulkTicket" in your browser in encrypted form:  

- You activate the bulk consent function in the service configuration.  
- You allow third-party cookies via browser settings.  
- You have disabled "Do Not Track" via browser settings.  
- You accept all or at least certain types of cookies when giving consent.  

Usercentrics is the recipient of your personal data and acts as a processor on our behalf. The processing takes place in the European Union. For more information on Usercentrics' objection and removal options, please visit: [Cookiebot Privacy Policy](https://www.cookiebot.com/de/privacy-policy/).

Your personal data will be continuously deleted after 12 months or immediately after the termination of the contract between us and Usercentrics. Please refer to our general instructions on the deletion and deactivation of cookies above.

Contact Form / Contact by Email (Article 6 (1) S. 1 lit a b GDPR)

On our website, you have access to a contact form that you can use to get in touch with us electronically. If you write to us via the contact form, we process the data you provide in the contact form to answer your questions and requests. We respect the principle of data minimization and data avoidance, so you only need to provide the information necessary for contacting you, namely your name, title, email address, and the nature of your request. Your IP address is also processed for technical reasons and for legal protection (and immediately shortened). All other information is voluntary and optional (e.g., for a more detailed response to your questions). If you contact us by email, we will only process the personal data provided in the email for the purpose of processing your request.

Calendly

On our website, you have the option to book appointments with us. For scheduling appointments, we use the tool "Calendly". The provider is Calendly LLC, 271 17th StNW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter "Calendly").For the purpose of booking an appointment, you enter the requested data and your desired appointment in the provided form. The entered data will be used for planning, conducting, and, if necessary, for follow-up on the appointment.The appointment data will be stored for us on Calendly's servers, whose privacy policy you can view here: [Calendly Privacy Policy] https://calendly.com/de/pages/privacy

The data you enter will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for data storage ceases. Mandatory statutory provisions – especially retention periods – remain unaffected. The legal basis for data processing is Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in making the appointment scheduling as uncomplicated as possible for interested parties and customers. If consent has been requested, Art. 6 (1) lit. a GDPR is the legal basis for data processing; consent can be revoked at any time. The data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here:[Calendly DPA] https://calendly.com/pages/dpa

Google reCAPTCHA

We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our websites. It is also integrated into Calendly by default. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). The purpose of reCAPTCHA is to check whether the data entry on our websites (e.g.,in a contact form) is done by a human or an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g., IP address, time spent on the website, or mouse movements of the user). The data collected during the analysis are forwarded toGoogle. The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place. reCAPTCHA is only loaded after you have agreed to our essential cookies. The data processing is based onArt. 6 (1) lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM. Furtherinformation on Google reCAPTCHA and Google's privacy policy can be found at the following links:https://www.google.com/intl/de/policies/privacy/ und https://www.google.com/recaptcha/intro/android.html.

Automated Individual Decision-Making

We do not use purely automated processing to make decisions.

‍Cookies

Our website uses so-called "cookies" at various points to make our offer more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser (locally on your hard drive). Cookies allow us to analyze the use of our websites by users and to design the content of the website according to the needs of visitors. Cookies also allow us to measure the effectiveness of a specific advertisement and, for example, to place it based on the user's interests. When you visit our website for the first time, a pop-up (Cookiebot) opens from which you can give your consent to the use of categories of cookies that are described below and in the Cookiebot pop-up itself. The following categories of cookies are used on our website:

- Necessary Cookies: These cookies are required for the website to function and cannot be switched off in our systems. These cookies include, for example, those used by Cookiebot to manage cookies subject to your consent. You can set your browser to block or warn you about these cookies, but some parts of the website will not work. These cookies do not store any personally identifiable information.

- Performance cookies: These cookies allow us to count visits and traffic sources so that we can measure and improve the performance of our website. They help us to know which pages are the most and least popular and to see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our website and will not be able to monitor its performance.

- Targeting cookies: These cookies may be set through our website by our advertising partners. They may be used by these companies to build a profile of your interests and show you relevant advertising on other websites. They do not store any directly personal information, but are based on the unique identification of your browser and internet device. If you do not allow these cookies, you will receive less targeted advertising.

Most of the cookies we use are "session cookies", which are automatically deleted after your visit. Persistent cookies are automatically deleted from your computer when their validity period (maximum 14 months) has expired or you delete them yourself before they expire. To revoke your consent to the use of cookies (with the exception of strictly necessary cookies, which are always activated), you can navigate to the footer of the website and deactivate categories of cookies in the cookiebot pop-up via the "Cookies settings" link.  Cookies are stored on the user's computer, which then transmits them to us. As a user, you therefore have full control over the use of cookies. You can change the settings in your Internet browser to deactivate or restrict the sending of cookies. In addition, cookies already stored on your computer can be deleted at any time via an Internet browser or other software programs. All this is possible in all common Internet browsers.  Please note: If you deactivate the setting of cookies on your device, you may not be able to access all functions of our website.

Web Tracking (Article 6 (1) sentence 1 lit. a GDPR)

‍Google Analytics

Based on your consent (Article 6 (1) sentence 1 lit. a GDPR), we use Google Analytics, a web analytics service provided by Google LLC ("Google"). Google uses cookies. The information generated by the cookie about the use of the website by the user is usually transmitted to a Google server in the USA and stored there. Google will use this information on our behalf to evaluate the use of our online offer by the users, to compile reports on the activities within this online offer, and to provide other services related to the use of this online offer and the use of the internet for us. The processed data can be used to create pseudonymized usage profiles of the users. We use Google Analytics only with IP anonymization activated. This means that the IP address of users within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area is shortened by Google. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by the user's browser will not be merged with other data from Google. Users can prevent the storage of cookies by adjusting their browser software settings accordingly; users can also prevent the collection of data generated by the cookie related to their use of the online offer and the processing of this data by Google as described in the "Cookies" section above. For more information about Google's data usage, settings, and opt-out options, please refer to Google's privacy policy and the information for displaying advertising by Google. The personal data of users will be deleted or anonymized after 12 months.

‍LinkedIn Insight Tag

Our website uses the conversion tool "LinkedIn Insight Tag" from LinkedIn Ireland Unlimited Company. This tool creates a cookie in your web browser that enables the collection of data such as IP address, device and browser properties, and page events (e.g., page views). LinkedIn also collects log files (URL, referrer URL, IP address, device and browser properties, and timestamp). IP addresses are shortened or pseudonymized (if used to reach LinkedIn members across devices). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is deleted within 180 days. The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the collected personal data of website visitors on its servers in the USA and use it for its own advertising measures. For more information on LinkedIn's privacy policy, please refer to LinkedIn's privacy notices. The use of LinkedIn Insight is based on Article 6 (1) sentence 1 lit. f GDPR.

Privacy Policy / Privacy Notices in Social Media

myon clinic GmbH maintains presences in "Social Media," specifically on Xing and LinkedIn. As far as we control the processing of your data, we ensure that the applicable data protection regulations are complied with. Below you will find the most important information on data protection law regarding our presences.

Name and Address of the Responsible Parties

Responsible for the company appearances in the sense of the EU General Data Protection Regulation (EU-GDPR) as well as other data protection regulations are, in addition to myon clinic GmbH, LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) and Xing (New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany). However, you use these platforms and their functions on your own responsibility. This applies particularly to the use of interactive functions (e.g., commenting, sharing, rating). We also point out that your data may be processed outside the European Union.

Purpose and Legal Basis

We maintain the social media pages to communicate with the visitors of these pages and to inform them about our offers. We also collect data for statistical purposes to develop and optimize the content and make our offer more attractive. The required data (e.g., total number of page views, page activities, and data provided by visitors, interactions) are processed and made available to us by the social networks. We have no influence on the generation and presentation. Additionally, your personal data is processed by the social media providers for market research and advertising purposes. For example, usage profiles may be created based on your usage behavior and the resulting interests. This allows, among other things, advertisements to be placed within and outside the platforms that correspond to your interests. Cookies are typically stored on your device for this purpose. Regardless, data that is not directly collected on your end devices may also be stored in your usage profiles. The storage and analysis are also carried out across devices, especially if you are registered as a member and logged in to the respective platforms. Beyond that, we do not process any personal data. The processing of your personal data by myon clinic GmbH is based on our legitimate interest in effective information and communication according to Article 6 (1) sentence 1 lit. f GDPR. If you are asked for consent for data processing, i.e., if you declare your consent by confirming a button or similar (opt-in), the legal basis for the processing is Article 6 (1) sentence 1 lit. a, Article 7 GDPR.

Your Rights / Opt-Out Options

If you are a member of a social network and do not want the network to collect data about you via our presence and link it with your stored member data on the respective network, you must log out of the network before visiting our social media page, delete the cookies on your device, and close and restart your browser. After a new login, you will be recognized by the network as a specific user again. For a detailed presentation of the respective processing and the opt-out options, we refer to the linked information below:

-LinkedIn Privacy Policy: https://www.linkedin.com/legal/privacy-policy;

- Opt-Out: https://www.linkedin.com/legal/cookie-policy and http://www.youronlinechoices.com;

In total, you have the following rights regarding the processing of your personal data: Right to information; right to correction; right to deletion; right to restriction of processing; right to object; right to data portability; right to complain about unlawful processing of your personal data to the competent data protection authority. However, since myon.clinic does not have full access to your personal data, you should contact the social media providers directly to assert your rights, as they have access to their users' personal data and can take appropriate measures and provide information. If you still need help, we will try to support you. Please contact privacy@myon.clinic.

Online Offers for Children

Persons under 16 years of age may not transmit personal data to us or submit a consent declaration without the consent of their legal guardians. We encourage parents and guardians to actively participate in their children's online activities and interests.

Links to Other Providers

Our website contains clearly recognizable links to the websites of other companies. Although we provide links to other providers' websites, we have no influence on their content, so we cannot assume any guarantee or liability for them. The respective provider or operator of the pages is always responsible for the content of these pages. The linked pages were checked for possible legal violations and recognizable infringements at the time of linking. Illegal content was not recognizable at the time of linking. Permanent content control of the linked pages is, however, unreasonable without concrete evidence of a violation of the law and will be removed immediately upon knowledge of any infringements.

General Terms and Conditions for Service Providers for Monitoring and Licensing Agreement

myon clinic GmbH supports and connects patients with healthcare providers, complementing analog care with a digital companion. We are pleased that you, as a service provider (healthcare provider), wish to use the services of "myon.clinic."

Please read these General Terms and Conditions (hereinafter also referred to as "GTC" or "Terms of Use") carefully to ensure that you understand every provision, as you accept these Terms of Use by signing the contract for digital patient monitoring. If you do not accept the Terms of Use, you cannot use the offerings of myon.clinic.

I. General

myon clinic GmbH, a company registered with the Munich District Court under registration number HRB 280310, headquartered at Herrenwiesstraße 12, 82031 Grünwald, is the provider of myon.clinic. The term "myon.clinic" refers to the services of myon clinic GmbH defined in these GTC, through which you can interact with your patients and support them during treatment.

II. Remote Treatment

myon clinic GmbH aims to leverage the potential of digital and mobile communication tools optimally for patient care, for the benefit of patients. In various specialties, myon clinic GmbH, along with its partners, develops Care Pathways (definition see Section III), enabling doctors to care for a large number of patients simultaneously, thereby creating added value for both doctor and patient. The use of myon.clinic is an additional offering and does not replace any necessary treatment of the patient.

"myoncare" is a digital health portal and data platform that enables efficient and needs-based patient care. It offers interaction and networking of patients with various actors in the entire healthcare sector through different microservices. With myoncare, you can interact with your patients and support them during treatment. The goal of myoncare is to consolidate all health data of the patient and summarize all medical treatments, medical opinions, and processes in one secure place.

You use the so-called myoncare Portal as part of patient care. The myoncare Portal was developed to digitize medical treatment and improve therapy outcomes. The myoncare Portal allows you to track and monitor the health data of your registered patients using a single digital health platform. With the myoncare Portal, you have access to all data, such as diagnoses, medications, vital data, therapy, and care plans of your registered patients. You must review the information requested from the patient via the myoncare App / PWA (see below) timely and professionally.

Part of the myoncare Portal is a CE-marked medical device of Class IIa according to Regulation (EU) 2017/745 on medical devices. Please note that not all functions of the myoncare Portal are classified as part of the medical device.

myon clinic GmbH also has access to the patient's health-related data through the myoncare Portal. This allows myon clinic GmbH to provide its services within the framework of monitoring (see Section IV).

The Care Pathways of myon.clinic share the characteristic that patients and doctors communicate exclusively through the myoncare App or the myoncare Progressive Web App – hereinafter jointly referred to as "myoncare App / PWA" – provided by ONCARE GmbH, Balanstraße 71, 81541 Munich (hereinafter "Oncare") unless physical meetings are required. myon clinic GmbH is a subsidiary of Oncare. Oncare operates the myoncare App / PWA, which allows access to myoncare Services. The myoncare App / PWA enables registered patients to use functionalities that facilitate efficient and needs-based healthcare and allows doctors and their patients to interact and exchange questions, results, and other information.

Patients must register in the myoncare App / PWA to use the myoncare Services. Once the patient has downloaded the myoncare App, they can register for the app by following the registration process initiated by the app.

The myoncare App / PWA offers the following services:

  • Direct Communication with Your Patients: Doctors and their patients can interact in a technically secure environment to exchange questions, results, care plans (Care Pathways), and all other information that does not require physical meetings. You can communicate with your patients via the myoncare App / PWA. The patient can decide which data to share with you and which access and communication rights to grant you in the myoncare App / PWA. Based on these granted communication and data exchange rights, you can provide your patients with individual information, treatment plans, care plans, etc.
  • Regular Medication Intake Reminders: You can set medication reminders to remind the patient to take previously prescribed medications fully and on time.
  • Health Check-ups via Direct In-App Surveys: You can request specific health parameters (e.g., blood pressure measurements) or pose other tasks and questions to which the patient can respond. This allows you to assess the health status.

If consultation or treatment in the Care Pathway chosen by the patient is no longer medically justifiable, you must inform and contact your patients immediately via the myoncare App / PWA. The Care Pathway always gives you the opportunity to refer patients to another suitable Care Pathway or a consultation or treatment in personal contact outside of myon.clinic. Whether your patients follow your recommendation as a doctor is, of course, up to them, and they have free choice of doctor for consultation or treatment in personal contact outside of myon.clinic.

The myoncare App / PWA should not be used by patients whose central nervous system is affected by a disease or condition that prevents them from using mobile devices unsupervised due to mental or physical impairments. Additionally, myoncare should not be used if another disease or condition leads to mental or physical impairments that prevent patients from using mobile devices unsupervised.

III. Contractual Relationships / Care Pathways

The scope of services provided by myon.clinic to you as a doctor is described in Section IV.

The myoncare Web App is offered by Oncare. To use the myoncare Web App, you must separately confirm the General Terms of Use and acknowledge the Privacy Policy. These are independent of your contractual relationship with myon clinic GmbH. The General Terms of Use of Oncare can be found at Oncare Terms and Conditions and the Privacy Policy for the myoncare Web App can be found at Oncare Privacy Policy. The use of the myoncare Web App is always subject to these terms. No conflicting or differing terms apply. Please note that you must accept these terms before using the myoncare Services for the first time. The registration process cannot be completed without agreeing to the terms.

Before a doctor can use the myoncare Web App, they need a device with an internet connection. The Web App can be opened via an internet browser. After entering the registration data, the license as a doctor is verified by external partners. Then, training is provided by a medical device advisor from Oncare on using the platform. Upon successful completion, access data for the myoncare Web App is sent to the doctors. Doctors can then provide their patients with the registration data (QR code, e.g., in an invitation letter or via the myoncare Portal).

For each chosen Care Pathway, including its remuneration and billing, a separate agreement is required (the "Monitoring and Licensing Agreement"). A Care Pathway is an evidence-based multidisciplinary management tool for a specific patient group with a predictable clinical course, in which the various tasks of patient care are defined, optimized, and sequenced. Care Pathways can range from simple medication application to a comprehensive treatment plan. Care Pathways aim for greater standardization of treatment protocols and sequencing, as well as improved outcomes both from a quality of life and clinical perspective.

You will receive physician information on the respective Care Pathway, which will be made available to you before the activation of the Care Pathway or the assignment of a Care Pathway to a patient. Additionally, your patient will receive patient information before registration.

IV. Services of myon.clinic

When you provide a QR code for a specific Care Pathway to the patient or assign a Care Pathway to your patient, they will (after registration) be in digital health monitoring – hereinafter referred to as "Monitoring" – by you as the service provider. Monitoring in this context refers to the digital accompaniment by myon.clinic and its partners through the collection of health-related data and the reading of activity and vital data from connected wearables via the myoncare Portal.

The contractual services provided by myon.clinic within the scope of the contractual relationship include the following key services:

myon.clinic provides the doctor with the software or the myoncare platform. A corresponding site is created for the doctor and maintained by Oncare. Oncare is the first point of contact for questions and issues related to the use of the platform.

The doctor receives indication-specific information within a Care Pathway. By assigning or providing the QR code of a Pathway to the patient, health-related parameters and vital data are queried within the Care Pathways (after the patient's registration). These data are structured, collected, stored on the myoncare platform, and compiled in a doctor's letter. This doctor's letter needs to be reviewed by the doctor before it can be forwarded to the patient. Depending on the Care Pathways, it is possible to monitor the patient's health status over a certain period. In this context, the doctor is required to review the health data of the patients. Depending on the Pathway, automatic alerts are triggered when medically defined threshold values are exceeded or fallen below. The doctor must respond with appropriate measures and possibly refer the patient to a healthcare facility. In addition to the alerts, automatic triaging of the patient by stored scores is possible, allowing the doctor to make an initial assessment of the patient or assist in decision-making. However, the final decision, e.g., for the patient's therapy choice, lies with the doctor.

The platform also offers the possibility to automatically bill certain positions according to the doctor's fee schedule within a Care Pathway (see V. Costs and Billing).

The services provided by myon.clinic itself are determined by the physician information of the individual Care Pathways and any additional agreements.

myon.clinic answers questions, e.g., regarding the use of the myoncare App / PWA and its contents such as the Care Pathways.

You will not receive specific medical advice or diagnoses from myon.clinic.

myon.clinic does not guarantee any particular outcomes regarding your patients' health in connection with the use of myon.clinic.

myon.clinic cannot handle medical emergencies. In the event of an acute deterioration of your patient's condition, they must contact you or another local doctor.

NEVER use the myoncare App as a substitute for diagnosis or as the sole basis for medical decisions.

V. Costs and Billing

By using myon.clinic, especially through the provision and use of a specific Care Pathway, no costs will initially arise for you, unless otherwise agreed.

The costs are specified in the Monitoring and Licensing Agreement. The billing of positions within the Care Pathway is automatically done via the doctor's fee schedule through a separate provider (as regulated in the Monitoring and Licensing Agreement) or through the provider cooperating with myon.clinic. Proportional costs arise for you for the automatic billing according to the Monitoring and Licensing Agreement.

The statutory health insurance does not cover the services provided within myon.clinic as part of the standard care. Exceptions can be extra-budgetary agreements between healthcare providers and statutory health insurance.

VI. Protection of Your Data

The protection of your privacy and all personal data relating to you during the contractual relationship is of great importance to myon.clinic. We are aware of the responsibility that comes from your trust in providing and storing your personal data. Therefore, our technology systems used for myon.clinic are set up according to the latest state of the art.

Please read our Privacy Policy carefully to understand the purposes and methods by which we collect, process, and protect your personal data.

The information you provide to your patients through the myoncare Web App may be personal data. On the myoncare platform, you have the opportunity to enter your personal data and release it to the patient for providing your medical services within specific Care Pathways. Only then will your patient have access to it.

To ensure the highest quality standards in the Care Pathways and patient care, myon.clinic may conduct statistical evaluations unless you object to this processing.

VII. Who Cannot Use myon.clinic

Contraindication:

myon.clinic patients must be able to use the myoncare App / PWA. Therefore, the myoncare App / PWA should not be used by patients who are unable to use mobile devices unsupervised due to mental or physical impairments.

VIII. How to Register for myon.clinic

1. Registration Process

Before you gain access to the services and content of myon.clinic, you must register on the myoncare homepage. After entering your data, your data will be verified. If the verification is successful, Oncare will create a site on the myoncare platform, and you will receive "prescription pads" with access to the Care Pathways you have chosen for your patients. Additionally, you must participate in training on using the myoncare platform. Once you have successfully completed this, we will send you the access data for your site.

By registering, you confirm that the information provided during registration is truthful, accurate, current, and complete. You are obliged to update your personal data in the event of changes.

2. Responsibility of Doctors

After successful registration and activation of your account, you can access and use myon.clinic content and services.

The use of myon.clinic is at your own risk and expense. In particular, you bear full responsibility for all activities that take place under your account.

No liability is assumed for the consequences of the use of your account by third parties. In particular, you bear full responsibility for all activities under your account resulting from unauthorized access or unauthorized use by a person to whom you have intentionally or negligently granted access.

You are obliged to inform us immediately of any breach of confidentiality of your login credentials or if you have reason to believe that a third party has accessed your account by sending us an email to info@myon.clinic.

IX. Licenses and Rights

The software, codes, methods, systems, all other materials, and the content made available or accessible through the myon.clinic account and all associated goodwill are the exclusive property of myon clinic GmbH or third parties, and regarding the myoncare technology, Oncare, which has granted myon.clinic a license to use it. Therefore, these materials are protected by copyright, neighboring rights, and competition law and may not be reproduced, copied, modified, republished, transmitted, translated, sold, or otherwise made available to third parties, either in whole or in part, without express written permission or legal allowance. Additionally, you are not permitted to take measures to circumvent or attempt to derive the source code from the myoncare App / PWA's provided security or content usage rules.

By activating your account, we grant you the limited, non-exclusive, non-transferable, non-sublicensable right to use the material provided by myon.clinic for your professional purposes based on these Terms of Use and during the contract term with you. You may not transfer your personal account to a third person. You are not permitted to use the logos, trademarks, domain names, or other proprietary rights of myon.clinic.

X. Your Conduct

In case of serious violations of these Terms of Use, we reserve the right to temporarily exclude or permanently revoke access to the myon.clinic content and services without prior notice and to terminate the contract with you immediately. The same applies accordingly to Oncare; details can be found in the Oncare GTCs.

Serious violations include, in particular:

  • Providing false, inaccurate, outdated, or incomplete information during the registration process;
  • Violating property or intellectual property rights (e.g., transmitting, copying, publishing, or selling information contained in the app);
  • Attempting to decipher, remove, disable, damage, bypass, or otherwise impair the security of myon.clinic or the myoncare Web App;
  • Interrupting, destroying, or restricting the proper functionality of myon.clinic or the myoncare Web App;
  • Taking any action that imposes an unreasonable or disproportionately large data load on the infrastructure of myon.clinic or the myoncare App / PWA or its IT systems;
  • Using myon.clinic or the myoncare Web App in a way that leads to disputes, claims, fines, penalties, or other liability for myon clinic GmbH, Oncare GmbH, or other third parties;
  • Creating multiple user accounts in myon.clinic;
  • Acting unlawfully in any other way.

You are solely responsible for all claims, fees, fines, penalties, and other liabilities arising from or related to your violation of these Terms of Use and your use of myon.clinic. The liability of myon clinic GmbH for breaches of duty remains unaffected.

XI. Third-Party Links and Services

The offerings of myon.clinic may also include certain software and/or services from third parties, particularly the myoncare technology of Oncare. In such cases, the use of such software or services is subject to the terms of these third parties, and you should read them carefully before acceptance. This applies in particular to the Terms of Use and Privacy Policy of Oncare for the myoncare App / PWA.

XII. Liability

myon clinic GmbH is not liable for damages or advisory errors arising from the service relationship between you and your patients.

myon clinic GmbH assumes no liability for the accuracy, (medical) precision, or reliability of content provided, shared, or recommended by doctors or other partners and identified as such. You accept that any reliance on such material is at your own risk.

In the event of damage, myon clinic GmbH is liable for intent and gross negligence, including that of its agents, according to the statutory provisions. The same applies to negligently caused damage resulting from injury to life, body, or health.

For negligently caused property and financial damage, myon clinic GmbH and its agents are only liable for the violation of an essential contractual obligation (cardinal obligation). This liability is, however, limited in amount to the foreseeable and typical damage at the time of contract conclusion.

Essential contractual obligations (cardinal obligations) are those whose fulfillment is necessary to achieve the contract's objective and on which the contractual partner regularly relies and may rely.

Liability under the Product Liability Act and other mandatory statutory liability regulations remains unaffected.

Otherwise, any liability of myon clinic GmbH and its agents, as well as legal representatives, is excluded, regardless of the legal grounds. The above liability limitations apply to all contractual and non-contractual claims.

XIII. Availability and Force Majeure

myon.clinic is designed to be available 24 hours a day, 7 days a week, 98.5% of the time. We operate it according to the available technical, economic, operational, and organizational possibilities. However, there may be short-term unavailability of services and content to perform updates or maintenance, but this will be minimized. Additionally, we reserve the right, but are not obliged, to regularly monitor and update settings to meet current standards. We cannot exclude interruptions, disruptions, delays, faulty transmissions, or storage failures in the use of the services (e.g., during the update processes) and do not guarantee, warrant, or assume liability for such interruptions that may limit or prevent availability for a certain period.

We are neither responsible for nor guarantee limitations, restrictions, or interruptions caused by your telecommunications provider, your device, or the provider of your device’s operating system (e.g., restriction of OS version support).

The same applies to any interruptions or restrictions if the myoncare App / PWA is affected by force majeure (e.g., war, natural disasters, strikes, etc.). In such cases, myon clinic GmbH is released from any contractual obligations as long as the force majeure event continues.

XIV. Changes to the Terms of Use

We expressly reserve the right to change or supplement these Terms of Use in the future at our discretion, if necessary to meet legal requirements or adapt to technical developments, or if the change exclusively serves the interests of patients.

Such changes are possible at any time and will be communicated to you in an appropriate manner and within a reasonable timeframe before they take effect (e.g., through revised Terms of Use at login or by prior notice of significant changes).

We will ask you to review and expressly accept or reject the amended Terms of Use. In such cases, the change will take effect upon your acceptance of the revised version. If you do not accept the amended Terms of Use, we will terminate the contract in due time.

XV. Termination

You can terminate your contract with us at any time by withdrawing access rights for myon.clinic on the myoncare platform. Any compensation claims of myon clinic GmbH that have already arisen remain despite your termination.

We can terminate your contract with us at any time with three months' written notice.

Upon termination of your contract with us, you lose all access to myon.clinic. Please note that in such a case, we are technically unable to restore your data.

XVI. Written Form

When the term “written” is used in these Terms of Use, it also includes communication by email or fax.

XVII. Severability Clause

If any provision of these Terms of Use is declared invalid or unenforceable by a competent court, the remaining provisions will remain in full force and effect to the extent permissible by applicable law. In place of the invalid or unenforceable provision or to fill a contractual gap, a valid and enforceable provision that most closely approximates the economic interests of both parties shall apply.

XVIII. Contact

If you have general questions about myon.clinic or specifically about the Terms of Use, please email us at info@myon.clinic

XIX. Choice of Law and Jurisdiction

The applicable law is German law, excluding the principles of conflict of laws and excluding the application of the UN Convention on Contracts for the International Sale of Goods (1980). The place of jurisdiction is Munich, Germany.

Last updated on 12.12.2023.

BEST POSSIBLE PROTECTION OF YOUR DATA IN MYON.CLINIC

We want you to feel secure when using the digital patient monitoring service of myon.clinic. Therefore, protecting your personal data is especially important to us.

We process your personal data in accordance with the applicable legal provisions for the protection of personal data, in particular the EU General Data Protection Regulation (“GDPR”) and the country-specific laws applicable to us. In this privacy policy, you will learn why and how your personal (health) data is processed, which we collect from you or which you provide to us when you decide to use the services and content of myon.clinic. In particular, you will find a description of the personal data we collect and process, as well as the purpose and basis on which we process personal data and the rights you have as a data subject.

Please read the privacy policy carefully to ensure that you understand each provision.

Controller:

myon clinic GmbH

Balanstr. 71a

81541 Munich

Tel.:+49 89 444 51156

Email:sales@myon.clinic

Data Protection Officer of myon clinic GmbH:

Dr. Sebastian Kraska

Marienplatz 2

80331 München

Tel.:+49 89 18917360

E-Mail:privacy@myon.clinic

I. DEFINITIONS

"Digital Patient Monitoring" refers to the digital support provided by myon.clinic and its partners by querying health-related data and reading activity and vital data from connected wearables using the myoncare platform of the manufacturer Oncare GmbH based in Munich. Oncare GmbH is a data processor (subcontractor) within the meaning of the General Data Protection Regulation (GDPR) for myon.clinic. The data is automatically categorized and prioritized using stored scores (specific clinical metrics for assessing medical issues) or analyzed by medical staff (doctors, clinics, medical assistants). Depending on the result, the user receives appropriate content or actions either automatically or from healthcare professionals.

"Service Provider" refers to your doctor, clinic, healthcare facility, or other healthcare professionals who act alone or on behalf of your doctor, clinic, or healthcare facility.

"Partner" includes all service providers and providers within the healthcare sector participating in the services of digital patient monitoring.

"myoncare App" refers to the mobile myoncare application of Oncare GmbH (hereinafter "Oncare") for use by patients.

"myoncare Portal" is the myoncare web portal of Oncare, designed for professional use by portal users and serves as an interface between portal users and app users.

"myoncare PWA App" refers to the myoncare Progressive Web App application for patients who wish to use the services offered by Oncare through the PWA and not through the myoncare app. Some of the myoncare app services cannot be used within the myoncare PWA, details of which can be found in the description below. These include the following services or specifications:

  • Chat with service providers;
  • Video calls;
  • Security PIN codes;
  • Activity data tracking (e.g., using AppleHealth, GoogleFit).

"Telemonitoring Services" include all services linked to digital patient monitoring that myon.clinic and its partners offer in addition to querying health data.

"Caretask" refers to a task assigned to the patient. This can be a questionnaire to evaluate the general or specific health status, a prompt to measure vital parameters, or materials for information, education, and clarification in the form of texts, images, videos, or audio files. These are based on medical guidelines and scientifically evaluated and are approved for use by licensed (specialist) doctors.

"Pathway" refers to the chronological sequence of various caretasks. These are based on clinical guidelines and are developed in collaboration with medical professional groups and (specialist) doctors, and serve to evaluate the individual health status of each patient.

"Case Report" At the end of a defined period or when predefined medical events occur, myon.clinic generates case reports / PDF reports using the myoncare platform. The content of these case reports includes all data resulting from the individual caretasks and entered by the patient into the system. Additionally, recorded vital parameters may also be included in the case reports.

II. RESPONSIBLE ENTITY

myon.clinic GmbH, a company registered at the Munich District Court under registration number 280310, with its registered office at Herrenwiesstr. 12, 82031 Grünwald, Germany, offers digital patient monitoring. For this purpose, myon.clinic develops medical content and care pathways and provides these for digital patient monitoring to service providers on the myoncare platform. Users of the myoncare app and the myoncare portal can be digitally supported by myon.clinic and partners based on these care pathways. myon.clinic also enables the use of the myoncare PWA by the user. This privacy policy applies to all personal data processed by myon.clinic in connection with the use of the myoncare platform.

III. WHAT ARE PERSONAL DATA

"Personal Data" are all information relating to an identified or identifiable natural person. This particularly includes your name, your birthday, your address, your telephone number, your email address, and your IP address.

"Health Data" are personal data related to the physical or mental health of a natural person, including the provision of healthcare services, revealing information about their health status.

WHAT PERSONAL DATA IS USED WHEN USING THE MYONCARE APP

We process the following categories of data as part of your use of myon.clinic content and services:

  • Name,
  • •ddress,
  • Date of birth,
  • Email address,
  • Your IP address.
  • If you have consented to the respective data processing, we also process the following categories of data:
  • Treatment data (e.g., profile information and health data such as symptoms, photos, information on taken medications, answers to questionnaires including disease- or condition-related information, diagnoses and therapies from healthcare professionals, planned and completed tasks);
  • Activity data (e.g., weight, height, steps, calories burned, sleep (in hours), pulse, and blood pressure);
  • Reimbursement data (e.g., occupation, employer, health insurance/cost bearer, general practitioner/referring doctor, diagnosis, indications, treatment, treatment period, other data possibly required for reimbursement (especially data according to §291a Abs. 2 SGB V)).

IV. WE PROCESS THIS PERSONAL DATA FOR THE FOLLOWING PURPOSES:

Operational Purposes:

The personal data you provide during registration in the myoncare app/PWA is processed for the purpose of contacting you about issues with the myoncare app/PWA or for other interactions with us to use the myoncare app/PWA.

Justification for Processing: The processing of operational data is justified based on Art. 6 para. 1 lit. b GDPR for fulfilling the contract you enter into with myon.clinic to use the myoncare app/PWA.

To Digitally Support Your Treatment:

We process your treatment data to provide you with our myon.clinic services, such as the care pathways. Care pathways enable doctors to support a large number of patients in parallel while complying with their professional duties, creating added value for both the doctor and the patient. A care pathway is an evidence-based, multidisciplinary management tool for a specific patient group with a predictable clinical course, defining, optimizing, and sequencing various patient care tasks. Care pathways can range from simple medication administration to a comprehensive treatment plan. Care pathways aim for greater standardization of treatment protocols and sequencing, as well as improved outcomes both from a quality of life and clinical perspective.

Your health data entered into the myoncare app/PWA is used by your service provider and/or myon.clinic to provide advice and support.

We process such personal data, including your health data, to provide the myon.clinic services as well as under an agreement and in accordance with the instructions of your service provider (doctors, clinics, healthcare facilities, or other healthcare professionals).

Justification for Processing: The legal basis for data processing is your consent according to Art. 6 para. 1 lit. a and 9 para. 2 lit. a GDPR.

To Support Your Treatment Indication-Specifically:

You have the option to connect the myoncare applications with certain health applications (e.g., AppleHealth, GoogleFit) ("health application"), which you use. For this, you must enter into the appropriate usage and data processing agreements with the providers of the health application, such as GoogleFit or AppleHealth, which myon.clinic has no influence over. These data, such as weight, height, steps, calories burned, sleep (in hours), pulse, and blood pressure ("activity data"), are transferred to your connected service providers as portal users, if configured accordingly. To enable activity data processing, your consent will be obtained in advance. If the connection is established after you have given your consent, activity data collected by the health application will be made available to your service provider or myon.clinic.

You can revoke your consent to share activity data in the settings of the myoncare application at any time. Please note that from that point on, your activity data will no longer be shared with myon.clinic or your doctor. As far as myon.clinic is required by legal retention obligations or other regulatory requirements to continue storing your activity data, already shared activity data will not be deleted from the myoncare portal of your connected service providers or myon.clinic.

Justification for Processing: Your consent according to Art. 6 para. 1 lit. a and 9 para. 2 lit. a GDPR.

For Billing Purposes:

The myoncare app/PWA assists in initiating standard procedures for cost reimbursement. To enable the reimbursement process, the myoncare app/PWA supports the collection of your personal (health) data by your service provider or by myon.clinic for transmission of this data to your cost bearer, where applicable. This data processing is merely an initial data transmission to obtain reimbursement from your cost bearer. The nature and amount of personal data processed do not differ from other reimbursement routines of a service provider.

Your service provider or myon.clinic transmits your data required for reimbursement to your cost bearer, and the cost bearer processes the reimbursement data to enable reimbursement to your service provider or myon.clinic.

Justification for Processing: The processing of reimbursement data is based on your consent according to Art. 6 para. 1 lit. a and 9 para. 2 lit. a GDPR and §§ 295 and 301 SGB V.

For Creating Digital Patient Records and Digital Reports to Doctors:

We use your contact, treatment, activity, and reimbursement data to create patient records and reports for the duration of participation in digital patient monitoring.

Justification for Processing: The processing of personal data is justified based on Art. 6 para. 1 lit. b GDPR for fulfilling the contract you enter into with myon.clinic to use the myoncare app/PWA. As far as the creation of digital patient records and digital reports involves special categories of personal data, the data processing is based on your consent according to Art. 6 para. 1 lit. a and 9 para. 2 lit. a GDPR.

For Quality Control Purposes:

We process and evaluate pseudonymized data for quality control, performance measurement, and scientific purposes.

Justification for Processing: The processing of personal data is required based on Art. 6 para. 1 lit. c GDPR to fulfill legal obligations to which myon.clinic is subject. Such obligations may arise, for example, from Art. 10 para. 9 of the Medical Device Regulation (MDR) or other regulatory requirements.

For Patient Categorization and Prioritization (Triage):

Automatic triage serves to categorize and prioritize patients. This occurs, for example, during a self-assessment to assess the severity of the illness or during the onboarding process for an initial assessment of the medical condition and assignment to the appropriate medical care facility. It is also used to provide patients with appropriate content afterward. The decision on which categorization and prioritization to apply often depends on standardized and validated scores (specific clinical metrics for assessing medical issues) calculated from the patient's responses to questionnaires. Additionally, experienced medical knowledge forms the basis for such decisions.

Justification for Processing: Your consent according to Art. 6 para. 1 lit. a and 9 para. 2 lit. a GDPR.

V. PROCESSING METHODS, PLACE OF DATA PROCESSING

To ensure compliance with GDPR, myon.clinic and its partners have taken appropriate technical and organizational measures. These measures ensure the confidentiality, integrity, availability, and resilience of systems and services related to data processing. They also ensure that personal data can be quickly restored in case of a physical or technical incident. Data processing is conducted using computers or IT-based systems following an organizational procedure and mode strictly aimed at the stated purposes.

The processing of your personal data takes place exclusively in a member state of the European Union or in another contracting state of the Agreement on the European Economic Area. Any transfer of your personal data to a third country may only take place if the special requirements of Art. 44 ff. GDPR are met.

VI. DATA DISCLOSURE

We will only disclose your personal data to third parties within the framework of legal provisions or based on your consent. In all other cases, the information will not be disclosed to third parties unless we are required to do so by mandatory legal provisions (disclosure to external entities, including supervisory or law enforcement authorities).

In certain cases, service providers assist myon.clinic in fulfilling its tasks. With all service providers who are data processors for personal data, the necessary data processing agreements according to Art. 28 GDPR have been concluded.

These service providers are:

  • Oncare GmbH as the manufacturer of the myoncare technology including the myoncare app;
  • Billing service providers

VII. LEGAL ACTIONS

In the event of misuse, the user's personal data may be used for legal purposes in court proceedings or for claims. Participants are also aware that myon.clinic and its partners may be required by authorities to disclose personal data.

VIII. DATA DELETION, BLOCKING, AND STORAGE

myon.clinic and its partners adhere to the principles of data minimization and data economy. Therefore, myon.clinic only stores personal data for as long as necessary to provide services and achieve the stated purposes or to comply with legal retention periods. Legal maximum or minimum storage periods are considered within this framework. Please note that numerous retention periods require the further storage of personal data. This particularly applies to commercial or tax law retention obligations (e.g., Commercial Code, Tax Code, etc.). Additionally, your service provider must ensure the retention of your medical records (depending on the type of documents between 1 and 30 years).

IX. DATA SUBJECT RIGHTS

We want to inform you about your rights as a data subject. These rights particularly include:

  • Right to information (Art. 15 GDPR): You have the right to receive a copy of the personal data we have stored about you;
  • Right to rectification (Art. 16 EU GDPR): You can request that we update or correct inaccurate personal data or complete incomplete personal data;
  • Right to erasure / Right to be forgotten (Art. 17 GDPR): You can request the immediate deletion of your personal data collected and processed by us.
  • Right to restrict data processing (Art. 18 GDPR): You can request that we "restrict" the use of your data so that we can only continue to use your data with restrictions;
  • Right to data portability (Art. 20 GDPR): In general, you can request that we provide you with personal data you have provided to us and which are processed based on your consent or for the performance of a contract with you in a machine-readable format so that they can be "ported" to a replacement service provider;
  • Right to object to data processing (Art. 21 GDPR): You have the right to object to the processing of your personal data at any time, which is based on Article 6 para. 1 lit. e or lit. f GDPR. In this case, the controller will no longer process the personal data unless they can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms as the data subject, or the processing serves to establish, exercise, or defend legal claims.
  • If you have given consent to process your personal data, you can revoke it at any time with effect for the future.
  • Right to lodge a complaint (Art. 77 GDPR): Additionally, you have the option to lodge a complaint with a data protection supervisory authority.

AGE RESTRICTION FOR MYONCLINIC SERVICES

A minimum age of 18 years is required to use the services and content of myon.clinic. If you are under 18 years old, your legal guardian must provide the necessary consent to data protection.

X. CHANGES TO THE PRIVACY POLICY

We expressly reserve the right to change this privacy policy at our discretion in the future. Changes or additions may be necessary, for example, to comply with legal requirements, adapt to technical and economic developments, or to meet the interests of myon.clinic users.

Privacy Policy of

myon clinic GmbH

Status: June 2024

© 2024 myon clinic GmbH – all rights reserved.
myon.clinic & myoncare are not available for sale or distribution in all markets. Please contact info@myon.clinic for information about your market. myon.clinic & myoncare are not intended for use in medical emergencies. myon.clinic & myoncare may not be used by patients under the age of 18. As a service provider, we assume no liability for the monitoring of transmitted or stored third-party information or the consequences thereof.