Welcome to our website and thank you for your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with the applicable legal provisions for the protection of personal data, especially the EU General Data Protection Regulation (GDPR) and the country-specific laws applicable to us. With this privacy notice, we inform you comprehensively about the processing of your personal data by myon clinic GmbH (hereinafter referred to as "myon.clinic") when you use our website and about your rights.
Personal data includes all information that enables the identification of a natural person. This includes, in particular, your name, date of birth, address, phone number, email address, and IP address. Data is considered anonymous if no personal reference to the user can be established.
Mailing Address:
Balanstr. 71a
81541 Munich
Dr. Sebastian Kraska
Marienplatz 2
80331 München
Tel.: +49 89 18917360
E-Mail: email@iitr.de
Firstly, we would like to inform you about your rights as a data subject. These rights are set out in Articles 15 – 22 GDPR and include:
– The right of access (Art. 15 GDPR)
– The right to rectification (Art. 16 GDPR)
– The right to erasure / right to be forgotten (Art. 17 GDPR)
– The right to restriction of data processing (Art. 18 GDPR)
– The right to data portability (Art. 20 GDPR)
– The right to object to data processing (Art. 21 GDPR)
To exercise these rights, please contact: privacy@myon.clinic. The same applies if you have questions about data processing in our company or if you wish to withdraw your consent. You also have the right to lodge a complaint with the competent data protection supervisory authority.
To exercise these rights, please contact: privacy@myon.clinic. The same applies if you have questions about data processing in our company or if you wish to withdraw your consent. You also have the right to lodge a complaint with the competent data protection supervisory authority.
Please note the following in relation to your right to object: If we process your personal data for direct marketing purposes, you have the right to object to this processing at any time without stating reasons. This also applies to profiling, insofar as it is related to direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection is free of charge and can be made informally to the following address: privacy@myon.clinic. If we process your data to protect legitimate interests, you can object to this processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. We will then cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or the processing is for the assertion, exercise, or defense of legal claims.
The processing of your personal data is carried out in accordance with the provisions of the GDPR and all other applicable data protection regulations. The legal bases for data processing arise, in particular, from Art. 6 GDPR. We use your data for business initiation, to fulfill contractual and legal obligations, to carry out the contractual relationship, to offer products and services, and to strengthen customer relationships, including marketing and direct marketing. Your consent also constitutes a permission to data processing under the Data Protection Act. In this context, we will inform you about the purpose of the data processing and your right to withdraw consent. If consent also covers the processing of special categories of personal data, we will expressly point this out to you within the consent process. Processing of special categories of personal data within the meaning of Art. 9 (1) GDPR may only occur if it is required by legal provisions and there is no reason to assume that your legitimate interests outweigh the processing or you have given your consent to the processing of these data pursuant to Art. 9 (2) GDPR.
We will only pass on your data within the scope of the legal provisions or based on your consent to third parties. In all other cases, no data will be disclosed to third parties unless we are obliged to do so due to mandatory legal provisions (disclosure to external bodies including supervisory authorities or law enforcement authorities).
Within our organization, we ensure that only those persons who need the relevant data to fulfill their contractual and legal obligations are authorized to handle personal data. In many cases, service providers support our specialist departments in fulfilling their tasks. The necessary data protection contracts have been concluded with all service providers.
Data is only transferred to third countries (outside the European Union or the European Economic Area) if this is required by law or if you have given us your consent. We transfer your personal data as follows to service providers or group companies outside the European Economic Area: United States of America. In such cases, the required level of data protection is ensured by EU standard contractual clauses and the binding corporate data protection rules of the service provider according to the established data protection contracts. Google services may transfer data to countries outside the EU/EEA (third country data transfer) as part of processing for the aforementioned purposes, e.g., to the USA. Countries outside the European Economic Area may not provide a data protection level comparable to European standards. Such countries, for which the Commission has not expressly established that they offer an adequate level of data protection, are referred to as "unsafe third countries". There is therefore an increased risk that government authorities may access this data. We have no influence on these processing activities.
We store your data as long as it is necessary for the respective processing. Please note that numerous retention periods require the storage of data for a specific period. This particularly concerns retention obligations under commercial or tax law (e.g., Commercial Code, Tax Code, etc.). The data will be routinely deleted after use unless it is necessary for further retention. We may also store data if you have given us your consent or in case of legal disputes and we use the evidence within the statutory limitation period which can be up to 30 years; the regular limitation period is 3 years.
We use appropriate technical and organizational security measures to optimally protect the data stored with us against accidental or intentional manipulation, loss, destruction, or unauthorized access by third parties. The security levels are continuously reviewed in collaboration with security experts and adapted to new security standards. Data exchange to and from our website is encrypted. We provide https as the transmission protocol for our website and always use current encryption protocols. If you use the contact form on our website to get in touch with us, the contents will be transmitted via https to a secure server from Site Ground where the data of the form is stored in an encrypted database. Site Ground employees do not have direct access to this data. It is also possible to use alternative communication channels.
For the establishment, execution, and termination of obligations and the fulfillment of the associated contractual and legal obligations, a range of personal data is required. The same applies to the use of our website and the various functions we offer. We have summarized the relevant details above. In some cases, legal provisions require data to be collected or made available. Please note that it will not be possible to process your request or fulfill the underlying contractual obligation without this information.
The data we process are defined by the respective context: They depend on whether you enter a request in our contact form, send us an application, or submit a complaint. Please note that we may also provide specific information at certain points for specific processing situations, such as when downloading our flyer or submitting a contact request.
When you visit our website, we collect and process the following data:
– Your IP address, which is immediately shortened by removing the last two digits
– The URL and title of the page you are viewing
– The browser you are using (name)
– Viewport or viewing area (the size of the browser window)
– Your screen resolution
– Whether Java is enabled or not
– The language enabled in your browser
For technical security reasons (particularly to protect against attacks on our web server), these data are stored in accordance with § 6 (1) S. 1 lit. f GDPR. Anonymization is carried out immediately by shortening the IP address so that no reference to the user can be established.
The provider is Webflow Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter Webflow). When you visit our website, Webflow collects various log files including your IP addresses. Webflow is a tool for creating and hosting websites. Webflow stores cookies or other recognition technologies necessary for the display of the site, to provide certain website functionalities, and to ensure security (necessary cookies). For details, please refer to the Webflow Privacy Policy: [Webflow Privacy Policy](https://webflow.com/legal/eu-privacy-policy).
The use of Webflow is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in the most reliable representation of our website. If appropriate consent has been requested, processing is based exclusively on Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time. The data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: [Webflow Privacy Policy] (https://webflow.com/legal/eu-privacy-policy)
We use Sendgrid for sending emails. The provider is Sendgrid Inc., located at 1801 CaliforniaStreet, Suite 500, Denver, CO 80202, USA. Sendgrid is a service that can organize the sending of emails. Sendgrid is used to send confirmation emails, transaction confirmations, and emails with important information related to inquiries. The data you enter for the purpose of receiving emails will be stored on Sendgrid's servers. When we send emails on your behalf via SendGrid, we use an SSL-secured connection. For all services requiring email communication, communication is received directly by SendGrid and then forwarded to our servers. For analytical purposes, the emails sent via SendGrid contain a so-called "tracking pixel" that connects to Sendgrid's servers when the email is opened. This allows us to determine whether an email message has been opened. Legal basis: Data processing is based on your consent(Art. 6 (1) lit. a GDPR). You can revoke this consent at any time. The lawfulness of the data processing operations already carried out remainsunaffected by the revocation. Storage duration: The data you provide to us forthe purpose of receiving emails will be stored by us until you unsubscribe fromthe services and will be deleted from our servers as well as from the servers of Sendgrid after you unsubscribe. Please note that your data will usually betransmitted to a SendGrid server in the USA and stored there. We have concluded a contract with Sendgrid that contains the EU standard contractual clauses.This ensures a level of protection comparable to that in the EU. SendGrid(Privacy Policy): [SendGrid Privacy Policy](https://sendgrid.com/resource/general-data-protection-regulation-2/
We use Google Fonts from Google Inc. on our website. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible. We have integrated the Google fonts locally on our web server – not on Google's servers. This means there is no connection to Google servers and therefore no data transmission or storage. This is an interactive directory with over 800 fonts provided by Google for free. However, to prevent any data transmission to Google servers, we have downloaded the fonts to our server. This way, we act in compliance with data protection regulations and do not send any data to Google Fonts.
We use the consent management service Cookiebot from Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (Usercentrics). This allows us to obtain and manage the consent of website users for data processing. The processing is necessary to fulfill a legal obligation (Art. 7 (1) GDPR) to which we are subject (Art. 6 (1) S. 1 lit. c GDPR). The following data are processed with the help of cookies:
- Your IP address (the last three digits are set to '0')
- Date and time of consent
- Browser information
- URL from which the consent was sent
- An anonymous, random, and encrypted key
- Your end-user consent status as proof of consent
The key and consent status are stored in the browser for 12 months using the cookie "CookieConsent". This keeps your cookie preference for subsequent page requests. The functionality of the website is not guaranteed without the processing. If you activate the "Bulk Consent" service feature to activate consent for multiple websites with a single end-user consent, the service will also store a separate random unique ID with your consent. If all the following criteria are met, this key is stored in the third-party cookie "CookieConsentBulkTicket" in your browser in encrypted form:
- You activate the bulk consent function in the service configuration.
- You allow third-party cookies via browser settings.
- You have disabled "Do Not Track" via browser settings.
- You accept all or at least certain types of cookies when giving consent.
Usercentrics is the recipient of your personal data and acts as a processor on our behalf. The processing takes place in the European Union. For more information on Usercentrics' objection and removal options, please visit: [Cookiebot Privacy Policy](https://www.cookiebot.com/de/privacy-policy/).
Your personal data will be continuously deleted after 12 months or immediately after the termination of the contract between us and Usercentrics. Please refer to our general instructions on the deletion and deactivation of cookies above.
On our website, you have access to a contact form that you can use to get in touch with us electronically. If you write to us via the contact form, we process the data you provide in the contact form to answer your questions and requests. We respect the principle of data minimization and data avoidance, so you only need to provide the information necessary for contacting you, namely your name, title, email address, and the nature of your request. Your IP address is also processed for technical reasons and for legal protection (and immediately shortened). All other information is voluntary and optional (e.g., for a more detailed response to your questions). If you contact us by email, we will only process the personal data provided in the email for the purpose of processing your request.
On our website, you have the option to book appointments with us. For scheduling appointments, we use the tool "Calendly". The provider is Calendly LLC, 271 17th StNW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter "Calendly").For the purpose of booking an appointment, you enter the requested data and your desired appointment in the provided form. The entered data will be used for planning, conducting, and, if necessary, for follow-up on the appointment.The appointment data will be stored for us on Calendly's servers, whose privacy policy you can view here: [Calendly Privacy Policy] https://calendly.com/de/pages/privacy
The data you enter will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for data storage ceases. Mandatory statutory provisions – especially retention periods – remain unaffected. The legal basis for data processing is Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in making the appointment scheduling as uncomplicated as possible for interested parties and customers. If consent has been requested, Art. 6 (1) lit. a GDPR is the legal basis for data processing; consent can be revoked at any time. The data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here:[Calendly DPA] https://calendly.com/pages/dpa
We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our websites. It is also integrated into Calendly by default. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). The purpose of reCAPTCHA is to check whether the data entry on our websites (e.g.,in a contact form) is done by a human or an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g., IP address, time spent on the website, or mouse movements of the user). The data collected during the analysis are forwarded toGoogle. The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place. reCAPTCHA is only loaded after you have agreed to our essential cookies. The data processing is based onArt. 6 (1) lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM. Furtherinformation on Google reCAPTCHA and Google's privacy policy can be found at the following links:https://www.google.com/intl/de/policies/privacy/ und https://www.google.com/recaptcha/intro/android.html.
We do not use purely automated processing to make decisions.
Our website uses so-called "cookies" at various points to make our offer more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser (locally on your hard drive). Cookies allow us to analyze the use of our websites by users and to design the content of the website according to the needs of visitors. Cookies also allow us to measure the effectiveness of a specific advertisement and, for example, to place it based on the user's interests. When you visit our website for the first time, a pop-up (Cookiebot) opens from which you can give your consent to the use of categories of cookies that are described below and in the Cookiebot pop-up itself. The following categories of cookies are used on our website:
- Necessary Cookies: These cookies are required for the website to function and cannot be switched off in our systems. These cookies include, for example, those used by Cookiebot to manage cookies subject to your consent. You can set your browser to block or warn you about these cookies, but some parts of the website will not work. These cookies do not store any personally identifiable information.
- Performance cookies: These cookies allow us to count visits and traffic sources so that we can measure and improve the performance of our website. They help us to know which pages are the most and least popular and to see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our website and will not be able to monitor its performance.
- Targeting cookies: These cookies may be set through our website by our advertising partners. They may be used by these companies to build a profile of your interests and show you relevant advertising on other websites. They do not store any directly personal information, but are based on the unique identification of your browser and internet device. If you do not allow these cookies, you will receive less targeted advertising.
Most of the cookies we use are "session cookies", which are automatically deleted after your visit. Persistent cookies are automatically deleted from your computer when their validity period (maximum 14 months) has expired or you delete them yourself before they expire. To revoke your consent to the use of cookies (with the exception of strictly necessary cookies, which are always activated), you can navigate to the footer of the website and deactivate categories of cookies in the cookiebot pop-up via the "Cookies settings" link. Cookies are stored on the user's computer, which then transmits them to us. As a user, you therefore have full control over the use of cookies. You can change the settings in your Internet browser to deactivate or restrict the sending of cookies. In addition, cookies already stored on your computer can be deleted at any time via an Internet browser or other software programs. All this is possible in all common Internet browsers. Please note: If you deactivate the setting of cookies on your device, you may not be able to access all functions of our website.
Based on your consent (Article 6 (1) sentence 1 lit. a GDPR), we use Google Analytics, a web analytics service provided by Google LLC ("Google"). Google uses cookies. The information generated by the cookie about the use of the website by the user is usually transmitted to a Google server in the USA and stored there. Google will use this information on our behalf to evaluate the use of our online offer by the users, to compile reports on the activities within this online offer, and to provide other services related to the use of this online offer and the use of the internet for us. The processed data can be used to create pseudonymized usage profiles of the users. We use Google Analytics only with IP anonymization activated. This means that the IP address of users within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area is shortened by Google. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by the user's browser will not be merged with other data from Google. Users can prevent the storage of cookies by adjusting their browser software settings accordingly; users can also prevent the collection of data generated by the cookie related to their use of the online offer and the processing of this data by Google as described in the "Cookies" section above. For more information about Google's data usage, settings, and opt-out options, please refer to Google's privacy policy and the information for displaying advertising by Google. The personal data of users will be deleted or anonymized after 12 months.
Our website uses the conversion tool "LinkedIn Insight Tag" from LinkedIn Ireland Unlimited Company. This tool creates a cookie in your web browser that enables the collection of data such as IP address, device and browser properties, and page events (e.g., page views). LinkedIn also collects log files (URL, referrer URL, IP address, device and browser properties, and timestamp). IP addresses are shortened or pseudonymized (if used to reach LinkedIn members across devices). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is deleted within 180 days. The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the collected personal data of website visitors on its servers in the USA and use it for its own advertising measures. For more information on LinkedIn's privacy policy, please refer to LinkedIn's privacy notices. The use of LinkedIn Insight is based on Article 6 (1) sentence 1 lit. f GDPR.
myon clinic GmbH maintains presences in "Social Media," specifically on Xing and LinkedIn. As far as we control the processing of your data, we ensure that the applicable data protection regulations are complied with. Below you will find the most important information on data protection law regarding our presences.
Responsible for the company appearances in the sense of the EU General Data Protection Regulation (EU-GDPR) as well as other data protection regulations are, in addition to myon clinic GmbH, LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) and Xing (New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany). However, you use these platforms and their functions on your own responsibility. This applies particularly to the use of interactive functions (e.g., commenting, sharing, rating). We also point out that your data may be processed outside the European Union.
We maintain the social media pages to communicate with the visitors of these pages and to inform them about our offers. We also collect data for statistical purposes to develop and optimize the content and make our offer more attractive. The required data (e.g., total number of page views, page activities, and data provided by visitors, interactions) are processed and made available to us by the social networks. We have no influence on the generation and presentation. Additionally, your personal data is processed by the social media providers for market research and advertising purposes. For example, usage profiles may be created based on your usage behavior and the resulting interests. This allows, among other things, advertisements to be placed within and outside the platforms that correspond to your interests. Cookies are typically stored on your device for this purpose. Regardless, data that is not directly collected on your end devices may also be stored in your usage profiles. The storage and analysis are also carried out across devices, especially if you are registered as a member and logged in to the respective platforms. Beyond that, we do not process any personal data. The processing of your personal data by myon clinic GmbH is based on our legitimate interest in effective information and communication according to Article 6 (1) sentence 1 lit. f GDPR. If you are asked for consent for data processing, i.e., if you declare your consent by confirming a button or similar (opt-in), the legal basis for the processing is Article 6 (1) sentence 1 lit. a, Article 7 GDPR.
If you are a member of a social network and do not want the network to collect data about you via our presence and link it with your stored member data on the respective network, you must log out of the network before visiting our social media page, delete the cookies on your device, and close and restart your browser. After a new login, you will be recognized by the network as a specific user again. For a detailed presentation of the respective processing and the opt-out options, we refer to the linked information below:
-LinkedIn Privacy Policy: https://www.linkedin.com/legal/privacy-policy;
- Opt-Out: https://www.linkedin.com/legal/cookie-policy and http://www.youronlinechoices.com;
In total, you have the following rights regarding the processing of your personal data: Right to information; right to correction; right to deletion; right to restriction of processing; right to object; right to data portability; right to complain about unlawful processing of your personal data to the competent data protection authority. However, since myon.clinic does not have full access to your personal data, you should contact the social media providers directly to assert your rights, as they have access to their users' personal data and can take appropriate measures and provide information. If you still need help, we will try to support you. Please contact privacy@myon.clinic.
Persons under 16 years of age may not transmit personal data to us or submit a consent declaration without the consent of their legal guardians. We encourage parents and guardians to actively participate in their children's online activities and interests.
Our website contains clearly recognizable links to the websites of other companies. Although we provide links to other providers' websites, we have no influence on their content, so we cannot assume any guarantee or liability for them. The respective provider or operator of the pages is always responsible for the content of these pages. The linked pages were checked for possible legal violations and recognizable infringements at the time of linking. Illegal content was not recognizable at the time of linking. Permanent content control of the linked pages is, however, unreasonable without concrete evidence of a violation of the law and will be removed immediately upon knowledge of any infringements.
We want you to feel safe when participating in digital patient monitoring within myon.clinic GmbH (hereinafter referred to as "myon.clinic"). That is why the protection of your personal data is particularly important to us.
We process your personal data in accordance with the applicable legal provisions on the protection of personal data, in particular the EU General Data Protection Regulation (GDPR) and the country-specific data protection laws that apply to us. In this privacy policy, you will learn why and how your personal data that we collect from you or that you provide to us when you decide to use the myon.clinic services and content are processed. In particular, you will find a description of the personal data that we collect and process, as well as the purpose and legal basis on which we process the personal data and the rights you have in relation to the processing of your personal data by us.
We at myon.clinic and our partners take the protection of your personal data very seriously. All personal data that you transmit to us or make available to us will be treated by us as strictly confidential and processed exclusively for a specific purpose in compliance with the statutory data protection regulations.
Please read the Privacy Policy below carefully to ensure that you understand each provision.
Please note that in order to use the telemonitoring services and digital patient monitoring, you must also conclude a separate contract for the use of the myoncare portal with Oncare GmbH, which manufactures the myoncare portal. With regard to the processing of your personal data in the context of the use of the myoncare portal, we refer to the privacy policy of Oncare GmbH. You can view them under the following link: https://www.myoncare.com/de/privacy-policy/.
As a service provider, you may be a controller within the meaning of Art. 4 No. 7 GDPR when using digital patient monitoring for certain processing operations that affect personal data of your patients. In this case, you would be obliged, among other things, to inform your patients about the patient and treatment data you collect and, if necessary, to obtain the consent of your patients for certain data processing.
In case of questions of interpretation or disputes, only the German version of the Privacy Policy shall be binding and authoritative.
"Personal data" means any information relating to an identified or identifiable natural person. In particular, this includes your name, birthday, address, telephone number, email address and IP address.
"Health data" means personal data relating to the physical or mental health of a natural person, including the provision of healthcare services, which reveals information about his or her state of health.
"Anonymization/pseudonymization" data is considered "anonymous" if no personal connection to the person/user can be established. In contrast, "pseudonymized" data is data from which a personal reference or personally identifiable information is replaced by one or more identifiers or pseudonyms, but which can generally be re-identified by the identifier key.
"Digital patient monitoring" refers to the digital support of myon.clinic and its partners by querying health-relevant data and reading activity and vital data from connected wearables by means of the myoncare platform of the manufacturer Oncare GmbH (hereinafter referred to as "Oncare"). Oncare is a processor (subcontractor) within the meaning of the General data Protection Regulation (GDPR) of myon.clinic. The data is automatically categorized and prioritized with the help of stored scores (specific clinical measures for assessing medical issues) or analyzed by you (healthcare professionals). Depending on the result, the user automatically or through you (health professionals) receives needs-based content or measures.
"Healthcare provider" means you as a physician, clinic, healthcare facility or other healthcare professional acting alone or on behalf of you, the clinic or healthcare facility.
"Partner" includes all healthcare and service providers within the healthcare sector who participate in the monitoring services.
"myoncare Portal" is Oncare's myoncare web portal, which is intended for professional use by portal users and serves as an interface between portal users and app users.
"myoncare PWA" is a website that looks and has the functionality of a mobile app. PWAs (progressive web applications) are built in such a way that they take advantage of the native functions of mobile devices without the user needing an app store. The goal of PWAs is to combine the difference between apps and the traditional web by bringing the benefits of native mobile apps into the browser. The PWA is based on the technology of "React Native for Web". "React Native for Web" is an open-source software for progressive web app applications. To use the myoncare PWA, patients need a computer or smartphone and an active internet connection. There is no need to download an app. Some of the myoncare app services cannot be used within the myoncare PWA.
"Telemonitoring Services" include all services linked to digital patient monitoring that myon.clinic and its partners offer within the monitoring system in addition to the retrieval of health data.
myon.clinic GmbH
Balanstr. 71a
81541 Munich
Data Protection Officer of myon.clinic GmbH
Dr. Sebastian Kraska
E-Mail: privacy@myon.clinic
Within the framework of myon.clinic, we process the following categories of personal data from you:
We process this personal data for the following purposes:
Functional purposes:
If you are a contact person operating the portal at your location/practice (e.g. IT administrator, appointed healthcare professional), you may provide us with certain personal data when you contact us to understand or discuss the features and use of the portal.
In the event of a service request, the following personal data can also be viewed by authorized myon.clinic employees:
Your personal data that you have provided to us for registration and/or login to our portal (e.g. name, date of birth, profile picture, contact details).
Authorized myon.clinic employees who may access your database for the purpose of processing a service request are contractually obligated to treat all personal data in the strictest confidence.
When processing operational data, myon.clinic acts as a data controller responsible for the lawful processing of your personal data.
We use the operational data to maintain the functionalities of the myoncare portal and to contact you directly if necessary or on your initiative (e.g. in the event of changes to terms of use, necessary support, technical problems, etc.). Furthermore, personal data (e-mail address) is processed within the framework of two-factor authentication every time you log in to the myoncare portal.
Justification of processing for operational purposes: The processing of operational data is justified on the basis of Art. 6 (1) (b) GDPR for the performance of the contract that you conclude with myon.clinic for the use of digital patient monitoring.
Purposes of reimbursement:
– Only applicable if you use myoncare tools for reimbursement –
The myoncare portal supports you in initiating your standard procedures for reimbursement of your healthcare services that are used by your patients via the myoncare app. To enable the reimbursement process, the myoncare portal supports the collection of your patients' personal (health) data from the myoncare portal in order to facilitate the transmission of this data to the patient's cost unit as part of the standard reimbursement processes (either your Association of Statutory Health Insurance Physicians and/or the patient's health insurance company).
For the purposes of reimbursement, we process the following types of personal data: patient's name, diagnosis, indications, treatment, treatment period, other data necessary for the management of reimbursement, such as: Your contact details, your lifelong doctor number (LANR) and your permanent establishment number (BSNR).
Processing of reimbursement data: myon.clinic, as the data controller, transmits the treatment data of your patient required for reimbursement to the cost unit (either your Association of Statutory Health Insurance Physicians and/or the patient's health insurance company), and the cost unit processes the reimbursement data in order to enable us to reimburse the patient.
Justification of the processing of the cost reimbursement data: The processing of the cost reimbursement data for billing with the cost unitis carried out on the basis of §§ 295, 301 SGB V.
Creation of the doctor's letter: In addition to patient data, your personal data is also collected and stored in a structured manner on the myoncare platform and compiled in a doctor's letter for the creation of a doctor's letter. This doctor's letter requires a review by the doctor before it can be forwarded to the patient. For the preparation of the doctor's letter, the following personal data described above will be processed:
Justification of data processing for the preparation of the doctor's letter: The data processing for the preparation of the doctor's letter is justified on the basis of Art. 6 (1) (b) GDPR for the performance of the contract that you conclude with myon.clinic for the use of digital patient monitoring.
Your personal data will also be processed in countries outside the European Union (EU) or the European Economic Area (EEA). This will only be done to the extent necessary and in compliance with the legal requirements of the General Data Protection Regulation (GDPR).
With the consent of the contractual partners, we will transfer personal data to the following third countries: Egypt. The recipient of the data is our customer support service provider.
Legal basis for the transfer:
The transfer is based on standard contractual clauses concluded with the customer support service provider (pursuant to Art. 46 (2) (c) GDPR) and your express consent pursuant to Art. 49 (1) (a) GDPR (if applicable).
To ensure compliance with the legal provisions of the GDPR, myon.clinic and its partners have taken appropriate technical and organizational measures. Data processing is carried out using computer or IT-based systems, following an organizational procedure and mode that is strictly aimed at the stated purposes.
We do not use purely automated processing to make decisions.
We will only pass on your personal data to third parties within the framework of the legal provisions or on the basis of your consent. In all other cases, the information will not be disclosed to third parties, unless we are obliged to do so due to mandatory legal regulations (disclosure to external bodies, including supervisory or law enforcement authorities).
In certain cases, service providers support myon.clinic in the fulfilment of its tasks. The necessary order processing agreements in accordance with Art. 28 GDPR have been concluded with all service providers who are data processors for personal data.
These service providers are:
In the event of misuse, the user's personal data may be used for legal purposes in legal proceedings or in the event of complaints.
You are also aware that myon.clinic and its partners may be required by competent authorities to hand over personal data.
myon.clinic and its partners adhere to the principles of data minimization. myon.clinic therefore only stores personal data for as long as is necessary to provide the services and achieve the purposes specified here, or to comply with statutory retention periods (e.g. §257 HGB or § 147 AO), unless further storage is necessary in the individual case for the assertion, exercise or defense of legal claims or another legal basis (e.g. consent) justifies further processing.
Various personal data are necessary for the establishment, implementation and termination of the contractual relationship with myon.clinic and the fulfilment of the associated contractual and legal obligations. We have summarized the details for you under the point above. In certain cases, personal data must also be collected or made available in accordance with the legal provisions. Please note that without providing this personal data, it is not possible to process your request or fulfil the underlying contractual obligation.
We would like to inform you about your rights as a data subject. These rights include, in particular:
If you have given your consent to the processing of your personal data, you can revoke it at any time with effect for the future. The lawfulness of the data processing operations that have already taken place remains unaffected by the revocation.
To exercise these rights, please contact us at: privacy@myon.clinic. Objection and revocation of consent must be declared in text form to privacy@myon.clinic. We will require you to provide sufficient proof of your identity to ensure that your rights are protected and that your personal data will only be disclosed to you and not to third parties.
We expressly reserve the right to change this Privacy Policy in the future at our sole discretion. Changes or additions may be necessary, for example, to meet legal requirements, to comply with technical and economic developments, or to meet the interests of myon.clinic service users.
In case of questions of interpretation or disputes, only the German version of the Privacy Policy shall be binding and authoritative.
Privacy Policy of the
myon clinic GmbH
Last updated on 14.11.2024.
We want you to feel secure when using the digital patient monitoring service of myon.clinic. Therefore, protecting your personal data is especially important to us.
We process your personal data in accordance with the applicable legal provisions for the protection of personal data, in particular the EU General Data Protection Regulation (“GDPR”) and the country-specific laws applicable to us. In this privacy policy, you will learn why and how your personal (health) data is processed, which we collect from you or which you provide to us when you decide to use the services and content of myon.clinic. In particular, you will find a description of the personal data we collect and process, as well as the purpose and basis on which we process personal data and the rights you have as a data subject.
Please read the privacy policy carefully to ensure that you understand each provision.
myon clinic GmbH
Balanstr. 71a
81541 Munich
Email:sales@myon.clinic
Dr. Sebastian Kraska
Marienplatz 2
80331 München
Tel.:+49 89 18917360
E-Mail:privacy@myon.clinic
"Digital Patient Monitoring" refers to the digital support provided by myon.clinic and its partners by querying health-related data and reading activity and vital data from connected wearables using the myoncare platform of the manufacturer Oncare GmbH based in Munich. Oncare GmbH is a data processor (subcontractor) within the meaning of the General Data Protection Regulation (GDPR) for myon.clinic. The data is automatically categorized and prioritized using stored scores (specific clinical metrics for assessing medical issues) or analyzed by medical staff (doctors, clinics, medical assistants). Depending on the result, the user receives appropriate content or actions either automatically or from healthcare professionals.
"Service Provider" refers to your doctor, clinic, healthcare facility, or other healthcare professionals who act alone or on behalf of your doctor, clinic, or healthcare facility.
"Partner" includes all service providers and providers within the healthcare sector participating in the services of digital patient monitoring.
"myoncare App" refers to the mobile myoncare application of Oncare GmbH (hereinafter "Oncare") for use by patients.
"myoncare Portal" is the myoncare web portal of Oncare, designed for professional use by portal users and serves as an interface between portal users and app users.
"myoncare PWA App" refers to the myoncare Progressive Web App application for patients who wish to use the services offered by Oncare through the PWA and not through the myoncare app. Some of the myoncare app services cannot be used within the myoncare PWA, details of which can be found in the description below. These include the following services or specifications:
"Telemonitoring Services" include all services linked to digital patient monitoring that myon.clinic and its partners offer in addition to querying health data.
"Caretask" refers to a task assigned to the patient. This can be a questionnaire to evaluate the general or specific health status, a prompt to measure vital parameters, or materials for information, education, and clarification in the form of texts, images, videos, or audio files. These are based on medical guidelines and scientifically evaluated and are approved for use by licensed (specialist) doctors.
"Pathway" refers to the chronological sequence of various caretasks. These are based on clinical guidelines and are developed in collaboration with medical professional groups and (specialist) doctors, and serve to evaluate the individual health status of each patient.
"Case Report" At the end of a defined period or when predefined medical events occur, myon.clinic generates case reports / PDF reports using the myoncare platform. The content of these case reports includes all data resulting from the individual caretasks and entered by the patient into the system. Additionally, recorded vital parameters may also be included in the case reports.
myon.clinic GmbH, a company registered at the Munich District Court under registration number 280310, with its registered office at Herrenwiesstr. 12, 82031 Grünwald, Germany, offers digital patient monitoring. For this purpose, myon.clinic develops medical content and care pathways and provides these for digital patient monitoring to service providers on the myoncare platform. Users of the myoncare app and the myoncare portal can be digitally supported by myon.clinic and partners based on these care pathways. myon.clinic also enables the use of the myoncare PWA by the user. This privacy policy applies to all personal data processed by myon.clinic in connection with the use of the myoncare platform.
"Personal Data" are all information relating to an identified or identifiable natural person. This particularly includes your name, your birthday, your address, your telephone number, your email address, and your IP address.
"Health Data" are personal data related to the physical or mental health of a natural person, including the provision of healthcare services, revealing information about their health status.
We process the following categories of data as part of your use of myon.clinic content and services:
The personal data you provide during registration in the myoncare app/PWA is processed for the purpose of contacting you about issues with the myoncare app/PWA or for other interactions with us to use the myoncare app/PWA.
Justification for Processing: The processing of operational data is justified based on Art. 6 para. 1 lit. b GDPR for fulfilling the contract you enter into with myon.clinic to use the myoncare app/PWA.
We process your treatment data to provide you with our myon.clinic services, such as the care pathways. Care pathways enable doctors to support a large number of patients in parallel while complying with their professional duties, creating added value for both the doctor and the patient. A care pathway is an evidence-based, multidisciplinary management tool for a specific patient group with a predictable clinical course, defining, optimizing, and sequencing various patient care tasks. Care pathways can range from simple medication administration to a comprehensive treatment plan. Care pathways aim for greater standardization of treatment protocols and sequencing, as well as improved outcomes both from a quality of life and clinical perspective.
Your health data entered into the myoncare app/PWA is used by your service provider and/or myon.clinic to provide advice and support.
We process such personal data, including your health data, to provide the myon.clinic services as well as under an agreement and in accordance with the instructions of your service provider (doctors, clinics, healthcare facilities, or other healthcare professionals).
Justification for Processing: The legal basis for data processing is your consent according to Art. 6 para. 1 lit. a and 9 para. 2 lit. a GDPR.
You have the option to connect the myoncare applications with certain health applications (e.g., AppleHealth, GoogleFit) ("health application"), which you use. For this, you must enter into the appropriate usage and data processing agreements with the providers of the health application, such as GoogleFit or AppleHealth, which myon.clinic has no influence over. These data, such as weight, height, steps, calories burned, sleep (in hours), pulse, and blood pressure ("activity data"), are transferred to your connected service providers as portal users, if configured accordingly. To enable activity data processing, your consent will be obtained in advance. If the connection is established after you have given your consent, activity data collected by the health application will be made available to your service provider or myon.clinic.
You can revoke your consent to share activity data in the settings of the myoncare application at any time. Please note that from that point on, your activity data will no longer be shared with myon.clinic or your doctor. As far as myon.clinic is required by legal retention obligations or other regulatory requirements to continue storing your activity data, already shared activity data will not be deleted from the myoncare portal of your connected service providers or myon.clinic.
Justification for Processing: Your consent according to Art. 6 para. 1 lit. a and 9 para. 2 lit. a GDPR.
The myoncare app/PWA assists in initiating standard procedures for cost reimbursement. To enable the reimbursement process, the myoncare app/PWA supports the collection of your personal (health) data by your service provider or by myon.clinic for transmission of this data to your cost bearer, where applicable. This data processing is merely an initial data transmission to obtain reimbursement from your cost bearer. The nature and amount of personal data processed do not differ from other reimbursement routines of a service provider.
Your service provider or myon.clinic transmits your data required for reimbursement to your cost bearer, and the cost bearer processes the reimbursement data to enable reimbursement to your service provider or myon.clinic.
Justification for Processing: The processing of reimbursement data is based on your consent according to Art. 6 para. 1 lit. a and 9 para. 2 lit. a GDPR and §§ 295 and 301 SGB V.
We use your contact, treatment, activity, and reimbursement data to create patient records and reports for the duration of participation in digital patient monitoring.
Justification for Processing: The processing of personal data is justified based on Art. 6 para. 1 lit. b GDPR for fulfilling the contract you enter into with myon.clinic to use the myoncare app/PWA. As far as the creation of digital patient records and digital reports involves special categories of personal data, the data processing is based on your consent according to Art. 6 para. 1 lit. a and 9 para. 2 lit. a GDPR.
We process and evaluate pseudonymized data for quality control, performance measurement, and scientific purposes.
Justification for Processing: The processing of personal data is required based on Art. 6 para. 1 lit. c GDPR to fulfill legal obligations to which myon.clinic is subject. Such obligations may arise, for example, from Art. 10 para. 9 of the Medical Device Regulation (MDR) or other regulatory requirements.
Automatic triage serves to categorize and prioritize patients. This occurs, for example, during a self-assessment to assess the severity of the illness or during the onboarding process for an initial assessment of the medical condition and assignment to the appropriate medical care facility. It is also used to provide patients with appropriate content afterward. The decision on which categorization and prioritization to apply often depends on standardized and validated scores (specific clinical metrics for assessing medical issues) calculated from the patient's responses to questionnaires. Additionally, experienced medical knowledge forms the basis for such decisions.
Justification for Processing: Your consent according to Art. 6 para. 1 lit. a and 9 para. 2 lit. a GDPR.
To ensure compliance with GDPR, myon.clinic and its partners have taken appropriate technical and organizational measures. These measures ensure the confidentiality, integrity, availability, and resilience of systems and services related to data processing. They also ensure that personal data can be quickly restored in case of a physical or technical incident. Data processing is conducted using computers or IT-based systems following an organizational procedure and mode strictly aimed at the stated purposes.
The processing of your personal data takes place exclusively in a member state of the European Union or in another contracting state of the Agreement on the European Economic Area. Any transfer of your personal data to a third country may only take place if the special requirements of Art. 44 ff. GDPR are met.
We will only disclose your personal data to third parties within the framework of legal provisions or based on your consent. In all other cases, the information will not be disclosed to third parties unless we are required to do so by mandatory legal provisions (disclosure to external entities, including supervisory or law enforcement authorities).
In certain cases, service providers assist myon.clinic in fulfilling its tasks. With all service providers who are data processors for personal data, the necessary data processing agreements according to Art. 28 GDPR have been concluded.
These service providers are:
In the event of misuse, the user's personal data may be used for legal purposes in court proceedings or for claims. Participants are also aware that myon.clinic and its partners may be required by authorities to disclose personal data.
myon.clinic and its partners adhere to the principles of data minimization and data economy. Therefore, myon.clinic only stores personal data for as long as necessary to provide services and achieve the stated purposes or to comply with legal retention periods. Legal maximum or minimum storage periods are considered within this framework. Please note that numerous retention periods require the further storage of personal data. This particularly applies to commercial or tax law retention obligations (e.g., Commercial Code, Tax Code, etc.). Additionally, your service provider must ensure the retention of your medical records (depending on the type of documents between 1 and 30 years).
We want to inform you about your rights as a data subject. These rights particularly include:
A minimum age of 18 years is required to use the services and content of myon.clinic. If you are under 18 years old, your legal guardian must provide the necessary consent to data protection.
We expressly reserve the right to change this privacy policy at our discretion in the future. Changes or additions may be necessary, for example, to comply with legal requirements, adapt to technical and economic developments, or to meet the interests of myon.clinic users.
Privacy Policy of
myon clinic GmbH
Status: June 2024
