If you have successfully registered on the platform of myon.clinic GmbH ("We"), you can also participate in video consultations with your doctor via your myoncare account. For this, it is only necessary to schedule a video consultation with your doctor. After successfully scheduling an appointment by your doctor, you will automatically receive an email with an appointment confirmation and a dial-in link to the email address specified in your myoncare account.
We have developed the myon.clinic video consultation to comply with the data protection principle of "Privacy by Design," which means that only the personal data necessary for the use of the video consultation will be processed. We do not use "tracking technologies" that analyze your user behavior or create user profiles or similar. The processing of special categories of personal data (such as health data) only occurs with your explicit consent, which you can revoke at any time. For more information on data processing on the myoncare platform, please refer to the myon.clinic privacy policy.
In the following privacy policy, you will learn why and how your personal data is processed for the video consultation. In particular, you will find a description of the personal data we collect and process, the purpose and basis on which we process personal data, and the rights you have as a data subject.
Please read the privacy policy carefully and do not hesitate to contact us if you have any questions about the processing of your personal data.
The controller in the sense of data protection law (see Art. 4 No. 7 GDPR) for data processing within the scope of the video consultation is:
myon.clinic GmbH
Balanstraße 71a
81541 Münich
Tel: +49 89 18917360
Email:info@myon.clinic
You can reach our data protection officer at the following contact details:
Dr. Sebastian Kraska
E-Mail:privacy@myon.clinic
Before conducting a video consultation, make an appointment with your doctor on which the video consultation is to take place. After the doctor has created the appointment for the video consultation on the myoncare platform, you will receive an appointment confirmation by e-mail with dial-in data for the video consultation. Your e-mail address is stored in the myoncare platform and is automatically used when creating an appointment to conduct the video consultation.
Legal basis for data processing: Data processing prior to the video consultation is lawful in accordance with Art. 6 (1) (b) GDPR because the data processing is necessary for the performance of the treatment contract with your doctor or for the implementation of pre-contractual measures.
In order to conduct the video consultation between you and your doctor, we, as the provider of the video consultation, must transmit certain data between the parties participating in the video consultation. In order to maintain patient confidentiality and medical confidentiality, we use so-called end-to-end encryption for data transmission. This means that the data is encrypted on your device and only decrypted again on the doctor's device (and vice versa). As a result, no one except the participants of the video consultation can see this data in plain text (not even we as the operator of the platform).
The following data is sent and received via this special end-to-end encrypted connection:
• Audio and video data: real-time camera recordings, real-time microphone recordings
• Patient's first and last name, participant ID
• Date, time and duration of the consultation (time stamp)
• Title of the consultation
• Metadata: IP address of sender and receiver, device and operational information, network data
Before conducting the video consultation, we ask for your consent to the processing of special categories of personal data. This is necessary because you will regularly share information about your health with your doctor during the video broadcast. The processing of such data is only permitted with your prior consent. However, we would like to point out that we do not have access to the data transmitted to your doctor during the video consultation, i.e. the information you exchange with your doctor during the video consultation remains between you and your doctor.
For reasons of dataeconomy, it is currently not possible to share files (such as documents or thelike) with your doctor during the video consultation.
All data processed during the video consultation will be deleted by the server service provider immediately after the end of the video consultation.
Legal basis for data processing: Data processing during the video consultation is lawful in accordance with Art. 6 (1) (b) GDPR because the data processing is necessary for the performance of the treatment contract with your doctor. Insofar as the processed personal data is special categories of personal data (e.g. health data), we process this data on the basis of your consent in accordance with Art. 6 (1) (a), Art. 7 and Art. 9 GDPR. You can revoke your consent to the processing of special categories of personal data at any time with effect for the future.
For billing purposes in connection with the video consultation, the following data will be processed after the video consultation has been carried out:
• First and last name (patient and doctor)
• Date, time and duration of the consultation
• Title of the consultation
• Depending on the individual case, the processing of the following categories of data may still be necessary for billing purposes:
• Profession and employer,
• Health insurance/cost bearers,
• General practitioner/referring doctor,
• Diagnosis and indications,
• Treatment and treatment period,
• as well as other data that may be necessary for the reimbursement of costs.
However, these data categories are not processed via the "video consultation "system, but via the myoncare platform. Further information on data processing in the myoncare platform can be found in the myon.clinic privacy policy.
Legal basis for data processing: Data processing after the video consultation has been carried out for billing purposes is lawful in accordance with Art. 6 (1) (b) GDPR because the data processing is necessary for the performance of the treatment contract with your doctor. In addition, according to §§ 295, 301 SGB V, doctors are obliged to transmit certain billing data to the health insurance funds. Insofar as the processed personal data is special categories of personal data (e.g. health data), we process this data on the basis of your consent in accordance with Art. 6 (1) (a), Art. 7 and Art. 9GDPR. You can revoke your consent to the processing of special categories of personal data at any time with effect for the future.
If you use medical devices (e.g. for continuous monitoring of vital parameters) or laboratory diagnostics (e.g. blood or urine tests) as part of your treatment via the myoncare platform, personal data (including health data) will be processed by the respective partner companies involved.
In this context, data is collected and processed exclusively on the basis of your express consent in accordance with Art. 6 (1)(a), Art. 7 and Art. 9 (2) (a) GDPR.
The type of data processed may vary depending on the system used, but typically includes:
• Vital signs (e.g., heart rate, blood pressure, temperature),
• Laboratory data (e.g. hemoglobin levels, inflammatory markers),
• Timestamp of the measurement and device information.
The data is processed for medical evaluation and documentation by your attending physician and can also be used for follow-up aspart of digital treatment programs ("Care Pathways").
It will not be transmitted to third parties unless you have expressly consented to this or there is a legal obligation.
You will be provided with separate data protection notices for certain device manufacturers or laboratory service providers. You will receive these either directly via the platform or as part of the medical information and consent process.
You have the right to withdraw your consent to the processing of special categories of personal data, such as health data, at any time with effect for the future.
Data collected and processed for the use of the video consultation service will not be passed on to third parties. However, we would like to point out that the data that you share with the doctor with whom you attend the appointment during a video consultation session may be stored in the doctor's physician information system in accordance with the doctor's valid statutory retention obligations.
All data that must be stored to the extent and duration described for the proper technical implementation of the video consultation is transmitted to a server in the data center.
We carefully select our IT service providers –especially with regard to data protection and data security – and have taken all measures required by data protection law for permissible data processing.
The technical provision of the servers for the provision of the video consultation service is carried out by Oncare GmbH.
myon.clinic and its partners adhere to the principles of data economy. We therefore only storepersonal data for as long as this is necessary to provide the services and achieve the purposes specified herein or to comply with statutory retention periods. In this context, statutory maximum or minimum storage periods are taken into account. Please note that numerous retention periods require the continued storage of personal data. This applies in particular to retention obligations under commercial or tax law (e.g. Commercial Code, Tax Act, etc.). In addition, your doctor must also ensure the retention of your medical records (between 1 and 30 years, depending on the type of documents).
The data for billing purposes will be stored for 3 months as part of the video consultation.
Your personal data will not be processed in third countries when using our video consultation.
Wedo not use purely automated processing to make decisions.
We would like to inform you about your rights as a data subject. These rights include, in particular:
• Right of access (Art. 15 GDPR): You have the right to request information about whether and how your personal data is being processed, including information about the purposes of processing, recipients, storage period and your rights to rectification, erasure and objection. You also have the right to receive a copy of any personal data we hold about you.
• Right to rectification (Art. 16 EU GDPR): You can request that we update or correct inaccurate personal data or complete incomplete personal data.
• Right to erasure / right to be forgotten (Art. 17 GDPR): You can demand that we delete your personal data collected and processed by us without undue delay. Please note, however, that we can only delete your personal data after the expiry of the statutory retention periods.
• Right to restriction of data processing (Art. 18 GDPR): You can ask us to "restrict" the use of your data if the accuracy of the data is contested, the processing is unlawful, the data is needed for legal claims, or an objection to the processing is being examined, so that we can only continue to use your data with restrictions.
• Right to data portability (Art. 20 GDPR): In general, you can request that we provide you with personal data that you have provided to us and that is processed by machine based on your consent or the performance of a contract with you, in a machine-readable form, so that it can be "ported" to a substitute service provider;
• Right to object to data processing (Art. 21 GDPR): You have the right to object at any time to the processing of personal data concerning you that is carried out on the basis of Article 6 (1) (e), (f) GDPR. In this case, the controller will no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to establish, exercise or defend legal claims.
• Right to lodge a complaint (Art. 77 GDPR): In addition, you have the option of complaining to a competent data protection authority about our data processing.
· If you participate in a videoconsultation within the United States or if services are provided to you withinthe US healthcare system, the processing of your health information is alsosubject to the Health Insurance Portability and Accountability Act of 1996(“HIPAA”). In this context, myon.clinic acts either as a “Covered Entity” (whenproviding services directly to patients) or as a “Business Associate” of yourtreating healthcare provider.
· During a video consultation,Protected Health Information (“PHI”) is transmitted in real time between youand your physician. myon.clinic ensures that this transmission is conducted incompliance with HIPAA’s Privacy Rule and Security Rule by implementingend-to-end encryption, access controls, and audit mechanisms. We do not accessor store the content of your video or audio communication; however, metadata(such as session time, participant information, or technical logs) may beprocessed for operational, billing, or compliance purposes.
· Under HIPAA, you have thefollowing rights with respect to your PHI:
· Right of Access: You mayrequest copies of PHI related to your video consultations.
· Right to Amend: You mayrequest corrections to PHI that you believe is inaccurate or incomplete.
· Right to an Accounting ofDisclosures: You may request a record of certain disclosures of your PHI.
· Right to Request Restrictions andConfidential Communications: You may request limits on howyour PHI is used or disclosed and specify preferred communication methods.
· Right to a Paper Copy: You mayrequest a printed version of this notice.
· We may use or disclose your PHIfor purposes allowed by HIPAA, including treatment, payment, and healthcareoperations, or as required by law. Any subcontractors involved in the provisionof the video consultation service, including Oncare GmbH as the technologyprovider of the myoncare platform, are bound by Business Associate Agreementsthat ensure HIPAA-compliant protection of PHI.
· If you wish to exercise yourHIPAA rights or have questions re
As of: September 2025
***
