Good health is a Gift.
Share it with your loved ones this Valentine’s
Gift Aware
Gift health thisValentine’sDay

Privacy Policy Video Call

Privacy Policy for the Use of Video Consultations

If you have successfully registered on the platform of myon clinic GmbH ("We"), you can also participate in video consultations with your doctor via your myoncare account, provided that he or she offers this service via the myoncare platform. All you need to do is arrange a video consultation with your doctor. After your doctor has successfully set up an appointment, you will automatically receive an e-mail with an appointment confirmation with a dial-in link to the e-mail address specified in your myoncare account.

We have developed the myon.clinic video consultation in such a way that it complies with the data protection principle of "Privacy by Design", i.e. when using the video consultation, you will only process the personal data that is necessary for the use of the video consultation. In particular, we do not use any "tracking technologies" that evaluate your user behavior during video consultations and do not create user profiles or the like. The processing of special categories of personal data (such as health data) only takes place on the basis of your explicit consent, which you can revoke at any time. Further information on data processing in the myoncare platform can be found in the myon.clinic privacy policy.

In the following privacy policy, you will find out why and how your personal data is processed for the implementation of the video consultation. In particular, you will find a description of the personal data that we collect and process, as well as the purpose and basis on which we process the personal data and the rights to which you are entitled as a data subject.

In addition, we would like to point out that health data may also be processed by external device manufacturers (e.g. measuring devices for recording vital signs) or laboratory service providers (e.g. blood analyses) within the framework of the platform, provided that you actively use such services through your treating physician. In this case, additional data protection information applies (see section "Processing by equipment manufacturers and laboratory service providers").

Please read the Privacy Policy carefully and do not hesitate to contact us if you have any questions about the processing of your personal data.

I. CONTACT DATA MYON CLINIC GMBH

The controller in the sense of data protection law (see Art. 4 No. 7 GDPR) for data processing in the context of video consultations is:

myon.clinic GmbH
Balanstraße 71a
81541 Munich
Phone: +49 89 444 51156
E-Mail: info@myon.clinic

II. KONTAKTDATEN DES DATENSCHUTZBEAUFTRAGTEN

Unseren Datenschutzbeauftragten können Sie unter folgenden Kontaktinformationen erreichen:

Dr. Sebastian Kraska
E-Mail: privacy@myon.clinic

III. DESCRIPTION OF DATA PROCESSING WHEN CONDUCTING THE VIDEO CONSULTATION

1.1 Data processing before the video consultation is carried out

Before conducting a video consultation, make an appointment with your doctor on which the video consultation is to take place. After the doctor has created the appointment for the video consultation on the myoncare platform, you will receive an appointment confirmation by e-mail with dial-in data for the video consultation. Your e-mail address is stored in the myoncare platform and is automatically used when creating an appointment to conduct the video consultation.

Legal basis for data processing: Data processing prior to the video consultation is lawful in accordance with Art. 6 (1) (b) GDPR because the data processing is necessary for the performance of the treatment contract with your doctor or for the implementation of pre-contractual measures.

1.2 Data processing during the video consultation

In order to conduct the video consultation between you and your doctor, we, as the provider of the video consultation, must transmit certain data between the parties participating in the video consultation. In order to maintain patient confidentiality and medical confidentiality, we use so-called end-to-end encryption for data transmission. This means that the data is encrypted on your device and only decrypted again on the doctor's device (and vice versa). As a result, no one except the participants of the video consultation can see this data in plain text (not even we as the operator of the platform).

The following data is sent and received via this special end-to-end encrypted connection:

  • Audio and video data: real-time camera recordings, real-time microphone recordings
  • Patient's first and last name, participant ID
  • Date, time and duration of the consultation (time stamp)
  • Title of the consultation
  • Metadata: IP address of sender and receiver, device and operational information, network data

Before conducting the video consultation, we ask for your consent to the processing of special categories of personal data. This is necessary because you will regularly share information about your health with your doctor during the video broadcast. The processing of such data is only permitted with your prior consent. However, we would like to point out that we do not have access to the data transmitted to your doctor during the video consultation, i.e. the information you exchange with your doctor during the video consultation remains between you and your doctor.

For reasons of data economy, it is currently not possible to share files (such as documents or the like) with your doctor during the video consultation.

All data processed during the video consultation will be deleted by the server service provider immediately after the end of the video consultation. This applies exclusively to the data required for the technical execution of the video consultation (e.g., video stream, connection data). Billing and documentation data are stored in accordance with statutory retention requirements and are not deleted immediately.

Legal basis for data processing: Data processing during the video consultation is lawful in accordance with Art. 6 (1) (b) GDPR because the data processing is necessary for the performance of the treatment contract with your doctor. Insofar as the processed personal data is special categories of personal data (e.g. health data), we process this data on the basis of your consent in accordance with Art. 6 (1) (a), Art. 7 and Art. 9 GDPR. You can revoke your consent to the processing of special categories of personal data at any time with effect for the future.

1.3 Data processing after the video consultation has been carried out for billing purposes

For billing purposes in connection with the video consultation, the following data will be processed after the video consultation has been carried out:

  • First and last name (patient and doctor)
  • Date, time and duration of the consultation
  • Title of the consultation

Depending on the individual case, the processing of the following categories of data may still be necessary for billing purposes:

  • Profession and employer,
  • Health insurance/cost bearers,
  • General practitioner/referring doctor,
  • Diagnosis and indications,
  • Treatment and treatment period,
  • as well as other data that may be necessary for the reimbursement of costs.

However, these data categories are not processed via the "video consultation" system, but via the myoncare platform. Further information on data processing in the myoncare platform can be found in the myon.clinic privacy policy.

Legal basis for data processing: Data processing after the video consultation has been carried out for billing purposes is lawful in accordance with Art. 6 (1) (b) GDPR because the data processing is necessary for the performance of the treatment contract with your doctor. In addition, according to §§ 295, 301 SGB V, doctors are obliged to transmit certain billing data to the health insurance funds. Insofar as the processed personal data is special categories of personal data (e.g. health data), we process this data on the basis of your consent in accordance with Art. 6 (1) (a), Art. 7 and Art. 9 GDPR. You can revoke your consent to the processing of special categories of personal data at any time with effect for the future.

1.4 Processing by equipment manufacturers and laboratory service providers

If you use medical devices (e.g. for continuous monitoring of vital parameters) or laboratory diagnostics (e.g. blood or urine tests) as part of your treatment via the myoncare platform, personal data (including health data) will be processed by the respective partner companies involved.

In this context, data is collected and processed exclusively on the basis of your express consent in accordance with Art. 6 (1) (a), Art. 7 and Art. 9 (2) (a) GDPR.

The type of data processed may vary depending on the system used, but typically includes:

  • Vital signs (e.g., heart rate, blood pressure, temperature),
  • Laboratory data (e.g. hemoglobin levels, inflammatory markers),
  • Timestamp of the measurement and device information.

The data is processed for medical evaluation and documentation by your attending physician and can also be used for follow-up as part of digital treatment programs ("Care Pathways").

It will not be transmitted to third parties unless you have expressly consented to this or there is a legal obligation.

You will be provided with separate data protection notices for certain device manufacturers or laboratory service providers. You will receive these either directly via the platform or as part of the medical information and consent process.

The use of external devices or laboratory services is voluntary and not required for the performance of the video consultation. Your participation in the video consultation is not conditional upon providing consent to such additional processing.

IV. RIGHT TO WITHDRAW YOUR CONSENT

You have the right to withdraw your consent to the processing of special categories of personal data, such as health data, at any time with effect for the future.

V. RECIPIENTS OF THE DATA

Data collected and processed for the use of the video consultation service will not be passed on to third parties. However, we would like to point out that the data that you share with the doctor with whom you attend the appointment during a video consultation session may be stored in the doctor's physician information system in accordance with the doctor's valid statutory retention obligations.

All data that must be stored to the extent and duration described for the proper technical implementation of the video consultation is transmitted to a server in the data center.

We carefully select our IT service providers – especially with regard to data protection and data security– and have taken all measures required by data protection law for permissible data processing.

The technical provision of the servers for the provision of the video consultation service is carried outby Oncare GmbH. Oncare GmbH, as the technical provider of the platform, is contractually bound as a processor under Art. 28 GDPR and processes personal data solely on behalf of myon.clinic and for the agreed purposes.

VI. STORAGE PERIOD

Video stream: The video and audio stream of the consultation is not stored and ends immediately once the session is terminated. Recording takes place only if you have explicitly consented in advance.

Protocol and connection data: Metadata related to the video consultation (e.g., time, duration, technical log files) are processed solely for billing, support, and compliance purposes and are deleted after a maximum of 6 months, unless longer statutory retention periods apply.

Billing and medical documentation data: Billing data (e.g., payer information, invoices, billing codes) as well as medically relevant content of the video consultation (e.g., anamnesis, findings, therapy recommendations) are stored in accordance with statutory retention requirements. In Germany, the retention period is at least 10 years (§ 630f BGB, § 147 AO, § 257 HGB). For services falling under the U.S. healthcare system, HIPAA requires a minimum retention period of 6 years (45 CFR § 164.530(j)).

VII. PLACE OF DATA PROCESSING

Your personal data is generally processed within the European Union (EU) or the European Economic Area (EEA). No transfer to third countries takes place.

For users who receive services through a U.S. healthcare provider (e.g., physician, clinic, or healthcare institution in the United States), personal data (including health data) is hosted on servers in the U.S. in order to comply with the legal requirements of the U.S. healthcare system (HIPAA). If, however, a person residing in the United States accesses the services of European healthcare providers via the myon.clinic/oncare platform, the personal data will be hosted within the EU/EEA.

Remote access to U.S.-hosted data from Europe may occur:

  • by authorized employees of Oncare GmbH solely for the purpose of providing second-level support in case of technical issues,
  • and by authorized employees of myon.clinic GmbH solely for the purpose of providing first-level support in case of application-related issues.

Use of Google Firebase (via subcontractor Oncare GmbH)
For certain technical functions of the platform (e.g., synchronization, stability, notifications), Oncare GmbH, as the technical operator, uses the service Google Firebase (Google Ireland Limited).Data processing generally takes place within the European Union (EU) or the European Economic Area (EEA). Access from the United States by Google LLC (the parent company) cannot be fully excluded, for example in the context of support or maintenance services. All processing is carried out with end-to-end encryption and pseudonymized identifiers, ensuring that Google cannot re-identify individuals. Should access from the United States occur, it is based exclusively on the Standard Contractual Clauses (SCCs) adopted by the European Commission, which are part of the Google Data Processing Terms.

VIII. AUTOMATED DECISIONS IN INDIVIDUAL CASES  

We do not use purely automated processing to make decisions.

IX. RIGHTS OF DATA SUBJECTS

We would like to inform you about your rights as a data subject. These rights include, in particular:

  • Right of access (Art. 15 GDPR):  You have the right to request information about whether and how your personal data is being processed, including information about the purposes of processing, recipients, storage period and your rights to rectification, erasure and objection. You also have the right to receive a copy of any personal data we hold about you;
  • Right to rectification (Art. 16 EU GDPR): You can request that we update or correct inaccurate personal data or complete incomplete personal data;
  • Right to erasure / right to be forgotten (Art. 17 GDPR): You can demand that we delete your personal data collected and processed by us without undue delay. Please note, however, that we can only delete your personal data after the expiry of the statutory retention periods.
  • Right to restriction of data processing (Art. 18 GDPR): You can ask us to "restrict" the use of your data if the accuracy of the data is contested, the processing is unlawful, the data is needed for legal claims, or an objection to the processing is being examined, so that we can only continue to use your data with restrictions;
  • Right to data portability (Art. 20 GDPR): In general, you can request that we provide you with personal data that you have provided to us and that is processed by machine based on your consent or the performance of a contract with you, in a machine-readable form, so that it can be "ported" to a substitute service provider;
  • Right to object to data processing (Art. 21 GDPR): You have the right to object at any time to the processing of personal data concerning you that is carried out on the basis of Article 6 (1) (e), (f) GDPR. In this case, the controller will no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to establish, exercise or defend legal claims.
  • Right to lodge a complaint (Art. 77 GDPR): In addition, you have the option of complaining to a competent data protection authority about our data processing.

X. SUPPLEMENT FOR US USERS – HIPAA COMPLIANCE

If you participate in a video consultation within the United States or if services are provided to you within the US healthcare system, the processing of your health information is also subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). In this context, myon.clinic acts either as a “Covered Entity” (when providing services directly to patients) or as a “Business Associate” of your treating healthcare provider.

During a video consultation, Protected Health Information (“PHI”) is transmitted in real time between you and your physician. myon.clinic ensures that this transmission is conducted in compliance with HIPAA’s Privacy Rule and Security Rule by implementing end-to-end encryption, access controls, and audit mechanisms. We do not access or store the content of your video or audio communication; however, metadata (such as session time, participant information, or technical logs) may be processed for operational, billing, or compliance purposes.

Under HIPAA, you have the following rights with respect to your PHI:

  • Right of Access: You may request copies of the PHI related to your video consultations.
  • Right to Amendment: You may request corrections if you believe yourPHI is inaccurate or incomplete.
  • Right to an Accountingof Disclosures: You may requesta record of certain disclosures of your PHI.
  • Right to Restrictionand Confidential Communication: You may request restrictions on the use ordisclosure of your PHI and designate preferred methods of communication.
  • Right to a Paper Copy: You may request a printed copy of this noticeat any time.

We may use or disclose your PHI for purposes permitted under HIPAA, including treatment, payment, and healthcare operations, or where required by law. All subcontractors involved in providing the video consultation services – including Oncare GmbH as the technology provider of the myoncare platform – are bound by Business Associate Agreements to ensure HIPAA-compliant protection of your PHI.

If you wish to exercise your HIPAA rights or have questions about our HIPAA practices, please contact your healthcare provider or our Data Protection Officer at: privacy@myon.clinic

myon.clinic will not use PHI for its own purposes. PHI will only be hosted on servers in the United States if the services are provided through a U.S. healthcare provider. If services are provided through European healthcare providers, the data will be hosted within the EU/EEA. Remote access to data hosted in the U.S. is limited to support purposes only – by authorized employees of Oncare GmbH (second-level support for technical issues) and by authorized employees of myon.clinic GmbH (first-level support for application-related issues).

To the extent that myon.clinic processes health data in a strictly anonymized form that meets HIPAA’s de-identification standards, such data no longer qualifies as PHI. Such anonymized data may be used by myon.clinic for quality assurance, research, or platform development purposes.

***

myon.clinic is a full-service solution for digital medicine, consisting of a superior platform and dedicated care pathways.

Make Health Digital!​

Book your personal appointment.
Book an appointment

myon.clinic​

Company

Legal​

© 2026 myon clinic GmbH – all Rights reserved.​
myon.clinic is not available for sale or distribution in all markets. Please contact sales@myon.clinic for information about your market. myon.clinic is not intended for use in medical emergencies. myon.clinic must not be used by patients under the age of 18. As a service provider, we assume no liability for monitoring the transmitted or stored information of third parties or the resulting consequences.