[email protected]
Ergebnis herunterladen / Einloggen

Privacy policy

We, Medicorum TAM GmbH (“Medicorum TAM/we”), appreciate your visit to our website and your interest in our services. In the following provisions, we inform you about the nature, scope and purpose of the collection and use of your personal data on this website. Personal data is any information relating to an identified or identifiable natural person. This includes in particular your name, address and e-mail address.

 

1. provider and data protection officer

Provider of the website and responsible person in the sense of the data protection law is the

Medicorum TAM GmbH
Marienstraße 3
10117 Berlin

Managing Directors: Benjamin Föckersperger, Marc Lindner

Tel.: +49 30 1200 70 686

E-mail: [email protected]

 

Data Protection Officer:

Mr. RA Henning Lüth
ITM GmbH
Wolfener Str. 32-34 House 2B
12681 Berlin

E-mail: [email protected]

 

2. data processing to enable website use

Every time you access content on our website, connection data is transmitted to our web server. This connection data includes:

  • the IP address (Internet Protocol address) of the respective users,
  • the date and time of the request,
  • the referrer URL,
  • Device numbers such as UDID (Unique Device Identifier) and comparable device numbers, device information (e.g. device type) as well as
  • the browser type / version.

 

This connection data is not used to draw conclusions about the person of the user or merged with data from other data sources, but is used to provide the website. The legal basis for the processing of your data is Art. 6 para. 1 p. 1 lit. f DSGVO. After 7 days at the latest, the connection data is anonymized by shortening the IP address at domain level.

 

3. data processing at the instigation

The use of our website is generally possible without providing personal data. You are neither obliged to call up this website nor to provide personal data. However, the provision of personal data is required, for example, for booking a test. If you do not provide us with personal data for the purposes listed below, you may not be able to use functionalities of this website or individual services.

3.1. booking a test

If you would like to book a test at our company, we collect from you the mandatory information marked with “*” (e.g. first name, last name, e-mail address). The other options for entering personal data are voluntary. Details of this are described below by way of example.

We already collect your cell phone number, date of birth and gender as mandatory information during the booking process, as we want to enable you to perform the test efficiently in this way. This way, you can go directly to the smear station and there will be no further delays on site. In the case of a positive corona test, we are obliged according to §§ 8 ff. IfSG, we are obliged to forward this data to the responsible health authority in the sense of Art. 6 Para. 1 S 1 lit. c) DSGVO (see also No. 6). The additional contact details are intended to enable the health authorities, in the event of a positive Corona test, to also contact you immediately via alternative channels in order to immediately stop the spread of the Corona virus for the protection of the general public. Accordingly, the data processing also indirectly serves to protect other persons within the meaning of Art. 6 (1) S 1 lit. d) DSGVO, to perform a task in the public interest within the meaning of Art. 6 (1) S 1 lit. e) DSGVO and to protect the legitimate interests of a third party within the meaning of Art. 6 (1) S 1 lit. f) DSGVO.

The indication of the nationality is necessary within the scope of the performance of Corona PCR tests and Corona rapid tests for the issuance of the test result report. Without the indication of nationality, entry into all countries of the world that require a test result report cannot be ensured. These considerations apply accordingly to the ID card and passport number. The legal basis for processing your data in these cases is Art. 6 (1) p. 1 lit. f DSGVO.

The test procedure and the associated processing of your personal data are described in detail at https://coronatest.de/faqs/. Our data protection officer will be happy to answer any additional questions you may have.

 

In all other respects, the processing of your personal data is carried out for the execution of the test and thus for the fulfillment of the contract in accordance with Art. 6 (1) p. 1 lit. b DSGVO. Insofar as special categories of personal data are involved, the processing is governed in particular by Art. 9 DSGVO and Section 22 BDSG. “Special categories” of personal data are, according to Art. 9 (1) DSGVO, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data uniquely identifying a natural person, health data or data concerning a natural person’s sex life or sexual orientation. The processing of health data by us is based on your consent pursuant to Art. 9 (2) lit. a DSGVO.

In addition, your IP address and the time of the booking are stored by us as part of the test booking. This is necessary to ensure the security of our information technology systems and to be able to assign the booking. The legal basis for the processing of your data in this case is Art. 6 para. 1 p. 1 lit. f and lit. b DSGVO.

For the verification of your registration for a test, we use the so-called double-opt-in procedure. This means that after you have filled in the mandatory fields and pressed the button “PAY FOR BOOKING NOW”, we will send you an e-mail, to the e-mail address you provided, in which we ask you to confirm the booking. If you do not confirm your registration, your information will be blocked and subsequently deleted.

To the extent that we send emails to you in connection with the aforementioned verification of your registration, or in connection with the test result, we use the customer communication platform “SendGrid” (“SendGrid”), which is operated by Twilio Inc, a Delaware corporation with its registered office at 375 Beale Street, Suite 300, San Francisco, CA 94105. Please note that Twilio Inc. is a U.S. company. According to a recent ruling by the European Court of Justice (ECJ), there is not an adequate level of data protection in the USA and therefore a risk to the protection of your data. For example, under certain conditions, your data may be processed by US authorities for control and monitoring purposes. The new EU standard data protection clauses have been agreed as suitable safeguards to ensure an adequate level of protection for data transfers.

3.2 Citizen testing and evidence related to the current TestV.

According to the new TestV, citizenship tests are free of charge only in certain cases. In addition, proof of eligibility for testing is required. For details, please refer to the following provisions.

Have a right to free citizen testing:

  • Persons who have not yet reached the age of five at the time of testing (i.e. children under the age of 5, i.e. up to their fifth birthday) [on this, § 4a para. 1 no. 1 TestV] ,
  • Persons who cannot be vaccinated against the SARS-CoV-2 coronavirus at the time of testing due to a medical contraindication, in particular pregnancy in the first trimester, or who could not be vaccinated against the SARS-CoV-2 coronavirus in the three months prior to testing due to a medical contraindication [see § 4a para. 1 no. 2 TestV],
  • Persons who, at the time of testing, are participating in clinical studies on the efficacy of vaccines against the SARS-CoV-2 coronavirus or who have participated in such studies in the three months prior to testing [see § 4a para. 1 no. 3 TestV],
  • Individuals who are in segregation at the time of testing due to proven infection with SARS-CoV-2 coronavirus, if testing is required to end segregation (i.e., “free testing”) [for this purpose, Section 4a(1)(4) TestV],
  • Persons according to § 4 (1) sentence 1 number 3 and 4, TestV (i.e. visitors and treated or residents in, among others, the following facilities: Hospitals, rehabilitation facilities, inpatient care facilities, facilities for people with disabilities, facilities for outpatient surgery, dialysis centers, outpatient care, outpatient services or inpatient facilities for integration assistance, day clinics, maternity clinics) [for this purpose, § 4a (1) No. 5 TestV],
  • Beneficiaries who employ persons within the framework of a personal budget according to § 29 of the Ninth Book of the Social Code, as well as persons who are employed by beneficiaries within the framework of a personal budget according to § 29 of the Ninth Book of the Social Code [in this regard § 4a para. 1 no. 8 TestV],
  • caregivers within the meaning of § 19 sentence 1 of the Eleventh Book of the German Social Code [in this regard § 4a para. 1 no. 9 TestV] and
  • Persons living in the same household as a person infected with the SARS-CoV-2 coronavirus [see § 4a para. 1 no. 10 TestV].

 

A personal contribution of EUR 3 must be paid by the following persons:

  • Persons who are not registered on the day on which testing takes place [in this regard, § 4a Para. 1 No. 6 TestV],
  1. a) will attend an indoor event or
  2. b) will have contact with a person who is
  3. aa) has reached the age of 60, or

(bb) has a high risk of severe COVID-19 due to a pre-existing condition or disability,

  • Persons who have received a warning with the status indication increased risk through the Corona warning app of the Robert Koch Institute [for this, § 4a para. 1 no. 7 TestV].

 

According to Section 6, Paragraph 3, Nos. 4 and 5 of the TestV, in the case of citizen testing in connection with Section 4a TestV, proof must be provided to the service provider in particular that the person to be tested is eligible;

  • in the case of § 4a para. 1 no. 2, an original medical certificate stating that the person to be tested cannot be vaccinated against the SARS-CoV-2 coronavirus due to a medical contraindication, and
  • in the case of Section 4a(1)(10), proof of the test result of the infected person and proof of the matching residential address.
  • In the case of testing in accordance with § 4a Para. 1 Nos. 6 and 7, the person to be tested must provide the service provider with a self-declaration that the testing was carried out for a purpose specified in § 4a Para. 1 No. 6 or No. 7 and with a personal contribution of 3 euros.

In addition, the Federal Ministry of Health (https://www.bundesgesundheitsministerium.de/coronavirus/nationale-teststrategie/faq-covid-19-tests.html) considers the following evidence to be appropriate and necessary:

  • In the case of § 4a (1) No. 1, the birth certificate or children’s passport,
  • In the case of § 4a par. 1 no. 2, the maternity passport,
  • In the case of § 4a para. 1 no. 3, proof of participation by the person responsible for the study(s),
  • In the case of § 4a para. 1 no. 4, the PCR test,
  • In the case of § 4a para. 1 no. 5, a confirmation by the nursing home, e.g. according to the following model: https://www.bundesgesundheitsministerium.de/fileadmin/Dateien/3_Downloads/T/Testverordnung/Formblatt-Pflegeeinrichtungen.pdf
  • In the case of § 4a para. 1 no. 6 a) by presenting an admission ticket to an event, a reservation confirmation, an invitation to a party or other evidence from which participation on the same day can be deduced,
  • In the case of § 4a para. 1 no. 7, by showing the Corona warning app with the status display “increased risk”,
  • In the case of Section 4a (1) No. 8, by a corresponding notice,
  • In the case of § 4a (1) No. 9, an informal self-disclosure or proof of care status.

According to the aforementioned requirement, all persons requesting the citizenship test must sign a self-disclosure form, which includes the purpose and (if required) the payment for the testing and confirms the submission of the proper supporting documents. At the same time, the self-disclosure serves to make any billing fraud more difficult. This self-disclosure will then be kept by us.

The legal basis for the processing of your data is Art. 6 para. 1 p. 1 lit. c DSGVO, Art. 9 para. 2 lit. g DSGVO in conjunction with. § Section 6 (3) nos. 4 and 5 of the TestV.

Further questions and answers on the new TestV can be found at: https://www.bundesgesundheitsministerium.de/coronavirus/nationale-teststrategie/faq-covid-19-tests.html

3.3 Registration as a customer

If you wish to register with us as a customer, we will collect from you the mandatory information required for registration (first name, last name, e-mail address, password).

Registration is not necessary, but it allows you to access the status of your tests as well as your test results uniformly via our website. It also facilitates a future booking, as you can reuse the data you have already saved. Alternatively, you can also make a booking as a guest. In this case, with the exception of a password, we collect the same data from you as we do when you register. However, this data is not stored in a customer account for you, so that you also do not have access to a customer account.

After registration, login is done by entering your email address and password. Please always make sure to log out before leaving the website.

When using a password, please take appropriate security measures. For example, a password should be at least 8 characters long and, if possible, always consist of a combination of upper and lower case letters, numbers and special characters. In this respect, trivial words such as “ABC” or keyboard sequences (e.g. “qwert” or “asdfgh”), all kinds of names (e.g. of friends, acquaintances, colleagues, family members, pets), city and building names, cartoon characters, car brands, car license plates, terms, dates of birth, telephone numbers, common abbreviations, etc. are problematic.

The processing of your personal data is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO.

In addition, your IP address and the time of registration are stored by us as part of the registration process. This is necessary to ensure the security of our information technology systems. The legal basis for the processing of your data in this case is Art. 6 para. 1 p. 1 lit. f DSGVO.

3.4. booking for additional persons

The booking of a test for additional persons is only permitted insofar as the booking person has obtained the prior consent of the additional persons to the processing of their personal data. The Booking Party must also inform the additional persons about the data protection provisions in accordance with this Privacy Policy. Should the processing of data take place without the prior consent of the additional persons for whom booking is made, the Booking Party will not only be in breach of Medicorum TAM GmbH’s Terms and Conditions, but at the same time in breach of the provisions on data protection.

3.5 Login

If you are a client of Medicorum TAM, you have the possibility to access separate information or updates on the services you have booked through the login function on this website.

Login data must be kept strictly secret. If a password is nevertheless passed on, for example to enable access to certain data by third parties in an emergency, the password must be changed immediately. For your own protection, it is prohibited to reuse passwords that have already been used.

In addition, your IP address and the time of access are stored by us within the scope of a login. This is necessary to ensure the security of our information technology systems.

We also set a session cookie each time you log in. This session cookie prevents automatic logout during active use of the account or associated services. After the respective logout, the session cookie is automatically deleted within a few minutes.

The legal basis for the processing of your data is Art. 6 para. 1 p. 1 lit. f DSGVO and, if your contractual relationship is affected, Art. 6 para. 1 p. 1 lit. b and/or f DSGVO.

3.6 Newsletter

If you have expressly consented to receive our newsletter, you will regularly receive information about new testing procedures and locations or other new services from Medicorum TAM at the e-mail address you have provided.

You declare your consent by actively placing a check mark in the booking process.

For the registration to our newsletter, we use the so-called double-opt-in procedure, which we also use for the verification of your booking (see section 3.1).

The processing of your personal data is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO. In connection with our newsletter, we use the customer communication platform SendGrid (“SendGrid”), which is operated by Twilio Inc, a company incorporated under the laws of the State of Delaware with its registered office at 375 Beale Street, Suite 300, San Francisco, CA 94105. Please note that Twilio Inc. is a U.S. company. According to a recent ruling by the European Court of Justice (ECJ), there is not an adequate level of data protection in the USA and therefore a risk to the protection of your data. For example, under certain conditions, your data may be processed by US authorities for control and monitoring purposes. The new EU standard data protection clauses have been agreed as suitable safeguards to ensure an adequate level of protection for data transfers.

You can revoke your consent at any time with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. For the exercise of the revocation, there is a link at the end of each newsletter. Alternatively, you can revoke your consent at any time, e.g. by e-mail to [email protected]

When you register for a newsletter, we also store your IP address and the time of registration in order to fulfill our legal documentation obligations. The legal basis for data processing in this case is Art. 6 para. 1 p. 1 lit. c DSGVO.

3.7 Contact form

If you contact us via the contact form provided in order to book group or company-wide tests or to open your own test station, your details will be stored so that they can be used to process your request.

We point out that data transmission on the Internet can have security gaps. A complete protection of the data against access by third parties is not possible.

The legal basis for the processing of your data is basically based on Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest is then to respond to your request. In the case of the implementation of pre-contractual or contractual measures, the legal basis is Art. 6 para. 1 p. 1 lit. b DSGVO.

3.8 Applications

There are vacancies on our website for which you can apply by e-mail.

The data you provide to us as part of your application will be processed by us for the purpose of deciding whether to establish an employment relationship. The legal basis for data processing is Art. 88 (1) DSGVO in conjunction with. § Section 26 (1) sentence 1 BDSG. If special categories of personal data are involved, the processing is based on Art. 88 DSGVO in conjunction with. § 26 para. 3 BDSG. In the event of a rejection or the conclusion of the application process, your data will be deleted within 6 months.

 

4. data processing for the demand-oriented design of the website

In order to make the use of our website as pleasant as possible for you, we use so-called web tracking systems. For this purpose, cookies are generally used, i.e. small text files that are sent from a web server to your browser and stored on the hard drive of your computer. This enables us to recognize the terminal device you use when you use our website. If we use session cookies, these are deleted again after the end of the browser session. Other cookies remain on your terminal device and enable us to recognize your terminal device on your next visit. The tracking tools and other services used by us, which use cookies, are listed under sections 4.1 et seq.

Most browsers are set to accept cookies automatically. You can disable the storage of cookies in your browser and have the option to delete them from your hard drive at any time. However, you can also use your browser to prevent only certain cookies from being set (e.g. cookies from third-party providers), for example if you want to prevent web tracking. You can find more information on this in the help function of your browser.

We would also like to point out that you can also install a privacy protection plugin in your browser that offers the option to prevent tracking – e.g. AdBlock, Ghostery or NoScript (please refer to the privacy notices of the respective plugin provider).

Finally, we would like to point out that in case of a deactivation of cookies, not all functions of this website can be used to the full extent. Please also note that deactivation may have to be carried out for each browser and for each end device.

The legal basis for the processing of your data follows from Art. 6 para. 1 p. 1 lit. f DSGVO, unless otherwise stated in the following provisions in item 4.1 ff. Our legitimate interest is the design of the website to meet the needs of our customers.

4.1 Cookie consent

This website uses the cookie consent technology CookieYes from MOZILOR Ltd. to obtain your consent to the storage of certain cookies on your terminal device and to document this in accordance with data protection law. The provider of this technology is MOZILOR Ltd.-Mozilor Ltd, 10 Paxton Crescent, Shenley Lodge, Milton Keynes, MK5 7PY, United Kingdom .

When you visit our website, a cookie from Borlabs is stored in your browser in connection with the cookie banner, in which the consents you have given or the revocation of these consents are stored. However, this data is not transmitted to MOZILOR Ltd.

The collected data will be stored until you request us to delete it or until you delete the MOZILOR Ltd. cookie yourself or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected.

CookieYes is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c DSGVO.

In addition to the information in the cookie banner, please also note the following information in sections 4.2 ff.

4.2 Google Analytics

Our website uses the tracking tool “Google Analytics”. This is a service provided by Google Ireland Ltd, a company incorporated and operated under the laws of Ireland with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). This tracking tool helps us to make our website more interesting for you and to improve the user experience. In doing so, data about the use of our website is stored in pseudonymous user profiles. Cookies may also be used for this purpose. In addition, data from various devices, sessions and interactions can be linked to a so-called “user ID”. The information generated is usually transferred to a Google server in the USA and stored there. We would like to point out that on our website Google Analytics has been extended by the “anonymizeIp” function. This means that your IP address is first shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area and only then transferred to a Google server in the USA.

The shortening of the IP address represents an additional measure pursuant to Art. 25 (1) DSGVO for the protection of users, but it does not result in the complete data processing being anonymized. Thus, when Google Analytics is used, in addition to the IP address, other usage data is also collected that is to be assessed as personal data, such as identifiers of the individual users, which also allow a link to an existing Google account, for example.

On our behalf, Google will use the information obtained via Google Analytics to evaluate your use of our website, compile reports on website activity and provide us with other services related to website activity and internet usage. The pseudonymized usage profiles will not be merged with personal data about the bearer of the pseudonym without a separately granted consent.

For more information about Google Analytics, see:

https://support.google.com/analytics/answer/2790010?hl=de

 

Please note that Google also has independent access to your data collected via Google Analytics and can also use this data for its own purposes. For example, Google may link this data with other data about you, such as search history, personal account, usage data from other devices, and any other data that Google has about you.

The legal basis for our processing of your data is your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO. You give your corresponding consent via our cookie banner. Please note that Google is a company from the USA. According to a recent ruling by the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and thus a risk to the protection of your data. For example, under certain conditions, your data may be processed by US authorities for control and monitoring purposes. The new EU standard data protection clauses have been agreed as suitable safeguards to ensure an adequate level of protection for data transfers.

4.3 Google Maps

On our website, we also use the map service Google Maps from the provider Google via an API. To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. We have no influence on this data transmission. We have also entered into a mutual responsibility agreement with Google for the processing of personal data. You can view our agreement with Google under the following link. The use of Google Maps by us is based on your consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO. You give your corresponding consent via our cookie banner. Please note that Google is a company from the USA. According to a recent ruling by the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and thus a risk to the protection of your data. For example, under certain conditions, your data may be processed by US authorities for control and monitoring purposes. The new EU standard data protection clauses have been agreed as suitable safeguards to ensure an adequate level of protection for data transfers.

You can find more information on the handling of user data in Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/.

 

4.4 YouTube

Our website uses plugins from the YouTube site operated by Google. When you visit one of our websites equipped with a YouTube plugin and actively click on the corresponding field, a connection to YouTube’s servers is established. In the process, the YouTube server is informed which of our websites you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

The legal basis for the processing of your data is your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO. You give your corresponding consent via our cookie banner. Please note that Google is a company from the USA. According to a recent ruling by the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and thus a risk to the protection of your data. For example, under certain conditions, your data may be processed by US authorities for control and monitoring purposes. If you nevertheless wish to consent to the use of this tool, you can select this via the cookie banner.

For more information on the handling of user data, please refer to YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy.

 

4.5 Google Tag Manager

We use the Google Tag Manager. Through this service from Google, website tags can be managed via an interface. However, the Google Tag Manager only implements tags. In this respect, no cookies are used and no personal data is collected. The Google Tool Manager merely triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. The data is evaluated exclusively in the respective tool (for more details, see the aforementioned explanations in section 4).

 

4.6 Hotjar

Our website uses Hotjar, analytics software provided by Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta (“Hotjar”), to help us better understand the needs of our users and optimize the experience on this website. With Hotjar’s technology, we get a better understanding of our users’ experiences (e.g. how much time users spend on which pages, which links they click on, what they like and dislike, etc.) and this helps us to tailor our offering based on our users’ feedback. Hotjar works with cookies and other technologies to collect information about our users’ behavior and about their devices, in particular screen size, device type (unique device identifiers), information about the browser used, location (country only), language preferred to view our website. Hotjar stores this information in a pseudonymized user profile. The information is not used by Hotjar or us to identify individual users or merged with other data about individual users. For more information, please see Hotjar’s privacy policy (https://www.hotjar.com/legal/policies/privacy).

Our legal basis for processing your data is your consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO. You give your corresponding consent via our cookie banner.

You can prevent Hotjar from storing a user profile and information about your visit to our website and from setting Hotjar tracking cookies on other websites by activating the “Do Not Track” setting in your browser. Hotjar provides instructions on how to do this at the following link: https://www.hotjar.com/de/legal/policies/do-not-track/.

 

4.7 HubSpot

To process business contact requests, we use the service of HubSpot Inc, a USA software company, 25 First Street, Cambridge, MA 02141 USA, with an office in Ireland, Ground Floor, Two Dockland Central, Guild St, North Dock, Dublin, D01 K2C5, Ireland (“HubSpot”).

HubSpot is an integrated software solution that we use to cover data processing via our contact forms. Through our contact forms, users can contact us to book group or company-wide tests or open their own test station and provide their contact information as well as other information (see section 3.6). The information provided in the contact form is then stored on the servers of our software partner HubSpot. Cookies are also set in the course of providing the service.

The legal basis for the processing of your data is your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO. You give your corresponding consent via our cookie banner. Please note that HubSpot is a company from the USA. According to a recent ruling by the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and thus a risk to the protection of your data. For example, under certain conditions, your data may be processed by US authorities for control and monitoring purposes. The new EU standard data protection clauses have been agreed as suitable safeguards to ensure an adequate level of protection for data transfers.

 

4.8 Facebook Custom Audience via the pixel process (standard version)

We use the product “Facebook Custom Audience” offered by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter “Facebook”), via the pixel procedure (standard version). Cookies are used in this procedure (see para. 4). Our legal basis for processing your data is your consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO. You give your corresponding consent via our cookie banner. Please note that Facebook is a company from the USA. According to a recent ruling by the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and thus a risk to the protection of your data. For example, under certain conditions, your data may be processed by US authorities for control and monitoring purposes. If you nevertheless wish to consent to the use of this tool, you can select this via the cookie banner. After implementation of the new EU standard data protection clauses, these will be the legal basis for data transfer to third countries.

Facebook collects and stores usage data in pseudonymous profiles for the purpose of web analytics or to enable interest-based advertising. This allows us to track users’ actions after they have seen or clicked on a Facebook ad. This allows us to track the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, which means that we do not see the personal data of individual users. However, this data is stored and processed by Facebook, about which we inform you according to our level of knowledge. Facebook may associate this data with your Facebook account and also use it for its own advertising purposes in accordance with Facebook’s Data Use Policy.

In addition to us, Facebook itself is also responsible for data processing. The processing of data by Facebook takes place in accordance with Facebook’s data use policy. For details, please refer to Facebook’s data usage policy. Specific information and details about the Facebook Pixel and how it works can be found in Facebook’s help area.

In this respect, we are jointly responsible with Facebook for the processing of your personal data within the meaning of Art. 26 DSGVO. In this case, you can generally assert your rights (see Section 11) both against us and against Facebook. However, Facebook serves as the first point of contact. We have concluded an agreement with Facebook on joint responsibility for processing personal data. You can view this under the following link: https://www.facebook.com/legal/controller_addendum.

 

4.9 LinkedIn Marketing Solutions

We use the LinkedIn Marketing Solutions service, which is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”). This service enables us to use interest-based advertising and to optimize our marketing campaigns. LinkedIn uses cookies and similar technologies to recognize your terminal device. If you subsequently visit the LinkedIn website, you will be shown advertisements based on the data collected.

Our legal basis for processing your data is your consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO. You give your corresponding consent via our cookie banner. Please note that LinkedIn is a company from the USA. According to a recent ruling by the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and thus a risk to the protection of your data. For example, under certain conditions, your data may be processed by US authorities for control and monitoring purposes. The new EU standard data protection clauses have been agreed as suitable safeguards to ensure an adequate level of protection for data transfers.

You can obtain more information about LinkedIn’s privacy policy at the following Internet address: https://www.linkedin.com/legal/privacy-policy?_l=de_DE

 

4.10 Microsoft Advertising

We use the conversion tracking tool Microsoft Advertising, which is offered by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). Microsoft sets cookies on your computer if you have accessed our website via a Microsoft Advertising ad. In this way, Microsoft and we can recognize that someone has clicked on an advertisement and was then redirected to our website. We will only know the total number of users who clicked on a Microsoft Advertising ad and were then redirected to the conversion page. This tool allows us to determine the effectiveness of our ads.

The legal basis for the processing of your data is your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO. You give your corresponding consent via our cookie banner. Please note that Microsoft is a company from the USA. According to a recent ruling by the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and thus a risk to the protection of your data. For example, under certain circumstances, your data may be processed by US authorities for control and monitoring purposes. If you nevertheless wish to consent to the use of this tool, you can select this via the cookie banner. After implementation of the new EU standard data protection clauses, these will be the legal basis for data transfer to third countries.

For more information about how Microsoft handles user data, please see Microsoft’s privacy policy at https://privacy.microsoft.com/de-de/privacystatement.

 

4.11 Awin

We use the service Awin of Awin AG, Eichhornstraße 3, 10785 Berlin, Germany (“Awin”). Awin is a German affiliate network that offers affiliate marketing. Affiliate marketing is an Internet-based form of distribution that enables commercial operators of websites, so-called merchants or advertisers, to display advertisements, which are usually remunerated via click or sale commissions, on websites of third parties, i.e. distribution partners, who are also called affiliates or publishers. The merchant provides an advertising medium via the affiliate network, i.e. an advertising banner or other suitable means of Internet advertising, which is subsequently integrated by an affiliate on its own Internet pages or advertised via other channels, such as keyword advertising or e-mail marketing. In order to track the path of a user from an affiliate to a merchant, Awin uses cookies and similar tracking technologies. Among other things, Awin collects information about the device used, the affiliate’s campaign, the user action and limited transaction data. The collected data is thereby gathered in a pseudonymized usage profile in order to be able to track the user’s path even across devices. The purpose of storing this data is to process commission payments between a merchant and the affiliate, which are processed via the affiliate network.

 

Our legal basis for processing your data is your consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO. You give your corresponding consent via our cookie banner.

Awin’s applicable privacy policy can be found at https://www.awin.com/de/datenschutzerklarung.

 

4.12 Cloudflare

We use the Cloudflare service, which is operated by Cloudflare, Inc, 101 Townsend St, San Francisco, CA 94107, USA (“Cloudfare”). Cloudflare operates a content delivery network (CDN) and provides website protection features (web application firewall). The data transfer between your browser and our servers flows through Cloudflare’s infrastructure and is analyzed there to prevent harmful attacks. Cloudflare uses cookies for this purpose, in order to enable you to access our website as well as to carry out the filtering of web traffic.

 

Our legal basis for processing your data is your consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO. You give your corresponding consent via our cookie banner. Please note that Cloudfare is a company from the USA. According to a recent ruling by the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and thus a risk to the protection of your data. For example, under certain conditions, your data may be processed by US authorities for control and monitoring purposes. The new EU standard data protection clauses have been agreed as suitable safeguards to ensure an adequate level of protection for data transfers.

 

For more information, please see the Cloudflare privacy statement: https://www.cloudflare.com/de-de/privacypolicy/

 

4.13 Microsoft Clarity

In order to analyze the behavior of our users on our website, we use the tool Microsoft Clarity, which is offered by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). This allows us to learn which areas of our website are of particular interest to users, which links they click, how long they stay on our website, etc. Microsoft uses cookies to collect information about our users’ behavior and about their terminal devices, in particular IP address, location (country), access times, device information, browser, screen size, movement data (mouse and scroll movements). The information is stored by Microsoft in pseudonymous user profiles for the purpose of analysis. Microsoft may also use this data for its own purposes, e.g. to improve services or advertising, in accordance with Microsoft’s privacy policy. For more information on data processing by Microsoft, please refer to Microsoft’s privacy policy: https://privacy.microsoft.com/de-de/privacystatement.

 

The legal basis for the processing of your data is your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO. You give your corresponding consent via our cookie banner. Please note that Microsoft is a company from the USA. According to a recent ruling by the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and thus a risk to the protection of your data. For example, under certain circumstances, your data may be processed by US authorities for control and monitoring purposes. If you still wish to consent to the use of this tool, you can select this via the cookie banner. After implementation of the new EU standard data protection clauses, these will be the legal basis for data transfer to third countries.

 

4.14 ClickCease

On our website we use the tool ClickCease of the provider CHEQ AI Technologies Ltd. , Yehuda Halevi 23 St. , Tel Aviv, Israel (“ClickCease”) to prevent click fraud on our website. ClickCease collects, stores and processes information that your browser automatically transmits. In particular, this includes the browser type and version, the operating system used, the referrer URL, the host name of the accessing computer, the time of the server request and the IP address. In addition, your length of stay on our pages, the number of page views and search terms used are stored. ClickCease uses cookies for this purpose. ClickCease analyzes the data for conspicuous behavior in order to block fraudulent users from using the website in the future. For more information on data protection, please refer to the ClickCease privacy policy: https://www.clickcease.com/privacy.html.

The legal basis for the processing of your data is your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO. You give your corresponding consent via our cookie banner. Insofar as your data is stored by ClickCease on servers in the USA in connection with the use of the tool, appropriate safeguards are in place to ensure an adequate level of protection when transferring data to a third country in the form of the new EU standard data protection clauses.

 

5. social media appearances

 

5.1 Data processing by Medicorum TAM and legal basis

Our social media sites serve the purpose of informing you about Medicorum TAM and new developments and services from us. Depending on the offer of the respective provider, you may have the opportunity to interact in different ways (comments, recommendations, etc.), e.g. in connection with our social media presence. User interaction is an important criterion for us to conduct targeted marketing. This enables us to determine, for example, which posts are read preferentially. We therefore also use the statistics determined by the providers in this regard for our own purposes. If we process personal data of the users in the process, the legal basis for this is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest then consists in particular in targeted information / advertising. You will be informed separately by the providers about the legal basis on which the providers process your data for their own purposes.

5.2 Shared responsibility

In individual cases, we are jointly responsible with the social media providers for the processing of your personal data. In this case, you can assert your rights (see section 11) both against us and against the social media provider. However, the social media provider serves as the first point of contact.

We have concluded a joint responsibility agreement with Facebook for the processing of personal data. This applies in relation to the processing of so-called “Insights data”. This involves page statistics, in particular on the interactions of Facebook users.

Details on the Insights data can be found here: https://www.facebook.com/business/pages/manage#page_insights. You can view our agreement with Facebook at the following link: www.facebook.com/legal/terms/page_controller_addendum.

 

We have also entered into a joint responsibility agreement with LinkedIn Ireland with regard to so-called “Page Insights”. With the Page Insights, LinkedIn Ireland does not provide us with personal data, but only aggregated data from you. It is not possible for us to draw conclusions about individual users via the information of the Page Insights. You can view details about Page Insights and our agreement with LinkedIn Ireland at the following link: https://legal.linkedin.com/pages-joint-controller-addendum.

 

Please note that Facebook and LinkedIn also process your data outside the EU/EEA. According to a recent ruling by the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and thus a risk to the protection of your data. For example, under certain conditions, your data may be processed by US authorities for control and monitoring purposes.

 

With regard to the storage period of the data we process from you for our own purposes, please refer to our explanations under item 9. Otherwise, please observe the data protection provisions of the respective social media provider.

 

6. data processing in connection with the test execution

6.1 Conducting the test

At our testing stations, identification of your person is carried out by presenting an official photo ID as well as the booking confirmation you have received by e-mail. Please also note the required data processing in connection with the current TestV under section 3.2. In the case of PCR testing, your sample will be sent to the laboratory responsible for the respective location for laboratory analysis. The laboratory will then inform us of your test result.

You will receive your test result from us to the e-mail address you provided as part of the booking or by printout, if you selected this accordingly when booking. The processing of your data in connection with the testing is carried out for the implementation of the services requested by you. The legal basis is thus Art. 6 para. 1 p. 1 lit. b DSGVO. The obligation to prove your identity in the case of a citizenship test by presenting an official photo ID is based on Art. 6 para. 1 lit. c in conjunction with. § 6 para. 3 no. 4 TestV. The involvement of our laboratories takes place by way of commissioned processing in accordance with Art. 28 DSGVO.

6.2 Transmission of the test result to the Corona Warning App

As part of the booking process on our website (see section 3.1), you have the option to consent to the transmission of the test result to the Corona warning app. In doing so, an individual QR code will be generated by us. The QR code contains a unique code for your test and the test time in coded form. We transfer this code to a test results database operated by the Robert Koch Institute (RKI) so that the Corona Warning app can retrieve it. In the case of a rapid test, you have the choice of whether the test result should be displayed by name in the app for verification purposes (this includes your name as well as your date of birth). You can select this accordingly during the booking process.

The legal basis for the transmission of your data is your consent according to Art. 6 para. 1 p. 1 lit. a DSGVO and, insofar as health data are concerned, Art. 9 para. 2 lit. a DSGVO.

For more information about privacy on the Corona Warning App, please visit the following link: https://www.coronawarn.app/assets/documents/cwa-privacy-notice-de.pdf

6.3 Reporting a positive result

According to § 8 IfSG, we are obliged to transmit your data to the responsible health authority in case of a positive test result. This includes, among other things, your name, your contact details and the data relating to your testing. The legal basis for processing your data is Art. 6 para. 1 p. 1 lit. c DSGVO or Art. 9 para. 2 lit. i DSGVO in conjunction with. §§ 6 para. 1 no. 1 lit. t, 8 para. 1 IfSG.

 

7. data transmission

We only disclose your personal data to third parties or other recipients if this is necessary for the provision of services, if you have given your consent, if there is a legal obligation (e.g. data transfer to health authorities on a statutory basis in accordance with Section 8 IfSG) or if the data transfer is permitted on the basis of another legal basis. Where necessary, we have entered into agreements with the recipients of your data on commissioned processing in accordance with Art. 28 DSGVO.

In addition, please note the separate data protection provisions of the payment methods you have selected.

SumUp
Provider: SumUp Ltd, Block 8, Harcourt Centre, Charlotte Way, Dublin 2, Ireland D02 K580

Website: https://sumup.de/
Further information & data protection: https://sumup.de/datenschutzbestimmungen

 

TECO
Provider: TECO
Zahlungssysteme GmbH
Tschaikowskistraße 58, D-13156 Berlin
Website: https://www.teco-zahlungssysteme.de
Further information & data protection: https://www.teco-zahlungssysteme.de/datenschutz/

 

Concardis
Provider: Concardis GmbH, Helfmann-Park 7, 65760 Eschborn, Germany.
Website: https://www.concardis.com
Further information & data protection: https://www.concardis.com/datenschutz

 

PayPal
Provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, Luxembourg.
Website: https://www.paypal.com
Further information & data protection: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE

 

Stripe
Provider: Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland
Website: https://stripe.com
More information & privacy: https://stripe.com/en-de/privacy

 

Adyen

Provider: Adyen BV, Simon Carmiggeltstraat 6-50 Amsterdam, 1011 DJ, Netherlands Website: www.adyen.com More information & privacy: https://www.adyen.com/policies-and-disclaimer/privacy-policy

 

VISA: https://www.visa.co.uk/legal/privacy-policy.html

 

MasterCard: https://www.mastercard.de/de-de/datenschutz.html

 

American Express: https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html

 

 

8. data transfer to countries outside the EU

To the extent necessary for our purposes, we also transfer your data to recipients outside the EU if you have given your consent, if there is a legal obligation or if the transfer of data is permitted on the basis of another legal basis. Thus, your data will also be transferred to recipients based in the USA as part of data processing. Please note, however, that according to a recent ruling by the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and thus a risk to the protection of your data. For example, under certain circumstances, your data may be processed by US authorities for control and monitoring purposes. For the rest, we still initially refer to Art. 49 DSGVO with regard to the legal basis for the transfer of data. An adequate level of data protection will be ensured in the future by concluding the new so-called EU standard data protection clauses.

 

9. duration for which personal data are stored / criteria for determining the duration

Your personal data will be stored by us for as long as is necessary for the aforementioned purposes of processing, in the event of an objection, no compelling reasons worthy of protection exist on the part of Medicorum TAM, or in the event of a revocation, no other legal basis exists for the data processing. However, in certain cases, e.g. if there is a legal obligation to retain data, your personal data will not be deleted immediately, but will first be blocked.

For example, order and performance documentation within the scope of testing in accordance with the Coronavirus Test Ordinance (TestV) must be retained until December 31, 2024. The order and performance documentation includes, in particular, the name, date of birth and address of the person tested, as well as the reason for the test, the time and the self-disclosure. The result of the testing and proof of notification to the public health service in the event of positive test results shall be stored or kept unchanged until December 31, 2022. The legal basis in this respect is Art. 6 para. 1 lit. c, Art. 9 para. 2 lit. g DSGVO in conjunction with. § Section 7 (5) TestV.

The personal data collected and processed by us within the framework of the contractual relationship will be stored until the expiry of the standard limitation period (3 years after the end of the calendar year in which the contract was terminated) and then deleted, unless we are obliged to store the data for a longer period in accordance with Article 6 (1) sentence 1 lit. c DSGVO due to retention and documentation obligations (in particular from HGB or AO). We store your contract data and the associated documents for 10 years (§147 Abs.3 AO), other commercial and business letters for 6 years (§ 257 Abs. 4 HGB).

 

10. security measures to protect your personal data

We protect your data by technical and organizational measures against unauthorized access, loss or destruction. Our security measures are continuously improved in line with technological developments. Our employees and all persons involved in data processing are obliged to comply with data protection laws and to handle personal data confidentially. Our employees are trained accordingly.

To protect your personal data on this website, we use a secure online transmission method, the so-called “Secure Socket Layer” (SSL) transmission. You can recognize this by the fact that a closed padlock symbol is displayed at the https:// address component. By clicking on the symbol, you will receive information about the SSL certificate used. The display of the symbol depends on the browser version you are using. SSL encryption ensures the encrypted and complete transmission of your data.

 

11. your rights

Within the framework of the legal requirements, you are generally entitled to the following from Medicorum TAM

  • Confirmation as to whether personal data concerning you are processed by Medicorum TAM,
  • information about these data and the circumstances of processing,
  • Correction, insofar as this data is incorrect,
  • Deletion, insofar as there is no justification for the processing and no obligation to retain (any longer),
  • Restriction of processing in special cases determined by law,
  • Objection in case of data processing based on Art. 6 para. 1 p. 1 lit. f. DSGVO and
  • Transfer of your personal data – insofar as you have provided it – to you or a third party in a structured, common and machine-readable format.

Insofar as the processing of your personal data is based on your consent, you have the right to revoke your consent at any time, with the consequence that the processing of your personal data becomes unlawful for the future. However, this does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Please address your specific request to our data protection officer in writing or by e-mail, clearly identifying yourself:

Mr. RA Henning Lüth

ITM GmbH
Wolfener Str. 32-34 House 2B
12681 Berlin

E-mail: [email protected]

 

If we process your data in joint responsibility with third parties within the meaning of Article 26 of the GDPR, the third party is centrally responsible for the exercise of all data subject rights. However, you are free to assert your rights against us as well.

Finally, we would like to inform you of your right to complain to the supervisory authority (supervisory authority in Berlin: https://www.datenschutz-berlin.de/).

 

12. no automated individual decision

We do not use your personal data for automated individual decisions.

 

13. modification of the privacy policy

New legal requirements, corporate decisions or technical developments may require changes to our data protection statement. The privacy policy will then be adapted accordingly. You will always find the latest version on our website.

Datenschutzeinstellungen
Deutsch
English
Български
Ελληνική
Español
Česky
Français
Italiano
やまと
Polski
Português
Românesc
Русский
中文
Thai
Turkish
Український
Arab
Vietnamese
Essenziell
Notwendige Cookies sind für das ordnungsgemäße Funktionieren der Website unbedingt erforderlich. Diese Cookies gewährleisten grundlegende Funktionalitäten und Sicherheitsmerkmale der Website, anonym.
Session
XSRF-TOKEN
Remember token
Analytics
Diese Cookies helfen uns dabei, Informationen über Metriken wie die Anzahl der Besucher, Absprungrate usw. zu liefern.
Google Tag Manager
Zusatzfunktionen
Zusätzliche Funktionen sind nicht obligatorisch und helfen uns, Ihr Erlebnis zu verbessern.
Google Maps
Wartung
Diese Cookies helfen uns bei der Bereitstellung von Informationen zur Fehlerprotokollierung, die wir zur Fehlerbehebung verwenden.
Sentry
Speichern Alle akzeptieren