Version: 1.0.0
Status. 20.11.2023

I. General information on data protection

1. Data protection

Thank you for your interest and for visiting our website at www.findme2care.de. As the operator of this website, RxOme GmbH takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations.

This privacy policy explains the type, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and the associated functions and content. With regard to the terms used, such as “personal data”, “processing”, or “controller”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

As the controller, RxOme GmbH has implemented numerous technical and organizational measures to ensure that the personal data processed via this website is protected as completely as possible. Nevertheless, we would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. It is, therefore, not possible to guarantee complete protection of data against access by third parties.

2. Controller

The controller within the meaning of the GDPR and other national data protection laws as well as other data protection regulations is:

RxOme GmbH
Bayerstraße 3-5
D-80335 Munich
info@findme2care.de
Phone +49 (0)89/30 90 886-0
Fax +49 (0)89/30 90 886-66

3. Data protection officer

The data protection officer of the controller is:

Jan Alkemade
Alkemade IT-Security e.K.
Egerländer Str. 9
61239 Ober-Mörlen
Phone: +49 6002 939593
E-mail: jan.alkemade@alkemade-it.de

4. User groups

The services of RxOme GmbH can be used by different user groups. Depending on the service and user group, different data must be processed so that specific user groups are also discussed below. These are

Chapter IV: Registration of findings for patients
Chapter V: Verification of membership of one of the authorized professional groups

In addition, the individual chapters may contain services that are only used by one user group.

II. General information on data processing

1. Scope of the processing of personal data

We only process the personal data of visitors to our website to the extent necessary to provide a functional website and our content and services. The medical data provided by patients is only processed for the provision of services (including contacting patients with enquiries about studies) and is not passed on to third parties without the express consent of registered patients.

2. Legal basis for the processing of personal data

The personal data is processed on the basis of an explicit consent. Thus, Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a of the GDPR serve as the legal basis.

3. Data erasure and storage duration

The personal data of the patients will be erased on their processing restricted as soon as the purpose of the processing no longer applies, but at the latest, after 30 years. Processing may take place beyond this if this has been provided for by the European or national legislator in EU regulations, laws, or other provisions to which the controller is subject. The processing or erasure of data is also restricted if a storage period prescribed by the aforementioned standards expires unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

III. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data (so-called server log files), which your browser automatically transmits to us, are collected:

Information about the browser type (version used, language settings, etc.)
The operating system of the user
The IP address of the user
Date and time of access
Website from which the user’s system accesses our website (website, search engine or link, so-called referrer URL)
Website that is accessed by the user’s system via our website
Status information (e.g., error messages)
Amount of data transferred

The data is also stored in our system’s log files. This data is not stored together with the user’s other personal data.

We reserve the right to subsequently check this data or have it checked if we become aware of specific indications of unlawful use.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

3. Purpose of the data processing

The temporary storage of the IP address by the system is necessary to technically enable the website to be accessed. For this purpose, the IP address of the user (visitor) must remain stored for the duration of the session. Storage in log files serves to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.

4. Duration of storage

The data is deleted as soon as it is no longer required to fulfill the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, it is deleted after seven days at the latest. Data may be stored for longer than this (e.g., for security reasons, such as to investigate misuse or fraud, storage for evidence purposes). In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the accessing client.

5. Possibility of objection and removal

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

IV. Registration of findings for patients

The “FindMe2care” platform operated by RxOme GmbH is used to provide information on patients with rare genetic diseases and, if necessary, to contact pharmaceutical companies, study centres, and other patients. Patients can receive information tailored to their individual rare disease, be informed about current treatment options, or be supported by suitable patient organizations. Patients can also be made aware of patient registries, clinical studies, or scientific research projects that are looking for patients with a specific disease.

Disease-specific information must be processed at the patient level in order to provide patients with targeted information and possible contact requests from, e.g., study registries and to avoid information that is not relevant to individual patients.

In preparation for a possible later registration with FindMe2care, a QR code with the data listed below was created in the genetic laboratory that made the diagnosis. This is initially only generated locally in the laboratory and sent to the attending physician together with the findings. In the interests of data minimisation, no personal data is collected by FindMe2care or transferred from the laboratory to FindMe2care at this stage. Responsibility for data processing at this stage lies with the laboratory or the attending physician.

When the patient creates a user account on FindMe2care, the necessary data (usually your e-mail address and the password you have chosen) is transferred to our server.

Your medical data will only be transferred from your device (PC or smartphone) to our server during the subsequent registration of findings if you have given the corresponding declaration of consent. You can give your consent individually or in thematically related groups for the above-mentioned functions. During transmission, sensitive medical data is encrypted end-to-end using certificate-based encryption methods (PGP). The processing of login data for FindMe2care and other personal and medical data takes place on servers hosted in Germany. Internet access to the website is SSL-encrypted via the HTTPS connection protocol.

What data is transferred to FindMe2care in the course of using the mediation function and the necessary findings registration process?

In addition to the contact details (e-mail address and telephone number, if applicable), FindMe2care stores the same data that you will find in your genetic report:

Information on the affected genes
Information on the disease-causing change in these genes,
Information on the existing symptoms that can be assigned to the genetic alteration,
Information on the age (in years) and sex of the person examined
Information on the examination method used,
Information on when and in which laboratory the findings were obtained.

The storage of the above-mentioned medical data in connection with the patients’ contact details is necessary in order to be able to inform them of scientific information/study inquiries that apply to them individually.

If personal data, including medical data, is stored in the database, it will remain stored until the patient withdraws their consent or the FindMe2care service no longer exists. After deletion, the data record may remain in data backup media for up to 6 months until it is automatically deleted. The user account remains in place until it is terminated by the patient or FindMe2care.

The data subject can request the deletion of medical and personal data at any time. This will be processed within 14 working days. The request can be made in writing to RxOme GmbH or by email to info@findme2care.de. Alternatively, the deletion of the user account and the associated medical and personal data can be requested via the profile settings in the user profile. You will find clear patient information in accordance with Article 13 GDPR provided separately.

V. Verification of membership of one of the authorized professional groups

Before we can activate your user account, we require you to provide suitable proof that you belong to one of the named professional groups (e.g., a copy of your doctor’s ID card or license to practice medicine).

You can upload the relevant documents using the corresponding upload form on the platform. FindMe2care uses SSL encryption (AES 256 bit or equivalent, depending on the support of the user’s browser) for the transfer in both directions (upload + download). The transfer is encrypted via the HTTPS protocol.

We process and store the personal data provided during registration exclusively to enable you to access and use the website. The legal basis for the processing of the data is the consent of the user within the meaning of Art. 6 para. 1 lit. a GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR. The personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Storage beyond this is possible (e.g., for security reasons, such as to investigate misuse or fraud, storage for evidence purposes). Any proof of professional qualifications provided by you (e.g., a copy of your doctor’s ID card or license to practice medicine) will be stored by the controller for a maximum of one year after the user leaves the platform.

VI. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies do not damage your computer and do not contain viruses. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change.

The following data is stored and transmitted in the cookies:

Session cookie
Log-in information
Saving the settings for the use of cookies

The open source software “Discourse Forum” from the company “Civilized Discourse Construction Kit, Inc.” (USA; European representation: M. Régis Hanol Civilized Discourse Construction Kit, Inc., regis.hanol@discourse.org, 78 Allée Primavera Centre UBIDOCA, 15232 74370 ANNECY, FRANCE) is used to operate the forum, which is intended for use by professionals.

The software instance integrated into FindMe2care is hosted locally on the same server that the rest of the FindMe2care platform uses so that access and data processing are also subject to our control. There is no external access to user data. The forum software uses the following essential cookies when the forum is used:

Name	Procedure	Description / Purpose
email	session	Required for account setup.
destination_url	session	Used during login to redirect to the desired page.
sso_destination_url	session	Used during SSO (single sign-on) login to redirect to the desired page.
authentication_data	next page view	Used during full-screen login to return data to the JavaScript application.
fsl	session	User settings for the full-screen login.
Theme_key	permanent	User settings for adjustments to the color scheme (“Themes”). Only used if the setting “Make these color schemes the default for all my devices” is not selected.
Cn	permanent	For managing and deleting notifications read by the user.
_bypass-cache	session	Used together with fsl for full-screen login.
_t	1440 hours	User authentication token. (SiteSetting.maximum_session_age.hours.from_now)
_forum_session	session	Session cookie.
dosp	next page view	Temporary cookie that informs the user that he or she is protected against denial of service.

2. Purpose of the data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website may not be available without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change.

We require cookies for the following applications:

Saving the current user session
Remembering the log-in information
Saving the settings for the use of cookies

For the purpose of the cookies required to operate the forum, please refer to the table in the previous section.

The user data collected by technically necessary cookies is not used to create or enrich user profiles.

3. Duration of storage, possibility of objection and removal

Cookies are stored on the user’s computer in the environment of the browser used and transmitted to our website. As a user, you, therefore, have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

4. Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a GDPR if the user has given consent to this.

VII. Registration form and e-mail contact for professionals

1. Description

A registration form/log-in form is available on our website to enable access to the FindMe2care community’s expertise with regard to the online database presented here, which supports you in your search for causal forms of therapy for genetic diseases. This database is only accessible to healthcare professionals; for verification of membership in relevant specialist groups, see Section V.

If a user makes use of this registration option, the data entered in the input mask will be transmitted to us and stored. This data includes

Name
E-mail address
Language
Password
Company, if applicable

The following data is also stored at the time the message is sent:

The IP address of the user
Date and time of registration

It is also possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.

The data will not be passed on to third parties in this context. The data is used exclusively for processing the conversation.

When using the forum, the e-mail address provided during registration is also used to inform the user of new posts of interest or replies to posts by the user. Direct user-to-user messages in the forum can also be forwarded to the target user as an e-mail. The frequency of these messages and the topics on which messages are to be sent can be managed and, if necessary, reduced by each user themselves via the forum profile settings. Irrespective of this, messages may be sent at any time if they are necessary for the operation of the forum or if it is necessary to contact the user for other technical reasons.

2. Legal basis for data processing

The legal basis for the processing of the data is the consent of the user within the meaning of Art. 6 para. 1 lit. a GDPR.

The legal basis for the processing of data transmitted in the course of sending an e-mail is also Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

3. Purpose of the data processing

The processing of the personal data from the input mask serves us solely to process the registration.

If you contact us by email, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form for the purpose of registration and to ensure the security of our information technology systems.

4. Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified, and there are no indications to be documented that the processing is necessary for the assertion, exercise, or defense of legal claims or for actions of the courts in the context of their judicial activity.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. Possibility of objection and removal

The user has the option of withdrawing their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

A declaration of revocation, amendment, correction, and updating of such data can be made in writing by fax or e-mail to RxOme GmbH.

All personal data stored in the course of contacting or registering will be deleted in this case unless the exceptions specified under VII. 4. apply.

VIII. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR, and you have the following rights towards the controller:

1. Right to information

You can request confirmation from the controller as to whether personal data concerning you has been or is being processed. If such processing is taking place, you can request the following information from the controller:

the purposes for which the personal data are processed
the categories of personal data that are processed
the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed
the envisaged period for which the personal data concerning you will be stored, or, if specific information on this is not possible, the criteria used to determine that period
the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing
the existence of a right to lodge a complaint with a supervisory authority
all available information about the origin of the data if the personal data is not collected from the data subject
the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

2. Right to rectification

You have a right to rectification and/or completion towards the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the rectification without undue delay.

3. Right to restriction of processing

You may request the restriction of the processing of your personal data under the following conditions:

if you contest the accuracy of the personal data concerning you for a period, enabling the controller to verify the accuracy of the personal data;
the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead
the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise, or defense of legal claims or
if you have objected to the processing pursuant to Art. 21 para. 1 GDPR, and it is not yet certain whether the legitimate reasons of the controller outweigh your reasons.

If the processing of personal data concerning you has been restricted, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to erase

a) Obligation to erase

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay, where one of the following grounds applies:

The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
You object to the processing pursuant to Art. 21 para. 1 GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.
The personal data concerning you has been processed unlawfully.
The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8 para. 1 GDPR.

b) Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17 para. 1 GDPR, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers that processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exeptions

The right to erasure does not exist if the processing is necessary:

for exercising the right of freedom of expression and information
for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h and lit. i and Art. 9 para. 3 GDPR
for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89 para. 1 GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing or
for the establishment, exercise, or defense of legal claims.

5. Right to information

If you have asserted the right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed about these recipients from the controller.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where:

the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons may not be impaired by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, which is based on Art. 6 para. 1 lit. e or lit. f GDPR, including profiling based on those provisions.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing that overrides your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the option, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures that use technical specifications.

8. Right to revoke the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated decision-making in individual cases, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

is necessary for the conclusion or performance of a contract between you and the controller
is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies, and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

Where the decision is not based on legal provisions, the controller shall implement suitable measures to safeguard your rights, freedoms, and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

The supervisory authority responsible for data protection for the controller is

Bavarian State Office for Data Protection Supervision
Mr. Michael Will
Promenade 18
91522 Ansbach
www.lda.bayern.de

IX. Data transfer and cooperation with third parties

1. Cooperation with processots and third parties

If we disclose data to other persons and companies (processors or third parties) as part of our processing, transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g., if the transfer of data to third parties, such as payment service providers pursuant to Art. 6 para. 1 lit. b GDPR is required to fulfill the contract), if you have consented, if a legal obligation provides for this, or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.).

If we commission processors with the processing of data, this is done on the basis of Art. 28 GDPR.

2. Transfer to third countries

No data is transferred to third countries.

3. Integration of third-party services and content

For the operation of patient registration and contact and the necessary processing of medical and other particularly sensitive data, no corresponding third-party content is integrated so that no data is passed on to third parties (not even in pseudonymized form).

We may use content or service offers from third-party providers in other places within our online offer on the basis of our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f GDPR) in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).

This always presupposes that the third-party providers of this content are aware of the IP address of the users, as they would not be able to send the content to their browser without the IP address. The IP address is, therefore, required to display this content. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to analyze information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and contain, among other things, technical information about the browser and operating system, referring websites, visit time, and other information about the use of our online offer, as well as being linked to such information from other sources.

4. Web hosting

The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services that we use for the purpose of operating this online offering.

In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties, and visitors to this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of a contract for order processing).

5. Data protection for third-party websites

This website may contain hyperlinks to third-party websites. If you follow a hyperlink to one of these websites, please note that we cannot accept any responsibility or guarantee for third-party content or data protection conditions. Please check the applicable data protection conditions before you transmit personal data to these websites. The operators of linked websites are solely responsible for their content. When the link was created, there was no indication that the content of the page to be accessed did not comply with the statutory provisions or was contrary to public decency. We request that you notify us immediately if a third-party site to which we refer via hyperlinks does not comply or no longer complies with legal provisions or common decency. The license and terms of use of the respective operator of the website apply.

6. SSL encryption

This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

X. Online forum, user comments and contributions

a) Type and scope of data processing

Registered users who belong to an authorized professional group have the opportunity to leave comments on individual contents of our online offers and contributions in our forum. We store the following data:

Name
E-mail address
IP address

We will store your IP addresses and the time of publication on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR for seven days. This is done for security reasons if the rights of third parties are violated, or illegal content is left in comments and posts (insults, defamation, inciting content, prohibited political propaganda, etc.). In this case, we ourselves may be prosecuted for the comment or contribution and are therefore interested in the identity of the author. This data will not be forwarded to third parties unless such forwarding is required by law or serves our legal defense.

In addition to registering the user, we also use the e-mail address to identify the user. We also reserve the right to contact the author of the comments and contributions in the event of criminal or other compelling reasons.

Furthermore, we reserve the right, on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR to process user data for the purpose of spam detection.

It is also possible for us to establish a link between the post and the respective log data (such as IP addresses) by analyzing the log files. This data is only analyzed in the event of problems with the operation of the website.

Remember that comments and posts are also accessible to other forum members. You should check your contributions carefully before publication to ensure that they do not contain information that is not intended for the public.

Please note that no copyright or other legal infringements may be committed in the forum. This means, for example, that no third-party texts or images may be posted without permission. Content posted by the user in the database, in the forum, or elsewhere on the platform may not contain any data or media (e.g., images, videos) or other information that would allow conclusions to be drawn about the identity of patients. For a detailed specification of the non-permitted data, please also refer to the terms of use for doctors and content creators.

b) Legal basis for data processing

The legal basis for the storage of data is primarily Art. 6 para. 1 lit. a GDPR. In addition, Art. 6 para. 1 lit. b, c, and f GDPR may apply.

c) Purpose of the data processing

The storage of data is necessary in order to create a user who can then write professional posts and send personal messages in the online forum. We do not pass on the data you provide to third parties unless there is a legal basis for doing so to the extent required or the user has expressly consented to this.

d) Duration of storage, objection and removal options

The storage of personal data is absolutely necessary for the operation of the online forum. Without consent to storage, we cannot create users for the online forum.

Irrespective of this, you can object to the processing of your personal data at any time with effect for the future.

The personal data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible (e.g., for security reasons, such as to investigate misuse or fraud or storage for evidence purposes). In this case, we ourselves may be prosecuted for the comment or contribution and are therefore interested in the identity of the author. This data will not be passed on to third parties unless such a transfer is required by law or serves our legal defense. Your data will generally be deleted on a regular basis if the intended purpose of providing information no longer applies and storage is no longer necessary.

If you delete your account, your public statements, in particular your professional contributions in the database and possibly in the online forum, will remain visible to all readers. However, your account can no longer be accessed. Your previous posts will remain in the specialist database and, if applicable, in the online forum so that discussions are not distorted and can still be understood in the context of all posts. All other data will be deleted.

If you would like your public posts to be deleted from the database and the online forum, please contact info@findme2care.de or the person responsible using the contact details given above. You then have the following options: Posts from the online forum can be removed from the forum and are, therefore, no longer visible to other readers. Contributions you have made to the specialist database can be anonymized by deleting your user name so that it is no longer technically possible to draw personal conclusions about their origin. By doing so, you explicitly waive your right to be named as the author of the contribution under copyright law. For details, please refer to the terms of use for doctors and content creators.

The data records created for you cannot be deleted directly from our backup structures. As the backup data is overwritten in regular backup creation cycles, your data will be completely deleted from our systems after a period of three to six months. The legal basis here is the fulfillment of a legal obligation that makes processing necessary under the law of the Union or of the Member States to which the controller is subject (see Art. 6 para. 1 lit. c GDPR, see Art. 17 para. 3 lit. b GDPR).

XI. Other information

1. Objection to advertising e-mails.

We hereby object to the use of contact data published as part of our obligation to provide a legal notice for the purpose of sending unsolicited advertising and information material. The operators of the website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

2. Change to our data protection regulation

We change our security and data protection measures as required by technical and legal developments and adapt the data protection guidelines accordingly. Please, therefore, note the latest version.