1. Name and Contact Information for the Party Responsible for Processing Data
This information on data protection applies to data processed by:
RHÖN-KLINIKUM Aktiengesellschaft (hereinafter also referred to as „RHÖN-KLINIKUM AG“)
97616 Bad Neustadt / Saale
Telephone: + 49 9771 65-0
Facsimile: + 49 9771 97467
2. Name and Contact Information for the Data Protection Officer
Group Data Protection Officer at RHÖN-KLINIKUM AG
Ms. Marina Wefer
97616 Bad Neustadt / Saale
Telephone: +49 641 985 40155
3. Processing Personal Data, Type and Purpose of its Use
a) General Information
This webpage can be visited without having to register. Personal data are generally only processed with your consent. An exception hereto applies where it is not possible to obtain prior consent due to circumstances and/or statutory provisions permit the data to be processed. Personal data in the sense of Art. 4, No. 1, EU General Data Protection Regulation (GDPR), means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The following informs you as a user of this webpage about the type, scope and purpose of collecting and using your data.
b) Legal Basis for Processing Personal Data
Art. 6, Subsection (1), Lit. a), GDPR, serves as the legal basis as far as consent by the person concerned is to be given for the processing of the personal data. Art.6, Subsection (1), Lit. b), GDPR, serves as the legal basis for processing personal data which is necessary for the performance of a contract to which you are a contractual party.
This also applies to processing which is necessary to take steps prior to entering into a contract, e.g. in the preparation of contracts, such as for medical treatment or hiring staff. Art. 6, Subsection (1), Lit c), GDPR, serves as the legal basis for processing personal data which is necessary for compliance with a legal obligation to which RHÖN-KLINIKUM AG is subject. Art. 6, Subsection (1), Lit d), GDPR, serves as the legal basis for the case where processing personal data is necessary in order to protect your vital interests or those of another natural person. Art. 6, Subsection (1), Lit f), GDPR, serves as the legal basis for processing personal data which is necessary for the purposes of a legitimate interest pursued by RHÖN-KLINIKUM AG or by a third party and if your interests, fundamental rights and freedoms do not override the former interest.
c) Erasure of Data and General Storage Period
Your personal data are erased or blocked as soon as the purpose for storing the data no longer exists. The data can be stored for a longer period if this was envisaged by European or national legislation in European Union regulations, laws or other regulations to which RHÖN‑KLINIKUM AG is subject (e.g. retention periods for patient records or diagnoses). Data are also blocked or erased if a storage period which is prescribed by the above norms expires unless it is necessary to retain the data in order to enter into or perform a contract.
d) Data Processing When Visiting this Webpage
No server log files or IP addresses are stored when you visit this webpage.
e) Data Processing in Connection with the Contact Form and E-Mail
If a user chooses to contact us electronically via a contact form on our webpage, the data entered in the contact form are transmitted to us and stored.
Data in the general contact form include:
Title, First Name, Last Name, Telephone No., E-Mail Address and Subject
The order service (Investor Relations) collects the following data:
First Name, Last Name, Company Name, Road, Postcode, Town, Telephone No., Facsimile No., Country, E-Mail Address
Before the data are sent, you are reminded of this data protection declaration and your consent is obtained for the data to be processed.
It is also possible to contact us in a non-encrypted manner via the e-mail addresses provided on the webpage. Your personal data which are transmitted with the e-mail are stored in this case. You will receive the information that non-encrypted communication via e-mail does not generally provide a secure method for transmitting data via the internet. Please do not send sensitive data, such as medical data, to RHÖN-KLINIKUM AG via e-mail and/or the contact form. We strongly advise you to use the postal service or the telephone for this.
The data are processed for the purpose of communication and/or contact pursuant to Art. 6, Subsection (1), Sentence 1, Lit. a) GDPR based on your voluntary consent. Personal data are therefore only collected when and to the extent that you provide the data voluntarily. The data are only passed on to third parties without your consent if RHÖN-KLINIKUM AG is obliged to do so by law (Art. 6, Subsection (1), Lit. c), GDPR). Another legal basis for processing data transmitted via e‑mail is Art. 6, Subsection (1), Lit. f), GDPR. If the e-mail contact is geared towards entering into a contract, another legal basis for processing the data is Art. 6, Subsection (1), Lit. b), GDPR.
The data are erased as soon as they are no longer required for achieving the purpose of their collection. This is the case for the personal data in the contact form and the data transmitted via e-mail when the respective conversation with the user is finished. The conversation is finished when it can be derived from the circumstances that the subject matter concerned is completely clarified.
Messages are stored for as long as they are required for the respective matter to be processed.
4. Passing on Data
We do not pass your personal data on to third parties for purposes other than those listed below. We only pass your personal data on to third parties if:
· You have given your explicit consent thereto pursuant to Art. 6, Subsection (1), Sentence 1, Lit. (a), GDPR;
· Passing on the data is necessary pursuant to Art. 6, Subsection (1), Sentence 1, Lit. f), GDPR, for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection that we do not pass on your data;
· There is a legal obligation for passing on the data pursuant to Art. 6, Subsection (1), Sentence 1, Lit. c), GDPR; and
· This is permitted by law and necessary for processing contractual relationships with you pursuant to Art. 6, Subsection (1), Sentence 1, Lit. b), GDPR.
6. Rights of Affected Persons
You have the right:
a) Pursuant to Art. 15, GDPR, to obtain access to your personal data which RHÖN‑KLINIKUM AG has processed. You can request access, in particular, to the purposes for processing the data, the category of the personal data, the categories of recipients to whom your data were or will be disclosed, the envisaged storage period, the existence of a right to request rectification, erasure and/or restriction of the data processing or objection thereto, the existence of a right to lodge a complaint, the source of your data if not collected from RHÖN-KLINIKUM AG as well as the existence of automated decision-making, including profiling, and as necessary meaningful information to their details;
b) Pursuant to Art. 16, GDPR, to obtain without undue delay rectification or completion of your personal data stored at RHÖN-KLINIKUM AG;
c) Pursuant to Art. 17, GDPR, to obtain the erasure of your personal data stored at RHÖN‑KLINIKUM AG unless the data processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
d) Pursuant to Art. 18, GDPR, to obtain the restriction of processing your personal data if you contest the accuracy of the data, the processing is unlawful and you oppose the erasure of the data, RHÖN-KLINIKUM AG no longer needs the data but you require the data for the establishment, exercise or defence of legal claims or you have objected to the data being processed pursuant to Art. 21, GDPR;
e) Pursuant to Art. 20, GDPR, to receive your personal data which you provided to RHÖN‑KLINIKUM AG in a structured, commonly used and machine-readable format or to transmit said data to another party responsible for processing data;
f) Pursuant to Art. 7, Subsection (3), GDPR, to withdraw at any time your consent once given to RHÖN-KLINIKUM AG. This results in the fact that RHÖN-KLINIKUM AG is no longer permitted in the future to continue to process the data which were the basis for the consent; and
g) Pursuant to Art. 77, GDPR, to lodge a complaint with the competent supervisory authority. The data protection supervisory authority is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA - Bavarian Data Protection Authority), Promenade 27, 91522 Ansbach, Germany.
Should you wish to make use of any of your rights as an affected person as stated in a) to f), it is sufficient to send a letter or e‑mail addressed to the Data Protection Officer in cipher 2 of this data protection declaration.
7. Right to Object
If your personal data are processed based on legitimate interests pursuant to Art. 6, Subsection (1), Sentence 1, Lit. (f), GDPR, you have the right pursuant to Art. 21, GDPR, to object to the processing of your personal data on grounds relating to your particular situation or if the objection is directed against direct marketing. In the latter case you have a general right to object, which right shall be granted by RHÖN-KLINIKUM AG without the need for details of a particular situation.
Should you wish to make use of your right of withdrawal or your right to object, it is sufficient to send a letter or e‑mail addressed to the Data Protection Officer in cipher 2 of this data protection declaration.
8. Data Security
This webpage uses Transport Layer Security together with AES 256 Bit encryption. You can see that this webpage is encrypted from the closed image of the key and/or lock in the status line at the bottom of your browser.
9. Existence of Automated Decision-Making / Profiling
Automated decision-making or profiling in the sense of Art. 22, GDPR, does not take place.
10. Validity und Modification of this Data Protection Declaration
This data protection declaration is currently valid as of 25th May 2018. It may become necessary to modify this data protection declaration when the webpage is updated or if statutory stipulations are changed. You can view and print the current data protection declaration under https://www.rhoen-klinikum-ag.com/metanavigation/datenschutzerklaerung.html.