Data Protection

1. Name and Contact Information for the Party Responsible for Processing Data

This information on data protection applies to data processed by:

RHÖN-KLINIKUM Aktiengesellschaft (hereinafter also referred to as „RHÖN-KLINIKUM AG“)
Schlossplatz 1
97616 Bad Neustadt / Saale
Telephone: +49 9771 65-0
Facsimile: +49 9771 97467
E-Mail: rka(at)

2. Name and Contact Information for the Data Protection Officer

Group Data Protection Officer at RHÖN-KLINIKUM AG
Ms. Marina Wefer
Schlossplatz 1
97616 Bad Neustadt / Saale
Telephone: +49 641 985-40155
E-Mail: marina.wefer(at)

3. Processing Personal Data, Type and Purpose of its Use

a) General Information

This webpage can be visited without having to register. Personal data are generally only processed with your consent. An exception hereto applies where it is not possible to obtain prior consent due to circumstances and/or statutory provisions permit the data to be processed. Personal data in the sense of Art. 4, No. 1, EU General Data Protection Regulation (GDPR), means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The following informs you as a user of this webpage about the type, scope and purpose of collecting and using your data.

b) Legal Basis for Processing Personal Data

Art. 6, Subsection (1), Lit. a), GDPR, serves as the legal basis as far as consent by the person concerned is to be given for the processing of the personal data. Art.6, Subsection (1), Lit. b), GDPR, serves as the legal basis for processing personal data which is necessary for the performance of a contract to which you are a contractual party.

This also applies to processing which is necessary to take steps prior to entering into a contract, e. g. in the preparation of contracts, such as for medical treatment or hiring staff. Art. 6, Subsection (1), Lit c), GDPR, serves as the legal basis for processing personal data which is necessary for compliance with a legal obligation to which RHÖN-KLINIKUM AG is subject. Art. 6, Subsection (1), Lit d), GDPR, serves as the legal basis for the case where processing personal data is necessary in order to protect your vital interests or those of another natural person. Art. 6, Subsection (1), Lit f), GDPR, serves as the legal basis for processing personal data which is necessary for the purposes of a legitimate interest pursued by RHÖN-KLINIKUM AG or by a third party and if your interests, fundamental rights and freedoms do not override the former interest.

c) Erasure of Data and General Storage Period

Your personal data are erased or blocked as soon as the purpose for storing the data no longer exists. The data can be stored for a longer period if this was envisaged by European or national legislation in European Union regulations, laws or other regulations to which RHÖN‑KLINIKUM AG is subject (e. g. retention periods for patient records or diagnoses). Data are also blocked or erased if a storage period which is prescribed by the above norms expires unless it is necessary to retain the data in order to enter into or perform a contract.

d) Data Processing When Visiting this Webpage

No server log files or IP addresses are stored when you visit this webpage.

e) Data Processing in Connection with the Contact Form and E-Mail

If a user chooses to contact us electronically via a contact form on our webpage, the data entered in the contact form are transmitted to us and stored.

The order service (Investor Relations) collects the following data:
First Name, Last Name, Company Name, Road, Postcode, Town, Telephone No., Facsimile No., Country, E-Mail Address

Before the data are sent, you are reminded of this data protection declaration and your consent is obtained for the data to be processed.

It is also possible to contact us in a non-encrypted manner via the e-mail addresses provided on the webpage. Your personal data which are transmitted with the e-mail are stored in this case. You will receive the information that non-encrypted communication via e-mail does not generally provide a secure method for transmitting data via the internet. Please do not send sensitive data, such as medical data, to RHÖN-KLINIKUM AG via e-mail and/or the contact form. We strongly advise you to use the postal service or the telephone for this.

The data are processed for the purpose of communication and/or contact pursuant to Art. 6, Subsection (1), Sentence 1, Lit. a) GDPR based on your voluntary consent. Personal data are therefore only collected when and to the extent that you provide the data voluntarily. The data are only passed on to third parties without your consent if RHÖN-KLINIKUM AG is obliged to do so by law (Art. 6, Subsection (1), Lit. c), GDPR). Another legal basis for processing data transmitted via e‑mail is Art. 6, Subsection (1), Lit. f), GDPR. If the e-mail contact is geared towards entering into a contract, another legal basis for processing the data is Art. 6, Subsection (1), Lit. b), GDPR.

The data are erased as soon as they are no longer required for achieving the purpose of their collection. This is the case for the personal data in the contact form and the data transmitted via e-mail when the respective conversation with the user is finished. The conversation is finished when it can be derived from the circumstances that the subject matter concerned is completely clarified.

Messages are stored for as long as they are required for the respective matter to be processed.

4. Passing on Data

We do not pass your personal data on to third parties for purposes other than those listed below. We only pass your personal data on to third parties if:

·  You have given your explicit consent thereto pursuant to Art. 6, Subsection (1), Sentence 1, Lit. (a), GDPR;

·  Passing on the data is necessary pursuant to Art. 6, Subsection (1), Sentence 1, Lit. f), GDPR, for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection that we do not pass on your data;

·  There is a legal obligation for passing on the data pursuant to Art. 6, Subsection (1), Sentence 1, Lit. c), GDPR; and

·  This is permitted by law and necessary for processing contractual relationships with you pursuant to Art. 6, Subsection (1), Sentence 1, Lit. b), GDPR.

5. Cookies

Cookies are small files which your browser creates automatically and stores on your end device (laptop, tablet, smartphone, etc.) when you visit a webpage. This webpage does not use cookies.

6. Adobe Fonts

For a consistent appearance our webpage uses certain fonts, so-called web fonts, which come from Adobe fonts. Adobe fonts are made available by Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).

When you visit our webpage, your browser loads the required fonts directly from Adobe in order to be able to display them correctly on your end device. Your browser connects to Adobe’s servers in the USA for this purpose. Adobe is thus made aware of the fact that your IP address is visiting our webpage. Adobe states that no cookies are stored when making the fonts available.

Adobe is certified pursuant to the EU-US Privacy Shield. The Privacy Shield is an agreement between the United States of America and the European Union, the purpose of which is to guarantee that European data protection standards are complied with. You will find more information under:

Adobe fonts are required to guarantee a consistent appearance on our webpage. This constitutes a legitimate interest in the sense of Art. 6, Subsection 1, Lit. f, General Data Protection Regulation (GDPR).

You will find more information about Adobe fonts under:

You will find Adobe’s declaration on data protection (privacy policy) under:

7. Rights of Affected Persons

You have the right:

a) Pursuant to Art. 15, GDPR, to obtain access to your personal data which RHÖN‑KLINIKUM AG has processed. You can request access, in particular, to the purposes for processing the data, the category of the personal data, the categories of recipients to whom your data were or will be disclosed, the envisaged storage period, the existence of a right to request rectification, erasure and/or restriction of the data processing or objection thereto, the existence of a right to lodge a complaint, the source of your data if not collected from RHÖN-KLINIKUM AG as well as the existence of automated decision-making, including profiling, and as necessary meaningful information to their details;

b) Pursuant to Art. 16, GDPR, to obtain without undue delay rectification or completion of your personal data stored at RHÖN-KLINIKUM AG;

c) Pursuant to Art. 17, GDPR, to obtain the erasure of your personal data stored at RHÖN‑KLINIKUM AG unless the data processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;

d) Pursuant to Art. 18, GDPR, to obtain the restriction of processing your personal data if you contest the accuracy of the data, the processing is unlawful and you oppose the erasure of the data, RHÖN-KLINIKUM AG no longer needs the data but you require the data for the establishment, exercise or defence of legal claims or you have objected to the data being processed pursuant to Art. 21, GDPR;

e) Pursuant to Art. 20, GDPR, to receive your personal data which you provided to RHÖN‑KLINIKUM AG in a structured, commonly used and machine-readable format or to transmit said data to another party responsible for processing data;

f) Pursuant to Art. 7, Subsection (3), GDPR, to withdraw at any time your consent once given to RHÖN-KLINIKUM AG. This results in the fact that RHÖN-KLINIKUM AG is no longer permitted in the future to continue to process the data which were the basis for the consent; and

g) Pursuant to Art. 77, GDPR, to lodge a complaint with the competent supervisory authority. The data protection supervisory authority is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA - Bavarian Data Protection Authority), Promenade 27, 91522 Ansbach, Germany.

Should you wish to make use of any of your rights as an affected person as stated in a) to f), it is sufficient to send a letter or e‑mail addressed to the Data Protection Officer in cipher 2 of this data protection declaration.

8. Right to Object

If your personal data are processed based on legitimate interests pursuant to Art. 6, Subsection (1), Sentence 1, Lit. (f), GDPR, you have the right pursuant to Art. 21, GDPR, to object to the processing of your personal data on grounds relating to your particular situation or if the objection is directed against direct marketing. In the latter case you have a general right to object, which right shall be granted by RHÖN-KLINIKUM AG without the need for details of a particular situation.

Should you wish to make use of your right of withdrawal or your right to object, it is sufficient to send a letter or e‑mail addressed to the Data Protection Officer in cipher 2 of this data protection declaration.

9. Data Security

This webpage uses Transport Layer Security together with AES 256 Bit encryption. You can see that this webpage is encrypted from the closed image of the key and/or lock in the status line at the bottom of your browser.

10. Existence of Automated Decision-Making / Profiling

Automated decision-making or profiling in the sense of Art. 22, GDPR, does not take place.

11. Validity und Modification of this Data Protection Declaration

This data protection declaration is currently valid as of 25th June 2019. It may become necessary to modify this data protection declaration when the webpage is updated or if statutory stipulations are changed. You can view and print the current data protection declaration under