Privacy Policy
We are pleased to welcome you to the website of our company. Information protection, and in particular data protection, is of great importance to our management. In principle, you can use this website without providing any personal data. If you disclose data to us in connection with the processing described below, we will treat your personal data confidentially and in accordance with the legal data protection regulations of the European Union and the Federal Republic of Germany, as well as this privacy policy.
As the controller responsible for processing, Algea Care GmbH has implemented numerous technical and organizational measures to ensure the most complete protection possible of the personal data processed via this website. However, internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, as the data subject, you are free to transmit personal data to us via alternative means, such as by telephone or post.
The privacy policy of Algea Care GmbH is based on the terms used by the European directive and regulatory authority in the adoption of the General Data Protection Regulation (GDPR). The detailed definitions can be found in Article 4 of the GDPR. In essence, the following terms apply, simplified here:
a) Personal data: This refers to any information available to us as the controller that can be used to identify you as a natural person (e.g. name, address, email, phone number, IP address).
b) Data subject: This is you as a natural person, provided that we have identified you.
c) Processing: Processing means any operation or set of operations performed on personal data, such as collection, storage, transmission, archiving, and deletion. It is irrelevant whether the process is automated using IT systems or manual (e.g. by letter).
d) Restriction of processing: Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
e) Profiling: Profiling means any form of automated processing of personal data that consists of using the data to evaluate certain personal aspects relating to a natural person. This includes aspects related to their work performance, economic situation, health, personal preferences, interests, behavior, location, or movements.
f) Pseudonymisation: Pseudonymisation is the process of attributing a pseudonym or identifier to personal data. Only this pseudonym is used from then on, and without the original key or a reference database, the pseudonym cannot be resolved (e.g. assigning a customer number).
g) Controller: The controller is the company that independently decides on the processing procedures and means.
h) Processor: A processor is a company that has been commissioned by a third party to support the collection, processing, storage, transmission, or deletion of data for which this third party is responsible. These are usually IT service providers but also disposal companies that have been commissioned, for example, with document shredding.
i) Consent: Consent is any voluntary expression of will given for a specific case. You will be fully informed by us about what you are consenting to.
The data controller within the meaning of the General Data Protection Regulation (GDPR) and other provisions with data protection character for this website and the central services of Algea Care GmbH is:
Algea Care GmbH Address: Lindleystraße 8a City: D-60314 Frankfurt am Main
Represented by the Managing Director: Dr. Julian Wichmann
Telephone: +49 (0) 69 870-043-880 Email: info@algeacare.com
A data protection officer has been appointed for Algea Care GmbH. They are available to answer any questions related to data processing at any time.
EIKONA Systems GmbH
Data Protection Officer – Confidential –
Am Alten Bahnhof 8
D-97332 Volkach
Mail: algea.datenschutz@eikona.de
According to Chapter 3 of the GDPR, you as the data subject have the following rights listed below. To comply with our obligations regarding your rights in accordance with the law, please direct your requests to our data protection officer.
- a) Art. 15 Right of access: You have an unrestricted right to obtain information about the personal data processed about you. This information must be provided to you free of charge. You can request information about the following, which must also be provided to you in copy form: – the purpose of the processing of your data, – the categories of data, – the internal and external recipients of your data, – the duration of data storage, – your rights under Chapter 3 in connection with data processing, – the origin of the data, if it was not collected from you, – whether a profile was created, – whether your data was transferred to a third country (non-EU and non-EEA), – which data protection authority is responsible for our respective company.
- b) Art. 16 Right to rectification: If we process incorrect data about you, you can have it corrected at any time by contacting your contact person.
- c) Art. 17 Right to erasure: You have the right to request the erasure of your personal data at any time. It may happen that we are legally obliged to keep your data for a certain retention period (e.g. 6 years for business mail or 10 years for documents with tax relevance). In such a case, we will block your data record until the retention period has expired and then delete the data record accordingly. Please direct requests for deletion to the data protection officer, who will exercise your rights in our company on your behalf.
- d) Art. 18 Right to restriction of processing: If you dispute the accuracy of our data about you or if you refuse to have your data deleted and instead request restriction (e.g. for advertising correspondence), you can request restriction of processing from us. We will then set your data to “blocked”.
- e) Art. 19 Obligation to notify in connection with rectification, erasure or restriction: We are obliged to inform all recipients of your data of a rectification, erasure or restriction requested by you, if this is possible and can be realized with a reasonable effort. We will inform you about the recipients of your data if you request it.
- f) Art. 20 Right to data portability: You have the right to request the transfer of your data to another responsible party at any time. This applies to all master data that we have about you. If this is technically possible, we will provide the data record in a commonly used machine-readable format (e.g. .csv).
- g) Art. 21 Right to object: If data processing is based on Art. 6 para. 1 lit. f (so-called legitimate interest), you can object to the processing in this context.
- h) Art. 77 Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with the competent data protection supervisory authority for our company if you believe that we have violated the provisions of the GDPR in any way. The following authority is responsible for Algea Care GmbH:
The Hessian Commissioner for Data Protection and Freedom of Information Gustav-Stresemann-Ring 1 65189 Wiesbaden
You can access the website of the data protection supervisory authority via the following link: https://datenschutz.hessen.de
In this section, we will describe the data processing that is related to our online services or that applies to a general business relationship between you and our company.
The following legal bases serve as the foundation for processing your data:
Article 6(1)(a) of the General Data Protection Regulation (GDPR) serves as the legal basis for processing operations in which we obtain consent for a specific processing purpose.
If the processing of your data is necessary for the performance of a contract to which you are a party, such as in the case of processing operations necessary for the delivery of goods or the provision of a service or counter-performance, then the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, such as in cases of inquiries about our products or services.
If our company is subject to a legal obligation requiring the processing of personal data, such as for the fulfillment of tax obligations, then the processing is based on Article 6(1)(c) GDPR.
In rare cases, processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor to our premises were to be injured and, as a result, their name, age, health insurance information, or other vital information would need to be disclosed to a doctor, hospital, or other third party. In this case, the processing would be based on Article 6(1)(d) GDPR.
Finally, processing operations may be based on Article 6(1)(f) GDPR. Processing operations based on this legal basis are permitted if they are not covered by any of the above-mentioned legal bases, and if the processing is necessary to safeguard the legitimate interests of our company or a third party, provided that the interests, fundamental rights, and freedoms of you do not outweigh such legitimate interests. Such processing operations are particularly allowed to us because they have been specifically mentioned by the European legislator.
- a) Website
We operate this website and in this context collect different types of data.
Cookies
The website uses cookies in some instances. Cookies do not harm your computer and do not contain any viruses. Their purpose is to make our website more user-friendly, effective, and secure. Cookies are small files that are stored on your computer and saved by your browser.
Most of the cookies we use are “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser on your next visit and to save your language settings and login information, if applicable.
You can configure your browser to inform you about the use of cookies, to allow cookies only in specific cases, to reject cookies in general, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.
Cookies that are necessary for the electronic communication process or for providing specific functions that you request (e.g., shopping cart function) are stored based on Article 6(1)(f) of the GDPR. We, as the website operator, have a legitimate interest in storing cookies for the technically error-free and optimized provision of our services. If other cookies (e.g., cookies for analyzing your browsing behavior) are stored, they will be treated separately in this privacy policy.
Server log data
Algea Care GmbH or our website provider collects data on access to our site and stores it as “server log files”. The following data is logged:
- Visited website
- Date and time of access
- Amount of data sent in bytes
- Referring source from which you accessed the page
- Used browser
- Used operating system
- Used IP address (anonymized)
The collected data is used only for statistical evaluations and to improve the website. However, we reserve the right to subsequently check the server log files if there are concrete indications of unlawful use.
Registration on our patient platform
On our website, you have the option of registering by entering your personal data. Your data is entered by you in an input mask, transmitted to us and then stored. To manage this data, we use the services of HubSpot (see HubSpot). Data will only be passed on to third parties if you agree to this. The following data is collected during your registration:
Personal data (title, first and last name, e-mail address, telephone number).
Treatment request
To combat spam and bots, we want to make sure that you are a human being. We verify this using a captcha query (see hcaptcha).
Once you click “Request Treatment”, your information will be sent to us and you will receive further instructions on how to create your user account (e.g. password) via email. Log in to complete your user account and provide information about your address, health insurance, etc.
In the course of your registration, you will be asked to give us your consent, as we process not only your personal data, but also health data that you disclose to us when answering the questionnaire. By answering the questionnaire completely and truthfully, we can offer you the treatment that is right for you.
Your answers will be temporarily stored until the questionnaire is completed so that you can continue answering the questions at any time. We want to make it as easy as possible for you to complete the questionnaire.
By giving your consent, you agree that we may process your health data and have it evaluated by our cooperating physicians and our specialist staff. This enables us to determine which treatment method is suitable for you and whether we can offer you an appointment for a medical consultation. You can revoke your consent at any time without giving reasons by writing an informal message to algea.datenschutz@eikona.de.
Only after completing the questionnaire can you take appropriate follow-up action based on the results. These include booking appointments, uploading documents or viewing invoices. You can also retrieve prescriptions issued to you after a visit to the doctor.
With the help of your registration, we can offer you certain services and content on our patient portal which, due to the nature of the matter, can only be made available to registered users. In this context, your personal data is processed on the basis of your consent pursuant to Art. 6 (1) a GDPR, unless it is necessary for the performance of a contract pursuant to Art. 6 (1) b GDPR, to which you are a party. Your data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.
You have the option to modify your data or have it deleted at any time. If you wish to delete your account, you can do so in writing by post, stating your user name (e-mail address), or by e-mail to algea.datenschutz@eikona.de. Please note that a deletion may be contrary to contractual or legal obligations. You can change your data yourself at any time in the patient portal.
Furthermore, your IP address, date and time of registration will be stored. The reason for this is that it enables us to prevent misuse of our services and, if necessary, to investigate criminal offences committed. For this reason, the storage of this data is necessary for us. As a matter of principle, data is not passed on to third parties, unless there is a legal obligation to pass it on or it serves the purpose of criminal prosecution.
Order processing for cooperating physicians
Insofar as we process your data in preparation for or in the context of the implementation of a possible treatment by one of our cooperation physicians, we act as the processor of the responsible cooperation physician for whom you decide to carry out your treatment. We have concluded order processing agreements with all of our cooperation doctors that comply with the requirements of Art. 28 GDPR.
Insofar as health data within the meaning of Art. 9 (1) GDPR are affected in the course of your treatment, the legal basis of the cooperation doctor is Art. 6 (1) lit. b GDPR in conjunction with Art. 9 (3) GDPR.
Third party modules / analysis tools
Browser Plug-In
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=de.
(1) Video Consultations and Appointment Bookings
To enable you to book appointments and participate in video consultations, we use the services of XPERTyme GmbH, Starnberger Feldweg 3, D-82234 Wessling. Via our patient platform, you select the cooperating doctor of your choice and then make an appointment. This can take place in person or via video. However, the initial consultation always takes place in person at the doctor’s office. For this purpose, it is necessary to process your name, e-mail address, ID and date of birth.
The data processing is thereby based on your consent according to Art. 6 para. 1 a GDPR. Further information on the handling of your personal data can be found in the privacy policy under the following link: www.xpertyme.com/en/page/privacy-policy
(2) HubSpot
We use the services of HubSpot to manage customer data, communicate and process customer inquiries, and for marketing activities. The provider is HubSpot Inc. 25 First Street, 2nd Floor, Cambridge, MA 02141, USA with a branch office of HubSpot Ireland Limited at 1 Sir John Rogerson’s Quay, Dublin 2.
For this purpose, we process your contact information such as address, e-mail and telephone number as well as date of birth and health insurance affiliation. Explicitly excluded from processing are special personal data according to Art. 9 GDPR such as your health and treatment data.
As HubSpot is a company from the USA, we have concluded the standard contractual clauses (also called DPA) with them in accordance with Art. 46 (2) lit. c GDPR to take further measures to protect your personal data. This contract is available at:
https://legal.hubspot.com/dpa
Furthermore, the storage of data takes place exclusively on European servers. For this purpose, we have rented appropriate servers in Europe via HubSpot.
The use of HubSpot takes place, insofar as we thereby fulfill our contractual obligations to you and the cooperating physicians, on the basis of Art. 6 (1) lit. b GDPR and for purposes of our administration on the basis of our legitimate interests according to Art. 6 (1) lit. f GDPR. We have an interest in making customer communication and administration as efficient as possible. If you have given us your consent in advance, the processing will be based on Art. 6 (1) lit. a GDPR. You can revoke this consent at any time.
For more information on the handling of your personal data, please visit: https://legal.hubspot.com/privacy-policy
(3) hCaptcha
On this website, we use the hCaptcha service from Intuition Machines Inc. a Delaware US Corporation with headquarters at 350 Alabama St, San Francisco, CA 94110. The hCaptcha service is designed to distinguish whether the data input into a contact form, for example, was entered by a human or by a bot, i.e. an automated program. To do this, the service automatically analyzes the behavior of the website visitor based on various characteristics. These include various information such as the IP address, duration of the website visit, mouse movements, etc.. The collected data is thereby transmitted to Intuition Machines in order to offer hCaptcha. It is not shared or used for any other purpose.
We use hCaptcha based on our legitimate interest according to Art. 6 para. 1 f GDPR. We have an interest in protecting our website from misuse and spam.
Further information on hCaptcha can be found in the Privacy Policy and Terms of Use at https://www.hcaptcha.com/privacy and https://www.hcaptcha.com/terms.
- b) Contact / Inquiries / Newsletter
In the following we describe the possibilities of contacting the companies and employees of our company.
Contact form
If you send us inquiries via contact form, your data from the inquiry form, including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.
The processing of the data entered in the contact form is therefore based on your consent in the first step (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation. In further correspondence, there may be a change in the lawfulness (e.g., if you ask for a quote), then your data will be processed in accordance with Art. 6 (1) lit b GDPR.
The data you entered in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after processing your request has been completed). Mandatory legal provisions – in particular retention periods – remain unaffected.
Newsletter
On our website you have the possibility to subscribe to the newsletter of our company. Which personal data is transmitted to us when ordering the newsletter is determined by the input mask used for this purpose.
Algea Care GmbH informs its customers, business partners and other interested parties at regular intervals by means of a newsletter about company offers. You can only receive our company’s newsletter if (1) you have a valid e-mail address and (2) you have registered to receive the newsletter. For legal reasons, a confirmation e-mail will be sent to the e-mail address you first entered for the newsletter mailing list using the double opt-in procedure. This confirmation mail is used to check whether you, as the owner of the e-mail address, have authorized the receipt of the newsletter.
When you register for the newsletter, we also store the IP address assigned by the Internet Service Provider (ISP) of the computer system you are using at the time of registration as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of the e-mail address of a person concerned at a later date and therefore serves as our legal safeguard.
The personal data collected during registration for the newsletter will be used exclusively for sending our newsletter. In addition, subscribers to the newsletter could be informed by e-mail if this is necessary for the operation of the newsletter service or for registration, as might be the case if there are changes to the newsletter offer or if technical conditions change. The personal data collected within the scope of the newsletter service will not be passed on to third parties. The subscription to our newsletter can be cancelled by you at any time. The consent to the storage of your personal data, which you have given us for the newsletter service, can be revoked at any time. For the purpose of revoking your consent, you will find a corresponding link in every newsletter. Furthermore, you have the possibility to unsubscribe from the newsletter at any time directly on our website or to inform us in another way.
The use of the newsletter is based on your consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke this consent at any time without giving reasons. For this purpose, you will find an unsubscribe button at the end of each newsletter.
Newsletter-Tracking
The newsletters of Algea Care GmbH contain so-called counting pixels. A tracking pixel is a miniature graphic embedded in such e-mails sent in HTML format to enable log file recording and log file analysis. This enables a statistical evaluation of the success or failure of online marketing campaigns. By means of the embedded pixel-code, Algea Care GmbH can recognize whether and when an e-mail was opened by you and which links in the e-mail were called up by you.
Such personal data collected via the pixel-code contained in the newsletters is stored and evaluated by us in order to optimize newsletter dispatch and to adapt the content of future newsletters even better to your interests. This personal data is not passed on to third parties. You are entitled at any time to revoke the separate declaration of consent given in this regard via the double opt-in procedure. After a revocation, this personal data will be deleted by us. Algea Care GmbH automatically interprets a cancellation of receipt of the newsletter as a revocation.
Newsletter tracking is used on the basis of Art. 6 Par. 1 lit. f GDPR. We have a justified interest in providing our customers, business partners and other interested parties with as much information as possible about our products and services and, in connection with this, which of our services have aroused the most interest.
E-mail / telephone inquiry
If you send us inquiries by e-mail or telephone, the information you provide in the e-mail or conversation, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We do not pass on this data without your consent.
The processing of the data provided in the e-mail or from the telephone conversation is therefore based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation. In further correspondence, there may be a change in the lawfulness (e.g., if it is a business correspondence), then your data will be processed according to Art. 6 (1) lit b GDPR.
The data you provide in the mail or from the telephone conversation will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your inquiry). Mandatory legal provisions – in particular retention periods – remain unaffected.
- c) Data processing for the fulfillment of contracts
If you have entered into a business relationship with us, e.g. you have placed an order with us, the data processing is based on Art. 6 (1) lit. b GDPR. All data necessary to initiate, fulfill or conclude this order, such as contact data, object data, service providers involved, photo documentation, plans, orders for goods, etc., may be collected and processed by us without a separate consent.
Should it be necessary to involve a subcontractor (e.g. further IT service providers, special software suppliers) or third parties in order to fulfill the contract with you, we may also pass on your data to this subcontractor. We guarantee that we have held our subcontractors to the same strict data protection requirements that you can expect from us.
We will only transfer your personal (health) data to third parties within the scope of the intended purpose if this is required by law or you have consented. We never transmit your data to other doctors, health insurance companies, associations of panel doctors, or other institutions without being asked.
Third parties are in particular:
– The private physician treating you
– health insurance companies
– General practitioners, further, follow-up and co-treatment physicians
– Other health care and / or treatment institutions
– Billing companies
– External data processors (so-called order processors)
– Collaboration partners for clinical studies (universities, pharmaceutical institutes)
Data related to orders are subject to different retention periods. For example, general business letters must be retained for 6 years and tax-related documents for 10 years. We will only pass on your data within our company to the extent necessary, provided this is justified by the subject of the order.
- d) Statistical purposes
In order to constantly improve our services and to provide you and future patients with an optimal experience, we evaluate the data we collect in pseudonymized form for statistical purposes. Insofar as this unavoidably indirectly or in combination affects individually identifiable data, which is not the purpose of the processing, the legal basis is Art. 9 para. 2 lit. j GDPR in conjunction with §§ 27 para. 1, 22 para. 2 sentence 2 BDSG. The data is anonymized as soon as this is possible according to the research or statistical purpose, unless legitimate interests of the data subject conflict with this.
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
As a responsible company, we do not use automated decision-making or profiling in the sense of Art. 22 GDPR.