>

Privacy Policy

Privacy policy and Data protection

Below we inform you in accordance with the legal requirements – in particular the EU data protection basic regulation (DSGVO, available under http://eur-lex.europa.eu/legal-content/DE/TXT/?uri=uriserv:OJ.L_.2016.119. 01.0001.01.DEU ) – about the processing of personal data by our company.

I. General information

In this section of the privacy policy you will find information on the scope, the person responsible for the data processing, the data protection officer and data security. We also explain in advance the meaning of important terms used in the privacy policy.

1. Important Terms

Browser: computer program for displaying web pages (eg Chrome, Firefox, Safari)

Cookies: text files that the called web server places on the user’s computer using the browser used. The stored cookie information may contain both an identifier (cookie ID) that serves to recognize, as well as content such as registration status or information about visited websites. The browser sends the cookie information back to the web server with each new request on later, new visits to this page. Most browsers accept cookies automatically. You can manage cookies using the browser features (usually under “Options” or “Preferences”). This may disable the storage of cookies, be made dependent on your approval in individual cases or otherwise restricted. You can also delete cookies at any time.

Third countries: Countries outside the European Union (EU)

GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of persons and repealing Directive 95/46 / EC (General Data Protection Regulation) at http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG

Personal information: Any information relating to an identified or identifiable natural person. A natural person is considered as identifiable, which can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, the expression of the physical , physiological, genetic, mental, economic, cultural or social identity of this natural person.

Profiling: Any type of automated processing of personal data that involves the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal preferences To analyze or predict interests, reliability, behavior, whereabouts or location of this natural person

Services: Our offers subject to this Privacy Policy (see Scope).

Tracking:: The collection of data and their evaluation regarding the behavior of visitors to our services.

Tracking technologies: Tracking can be done via the log files stored on our web servers as well as by collecting data from your device via pixels, cookies and similar tracking technologies.

Processing: Any process or series of operations related to personal data, such as collecting, collecting, organizing, organizing, storing, adapting or modifying, reading out, querying, using, with or without the help of automated procedures; disclosure by submission, dissemination or other form of provision, reconciliation or association, restriction, erasure or destruction.

Pixel: Pixels are also called counting pixels, tracking pixels, web beacons or web bugs. These are small, invisible graphics in HTML emails or on web pages. When a document is opened, this small image is downloaded from a server on the Internet, where the download is registered there. This allows the operator of the server to see if and when an e-mail has been opened or a website has been visited. This function is usually realized by calling a small program (Javascript). This will allow certain types of information to be detected and shared on your computer system, such as the content of cookies, the time and date of the page view, and a description of the page on which the pixel is located.

2. Scope

This Privacy Policy applies to the following offers:

  • Our online offer is available at HolidayClinics.com.
  • Whenever one of our offers (eg websites, subdomains, mobile applications, web services or third-party affiliations) refers to this Privacy Policy, regardless of the way in which you access or use it.

All these offers are collectively referred to as “Services”.

 

3. Responsible

Data Controller – the one who decides on the purposes and means of processing personal data – is related to the Services

MediaMend d.o.o.
marketing@holidayclinics.com

 

4. Data Protection Officer

MediaMend d.o.o.
marketing@holidayclinics.com

If you have questions about data protection at HolidayClinics.com or if you are looking for contact to our privacy team, you can contact us via the contact details listed under 3. Hd. Data Protection Department, or via marketing@holidayclinics.com.

 

II. The data processing in detail

In this section of the privacy policy, we will inform you in detail about the processing of personal data as part of our services. For better clarity, we divide this information by certain functionalities of our services. During the normal use of the services, different functionalities and thus also different processing operations can be used successively or simultaneously.

 

1. General to the data processing

For all processing operations described below, unless otherwise stated:

a. Scope of obligation to provide & follow non-provision

In the performance of HolidayClinics.com’s offerings, the provision of personal information is not required by law or contract and you are under no obligation to provide data. The basic data contained in the profiles of doctors and healthcare professionals are provided to us by third parties (see: 11.).

We inform you as part of the entry process, if the provision of personal data for the respective service is required (eg by the name as a “mandatory field”). In the case of required data, non-provisioning means that the service in question can not be provided. Otherwise, the non-provision may result in our being unable to provide our services in the same form and quality.

b. Consent

In some cases you may also give us your consent to further processing in connection with the processing described below, in which case we will separately inform you of all in connection with the submission of the respective declaration of consent Modalities and the scope of the consent and the purposes that we pursue with these processing operations The processing operations based on your consent are therefore not listed here again (Article 13 (4) GDPR).

c. Transfer of personal data to third countries

If we transmit data to third countries, ie countries outside the European Union, then the transmission takes place only in compliance with the statutory admissibility requirements.

If the transmission of the data to a third country does not serve the purpose of fulfilling our contract with you, we do not have your consent, the transmission is not required for asserting, exercising or defending legal claims and there is otherwise no exemption under Art. 49 GDPR, we transmit Your data only to a third country, if there is an adequacy decision according to Art. 45 GDPR or suitable guarantees according to Art. 46 GDPR.

One of these adequacy decisions is Commission Implementing Decision (EU) 2016/1250 of 12.07.2016 on the so-called “US-US Privacy Shield” for the USA. For transfers to companies that are certified according to the EU-US Privacy Shield, the data protection level is generally considered to be appropriate in terms of Art. 45 GDPR.

Alternatively or additionally, the conclusion of the EU standard data protection clauses adopted by the European Commission will provide the receiving body with appropriate guarantees under Article 46 (2) (c) GDPR and an adequate level of data protection. Copies of EU standard data protection clauses are available on the European Commission’s website at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer- personal-data-third-countries_en .

d. Hosting with external service providers

Our data processing takes place to a large extent with the involvement of so-called hosting service providers, who provide us with storage space and processing capacities in their data centers and, according to our instructions, also process personal data on our behalf. For all of the functionalities listed below, personal data may be transmitted to hosting service providers. These service providers process data either exclusively in the EU or we have guaranteed an appropriate level of data protection using the EU standard data protection clauses (see c.).

e. Transmission to state authorities

We transfer personal data to governmental authorities (including law enforcement agencies) when required to fulfill a legal obligation to which we are subject (Legal Basis: Art. 6 (1) (c) GDPR) or to assert, exercise or defend legal claims (Legal basis Art. 6 para. 1 f) GDPR).

f. Storage time

The “Storage duration” section indicates how long we use the data for the respective processing purpose. At the end of this period, the data will no longer be processed by us but will be deleted at regular intervals, unless continued processing and storage is required by law (in particular because it is necessary to fulfill a legal obligation or to assert, exercise or defend legal claims ) or you give us an additional consent.

g. Names of data categories

The following sections use the following summary category names for specific types of data:

  • Account data: login / user ID and password
  • Address data: Street, house number, if necessary address additions, postal code, city, country
  • Credentials: information about the service you have signed up for; Dates and technical information on registration, confirmation and deregistration; at the registration of you specified data
  • Ordering information: Ordered products / services, prices, payment information
  • Proof of treatment: everything with which you can prove a doctor’s treatment (prescription, sick leave, bonus booklets, medical certificates, correspondence)
  • Application documents: curriculum vitae, certificates, evidence, work samples, certificates, pictures
  • Contact details: telephone number (s), fax number (es), e-mail address (es)
  • Usage data Press distribution list: title, name, e-mail address, if necessary first name and medium
  • Usage profile data Newsletter: Opening the newsletter (date and time), contents, selected links, as well as the following information of the accessing computer system: used Internet Protocol address (IP address), browser type and version, device type, operating system and similar technical information.
  • Personal data: title, salutation / gender, first name, last name, date of birth
  • Profile data: title, salutation / gender, first name, surname, discipline (s), year of birth, address, date of establishment
  • Payment data: Account information
  • Access data: date and time of visiting our service; the page from which the accessing system came to our site; pages accessed during use; Session identification data; and the following information about the accessing computer system: Internet Protocol address (IP address) used, browser type and version, device type, operating system and similar technical information.

 

2. Calling our services

Below we describe how your personal information is processed when we access our services (eg, loading and viewing the website, opening and navigating within the mobile device app). In particular, we point out that the transmission of access data to external content providers (see b.) Is inevitable due to the technical functioning of information transmission on the Internet. The third party providers are themselves responsible for the privacy-compliant operation of the IT systems they use. The decision on the storage duration of the data is up to the service providers.

a. Purpose of data processing and legal basis as well as legitimate interests, storage period

data category Intended Legal basis Possibly. legitimate interest storage time
External content providers that provide content (such as images, videos, embedded social networking postings, banner ads, fonts, update information) required to view the service Design of profiles of doctors and health professionals; Offer a service Art. 6 (1) (f) GDPR, in addition to Article 45 of the GDPR in conjunction with Commission Implementing Decision (EU) 2016/1250 of 12.07.2016 on the so-called “EU-US Privacy Shield” proper functioning of services, (expedited) presentation of content
access data Establishing a connection, presenting the contents of the service, detecting attacks on our site due to unusual activities, fault diagnosis Art. 6 para. 1 f) GDPR proper functioning of services, security of data and business processes, prevention of misuse, prevention of damage through interference with information systems 4 weeks

b. Recipient of personal data

 

recipient category Affected data Legal basis Possibly. legitimate interest
Hosting with an external service provider all data acc. Letter a. Art. 6 (1) (f) GDPR, in addition to Article 45 of the GDPR in conjunction with Commission Implementing Decision (EU) 2016/1250 of 12.07.2016 on the so-called “EU-US Privacy Shield” proper functioning of services, (expedited) presentation of content
Messenger service provider contact details Art. 6 para. 1) f DSGVO proper functioning of services, security of data and business processes, prevention of abuse
Support service Contact information, free text information that can contain all sorts of data Art. 6 para. 1 b), f) GDPR Implementation of an efficient customer service for optimal support of users
IT security service access data Art. 6 para. 1 f) GDPR Preventing attacks by exploiting vulnerabilities / vulnerabilities

3. Newsletter subscriptions

Below we describe how your personal information is processed when you subscribe to a newsletter:

a. Purpose of data processing and legal basis as well as legitimate interests, storage period

 

data category Intended Legal basis Possibly. legitimate interest storage time
E-mail address Verification of the application (double opt-in procedure), sending of the newsletter Art. 6 (1) (b) GDPR Duration of newsletter subscription
People Master Data Personalization of the newsletter Art. 6 (1) (b) GDPR Duration of newsletter subscription
credentials Traceability of completed newsletter registration / confirmation / deregistration Art. 6 (1) (b), f) GDPR Proof of successful newsletter registration / confirmation / deregistration Duration of newsletter subscription
User Profile Data Newsletter interest-based design of the newsletter Art. 6 (1) (f) GDPR Improvement of our service, promotional purposes Duration of newsletter subscription

4. Paid services

Below we describe how your personal information is processed when you use services that are offered only for a fee.

 

a. Purpose of data processing and legal basis as well as legitimate interests, storage period

 

data category Intended Legal basis Possibly. legitimate interest storage time
Account data Identification, control of the authorization to access the offer Art. 6 (1) (b) DSGVO Duration of registration
credentials Identification, contact, traceability of registration Art. 6 para. 1 b), f) GDPR Proof of successful registration Duration of registration
contact details Full representation on the website Art. 6 (1) (b) DSGVO Duration of registration
payment data Handling payments for the service Art. 6 (1) (b) DSGVO Duration of the contractual relationship
free texts Providing information to users, presentation of doctors Art. 6 (1) (b) DSGVO Duration of the contractual relationship
Recommend Registered customers can recommend other doctors for specializations Duration of the contractual relationship

b. Recipient of personal data

recipient category Affected data Legal basis Possibly. legitimate interest
payment service payment data Art. 6 (1) (b) DSGVO
Hosting with an external service provider All data acc. Letter a Art. 6 (1) (f) GDPR, in addition to Article 45 of the GDPR in conjunction with Commission Implementing Decision (EU) 2016/1250 of 12.07.2016 on the so-called “EU-US Privacy Shield” proper functioning of services, (expedited) presentation of content

5.  Sweepstakes and promotions

Below we describe how your personal data is processed when you participate in sweepstakes or promotions (eg events, voting, competitions).

 

a. Purpose of data processing and legal basis as well as legitimate interests, storage period

 

data category Intended Legal basis Possibly. legitimate interest storage time
Address data (in case of profit) contact Art. 6 (1) (b) DSGVO Duration of the raffle
Contact details (e-mail address) contact Art. 6 (1) (b) DSGVO Duration of the raffle
Voluntary information: personal data, type of insurance Improvement of our offer, evaluation of the survey Art. 6 (1) (b) DSGVO Duration of the raffle

b. Recipient of personal data

recipient category Affected data Legal basis Possibly. legitimate interest
Shipping service Name, address data Art. 6 (1) (b) GDPR

6. Application

Below we describe how your personal information is processed in connection with an application process existing between you and us for a job as a new employee:

 

a. Purpose of data processing and legal basis as well as legitimate interests, storage period

 

recipient category Affected data Legal basis Possibly. legitimate interest storage time
Address data, contact data Identification, establishment of contact, communication for contract initiation Art. 6 (1) (b) DSGVO 6 months
People Master Data Identification, contact, age verification Art. 6 (1) (b) DSGVO 6 months
Application documents candidate selection Art. 6 (1) (b) DSGVO 6 months

b. Recipient of personal data

 

recipient category Affected data Legal basis Possibly. legitimate interest
HR recruiting portal All data acc. Letter a Art. 28 GDPR

7. Use of our press distributor

Below we describe how your personal data are processed in connection with an application to our press mailing list:

a. Purpose of data processing and legal basis as well as legitimate interests, storage period

 

recipient category Affected data Legal basis Possibly. legitimate interest storage time
Person master data, contact data, represented medium contact Art. 6 (1) (b) DSGVO Duration of registration

8. Customer feedback

Below we describe how your personal information is processed when you contact our customer service:

a. Purpose of data processing and legal basis as well as legitimate interests, storage period

 

data category Intended Legal basis Possibly. legitimate interest storage time
Contact details (e-mail address), contents of inquiries / complaints Processing of customer inquiries and user complaints Art. 6 para. 1 b), f) Customer loyalty, improvement of our service Processing of the request or deletion if the customer status ceases or for non-customers after 1 year

b. Recipient of personal data

 

recipient category Affected data Legal basis Possibly. legitimate interest
Hosting with an external service provider All data acc. Letter a Art. 6 (1) (f) GDPR, in addition to Article 45 of the GDPR in conjunction with Commission Implementing Decision (EU) 2016/1250 of 12.07.2016 on the so-called “EU-US Privacy Shield” Implementation of an efficient customer service for optimal support of users

9. Tracking

Below we describe how your personal information is processed using tracking technologies to analyze and optimize our services and for promotional purposes.

The description of the tracking methods also includes information on how to prevent or contradict the processing of data. Please note that this so-called “opt-out”, ie the rejection of processing, is usually stored via cookies. If you use our services via a new device or in another browser, or if you have deleted the cookies set by your browser, you must explain the refusal again.

The tracking methods described process personal data only in pseudonymous form. A connection with a specific, identified natural person, ie a combination of the data with information about the carrier of the pseudonym, does not take place.

a. Tracking to analyze and optimize our services and their use

  • (1) Purpose of the Processing
  • The analysis of the user behavior by means of tracking helps us to check the effectiveness of our services, to optimize them and to adapt them to the needs of the users and to eliminate errors. It also serves to statistically determine parameters for the use of our services (range, intensity of use, user surfing behavior) on the basis of uniform standard procedures and thus to obtain comparable values ​​across the market.
  • (2) Legal basis of the processing
  • For services that we provide in connection with a contract, the tracking and the associated analysis of user behavior for the performance of our contractual obligations. The legal basis for this processing of personal data is Art. 6 I (b) GDPR. The evaluation of information obtained through tracking is necessary in order to provide you with optimized services according to the contractual purpose and to ensure you the greatest possible benefit.
  • Otherwise, ie beyond a contractual relationship, the legal basis for this processing of personal data is Article 6 (f) GDPR. With her, we pursue the legitimate interest in providing attractive services as efficiently as possible on the basis of the information gained through tracking and marketing this in the best possible way.
  • (3) The used tracking procedures in detail
Name of the service functionality Possibility to prevent processing (opt-out) Data transfer to third country? Possibly. Adequacy decision (Article 45 GDPR) Possibly. suitable guarantees, (Art. 46 GDPR)
Google Analytics Our services use Google Analytics, a web analytics service provided by Google LLC (“Google”). Google Analytics uses cookies that allow you to analyze the use of the website.

We use Google Analytics including the features of Universal Analytics. Universal Analytics allows us to analyze the activities on our services across devices (eg when accessing via laptop and later via a tablet).This is made possible by the pseudonymous assignment of a user ID.

The information generated by the cookie about your use of the website is usually transmitted to a Google server in the USA and stored there. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data. We have also extended the code “anonymizeIP” on our Google Analytics services. This guarantees the masking (shortening of the last eight digits) of your IP address so that all data is collected anonymously. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.

On our behalf, Google will use this information to evaluate your use of the Services, to compile reports on the Services activities, and to provide us with other services related to the use of the Service and Internet usage.

The transferred data associated with cookies or user IDs will be deleted after 26 months.The deletion of data whose retention period has been reached is done automatically once a month.

You can prevent the storage of cookies by a corresponding setting of your browser software; however, we point out that in this case you may not be able to use all the features of our services to the full extent.

In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading the browser plug-in available under the following link and install:http://tools.google.com/dlpage/gaoptout?hl=en. This plugin is provided by Google; We point out that we can neither check nor control its function.

As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent the collection by Google Analytics by clicking on this link . An opt-out cookie is set that prevents the future collection of your data when you visit the Services. The opt-out cookie is only valid in this browser and only for the respective website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

To prevent Universal Analytics tracking across devices, you must opt-out on all systems you use.

Yes, USA Commission Implementing Decision (EU) 2016/1250 of 12.07.2016 on the so-called “EU-US Privacy Shield”
Google Adwords Provider
Google LLC (“Google”)

Purpose of Tracking
Advertising Tracking

Processing of personal data Cookie ID

Duration of storage Cookies lose their validity after 30 days and are not used for personal identification

Legal basis
legitimate interest
If you do not wish to participate in the tracking process, you can generally disable the automatic setting of cookies in the browser settings or disable cookies for conversion tracking by setting your browser to use cookies from the domain “googleadservices.com” be blocked.

b. Tracking to measure the success of advertising campaigns and optimize the display of advertising

This website is operated by Mediamend Terms of use for users of MediaMend d.o.o. (full Adress) for the internet offer www.HolidayClinics.com.

Last Updated: June 2018 (hereinafter referred to as “our marketer”). For the purpose of measuring the success of advertising campaigns and optimizing and personalizing the display of advertising, our marketer analyzes the usage behavior of visitors to this website, including through cookies. A list of the services used and their functioning, possibilities for opt-out and further information can be found at this link .

We and our marketer are jointly responsible for these data processes. We give our marketer access to our web site and our marketer takes care of the entire technical handling of the data processing described above, including the use of service providers. All of your data subject rights, as described in this privacy policy, can be asserted both to us and to our marketer.

11. Listing of the basic data of doctors and healthcare professionals

We only publish business-related data of general practitioners and health professionals, collectively referred to as profile data (see point II.1.g). These profile data are freely available to the public from other sources and have been submitted to us by a listing company. The businesslike collection, storage, listing and use of publicly available, personal data is governed by Art. 6 para. 1 lit. f) GDPR allowed. The general public has an interest in making data about doctors, therapists and health professionals quickly and completely accessible. This was confirmed again by the Federal Court of Justice in September 2014 (Case VI ZR 358/13) and currently in February 2018 (Case No. VI ZR 30/17). The data is made available to users via the platform.

III. affected rights

1. Right to object

 

If we process your personal data in order to operate direct mail, you have the right to object to the processing of personal data concerning you for the purpose of such advertising with future effect at any time; this also applies to profiling insofar as it is associated with such direct mail.

You also have the right, for reasons arising from your particular situation, to object to the processing of personal data concerning you at any time with regard to the future in accordance with Article 6 (1) (e) or (f) GDPR insert; this also applies to profiling based on these provisions.

The right to object can be exercised free of charge. You can contact us via the contact details listed under I.3 or alternatively by e-mail to: marketing@holidayclinics.com.

2. Right to information

You have the right to request confirmation from us as to whether personal data relating to you are being processed and, if necessary, for information about such personal data and the other information listed in Art. 15 GDPR .

3. Right of rectification

You have the right to demand immediate correction of incorrect personal data concerning you ( Art. 16 DSG-VO ). Taking into account the purposes of processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

 

4. Right to cancellation (“right to be forgotten”)

You have the right to demand that personal data relating to you be deleted immediately if one of the reasons stated in Art. 17 (1) GDPR is applicable and the processing is not for one of the purposes set out in Art. 17 (3) GDPR is required.

 

5. Right to restriction of processing

You are entitled to demand a restriction on the processing of your personal data if one of the conditions laid down in Art. 18 (1) (a) to (d) GDPR is met.

 

6. Right to Data Portability

Under the conditions set out in Article 20 (1) of the GDPR , you have the right to obtain the personal data that you have provided to us in a structured, common and machine-readable format, and the right to transfer this data to another person without Obstruction by us. In exercising the right to data portability, you have the right to obtain that personal data be transmitted directly by us to another responsible party where technically feasible.

 

7. Withdrawal with consent

If the processing is based on your consent, you have the right to revoke your consent at any time. The legality of the processing on the basis of the consent until the revocation is not affected.

 

8. Right of appeal

You have the right of appeal to the supervisory authority responsible for our company. The supervisory authority responsible for our company is: the laws of the Republic of Croatia.

 

 

FAQ   About us    Imprint   Terms os use    Privacy policy

© 2018 MediaMend d.o.o. | HolidayClinics.com on: Facebook

HolidayClinics.com is a wholly owned subsidiary of MediaMend d.o.o..