Privacy policy for patients

1. Purpose and scope

This privacy policy applies to visits to and use of: patient.samedi.de and termin.samedi.de, as well as the use of samedi patient accounts.

References to persons in this privacy policy are gender-neutral. For the sake of readability, multiple references are not used.

We only process personal data (hereinafter mostly referred to as “data”) to the extent necessary and for the purpose of providing a functional and user-friendly website, including its content and the services offered there.

According to Art. 4 (1) of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as “GDPR”), “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

With the following privacy policy, we inform you in particular about the type, scope, purpose, duration, and legal basis of the processing of personal data.

2. Information about responsibilities

The responsible provider (Art. 4 No. 7 GDPR) of this website and for the personal data processed within the samedi patient account, including special categories of data within the meaning of data protection law, is samedi GmbH.

The provider's data protection officer is:

For the planning and execution of appointments and related communication, samedi exclusively provides the use of the platform; in terms of data protection law, samedi acts as a processor (Art. 28 GDPR) under the responsibility of the healthcare facility where you booked the appointment.

3. Log files

For technical reasons, in particular to ensure a secure and stable website, data is transmitted to us by your internet browser. These so-called server log files collect, among other things, the type and version of your Internet browser, the operating system, the website from which you accessed our website (referrer URL), the website(s) of our website that you visit, the date and time of each access, and the IP address of the Internet connection from which you are using our website.

The data collected in this way is stored temporarily, but not together with other data about you. This storage is based on the legal basis of Art. 6 (1) lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our website.

The data will be deleted after 7 days at the latest, unless further storage is necessary for evidence purposes. Otherwise, the data will be excluded from deletion in whole or in part until an incident has been finally clarified.

4. Cookies

We use cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

You can manage cookies via the cookie banner and set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. However, the steps and measures required for this depend on the specific Internet browser you are using. If you have any questions, please use the help function or documentation of your Internet browser or contact its manufacturer or support. However, if you prevent or restrict the installation of cookies, this may mean that not all functions of our website can be used to their full extent.

The use of cookies and similar technologies that are technically necessary for the operation of our website is based on § 25 II TDDDG. If we use other cookies, this is only done on the basis of your consent. We will inform you separately about this.

5. Plugins and tools

a) retarus GmbH / email appointment notifications

To ensure the sending and delivery of automated email notifications, we use the services of retarus GmbH, Aschauer Straße 30, 81549 Munich, Germany (“retarus”). When we send you an automatically generated email, your email address and the personal data required for the reminder are transmitted to the retarus servers in Germany, stored in the retarus log files and automatically deleted after 15 days at the latest. The legal basis for the processing of your personal data necessary for the reminder is your consent in accordance with Art. 6 (1) lit. a GDPR and, for possible health data, Art. 9 (2) lit. a GDPR. You can revoke your consent at any time with effect for the future. The lawfulness of the data processing operations carried out until revocation remains unaffected by the revocation. In order to ensure that the data is processed in accordance with data protection law, we have concluded a contract with retarus for order processing.

b) retarus GmbH / SMS appointment notifications

To ensure the sending and delivery of automated SMS notifications, we use the services of retarus GmbH, Aschauer Straße 30, 81549 Munich, Germany (“retarus”). When we send you an automatically generated SMS, your mobile phone number and the personal data required for the reminder are transmitted to the retarus servers.

The legal basis for the processing of your personal data required for the reminder is your consent in accordance with Art. 6 (1) lit. a GDPR and, for possible health data, Art. 9 (2) lit. a GDPR. You can revoke your consent at any time with effect for the future. The legality of the data processing operations carried out until revocation remains unaffected by the revocation.

In order to ensure that the data is processed in accordance with data protection law, we have concluded a contract with retarus for order processing.

6. Registration on our website and use of contractual services

a) Personal data

You have the option of registering on our website by entering your name and email address, thereby creating a samedi patient account and making use of the services offered by samedi GmbH. By registering, we can provide you with content and functions that are reserved for registered users.

Unless otherwise stated in this privacy policy, the personal data entered in the mandatory fields will be processed exclusively for the purpose of providing the contractual services. The legal basis for the processing of this data is therefore Art. 6 (1) lit. b) GDPR. If we use external services for this purpose, the processing will be carried out exclusively on our behalf in accordance with Art. 28 GDPR.

By registering on the website of the controller, the following information is also stored:

• the IP address assigned by the data subject's Internet service provider (ISP),

• the date and

• the time of registration.

This data is stored on the basis of legitimate interest (Art. 6(1)(f) GDPR), as this is the only way to prevent misuse of our services and, if necessary, to enable criminal offences to be investigated.

In this respect, the storage of this data is necessary to protect the controller. This data is not passed on to third parties unless there is a legal obligation to do so or the disclosure serves the purpose of criminal prosecution.

In addition to the mandatory information, you also have the option of providing the following additional personal data when registering and within your account, subject to your consent in accordance with Art. 6 (1) (a) GDPR: address details, mobile phone number, telephone number, insurance number, health insurance, communication data. Registered persons are free to change the personal data provided during registration and within their account at any time, to delete it themselves from their samedi patient account or to have the account deleted by us.

The controller shall provide any data subject with information on the personal data stored about them at any time upon request. Furthermore, the controller shall correct or delete personal data at the request or upon notification of the data subject, provided that this does not conflict with any statutory retention obligations. All employees of the controller are available to the data subject as contact persons in this regard.

b) Special categories of personal data

You are given the option of providing genetic data, biometric data for the unique identification of a natural person, and health data for specified purposes within your account. The specific personal data transmitted to us is determined by the respective input mask used for registration and in the context of service provision. Special data will only be processed after the express consent of the persons concerned has been obtained. The legal basis for the processing of special categories of data is therefore Art. 9 (2) (a) GDPR.

All personal data processed within the framework of the patient-doctor relationship is the responsibility of the relevant institution.

c) Encryption of data

The health data stored by the data subject in their personal user account in the health record is encrypted locally on the data subject's computer and is only available in decrypted form locally on the data subject's computers. This means that only the data subjects themselves can view this particularly sensitive data locally. samedi does not store personal data in plain text, but only as cryptographic data (“cryptodata”) on the samedi servers. In contrast to pseudonymized data, samedi's cryptodata does not contain any individual details about personal or factual circumstances and has virtually no information content. samedi has designed and implemented a client-side encryption solution specifically for this purpose. This procedure ensures that the data can only be decrypted in the client system by authorized users.

It can be ensured that samedi is unable to access or become aware of any personal medical data, this does not constitute a breach of medical confidentiality under Section 203 of the German Criminal Code (StGB). Likewise, the protection against seizure under Section 97(2) sentence 2 of the German Code of Criminal Procedure (StPO) also applies to samedi as a cloud service provider using encryption technology, as this protection for healthcare professionals is extended to service providers (such as samedi) insofar as they process protected data.

samedi does not disclose any special categories of personal data unless the customer has expressly given consent or samedi is legally obliged to disclose such data, for example pursuant to a court order or an official authority request. If the contractual relationship between the customer and samedi is terminated, samedi will permanently delete the data stored in the user account within two weeks, unless the customer has expressly objected to the deletion and instructed samedi to retain the data.

7. Searching for appointments / booking appointments

You can search for institutions and book appointments with them online via our websites patient.samedi.de and termin.samedi.de. There are two ways to make a booking. The institution in question decides which booking option is available to you. Once you, as a patient, have decided on an institution and booked an appointment with it, samedi GmbH acts as a processor for the institution in question in accordance with Art. 4 No. 8 GDPR and Art. 28 GDPR.

a) Booking with a samedi patient account

To book an appointment, you must log in to your samedi patient account or create one beforehand. When you book a specific appointment, responsibility (Art. 4 No. 7 GDPR) is transferred to the respective healthcare facility. When booking the appointment, the following personal data may be transmitted to the respective institution, depending on the institution's request: Last name, first name, date of birth, email address, telephone number, address data, appointment data, purpose of the appointment, type of health insurance, contact details, and medical data. The legal basis for the transmission of the appointment request to the respective institution is Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR for health data.

b) Booking as a guest

You also have the option of booking an appointment with an institution as a guest. In this case, you can make a booking without a samedi patient account. Whether guest bookings are possible at an institution is solely at the discretion of the institution. When you book a specific appointment, responsibility (Art. 4 No. 7 GDPR) is transferred to the respective healthcare facility. When booking an appointment as a guest, the following personal data may be transmitted to the relevant institution, depending on the institution's decision: surname, first name, email address, appointment details, purpose of the appointment, type of health insurance, contact details, and health data. Mandatory information includes: surname, email address. The legal basis for the transmission of the appointment request to the respective institution is Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR for health data.

8. General information and contact

If you send us inquiries by mail, email, or telephone, your details, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry, depending on the contact method. Your data will not be used for other purposes or passed on unless you give us your separate consent to do so. The legal basis for the processing of your personal data is your consent in accordance with Art. 6 (1) (a) GDPR and legitimate interest Art. 6 (1) (f) GDPR. The legality of the data processing operations carried out until revocation remains unaffected by the revocation. Once we have fully processed your request, we will delete your personal data unless mandatory legal provisions—in particular retention periods—take precedence.

9. Customer inquiries

We use technical service providers from the areas of customer relationship management (CRM) and voice and assistance systems to provide our patient FAQs and process contact inquiries.

Personal data may be processed when using the patient FAQs or contacting us. This includes, in particular, your IP address, email address, and the content of your inquiry.

If you provide further voluntary information (e.g., name or telephone number), this will also be used exclusively for the purpose of processing your inquiry.

The purpose of the processing is to provide informative answers to questions about our services and to enable you to contact a representative directly.

The legal basis for processing is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the efficient and secure provision of patient information and the processing of contact requests.

Insofar as service providers process personal data on our behalf, this is done on the basis of a data processing agreement in accordance with Art. 28 GDPR. Processing generally takes place within the European Union or the European Economic Area. If, in individual cases, personal data is transferred to countries outside the EU or the EEA, we ensure that appropriate safeguards are in place in accordance with Art. 44 ff. GDPR (e.g., EU standard contractual clauses).

We only store your data for as long as is necessary to achieve the respective purpose or as long as there are legal retention obligations.

10. Recipients and order processing

If we use external service providers for whom it is a (core) part of their business to process our personal data on our behalf, we conclude an order processing agreement/data protection agreement. These external service providers are carefully selected and regularly monitored by us. They process personal data only on our behalf and strictly in accordance with our instructions on the basis of the relevant contract for order processing/data protection agreement (Art. 28 GDPR). For the processing of personal data that we carry out on behalf of a controller, we offer sufficient guarantees that we will take appropriate technical and/or organizational measures to ensure that the processing complies with legal requirements and that the rights of the data subjects are protected.

Unless otherwise stated in this privacy policy, data is transferred to processors for the above-mentioned purposes to

• Telekom T-Systems International GmbH Hahnstrasse 43d, 60528 Frankfurt am Main: hosting services

• retarus GmbH, Aschauer Straße 30, 81549 Munich: email and SMS dispatch.

Furthermore, data may be transferred to the following recipients:

• Institutions for which we act as a processor, e.g., doctors, hospitals;

• Authorities, government regulators, or other law enforcement agencies and courts, if required or permitted by law or if enforced by a binding order (Art. 6 (1) (f) GDPR or other legal provisions).

Your personal data will not be transferred further unless this is related to the purposes listed. If necessary, we will always inform you in advance and give you the opportunity to decide whether or not we may use your personal data in this different manner.

11. Transfer of personal data to third countries

When we transfer personal data to countries outside the EU, we rely on an adequacy decision by the Commission (Art. 45 GDPR), on appropriate safeguards (Art. 46 GDPR) or, in accordance with Art. 49 GDPR, on the exceptional circumstances for transfers to third countries. Information on individual transfers to third countries can be found in the descriptions of the individual processes and in our cookie banner.

12. Routine deletion and blocking of personal data

Unless specific storage periods are specified in this privacy policy, samedi only stores personal data for as long as is necessary to achieve the respective processing purpose. The data is then deleted, unless statutory retention obligations, statutory evidence and documentation obligations, or overriding legitimate interests prevent deletion.

We generally store patient account data for the duration of the account's existence. After the account is deleted, this data will be deleted unless there are legal obligations to retain it. If data is processed on behalf of a healthcare facility, the storage period is determined by the specifications of the respective healthcare facility.

13. Rights of users and data subjects

With regard to the data processing described above, users and data subjects have the following rights:

a) Right of access

You have the right to obtain information about the personal data processed about you, which means that you have the right to obtain confirmation as to whether or not personal data concerning you is being processed. If this is the case, you have the right to obtain information about the personal data processed by you and certain additional information, as well as to receive a copy in a commonly used electronic format.

b) Right to rectification

You have the right to have inaccurate personal data concerning you rectified and the right to have incomplete personal data completed.

c) Right to erasure

You have the right to have your personal data erased, subject to the restrictions under applicable law. This is the case, for example, if the personal data is no longer necessary for the purposes for which it is processed, you withdraw your consent and there is no other legal basis for the processing, or the processing of your personal data is not necessary for compliance with a legal obligation, for the establishment, exercise, or defense of legal claims.

d) Right to restriction of processing

You have the right to restrict the processing of your personal data, for example if you dispute its accuracy or if you have objected to the processing as described above. In both cases, this right applies during the processing and review of your request by us.

e) Right to withdraw your consent to data processing

If you have consented to a specific processing operation, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

f) Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.

g) Right to object

You have the right to object if the processing is based on the balancing of interests pursuant to Art. 6 (1) (e) or (f) GDPR in order to request a reassessment of interests or to object to direct marketing. We will then carry out a new assessment and, despite your objection, will only continue processing your personal data if we can demonstrate compelling legitimate grounds that outweigh your interests.

h) Right to lodge a complaint with the competent supervisory authority

You can lodge a complaint if you believe that we have violated applicable data protection regulations when processing your personal data. The competent supervisory authority is the Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin.

In addition, the provider is obliged to inform all recipients to whom data has been disclosed by the provider of any correction or deletion of data or restriction of processing that takes place on the basis of Articles 16, 17 (1) and 18 GDPR. However, this obligation does not apply if this notification is impossible or involves disproportionate effort. Notwithstanding this, the user has a right to information about these recipients.