We herewith wish to inform you about the processing of personal data by Berlin Heart, in particular when you are using our website. We process personal data (e.g. name, address, e-mail address and telephone number of a data subject) in accordance with the applicable law, in particular the General Data Protection Regulation (GDPR) and the German Data Protection Law (BDSG).
1. Name and Address of the Controller
Controller in the sense of Art. 4 para. 7 GDPR is:
Berlin Heart GmbH Represented by the directors Sven-René Friedel, Dr. Ares K. Menon Wiesenweg 10 12247 Berlin, Germany Tel: +49 30 8187 2600 Fax: +49 30 8187 2601 e-mail: firstname.lastname@example.org
2. Data Protection Officer
You may contact our Data Protection Officer as follows:
Berlin Heart GmbH - attn. the Data Protection Officer - Wiesenweg 10 12247 Berlin, Germany
3. Processing of Personal data when visiting our website
The mere informatory use of our website only leads to a processing of personal data that are transmitted by your internet browser to our server. While visiting our website we process the following data. This is technically necessary for us in order to display the website and to safeguard its stability and security (legal basis: Art. 6 para. 1 phr. 1 lit. f GDPR):
date and time of the request
time zone difference to Greenwich Mean Time (GMT)
content of the request (concrete page)
access status/HTTP status code
the respectively transmitted data volume
the website from which the request came from
operating system (OS) and its surface
language and version of the browser software.
4. Processing of Personal Data in the event of personal contact
When you are entering into personal contact with us by e-mail, letter, contact form or in another way we will process the transmitted data (e.g. your e-mail address, your name and/or your telephone number) in order to process and/or answer your request (legal basis: Art. 6 para. 1 phr. 1 lit. a, f GDPR). The data processed in this context will be deleted as soon as their storage is no longer necessary or we restrict the processing if we have to fulfill a legal obligation to retain such data.
5. Processing of Personal Data when registering a user account
5.1 Our website offers a secured user section, exclusively for certain user groups (inter alia clinics, distributors, patients), which provides such users access to additional, in particular product-specific information. If you belong to one of these user groups and wish to register a user account, you must fill in the information required in the registration form and register with a freely chosen password.
5.2 For registration we are using the so-called double-opt-in process. This means, your registration is only completed if you have priorly confirmed your registration by clicking on the link in the confirmation e-mail we will send to you for this purpose. If you do not confirm within 24 hours, your application will be automatically deleted from our database.
5.3 If you are using our portal, we will process your data necessary for the fulfilment of the contract until you permanently delete your account. Furthermore, we will process the data you have transferred to us on a voluntary basis for the time you are using the portal, unless you have deleted them before. You may manage and change all data in the secured user section. The data necessary for registration will be highlighted, other information is voluntary. Legal basis is Art. 6 para. 1 phr. 1 lit. b GDPR; for the voluntarily provided data: Art. 9 para. 2 lit. a GDPR for data concerning health, for other data Art. 6 para. 1 phr. 1 lit. a GDPR.
5.4 The connection is secured with TLS technology, in order to prevent third parties from unauthorized access to your personal data.
6. Processing of personal data in connection with „Share your Story“
If you are using the website function “Share your Story” and provide us with your story concerning a heart disease, treatment or similar for the purpose of publication on our website, we will process the personal data provided for a preliminary review if we also wish to publish your story, and as the case may be, for the publication on our website. Your personal data will only be published if it is contained in the document you have uploaded. The data necessary for submitting your story will be highlighted, further data is voluntary. Legal basis is Art. 9 para. 2 lit. a, e GDPR (for data concerning health), for other data Art. 6 para. 1 phr. 1 lit. a, f GDPR.
7. Processing of Personal Data in Recruitment Procedures and Employment
7.1 If you transmit personal data to us in the context of recruitment procedures, such data will be processed only for the implementation of this procedure, to determine the possible success of your application (legal basis: Art. 6 para. 1 phr. 1 lit. a, f GDPR).
7.2 If a contract is concluded between you and us, we will process the data for the purposes of conclusion and execution of the employment subject to the statutory provisions (legal basis: Art. 6 para. 1 phr. 1 lit. b GDPR). In any other case, we will automatically delete the application documents after six months, unless the deletion is in contrary to our legitimate interests (e.g. procedures according to the German General Equal Treatment Act).
8. Processing of Personal Data of Other Contract Partners
When entering into a contractual relationship with us (e.g. as a client or supplier) and in the initiation phase, we will process the data you have provided to us, including those of eventual contact partners. These data will be processed for the conclusion and execution of the contractual relationship. Legal basis is Art. 6 para. 1 phr. 1 lit. b GDPR; or Art. 6 para. 1 phr. 1 lit. a GDPR for data that is not required therefore, but provided by you.
9. Processing of Patient Data
9.1 If data of a patient is transmitted to Berlin Heart, e.g. by contract partners (in particular by clinics where the patient receives the medical treatment), Berlin Heart will immediately pseudonymize or anonymize the patient’s data.
9.2 The patient’s data (including data concerning health) will only be processed by Berlin Heart, if this is permitted according to statutory provisions.
9.3 This is particularly the case if the patient has given his/her explicit consent to the processing of personal data for the purposes mentioned in the declaration of consent. Legal basis is Art. 9 para. 2 lit. a GDPR (for data concerning health), for other data Art. 6 para. 1 phr. 1 lit. a GDPR.
9.4 In addition, we will process personal data for necessary measures of quality assurance (Legal basis for data concerning health: Art. 9 para. 2 lit. h, i GDPR as well as § 22 para. 1 No. 1 lit. b, c BDSG – German Federal Data Protection Act; for other data: Art. 6 para. 1 phr. 1 lit. f GDPR) and the eventually necessary medical support of the patient, especially in case of emergency (Legal basis for data concerning health: Art. 9 para. 2 lit. c, h; for other data: Art. 6 para. 1 phr. 1 lit. a, f GDPR).
9.5 As a producer of medical devices Berlin Heart also has to fulfill legal reporting obligations towards public regulatory authorities. As an example, this applies for (adverse) events that may have led to a serious deterioration in the state of a patient’s health. These reporting obligations are also applicable towards public authorities in third countries (countries outside the European Union). We will only transfer patient data in a pseudonymized or, if possible and legally permitted, anonymized form (Legal basis for data concerning health: Art. 9 para. 2 lit. f, h, i GDPR as well as § 22 para. 1 No. 1 lit. b, c BDSG – German Federal Data Protection Act; for other data: Art. 6 para. 1 phr. 1 lit. a, f GDPR).
10. Processing of Personal Data for Participation in Forums
If you participate in one of our forums (e.g. trainings, Berlin Heart Academy etc.) the conclusion of the contract concerning the participation requires information about such personal data that we need for your registration and the execution of the forum. The necessary data will be highlighted, further data is voluntary. Legal basis is Art. 6 para. 1 phr. 1 lit. b GDPR, for voluntarily provided data Art. 6 para. 1 phr. 1 lit. a GDPR.
11. Recipients of Personal Data
We will only transfer personal data to third parties in those cases mentioned in this policy or if we explicitly inform you accordingly on other occasions. In addition, we partly use external processors in the sense of Art. 28 GDPR (e.g. host provider, e-mail provider). However, these service providers process personal data only within the European Union.
Berlin Heart, Inc.
200 Valleywood Suite B100 The Woodlands,TX 77380 USA