On our website, we provide information about ourselves and our services, as well as various information on the subject of health.

Data

When you visit our website, we collect the following data for technical reasons, which your browser automatically transmits to our server so that you can visit our website:

• Your IP address,
• information about your browser type and version,
• the operating system of your device,
• date and time of the page view,
• the name of the file accessed by your browser, i.e., the content you view on our website and the amount of data transferred (URL),
• the website from which you came,
• websites that you access via our website,
• notification of whether the retrieval was successful,
• message indicating why a retrieval may have failed.

This data is temporarily stored in a so-called log file. This data is not stored together with other personal data.

At various points on our website, you have the option of searching for information based on a geographical location (location search). For example, you can search for Asklepios facilities or Asklepios events near a specific city. You can use the location search either manually by entering a location (e.g., name of a city or postal code) (manual search) or automatically by activating the arrow symbol in the respective search field and selecting your location via your browser settings (automatic search). When using the location search, we collect the specified location manually via your input or automatically via your browser using the transmitted location data, which is then stored in local storage. With local storage, data is stored locally in the cache, i.e., in a kind of temporary storage in the user's browser. If the cache is not deleted by the user, the data remains there even when the browser window is closed and the program is exited, and can continue to be read.

To obtain and document consent to the use of cookies and tracking technologies (see Section 3 ("Information on the use of cookies and technologies")), we use the Usercentrics Consent Management Platform (CMP) from Usercentrics GmbH (Sendlinger Straße 7, 80331 Munich). As our processor in accordance with Art. 28 GDPR, Usercentrics collects consent and log file data. Usercentrics' JavaScript enables us to inform you about your consent to certain cookies and other technologies on our website, to obtain, manage, and document consent. You can generally prevent JavaScript from running by changing your browser settings, which also prevents Usercentrics from running JavaScript. This will result in limited usability of the website, as even technically necessary cookies will not be loaded. When providing the service, data is also stored in the Usercentrics log file.

The following data is collected in connection with Usercentrics:

• Consent data (consent ID, consent number, time of consent, opt-in or opt-out),
• Cookie banner language, user settings, template version,
• device data (HTTP agent, HTTP referrer),
• IP address,
• Geolocation.

Purposes

The temporary storage of technically necessary data is necessary to enable the website to be delivered to your computer and to ensure the functionality of the website.

The storage of data in log files serves the technical optimization of the website and the security of our IT systems. The data is not analyzed for any other purposes.

Location data is processed for the purpose of performing a location search when users use this function.

The processing of personal data in connection with the Usercentrics consent management tool is carried out for the purpose of fulfilling our legal obligations with regard to obtaining, revoking, and documenting user consent.

Legal basis

The legal basis for the collection and temporary storage of data and log files is Art. 6 (1) lit. f GDPR. Our legitimate interest is to ensure the security of the IT systems used, in particular for the detection, elimination, and evidence-based documentation of security incidents.

The legal basis for the processing of data in connection with the location search is Art. 6 (1) lit. f GDPR. Our legitimate interest is the user-friendly provision of our location search at the request of users.

The legal basis for the processing of personal data in connection with the Usercentrics consent management tool is Section 25 (2) TDDDG in conjunction with Art. 6 (1) lit. c GDPR (fulfillment of a legal obligation).

Duration

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of data collected for the provision of the website, this is the case when the respective session has ended. In the case of data stored in log files, this is the case after seven days at the latest.

Location data is stored in local storage, i.e., in a kind of temporary storage in the user's browser, until the cache is deleted by the user.

The consent data collected via the Usercentrics consent management tool (consent given and withdrawal of consent) is stored for a period of one year. The data is then deleted immediately.

If you have any questions, we offer you the option of contacting us using the contact forms provided on our website. In addition to contact forms for general inquiries, we also provide contact forms for specific inquiries (e.g., registration for events or training courses, contact for applicants).

The use of our contact form is an additional service and is voluntary for you. Alternatively, you can also contact us using the contact details in the imprint on the respective website.

To protect against spam and misuse in connection with the use of our contact forms, we use the “Friendly Captcha" service (www.friendlycaptcha.com). This service is provided by Friendly Captcha GmbH (Am Anger 3-5, 82237 Wörthsee, Germany), which acts as a processor for us (Art. 28 GDPR). Friendly Captcha is a privacy-friendly protection solution designed to make it more difficult for automated programs and scripts (so-called "bots") to use our websites. For this purpose, we have integrated a program code from Friendly Captcha into our websites (e.g., for contact forms) so that users' end devices can establish a connection to Friendly Captcha's servers in order to receive a calculation task from Friendly Captcha. The user's device solves the calculation task, which uses certain system resources, and sends the calculation result to our web server. The web server contacts the Friendly Captcha server via an interface and receives a response indicating whether the puzzle has been solved correctly by the device. Depending on the result, we can apply security rules to requests via our website and, for example, process or reject them.

Data

When using our contact forms, certain data must be provided so that we know who the request is coming from and how we can respond to it. Depending on the specific request, we usually need your name, email address, and, if necessary, other contact details (e.g., telephone number) as well as information about your request. In addition to the data marked as mandatory, further information can be provided voluntarily.

When you access and submit the form, we collect the following data (log data) for technical reasons, which your browser automatically transmits to our server:

• Your IP address,
• Date and time of access and submission,
• Name of the file accessed by your browser (URL).

When the form is sent, the following log data is collected in connection with Friendly Captcha:

• The request headers User-Agent, origin, and referrer,
• the puzzle itself, which contains information about the account and the website key to which the puzzle refers,
• the version of the widget,
• a timestamp.

IP addresses are only stored in hashed (one-way encrypted) form and do not allow any conclusions to be drawn about an individual. We store an anonymized counter per IP address for dynamic scaling of puzzle difficulty in the edge network to detect malicious users and minimize the blocking of legitimate users. This data is stored separately from the rest of the data and cannot be associated with specific websites. Friendly Captcha does not set or read any cookies on the user’s device.

Purposes

We process the data you submit to us via the contact form in order to process your request and contact you in this regard.

The personal data processed during the submission process in connection with Friendly Captcha is used to prevent misuse of the contact form and to ensure the security of our IT systems. The data is used exclusively for the above-described protection against spam and bots.

Legal basis

Data processing for the purpose of contacting us is carried out in accordance with Art. 6 (1) lit. a GDPR on the basis of your voluntary consent.

You can withdraw your consent at any time using the contact details provided in the imprint on the respective website. As a result, we will no longer be allowed to continue processing data based on this consent in the future and may not be able to process your request further or respond to it in full.

The legal basis for processing in connection with Friendly Captcha is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in protecting our websites from misuse by bots, i.e., spam protection and protection against attacks (e.g., mass requests).

Duration

The personal data collected by us via the contact form will be deleted after your request has been processed, provided that there are no retention obligations that prevent deletion.

The data collected for technical reasons (log data) when the form is accessed and submitted will be deleted after two months at the latest.

The personal data collected during the submission process in connection with Friendly Captcha will be deleted after thirty days at the latest.

You can register for our Asklepios newsletter at various points on our website. As a newsletter subscriber, you will receive regular emails from us with information on current developments in health care policy, tips on patient events, and other health care related information, e.g., on topics such as nutrition, exercise, or prevention.

To send the newsletter, we use special email marketing software from our service provider CleverReach GmbH & Co. KG (Schafjückenweg 2, 26180 Rastede, Germany) in accordance with an agreement on order processing pursuant to Art. 28 GDPR.

To protect against spam and misuse in connection with the use of our registration forms, we use the “Friendly Captcha" service (www.friendlycaptcha.com) for newsletter registration. This service is provided by Friendly Captcha GmbH (Am Anger 3-5, 82237 Wörthsee, Germany), which acts as a processor for us (Art. 28 GDPR) (see Section 2b. ("Contact forms")).

Data

When you register for the Asklepios newsletter, we collect your email address and, optionally, your title, first and last name, and date of birth. If you provide your first and last name in addition to your email address, you will be addressed personally in the newsletter, provided you have agreed to this. If you also provide us with your date of birth, you will receive birthday wishes by email based on your separate consent.

To confirm your newsletter registration, we first carry out a double opt-in procedure after you have entered your registration data and send you an email asking you to confirm the email address you have provided by clicking on the link contained in our double opt-in email. Your newsletter registration will only become effective after you have clicked on this link.

In order to carry out the double opt-in procedure, we process not only your email address but also log data that is generated for technical reasons when you subscribe to and unsubscribe from the Asklepios newsletter. This includes the date and time of your registration, the date and time of sending our double opt-in email, the date and time of confirmation of the link, the IP address of the device used for confirmation, and the date and time of any unsubscription from the newsletter.

If you have given your separate consent to the use of white pixels (Art. 6 (1) (a) GDPR), you enable us to determine system information about the hardware and software used to receive an email, as well as information about the successful delivery of a newsletter and its opening and click rates. White pixels are small personalized image files that are not visible to the human eye and are downloaded from our servers when an email is opened. When reloading, the computer system from which the email is opened sends a so-called identifier and a so-called user agent string to the server from which the image is reloaded. Clicking on content in the newsletter also reloads white pixels that are linked to the respective content. This reloading allows us to determine whether and when a specific piece of content in an email has been opened. Reloading can be prevented, for example, by setting the email program to disable the automatic reloading of images or to receive emails in text format only.

When the form is submitted, the following log data is collected in connection with Friendly Captcha:

• The request headers User-Agent, origin, and referrer,
• the puzzle itself, which contains information about the account and the website key to which the puzzle refers,
• the version of the widget,
• a timestamp.

IP addresses are only stored in hashed (one-way encrypted) form and do not allow any conclusions to be drawn about an individual. We store an anonymized counter per IP address for dynamic scaling of puzzle difficulty in the edge network to detect malicious users and minimize the blocking of legitimate users. This data is stored separately from the rest of the data and cannot be associated with specific websites. Friendly Captcha does not set or read any cookies on the user's device.

Purposes

We process the data you provide when registering for our newsletter (email address and optional data) to send the newsletter and, if applicable, to address you personally in the newsletter and to send birthday wishes by email.

We process the additional log data collected during the double opt-in procedure in order to document your consent to receive our newsletter in a legally compliant manner.

Legal basis

The sending of the newsletter and, if applicable, the personal salutation in the newsletter or the transmission of birthday wishes by email is based on your separate consent (Art. 6 (1) lit. a GDPR).

You can withdraw your consent to receive the newsletter at any time via the unsubscribe link in the newsletter. You can also withdraw your consent to receive the newsletter and any other consent you have given in this context at any time by sending an email to newsletter.asklepios@asklepios.com or by writing to Asklepios Kliniken GmbH & Co. KGaA, Rübenkamp 226, 22307 Hamburg –Konzernbereich Unternehmenskommunikation (Corporate Communications Division). As a result, we will no longer be permitted to continue processing data based on this consent in the future and will no longer be able to send you the newsletter (personalized) or birthday wishes.

Data processing for the purpose of implementing the double opt-in procedure and data processing for evidence purposes is carried out on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Our legitimate interest is the legally compliant documentation of your consent to subscribe to the newsletter and the assertion, exercise, or defense of legal claims.

Duration

We store the information you provide in the registration form when you register, as well as the log data generated during registration and the double opt-in procedure, for as long as you are registered for the Asklepios newsletter. For evidence purposes and to assert any legal claims, we also store this data after you unsubscribe for a transitional period of three years from the end of the year in which you unsubscribed and, in the event of any legal disputes, until their conclusion.

You can book appointments for consultations or treatment at various Asklepios facilities via our website (online appointment booking). Our website indicates whether online appointment booking for the respective appointment is carried out via our Asklepios patient portal or our service provider samedi. 

The use of our online appointment booking is an additional service and is voluntary for you. You can also book appointments by telephone using the alternative telephone number provided. 

If an appointment can be booked via our Asklepios patient portal, you will be redirected to the Asklepios patient portal via the button provided in order to make the booking there. 

In addition to our Asklepios patient portal, we use the services of samedi GmbH (Rigaer Str. 44, 10247 Berlin, Germany) ("samedi") for online appointment booking, which acts as a processor for us (Art. 28 GDPR). You can book appointments online via samedi as a guest or via your samedi patient account. To book as a guest, select the appointment and click on "Book appointment without samedi account" and enter your details. Alternatively, you can log in via your samedi patient account ("Log in with samedi and book appointment"). When booking via your samedi patient account, you will leave our website and be automatically redirected to the samedi portal to log in and confirm the transfer of your data from the samedi portal to our online appointment booking system. 

To take advantage of all the benefits of online appointment booking via samedi (e.g., managing appointments via your samedi patient account), you must register with samedi and log in. 

To protect against spam and misuse in connection with the use of our booking forms, we use the “Friendly Captcha" service (www.friendlycaptcha.com) for online appointment booking. This service is provided by Friendly Captcha GmbH (Am Anger 3-5, 82237 Wörthsee, Germany), which acts as a processor for us (Art. 28 GDPR)  
(see section 2b. ("Contact forms")). 

Data 

When you use our online appointment booking service via the Asklepios patient portal, your data is not processed by our websites, but in accordance with the data protection information applicable to the Asklepios patient portal. You can find this information here and directly in the Asklepios patient portal. 

If you book an appointment via samedi as a guest, we collect the location you entered during the location search or transmitted via your browser, as well as the contact details required for booking the appointment (last name, first name, email address), data on the type of health insurance required for the preparation, execution, and billing of the appointment, your date of birth, and any other necessary data (e.g., reason for your appointment request, complaints, diagnosis, previous treatments, and previous treating physicians). You may also voluntarily provide additional information. 

When you use our online appointment booking service via your samedi patient account, we collect the location you entered during the location search or transmitted via your browser, as well as the data stored in your samedi patient account and which, according to your account settings, is to be transmitted by samedi for online appointment bookings. You can adjust and manage your data in your samedi patient account at any time. You can also adjust the data transmitted from your profile - with the exception of the email address - before submitting the appointment booking form. 
For more information on data processing by samedi, please refer to samedi's privacy policy (https://legal.samedi.de/for_patients/privacy_policy_in_general/). 

When you use the location search function as part of the online appointment booking process, either manually by entering a location (e.g., city name or postal code) (manual search) or automatically by activating the arrow symbol in the respective search field and selecting your location via your browser settings (automatic search), we manually collect the location specified via your input or automatically collect the transmitted location data via your browser, and this data is stored in local storage. With local storage, data is stored locally in the cache, i.e., in a kind of temporary storage in 
the user's browser. If the cache is not deleted by the user, the data remains there even when the browser window is closed and the program is exited, and can continue to be read. 

The data you provide when booking an appointment online (both when booking an appointment online via samedi as a guest and via your samedi patient account), which you send to us using the appointment booking form, is stored electronically in our hospital information system (KIS) on our own servers and, if necessary, further processed there in order to be able to carry out, document, and bill your treatment as a patient in accordance with the applicable law. 

When the form is submitted, the following log data is collected in connection with Friendly Captcha: 
 

• The request headers User-Agent, origin, and referrer, 
• the puzzle itself, which contains information about the account and the website key to which the puzzle refers, 
• the version of the widget, 
• a timestamp. 

IP addresses are only stored in hashed (one-way encrypted) form and do not allow any conclusions to be drawn about an individual. We store an anonymized counter per IP address for dynamic scaling of puzzle difficulty in the edge network to detect malicious users and minimize the blocking of legitimate users. This data is stored separately from the rest of the data and cannot be associated with specific websites. Friendly Captcha does not set or read any cookies on the user's device. 

Purposes 

We process the data you provide when booking an appointment online exclusively for the purpose of booking, preparing, carrying out, and documenting the appointment, as well as for fulfilling our treatment contract and the associated obligations (e.g., billing with cost bearers). 

If you give your separate consent to this when booking an appointment (when booking an appointment online via samedi as a guest) or have already given your consent in your samedi patient account (when booking an appointment online via your samedi patient account), we will use the data you provide to send you a booking confirmation and reminder of your appointment by email and/or SMS and to contact you in connection with your appointment. 

Location data is processed for the purpose of performing location searches when used by users. 

If you also sign up to receive our newsletter when booking an appointment, we will process your email address and, if applicable, your name for personal salutation in the newsletter for the purpose of sending our newsletter (see section 2c. ("Newsletter")). 

If you sign up to receive birthday wishes by email when booking an appointment, we will use your date of birth and your email address to send you birthday wishes by email (see section 2c. ("Newsletter")). 

Legal basis 

The processing of your data in the context of booking an appointment and, if applicable, contacting you about your appointment is based on your consent (Art. 6 (1) lit. a GDPR and Art. 9 (2) lit. a GDPR for health data). 

The sending of the newsletter and, if applicable, the personal salutation in the newsletter or the transmission of birthday wishes by email is based on your separate consent (Art. 6 (1) lit. a GDPR). 

You can withdraw your consent at any time as follows: 

• Online appointment booking via samedi as a guest: by email or in writing to the facility where you booked the appointment (you will find the contact details in the booking confirmation or in the imprint on the website of the respective facility). 
• Online appointment booking via your samedi patient account: Adjust the settings in your samedi patient account (accessible at  https://patient.samedi.de/login). 
• Consent to receive our newsletter or birthday wishes: by email to newsletter.asklepios@asklepios.com or in writing to Asklepios Kliniken GmbH & Co. KGaA, Rübenkamp 226, 22307 Hamburg, Germany – Konzernbereich Unternehmenskommunikation (Corporate Communications department). 

Your withdrawal means that we may no longer continue the data processing based on this consent in the future, i.e. 

if you withdraw your consent to data processing in connection with the appointment booking 

• we will have to cancel your appointment booking before the appointment takes place, or 
• after the appointment has taken place, we will only process your data as described below for the purposes of documentation with respect to our legal retention obligations and, if necessary, for billing purposes. 

If you withdraw your consent in connection with our newsletter or to receive birthday wishes, we will stop sending you the newsletter or birthday wishes. 

The legal basis for processing in connection with Friendly Captcha and the location search within the online appointment booking system is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in protecting our websites from unauthorized access by bots, i.e., spam protection and protection against attacks (e.g., mass inquiries) and the user-friendly provision of our location search. 

Duration 

If you use the online appointment booking service via samedi as a guest, your data will remain stored at samedi and in our KIS for as long as we need it to prepare and carry out the appointment. After the appointment has been carried out, or if you have previously withdrawn your consent to data processing, the data will be deleted, provided that there are no legal retention obligations. 

If you use the online appointment booking service via your samedi patient account, your data will remain stored for as long as the samedi patient account is registered. If you terminate your user account with samedi – which is possible at any time (accessible at https://patient.samedi.de/login) – the associated user profile, including all stored data, will be completely and irrevocably deleted. Information (such as appointments or messages) that you have sent will remain as incoming messages with the recipient of the message, as this information has become into possession of the recipient. 

You can book certain appointments via our website that are conducted via video (e.g., via your smartphone, tablet, laptop) (video consultation).

Online appointment booking and participation in video consultations are voluntary for you. You are of course still free to make a "normal" appointment and to arrange appointments by telephone using the alternative telephone number provided. Online appointment booking and video consultations are simply an additional service offered by our doctors to provide you with an alternative to an on-site appointment in our facilities in cases where this is therapeutically appropriate. 

To provide our online appointment booking and conduct video consultations we use the services of samedi GmbH (Rigaer Str. 44, 10247 Berlin, Germany) ("samedi"), which acts as our processor (Art. 28 GDPR). You can book appointments online via samedi as a guest or via your samedi patient account (see section 2d. ("Appointment booking")).

Further information on how video consultations work and the technical requirements can be found at samedi GmbH at: https://patient.samedi.de/faq

Data 

Online appointment booking 

To book a video consultation appointment, we collect the data required for the appointment booking (see section 2d. ("Appointment booking")). If you also sign up to receive our newsletter and/or birthday wishes when booking your appointment, we will process the data described in section 2c. ("Newsletter"). 

After submitting the booking form, you will receive an email containing a link to confirm the appointment and your consent given during the online appointment booking process. Only after confirming this email is the appointment bindingly booked for you. 

After confirming your appointment, you will receive another email with information on how to proceed and a link to dial into the video consultation. 

The data you provide when booking an appointment online (both when booking an appointment online via samedi as a guest and via your samedi patient account) will be stored by us both in a paper file and electronically in our hospital information system (KIS) on our own servers, where it may be further 
processed in order to carry out, document, and bill your treatment as a patient in accordance with the applicable law. 

Dialing in for the video consultation 

In order to participate in the video consultation via the link provided, you must enter your first and last name. 

In addition, for technical reasons, we collect the following data, which your browser automatically transmits: 
 

• Your IP address, 
• information about your browser type and version, 
• the operating system of your device, 
• the date and time of the page view, 
• the name of the file accessed by your browser (URL), 
• the website from which you came (referrer URL). 

This data is temporarily stored in a so-called log file. This data is not stored together with other personal data. 

Conducting the video consultation 

During the video consultation, we or your doctor will process the same personal data, in particular health data, as during a "normal" appointment or consultation. In addition to your general personal details (in particular your name, date of birth, contact details, and health insurance details), this also includes medical histories, diagnoses, therapy proposals, and medical findings collected by us or other doctors. 

If an explanatory conversation is required before the actual video consultation, an initial video meeting will be held with the relevant administrative office. A screenshot of your health insurance card and your referral will be taken to confirm the accuracy of the information. The screenshots will be stored on our own servers in our hospital information system (KIS) and processed there if necessary. 

At the beginning of the video consultation, your identity will be verified by the doctor by holding your insurance card up to the camera. The doctor will check your name and compare it with the appointment data on file and your ID photo. The data from the comparison will not be stored separately. If there are any doubts about your identity, the video consultation will not proceed. 

Personal data is processed during the video consultation in the form of video and audio data and, if applicable, chat communication. In order to maintain doctor-patient confidentiality, we use technology that enables us to transfer the data in an end-to-end encrypted format as directly as possible between the participants. The data is therefore encrypted on the patient's device and only decrypted on the doctor's device (and vice versa). The technology used is called WebRTC and uses AES as the encryption algorithm. This means that no one except the participants in the video consultation can see this data in plain text (not even our service provider samedi). 
 
In order to provide the functionality of the video consultation, additional metadata must be processed: 

• Time and duration of communication, 
• Web browsers and versions used, 
• Type of connection, 
• Technical quality assessment of the video consultation. 

 
Documentation and administration 
 
As with a "normal" consultation in our facilities, your appointment and treatment data from the video consultation are stored electronically in our hospital information system (KIS) on our own servers and processed there if necessary (e.g., for documentation and billing purposes). 

Purposes 

Your data will be processed exclusively for the purpose of booking appointments, providing and conducting video consultations, and fulfilling our treatment contract and the associated obligations (e.g., billing with cost bearers). 

Access data (server log files) and metadata are processed to ensure the functionality of the video consultation, for troubleshooting, and for technical optimization. The data is not analyzed for any other purposes. 

If you also sign up to receive our newsletter and/or birthday wishes when booking an appointment, we will process your email address to send you our newsletter and, if applicable, your name or date of birth to address you personally in the newsletter or to send you birthday wishes by email (see section 2c. ("Newsletter")). 

Legal basis 

The processing of your data in the context of booking an appointment and in the context of preparing, providing, and conducting the video consultation is based on your consent (Art. 6 (1) lit. a GDPR and Art. 9 (2) lit. a GDPR for health data). 

The legal basis for the collection and temporary storage of log files and metadata is Art. 6 (1) lit. f GDPR. Our legitimate interest is to ensure the security of the IT systems used, in particular for the detection, elimination, and evidence-based documentation of security incidents. 

The sending of the newsletter and, if applicable, the personal salutation in the newsletter or the transmission of birthday wishes by email is based on your separate consent (Art. 6 (1) lit. a GDPR). 
 
You can withdraw your consent at any time as follows: 

• Online appointment booking via samedi as a guest: by email to the email address provided in the email requesting confirmation of the appointment or in writing to the facility where you booked the appointment (the contact details can be found in the booking confirmation or in the imprint on the website of the respective facility). 
• Online appointment booking via your samedi patient account: Adjust the settings in your samedi patient account (accessible at https://patient.samedi.de/login). 
• Consent to receive our newsletter or birthday wishes: by email to newsletter.asklepios@asklepios.com or in writing to Asklepios Kliniken GmbH & Co. KGaA, Rübenkamp 226, 22307 Hamburg, Germany – Konzernbereich Unternehmenskommunikation (Corporate Communications department). 

Your withdrawal means that we may no longer continue the data processing based on this consent in the future, i.e. 

if you withdraw your consent to data processing in connection with appointment booking and video consultations 

• we will have to cancel your appointment booking before the video consultation takes place, or  
• after the video consultation has taken place, we will only process your data as described below for the purposes of documentation with respect to our legal retention obligations and, if necessary, for billing purposes. 

If you withdraw your consent in connection with our newsletter or to receive birthday wishes, we will stop sending you the newsletter or birthday wishes. 

Duration 

If you booked your video consultation via samedi as a guest, the appointment booking data will remain stored at samedi and in our KIS for as long as we need it to prepare and conduct the video consultation. After the video consultation has taken place, or if you have previously withdrawn your consent to data processing, the data will be deleted unless there are legal retention obligations. 
 
If you booked your video consultation via your samedi patient account, your data will remain stored for as long as the samedi patient account is registered. If you terminate your user account with samedi - which is possible at any time (accessible at https://patient.samedi.de/login) - the associated user profile, including all stored data, will be completely and irrevocably deleted. Information (such as appointments or messages) that you have sent will remain as incoming messages with the recipient of the message, as this information has become into the possession of the recipient. 
 
Access data, log files, and metadata generated in connection with access to and the conduct of the video consultation will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of access data stored in log files, this will be after seven days at the latest. Metadata will be automatically deleted after three months at the latest. 

Our career portal gives you the opportunity to apply online for an advertised vacancy or to submit a proactive application (online application).

For our career portal, we use the services of rexx systems GmbH (Süderstrasse 75-79, 20097 Hamburg, Germany), which acts as a processor for us (Art. 28 GDPR).

Data

As part of the online application, we collect your contact details (last name, first name, address, email address, telephone number) via our application form, as well as any other information about you and your career that you provide to us via the application form or in the documents attached to it.

If you use the "Apply with LinkedIn profile" or "Apply with finest jobs profile" function via our career portal, we collect the data stored in your respective profile and which is to be transmitted to us in accordance with your account settings. You can adjust and manage your data in your respective profile and settings there at any time. You can also adjust the data transmitted from your profile before submitting the application form. Further information can be found in the LinkedIn privacy policy (https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy) and in the rexx systems GmbH privacy policy regarding finest jobs (Privacy policy on finest jobs - finest jobs (finest-jobs.com).

Purposes

Your data is processed for the purpose of carrying out the application process and to check the suitability of your application for the vacancy (in the case of applications for a specific vacancy, for that vacancy; in the case of proactive applications, for available vacancies at the locations you have specified).

Legal basis

The processing of your data is based on your consent (Art. 6 (1) lit. a GDPR). If you provide us with special categories of data (e.g., health data (such as severely disabled status) or ethnic origin), this data will be processed on the basis of Art. 9 (2) lit. a GDPR.

You can withdraw your consent at any time by sending an email to personalmarketing@asklepios.com or by writing to Asklepios Kliniken GmbH & Co. KGaA, Rübenkamp 226, 22307 Hamburg, Germany - Konzernbereich Personal & Soziales (Human Resources and Social Affairs department). As a result, we will no longer be permitted to continue processing data based on this consent in the future and may not be able to continue your application process.

Duration

When you apply for an advertised vacancy, your data will be processed for the individual duration of the respective application process for the purpose of your participation in the application process. Once the application process has been completed, the aforementioned purposes have generally been achieved.  Beyond the application process, there is a legitimate interest under the General Act on Equal Treatment (AGG) in retaining your application documents for six months after completion of the application process. The data and documents are then anonymized and finally deleted after 24 months.

In the case of a proactive application or if you have given your consent within a specific application process to further processing for the purpose of reviewing other vacancies, we will process your data for a maximum of twelve months in order to be able to check the suitability of your application for new vacancies. After this period, the data and documents will be anonymized or deleted if they are not being used for a specific application process at that time. In this case, the data will be processed until the application process is completed and then deleted as described in the previous section.

Our website provides access to podcasts on various topics. You can listen to, download, share, or subscribe to podcasts directly from our website using the players displayed.

We use the podcast hosting services of Julep Media GmbH (c/o überlab GmbH & Co. KG, August-Everding-Straße 25, 81671 Munich, Germany; www.julep.de) and Podigee GmbH (Revaler Straße 28, 10245 Berlin, Germany; www.podigee.com/de/) to provide podcasts. We have no influence on the data processing carried out by the respective providers for their own purposes, which is why we can only refer you to the respective data protection information in this regard. The data protection information for the providers can be found on the above-mentioned websites.

Data

In connection with the provision of podcasts on our websites, personal data is only processed if you have given your consent to the provider in the Consent Management Tool and a podcast is displayed on the website you are visiting.

To access podcasts via the embedded player, you must activate the respective service in the Usercentrics consent management tool (see section 2a. ("Visiting the website and log files")). This tool can be opened by clicking on the "Cookie settings" link in the footer. You can view and manage your personal settings there at any time. You can change your selection and give or withdraw your consent at any time.

If you have activated the service and use podcasts via our website, the following data will be processed by the respective podcast hosting service:

• Your IP address,
• information about your browser type and version,
• the operating system of your device,
• date and time of each access,
• the name of the file accessed by your browser, i.e., the content you view on our website, and the amount of data transferred (URL).

No cookies are stored when using the podcast player and downloading the associated audio file.

Purposes

Your data is processed in order to make the podcasts available for playback and download. In addition, the data is anonymized or pseudonymized for the purpose of determining statistical values (e.g., number of hits).

Legal basis

The processing of your data for the purpose of providing the podcasts is based on your consent (Section 25 (1) TDDDG in conjunction with Art. 6 (1) lit. a GDPR). You can withdraw your consent at any time by changing your personal settings in the Usercentrics Consent Management Tool (see section 2a. ("Visiting the website and log files")). The withdrawal of your consent means that you will no longer be able to use the respective service on our website.

The processing of anonymized or pseudonymized data for statistical purposes is based on Section 25 (2) TDDDG in conjunction with Art. 6 (1) lit. f GDPR. Our legitimate interest here lies in obtaining statistical values that help us to better understand and, if necessary, improve the reach of our podcasts.

Duration

The processed data will be deleted as soon as the purpose of processing this data no longer applies and provided that no legal retention obligations prevent deletion. Details on the deletion of your data can be found in the privacy policy of the podcast hosting services at www.julep.de and www.podigee.com/de/.

Our website provides access to videos on various topics. You can watch videos using the players displayed.

We use plugins from the Google-operated site YouTube to provide videos. The operator is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

We also use the video streaming service hauptsache.net. The operator is hauptsache.net GmbH, Neuer Pferdemarkt 1, 20359 Hamburg, Germany.

We have no influence on the data processing carried out by the respective providers for their own purposes, which is why we can only refer to the respective data protection information provided by Google (https://www.google.de/intl/de/policies/privacy) and hauptsache.net (https://www.hauptsache.net/datenschutzerklaerung).

Data

In connection with the provision of videos on our website, personal data is only processed if you have consented to the YouTube service in the Consent Management Tool and a video is displayed on the website you are visiting, or if you actually play a video from hauptsache.net.

YouTube videos are integrated in what is known as "extended data protection mode," which, according to the provider, only leads to data processing when videos are played. In this case, Google may receive (similar to when you visit an external website via a link) your IP address and the address of the website (URL) from which you are activating the video. In addition, Google may receive information from any Google cookies stored in your browser. To access YouTube videos, you must therefore activate this service in the Usercentrics Consent Management Tool (see section 2a. ("Visiting the website and log files")). In this case, you also consent to your data being transferred to the USA in accordance with Art. 49 (1) lit.a GDPR. This tool can be opened by clicking on the "Cookie Settings" link in the footer. You can view and manage your personal settings there at at any time. You can change your selection and give or withdraw your consent at any time.

If you are logged into your YouTube account, you enable YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

For more information on how user data is handled, please refer to YouTube's privacy policy at https://www.google.de/intl/de/policies/privacy.

If you want to watch videos provided via hauptsache.net and start playback, we collect the following data for technical reasons, which your browser automatically transmits to our server so that you can watch the video:

• Your IP address,
• information about your browser type and version,
• the operating system of your device,
• Date and time of the page view,
• the name of the file accessed by your browser, i.e., the content you view on our website, and the amount of data transferred (URL).

No cookies are stored when using hauptsache.net videos.

Purposes

Your data is processed in order to make the videos on our website available for playback.

Legal basis

The processing of your data for the purpose of providing YouTube videos is based on your consent (Section 25 (1) TDDDG in conjunction with Art. 6 (1) lit. a GDPR). You can withdraw your consent at any time by changing your personal settings in the Usercentrics consent management tool (section 2a. ("Visiting the website and log files")). This tool can be opened by clicking on the "Cookie settings" link in the footer. Revoking your consent means that you will no longer be able to use YouTube videos on our website.

The processing of your data for the purpose of providing hauptsache.net videos is based on Section 25 (2) TDDDG in conjunction with Art. 6 (1) lit.f GDPR. Our legitimate interest here is to provide the digital service you have expressly requested (viewing the video).

Duration

The processed data will be deleted as soon as the purpose of processing this data no longer applies and provided that there are no legal retention obligations that prevent deletion.

The data that is technically generated when using videos provided by hauptsache.net will be deleted after 60 days at the latest. Details on the deletion of your data in connection with the use of YouTube videos can be found in YouTube's privacy policy at https://www.google.de/intl/de/policies/privacy.

Our website provides access to Google Maps, an online map service for displaying interactive maps, which you can use, for example, to plan routes to visit our locations.

Google Maps is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Data

When you use Google Maps, Google collects personal data such as your IP address and the address of the website (URL), search terms entered, location, etc. (similar to when you visit an external website via a link). Google may also receive information from any Google cookies stored in your browser. To use Google Maps, your browser must connect to Google's servers, to which the data is transmitted and stored. This may also involve transmission to the servers of Google LLC. in the USA.

To use Google Maps, you must therefore activate this service in the Usercentrics Consent Management Tool (see section 2a. ("Visiting the website and log files")). In this case, you also consent to your data being transferred to the USA in accordance with Art. 49 (1) lit.a GDPR. This tool can be opened by clicking on the "Cookie Settings" link in the footer. You can view and manage your personal settings there at any time. You have the option to change your selection and give or withdraw your consent at any time.

If you are logged into your Google account, you enable Google to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Google account.

For more information on how user data is handled, please refer to Google's privacy policy at https://www.google.de/intl/de/policies/privacy.

Purposes

Your data is processed in order to provide you with Google Maps on our website.

Legal basis

The processing of your data for the purpose of providing Google Maps is based on your consent (§ 25 (1) TDDDG in conjunction with Art. 6 (1) lit. a GDPR). You can withdraw your consent at any time by changing your personal settings in the Usercentrics consent management tool (see section 2a. ("Visiting the website and log files")). This tool can be opened by clicking on the "Cookie settings" link in the footer. Withdrawing your consent means that you will no longer be able to use Google Maps on our website.

Duration

The processed data will be deleted as soon as the purpose of processing this data no longer applies and provided that there are no legal retention obligations that prevent deletion.

Details on the deletion of your data in connection with the use of Google Maps can be found in Google's privacy policy at https://www.google.de/intl/de/policies/privacy.

When you visit our Facebook and Instagram pages (fan pages), Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland) ("Meta") processes your personal data in accordance with its privacy policy. The privacy policies for Facebook and Instagram can be found here.

We only process data to a very limited extent:

If you communicate with us directly via our fan pages or share personal content with us, the respective Asklepios company is responsible for processing your data. We process your data exclusively for the purpose of handling your request and contacting you at your request.

Meta has set up a statistics service on fan pages for the purpose of usage analysis (page insights). This service uses cookies and similar technologies to record your activity on our fan page and provides us with anonymized statistics. This provides us with insights into, among other things, the activity of our fan page users, the number of visits to our page, the reach of posts, views and average duration of video plays, information about the countries and cities our users come from, and statistics on the gender ratio of our users.

Page Insights only contains statistical, anonymized information for us. It is not possible to draw conclusions about individual users. Personal data used by Meta to generate Page Insights is processed exclusively by Meta and we have no access to it. The processing of personal Page Insights data is carried out exclusively by Meta.

We and Meta are jointly responsible for the data processing of Page Insights. We have entered into a joint controller agreement in accordance with Art. 26 GDPR, which specifies which company fulfills which data protection obligations under the GDPR with regard to the processing of Page Insights data. Details are set out in the joint controller agreement (Joint Controller Addendum), which you can find here.

When you visit our X channel, X Internet Unlimited Company (One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Irland) processes personal data as the operator. This includes, in particular, your IP address, the application used, information about the device you are using (including device ID and application ID), information about websites visited, your location, and your mobile phone provider. This data is assigned to your X account or X profile. X's privacy policy and options for restricting data processing through technical settings can be found here.

We have no influence on the type and scope of data processed by X, the type of processing and use, or the transfer of this data to third parties. We only store and process your personal data if you send us a direct message. In this case, we process your username.

We upload videos to our TikTok channel for the information and entertainment of our target audience. When you visit our TikTok channel, TikTok Technology Limited (10 Earlsfort Terrace, Dublin, D02 T380, Ireland) and TikTok Information Technologies UK Limited (Kaleidoscope, 4 Lindsey Street, London) ("TikTok") process your personal data in accordance with their privacy policy. The privacy policy can be found here. We do not process data beyond this.

We use the web-based social networking service LinkedIn to present our company profile and share interesting content in a business and professional context. If you use LinkedIn and visit our LinkedIn page, LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, headquartered in Sunnyvale, California, USA) will process your personal data in accordance with its privacy policy. The privacy policy can be found here. We do not process data beyond this.

We use the web-based social networking service Xing to present our company profile and share interesting content in a business and professional context. If you use Xing and visit our Xing page, Xing (New Work SE, Am Strandkai 1, 20457 Hamburg, Germany) will process your personal data in accordance with its privacy policy. The privacy policy can be found here. We do not process data beyond this.