1. contact the responsible body
Radiologisches Zentrum München-Pasing
Pippinger Straße 25, 81245 München
Responsible persons: Prof. Dr. med. Jürgen Scheidler, PD Dr. med. Daniel Theisen
Tel: 089/896000-0
Fax: 089/6000-19
Mail: rzm@rzm.de
2. Contact the data protection officer
Herr Dennis Feiler
Claudius-Keller-Str. 3c
81669 München
Tel: 089 461487-0
Fax: 089 461487-11
Mail: datenschutz@dfcsystems.de
3. Purposes and legal basis of data processing
The collection, processing and storage of your personal data serves the purpose of providing medical services and invoicing services in accordance with statutory regulations. The legal basis for the collection of data and the documentation and archiving obligations is provided by the Model Professional Code for Physicians (MBO-Ä), the provisions of the German Social Code (SGB) and, in the case of radiological services, the Radiation Protection Ordinance (StrlSchV).
4. Duration of storage
The data collected for the purpose of providing medical services and invoicing services will be stored for a minimum of 10 years and a maximum of 30 years in accordance with the statutory provisions mentioned under point 3.
5. Data collected when visiting the website
When you visit our website www.rzm.de and its subpages, i.e. when you use it for information purposes only, without registering or otherwise providing us with information, your web browser automatically sends information to the server of our website. This logging data is stored on the web server in a log file. The following information is collected and stored without any action on your part:
- IP address
- Date and time of the enquiry
- Time zone difference to Greenwich Mean Time (GMT)
- Address (URL) of the accessed page or page content, e.g. an image
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request comes
- Identifier of your web browser
- Operating system and its interface
- Language and version of the browser software.
We process the aforementioned data for the following purposes: Ensuring a smooth connection to the website, ensuring convenient use of our website, analysing system security and stability and for other administrative purposes.
This website is hosted by the hosting provider 1&1 Internet AG in Montabaur. Only pseudonymised IP addresses are stored in their log files.
5.1. Data collected when using our contact form
You can contact us using a form provided on the website (contact form) for the purpose of making general enquiries and/or scheduling medical examinations. The following personal data is collected:
- Salutation
- Last name
- First name (optional)
- E-mail address
- Phone number
- It is also possible to enter further information in the message field.
The salutation, name, e-mail address, telephone number and information in the free text field are required (*mandatory fields) so that we know who sent the enquiry in order to be able to answer it or to schedule and confirm the desired medical services. The other information can be provided voluntarily and is used to schedule medical services. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent, which is given by filling out the contact form and actually contacting us by sending the message.
The personal data collected by us for the use of the contact form will be forwarded to rzm@rzm.de in the form of an email generated from the contact form data and deleted after processing.
5.2 Forwarding of data
We only pass on your personal data to third parties if:
- you have given your express consent required in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR</li
- this is necessary for the purpose of the contract on the basis of Art. 6 para. 1 lit. b GDPR</li
- legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR for the economic and effective operation of our business operations
- there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR</li
We take appropriate legal, organisational and technical measures to ensure the protection of your personal data in accordance with the GDPR. If providers of services and content are based in third countries and the provisions of the GDPR do not apply to them in this respect, we only transfer personal data such as the IP address if there is an adequate level of data protection, user consent or another legal basis.
6. Cookies and server-side storage of session information
Cookies are small text files that are stored on your hard drive and assigned to the browser you are using. You can think of them as small “notepads” on which the site that sets the cookie memorises certain information, e.g. about the technical status of the current connection.
Cookies cannot execute programmes or transfer viruses to your computer.
They are used to make the website more user-friendly and effective overall or to make certain functions technically possible.
Typical cookies are so-called session cookies. An identifier (session ID) is briefly stored in them in encrypted form, with which various requests from your browser can be assigned to one and the same session.
Most browsers accept cookies automatically. However, you can configure your browser settings so that, for example, the acceptance of individual or all cookies is rejected or a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all the functions of our website.
6.1.Use of cookies on our website
This website is operated with the help of an online content management system (CMS) and its content is maintained by our employees.
The CMS does not usually set cookies. In individual cases, individual extension modules may set session cookies to ensure their functionality. The session cookies are deleted when you close the browser.
We also use cookies to statistically record the use of our website and to optimise our offer for you. These cookies enable us to automatically recognise that you have already visited our website when you return. The Google Analytics cookie for recognising a visitor is stored for 2 years and is not deleted after leaving the site.
The data processed by cookies are necessary for the purposes mentioned to safeguard our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
7. Recording and analysing access
The measures listed below and used by us to record user access to our website are carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. With the recording measures used, we want to ensure a needs-based design and the continuous optimisation of our website. On the other hand, we use these measures to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.
7.1. Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will first be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link http://tools.google.com/dlpage/gaoptout?hl=de.
8. Integration of third-party services and content
On the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR. GDPR, we use content or service offers from third-party providers, e.g. to integrate videos, programme codes or fonts. These third-party providers can only provide content, i.e. send it to your browser, if they recognise your IP address.
Further information on the purpose and scope of data collection and its processing by the content and service provider can be found in the data protection declarations of the respective provider. There you will also find information on your rights and settings options to protect your privacy, in particular opt-out options. You can find corresponding information for the service provider Google at google.de/intl/en/policies/privacy. You can change your data usage settings and opt-out options at google.com/settings/ads/.
When you visit our website, Google receives the information that you have accessed the corresponding sub-page of our website. The data transfer takes place regardless of whether you are logged in to Google. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your Google profile, you must log out before accessing our website.
8.1 Our activities in social networks
So that we can also communicate with you in social networks and provide information about our services, we are represented there with our own pages. We are not the original provider (controller) of the social networks, but only use these services within the scope of the possibilities offered to us by the social network. We would like to point out that your data may also be processed outside the European Union or the European Economic Area.
The processing of personal data is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in order to be able to communicate with you in a timely manner or to inform you about our services. If you have to give your consent to data processing as a user with the respective providers, the legal basis refers to Art. 6 para. 1 lit. a GDPR in conjunction with Art. 7 GDPR. Art. 7 GDPR.
As we do not have access to the social network provider’s databases, we would like to point out that you must assert your rights (e.g. to information, correction, deletion, etc.) directly with the respective provider. For further information on the processing of your data in the social networks and the possibility of exercising your right of objection or cancellation (so-called opt-out), we have listed the contact details of the respective social network provider used by us below:
Facebook
Controller for data processing in Europe:
Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy policy (data policy): https://www.facebook.com/about/privacy
Opt-out and advertising settings: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
Instagram
Controller for data processing in Europe:
Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy policy (data policy): http://instagram.com/legal/privacy/
Opt-out and advertising settings: https://www.instagram.com/accounts/privacy_and_security/
9. Applicant data
The processing is necessary for the initiation of the employment relationship in accordance with Art. 88 GDPR in conjunction with. § 26 para. 1 BDSG required. (Any storage beyond the current application procedure or disclosure to third parties requires consent pursuant to Art. 6 para. 1 lit. a GDPR, which fulfils the requirements for consent pursuant to Art. 7 para. 1-4 GDPR).
Recipients of the data: Internal: HR department, superiors, management.
Storage period: 6 months for applications. Deletion takes place after 6 months, unless consent has been given for longer storage.
Data transfer to a third country: Data is not transferred to third countries.
10. portal4med for referring physicians and patients
As a referring physician and patient of the Radiological Centre Munich-Pasing, you have protected access to our findings and image portal https://portal4med.rzm.de
The legal basis for processing is the patient’s consent in accordance with Art. 6 para. 1 lit. b GDPR and our legitimate interest in improving the stability and functionality of the portal solution in accordance with Art. 6 para. 1 lit. f GDPR.
Recipient of the data: We use service providers for the operation and maintenance of our portal solution who act as our processors. All service providers are contractually obliged to treat your data confidentially and in accordance with the requirements of the European General Data Protection Regulation (GDPR).
Data transfer to a third country: No data is transferred to third countries.
11. booking4med – Online appointment booking
As a patient, you have the option of making an appointment online via our appointment booking portal (Online Appointment Booking / Radiology in Munich – RZM).
The legal basis for processing is the patient’s consent in accordance with Art. 6 para. 1 lit. b GDPR and our legitimate interest in improving the stability and functionality of the portal solution in accordance with Art. 6 para. 1 lit. f GDPR.
Recipient of the data: We use service providers for the operation and maintenance of our portal solution who act as our processors. All service providers are contractually obliged to treat your data confidentially and in accordance with the requirements of the European General Data Protection Regulation (GDPR).
Data transfer to a third country: No data is transferred to third countries.
12. Data security
We use the SSL (Secure Socket Layer) method to transfer data between your browser and our web server. This means that the data to be transmitted is encrypted and cannot be read by third parties. You can recognise whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the status bar of your browser and by the use of the https:// protocol instead of .
We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
13. Information about your rights
Information: You have the right to information at any time to find out what data is stored.
Correction: You have the right to have your data corrected at any time.
Erasure: You have the right to have your data erased at any time, provided that this does not conflict with other statutory retention requirements.
Objection: You have the right to object to the processing, use and data portability of your data at any time. However, as part of our medical service provision, we are legally obliged to document and store your personal data as well as data about the medical service provided to you!
Complaint: You have the right to lodge a complaint with the competent data protection supervisory authority. Why do we need your data? The collection of the necessary data serves the provision of our medical services for your health. Failure to provide this data would mean that we would not be able to provide treatment.
Do you have any questions about data protection? We will be happy to inform you.
Give us a call: Tel. 089 / 896000-0
Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google’s parent company in the United States.
The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Google Ads
The website operator uses Google Ads. Google Ads is an online advertising programme of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display adverts in the Google search engine or on third-party websites when the user enters certain search terms into Google (keyword targeting). Furthermore, targeted adverts can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analysing, for example, which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
Google Conversion-Tracking
This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With the help of Google conversion tracking, Google and we can recognise whether the user has carried out certain actions. For example, we can analyse which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We find out the total number of users who have clicked on our adverts and what actions they have taken. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification purposes.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.
You can find more information about Google Conversion Tracking in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
