Privacy Policy

Your privacy is important to us. This policy outlines how we collect, use, and protect your personal information, ensuring transparency and compliance with all applicable data protection regulations.

Docs4D - Website

1. PRIVACY AT A GLANCE

General Information

Good day and welcome to our beautiful website. Our privacy policy gives you a simple overview of the type, scope, and purpose of collecting and processing personal data when visiting and using our online presence, the associated websites, features, and content as well as external online presentations. Our privacy policy is based on terms used by the European General Data Protection Regulation (GDPR) as well as the new Federal Data Protection Act (BDSG). You can view the corresponding definitions of terms (Art. 4 GDPR) for example at Art. 4 GDPR Definitions.

 

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is done by the website operator. You can find the operator’s contact details in the “Information about the responsible body” section of this privacy policy.

 

How do we collect your data?

Your data is collected in several ways:

 

  • Direct provision: Data that you provide to us, e.g., by entering information in a contact form.
  • Automated collection: Technical data (e.g., internet browser, operating system, or time of page access) collected by our IT systems when you visit the website, with your consent where necessary.

 

What do we use your data for?

 

  • To ensure the error-free provision of the website.
  • To analyze user behavior and improve our offerings.

 

What rights do you have regarding your data?

 

  • The right to obtain information about the origin, recipient, and purpose of your stored personal data free of charge at any time.
  • The right to request the correction or deletion of this data.
  • The right to withdraw consent for data processing at any time.
  • The right to request the restriction of the processing of your personal data in specific circumstances.
  • The right to lodge a complaint with the competent supervisory authority.

 

For further questions, contact us at: info@docs4d.com.

 

  1. GENERAL INFORMATION AND MANDATORY INFORMATION

 

Data protection

 

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done. We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may have security vulnerabilities. Complete protection of data from access by third parties is not possible.

 

Note on the responsible body

The responsible body for data processing on this website is:

 

Docs4D GmbH

Represented by Dr. Alexandros Paraforos

Am Trimmelter Hof 66

54296 Trier

Email: info@docs4d.com

 

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).

 

Storage Duration

Unless specified, your data will be stored until the purpose of processing ceases. Retention for legal reasons (e.g., tax compliance) will follow the statutory requirements (§ 257 HGB, § 147 AO).

 

Legal Basis for Data Processing

  • Art. 6(1)(a) GDPR: Consent-based processing.
  • Art. 6(1)(b) GDPR: Processing necessary for contractual obligations.
  • Art. 6(1)(c) GDPR: Legal obligations.
  • Art. 6(1)(f) GDPR: Legitimate interests.

 

General information on the legal basis for data processing on this website

 

If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR, if special categories of data are processed according to Art. 9 (1) GDPR. In the event of explicit consent to the transfer of personal data to third countries, data processing also takes place on the basis of Art. 49 (1) lit. a GDPR. If you have consented to the storage of cookies or access to information on your terminal device (e.g. via device fingerprinting), data processing is also carried out on the basis of § 25 (1) TDDDG. The consent can be revoked at any time. If your data is necessary for the fulfillment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 (1) lit. b GDPR. Furthermore, we process your data if this is necessary to fulfill a legal obligation based on Art. 6 (1) lit. c GDPR. Data processing may also be based on our legitimate interest according to Art. 6 (1) lit. f GDPR. Information about the relevant legal bases is provided in the following paragraphs of this privacy policy.

 

Data protection officer

 

We have appointed a data protection officer.

 

Data Protection Officer

 

Docs4D GmbH

Represented by Dr. Alexandros Paraforos

Am Trimmelter Hof 66

54296 Trier

Email: info@docs4d.com

 

  1. COOKIE CONSENT AND ANALYTICS

 

Cookie Banner

Our website uses a cookie banner for consent to tracking and non-essential cookies, as required by TTDSG. You can adjust preferences via the banner.

Google Analytics
We use Google Analytics (provider: Google Ireland Limited).

  • Purpose: Analyze visitor behavior and improve services.
  • Legal Basis: Art. 6(1)(a) GDPR. Consent can be revoked anytime.
  • Data Transfers: Protected by EU Standard Contractual Clauses (SCCs).

Browser Plugin: Google Opt-Out Plugin.
Privacy Policy: Google Privacy Policy.

 

  1. DATA TRANSFER TO THIRD COUNTRIES

 

EU-US Data Privacy Framework
Some tools used on our website (e.g., Google Analytics, LinkedIn) may transfer data to the USA or other third countries.

  • Transfers are only made to DPF-certified companies or under EU-approved safeguards like SCCs.

For details, visit: EU-US Data Privacy Framework.

Notice on the transfer of data to data protection-insecure third countries as well as

the transfer to US companies that are not DPF certified

We use, among other things, tools from companies based in third countries that are not secure in terms of data protection, as well as US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). If these tools are active, your personal data may be transferred to and processed in these countries. We would like to point out that no level of data protection comparable to that of the EU can be guaranteed in third countries that are not secure in terms of data protection. We would like to point out that, as a rule, the USA as a secure third country generally has a level of data protection comparable to that of the EU. A transfer of data to the USA is therefore permissible if the recipient is certified under the “EU-US Data Privacy Framework” (DPF) or has appropriate additional guarantees. Information on transfers to third countries, including the recipients of the data, can be found in this privacy policy.

 

Recipient of personal data/Order processing

 

As part of our business activities, we work with various external entities. In some cases, it is necessary to transfer personal data to these external entities. We only pass on personal data to external entities if it is necessary for the fulfillment of a contract, if we are legally obligated to do so (e.g. disclosure of data to tax authorities), if we have a legitimate interest under Art. 6 para. 1 lit. f GDPR in the disclosure, or if another legal basis allows the transfer of data.

When using data processors, we only pass on personal data of our customers based on a valid data processing agreement. If we commission third parties to process data based on a data processing agreement, this is done on the basis of Art. 28 GDPR. These are carefully selected and commissioned by us, are bound by our instructions, and are regularly checked.

In the case of joint processing, a contract for joint processing in accordance with Art. 26 GDPR is concluded.

 

  1. YOUR RIGHTS

You have the following rights:

 

  • Access (Art. 15 GDPR): Know if we process your data and obtain a copy.
  • Rectification (Art. 16 GDPR): Correct inaccurate or incomplete data.
  • Erasure (Art. 17 GDPR): Request deletion unless legally required otherwise.
  • Restriction (Art. 18 GDPR): Restrict processing under certain conditions.
  • Data Portability (Art. 20 GDPR): Receive your data in a machine-readable format.
  • Objection (Art. 21 GDPR): Object to data processing based on legitimate interests or direct marketing.

 

To exercise your rights, contact us: info@docs4d.com.

 

  1. INFORMATION, CORRECTION AND DELETION

 

You have the right to obtain free information at any time in accordance with applicable legal provisions pursuant to Art. 15 GDPR about your stored personal data, their origin and recipients, and the purpose of data processing, as well as, if applicable, a right to rectification or erasure of this data. In accordance with legal requirements in Germany, data is stored for a period of 6 years in particular pursuant to § 257 (1) HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting records, etc.) and for a period of 10 years pursuant to § 147 (1) AO (books, records, management reports, accounting records, commercial and business letters, documents relevant for taxation, etc.). You can contact us at any time regarding this as well as other questions about personal data.

 

  1. RIGHT TO RESTRICTION OF PROCESSING

 

You have the right to request the restriction of processing of your personal data. To do this, you can contact us at any time. The right to restrict processing exists in the following cases:

 

  • If you dispute the accuracy of your personal data stored with us, we usually need time to review this. During the review period, you have the right to request the restriction of processing of your personal data.
  • If the processing of your personal data has/had happened unlawfully, you can request the restriction of data processing instead of deletion.
  • If we no longer need your personal data, but you need it for the exercise, defense, or assertion of legal claims, you have the right to request the restriction of processing of your personal data instead of deletion.
  • If you have objected pursuant to Art. 21 para. 1 GDPR, a balancing of your interests and ours must be undertaken. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of processing of your personal data.

 

If you have restricted the processing of your personal data, these data may only be processed – apart from their storage – with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

 

  1. WITHDRAWAL OF YOUR CONSENT TO DATA PROCESSING

 

Many data processing operations are only possible with your explicit consent. You can revoke any consent given at any time. The legality of data processing until revocation remains unaffected by the revocation.

 

  1. RIGHT TO OBJECT TO DATA COLLECTION IN SPECIAL CASES AND TO DIRECT ADVERTISING (ART. 21 GDPR)

 

IF DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION DECLARATION. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR). IF YOUR PERSONAL DATA IS BEING PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR). You can inform us of your objection using the following contact details:

 

Docs4D GmbH

Represented by Dr. Alexandros Paraforos

Am Trimmelter Hof 66

54296 Trier

Email: info@docs4d.com

 

  1. RIGHT TO DATA PORTABILITY

 

You have the right to have data, which we process automatically on the basis of your consent or in fulfillment of a contract, handed over to yourself or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.

 

  1. RIGHT TO LODGE A COMPLAINT WITH THE COMPETENT SUPERVISORY AUTHORITY

 

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

You can contact the responsible state data protection officer at:

The state data protection officer for data protection and freedom of information in Rheinland-Pfalz:

Hintere Bleiche 34
55116 Mainz

Telefon: +49 (0) 6131 8920-0
Telefax: +49 (0) 6131 8920-299

Webseite: https://www.datenschutz.rlp.de/
E-Mail: poststelle@datenschutz.rlp.de

 

  1. OBJECTION TO ADVERTISING EMAILS

 

The use of contact data published in the context of the imprint obligation for sending unsolicited advertising and informational materials is hereby rejected. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of promotional information, such as spam emails.

 

Server log files

 

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

 

  • Browser type and browser version
  • operating system used
  • Referrer URL
  • hostname of the accessing computer
  • time of the server request
  • IP address

These data will not be merged with other data sources.

The collection of this data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website – for this purpose, the server log files must be recorded.

 

SSL or TLS encryption

 

This page uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

 

Encrypted payment transactions on this website

 

Is there an obligation to provide us with your payment details (e.g. account number for direct debit) after concluding a paid contract, these data will be necessary for payment processing.

The payment transactions using the common payment methods (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

In the case of encrypted communication, your payment data that you transmit to us cannot be read by third parties.

 

Contact form

 

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not share this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR, if your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; the consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after completion of processing your request). Mandatory legal provisions – in particular retention periods – remain unaffected.

 

Inquiry by email, phone or fax

 

If you contact us by email, phone, or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your concern. We do not disclose this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b DSGVO, provided your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO) if this has been requested; the consent can be revoked at any time.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent for storage, or the purpose for data storage ceases to apply (e.g., after completed processing of your concern). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

 

  1. HOSTING AND CONTENT DELIVERY NETWORKS (CDN)

 

In order to provide our online services securely and efficiently, we use the services of one or more web hosting providers, from whose servers (or servers managed by them) the online services can be accessed. For these purposes, we may utilize infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services. We host the contents of our website with the following provider:

 

DomainFactory

We use the web hosting service of Domainfactory for our website. The service provider is the German company.

DomainFactory GmbH
c/o WeWork
Neuturmstrasse 5
80331 München
Deutschland

Tel: +49 89 998 288 026

Fax: +49 89 1208 8320E

Mail: support@df.eu

 

DomainFactory is a full-service provider from München, which also operates its own servers in a data center in Germany. The use of webgo is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the most reliable presentation of our website. If the corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

For more information, please refer to webgo’s privacy policy:

https://www.df.eu/de/datenschutz/

 

order processing

We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

 

  1. SOCIAL MEDIA

 

Social media elements with Shariff

 

On this website, elements of social media are used (e.g. Facebook, Twitter, Instagram, Pinterest, XING, LinkedIn, Tumblr).

You can generally recognize the social media elements by their respective social media logos. To ensure data protection on this website, we only use these elements in conjunction with the so-called ‘Shariff’ solution. This application prevents the social media elements integrated on this website from transmitting your personal data to the respective provider as soon as you enter the page.

Only when you activate the respective social media element by clicking on the associated button, a direct connection to the server of the provider is established (consent). Once you activate the social media element, the respective provider receives information that you have visited this website with your IP address. If you are simultaneously logged into your respective social media account (e.g. Facebook), the respective provider can associate the visit to this website with your user account.

Activating the plugin constitutes consent within the meaning of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. You can withdraw this consent at any time with effect for the future.

The use of the service is to obtain the legally required consents for the use of certain technologies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

 

LinkedIn

 

This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Each time a page of this website containing elements from LinkedIn is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited this website with your IP address. If you click on the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn is able to associate your visit to this website with you and your user account. We would like to point out that as the provider of these pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn.

If consent has been obtained, the use of the above service is based on Art. 6 para. 1 lit. a DSGVO and § 25 TDDDG. The consent can be revoked at any time. If no consent has been obtained, the service is used based on our legitimate interest in the most comprehensive visibility in social media.

Data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found here:

https://www.linkedin.com/help/linkedin/answer/62538/data-transfers-from-the-eu-the-eea-and-switzerland?lang=en

https://www.linkedin.com/help/linkedin/answer/62538/data-transfers-from-the-eu-the-eea-and-switzerland?lang=en

For more information, please refer to LinkedIn’s Privacy Policy:

https://www.linkedin.com/legal/privacy-policy.

 

  1. ANALYSIS TOOLS AND ADVERTISING

 

Google Analytics

 

This website uses features of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics allows the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, dwell time, operating systems used, and the user’s origin. This data is summarized in a user ID and assigned to the respective end device of the website visitor.

Furthermore, we can record your mouse and scroll movements and clicks with Google Analytics, among other things. Google Analytics also uses various modeling approaches to supplement the collected data sets and employs machine learning technologies in data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information about the use of this website collected by Google is usually transferred to a server of Google in the USA and stored there.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. The consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA which is supposed to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to comply with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-

search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

 

Browser Plugin

 

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link:

https://tools.google.com/dlpage/gaoptout?hl=en.

For more information on how Google Analytics handles user data, please refer to Google’s privacy policy:

https://support.google.com/analytics/answer/6004245?hl=en.

 

 

  1. PLUGINS AND TOOLS

 

YouTube with enhanced privacy

 

This website embeds videos from the YouTube website. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in the extended data protection mode. According to YouTube, this mode means that YouTube does not store information about visitors to this website before they watch the video. However, the extended data protection mode does not necessarily exclude the transfer of data to YouTube partners. So, irrespective of whether you watch a video, YouTube establishes a connection to the Google DoubleClick network.

Once you start a YouTube video on this website, a connection to the YouTube servers is established. The YouTube server is informed about which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to directly associate your surfing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, after starting a video, YouTube may store various cookies on your device or use similar recognition technologies (e.g. device fingerprinting). This allows YouTube to obtain information about visitors to this website. Among other things, this information is used to capture video statistics, improve user-friendliness, and prevent fraud attempts.

Following the start of a YouTube video, additional data processing operations may be triggered over which we have no influence.

The use of YouTube is in the interest of an attractive presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If the corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, to the extent that the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

Further information on data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=en.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which aims to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

 

Google Fonts (local hosting)

 

This page uses Google Fonts for consistent font display, provided by Google. The Google Fonts are installed locally. There is no connection to Google servers.

For more information about Google Fonts, visit

https://developers.google.com/fonts/faq and Google’s privacy policy:

https://policies.google.com/privacy?hl=en.

 

Google Tag Manager

 

For our website we use the Google Tag Manager from the company Google Inc.. For the European region, the company responsible is Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland). This Tag Manager is one of many helpful marketing products from Google, with which we can centrally incorporate and manage code snippets from various tracking tools that we use on our website. We have a legitimate interest in analyzing the behavior of website visitors in order to improve our offer technically and economically. The legal basis for this is Art. 6 para. 1 lit. f GDPR. Google also processes data from you, among other things, in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data to the USA. More information can be found at: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Google also uses so-called standard contractual clauses (Art. 46 para. 2 and 3 GDPR), which are model templates provided by the EU to ensure European data protection standards for data transfer to third countries (such as the USA). Through the EU-US Data Privacy Framework and the standard contractual clauses, Google undertakes to comply with European data protection standards in data processing.

These clauses are based on the decision of the European Commission:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

Find more information here:

https://policies.google.com/privacy?hl=de?tid=331722842100

 

Order processing

 

We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This is a legally required contract that ensures that it processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

 

  1. ECOMMERCE AND PAYMENT PROVIDERS

 

Processing of customer and contract data

 

We collect, process and use personal customer and contract data to establish, design and modify our contractual relationships. We collect, process and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill for it. The legal basis for this is Art. 6 para. 1 lit. b GDPR. The collected customer data will be deleted after the order has been completed or the business relationship has ended and any statutory retention periods have expired. Statutory retention periods remain unaffected.

 

Data transmission when concluding a contract for online shops, merchants and goods shipping

 

If you order goods from us, we will pass on your personal data to the transport company responsible for delivery and to the payment service provider entrusted with payment processing. Only data that the respective service provider needs to fulfill its task will be disclosed. The legal basis for this is Art. 6 para. 1 lit. b GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures. If you have given corresponding consent in accordance with Art. 6 para. 1 lit. a GDPR, we will pass on your email address to the transport company responsible for delivery so that it can inform you by email about the shipping status of your order; you can revoke the consent at any time.

 

Data transmission during conclusion of contract for services and digital content

 

We only pass on personal information to third parties if this is essential for the execution of a contract, for example to the financial institution responsible for payment processing. There is no additional disclosure of the data unless you have expressly consented to the disclosure. Your data will not be disclosed to third parties without your express consent, for example for advertising purposes. The legal basis for data processing is Art. 6 para. 1 lit. b GDPR, which allows the processing of data for the performance of a contract or for pre-contractual measures. Medical services: We process the information of our patients and interested parties as well as other clients or contractual partners (hereinafter referred to as “patients”) in order to be able to offer our services. The processed data and their scope, purpose and necessity are based on the respective contractual and patient relationship. In the course of our work, we may also process special categories of data, in particular health information of the patients, possibly concerning their sexual life or sexual orientation, data relating to race and ethnic origin, political opinions, religious or philosophical beliefs or trade union membership. If necessary, we obtain explicit consent from the patients and otherwise process the special categories of data for the purpose of health care or to protect the vital interests of the patients. If it is necessary for the performance of the contract, the protection of vital interests or is legally required, or if consent of the patients exists, we disclose or transmit the patient data to third parties or agents such as authorities, medical facilities, laboratories, billing services, as well as service providers in the IT sector, in office organization or similar services, in compliance with professional regulations.

 

Using our webshop

 

If you want to place an order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we need for the processing of your order. Mandatory information required for the processing of contracts is marked separately, further information is voluntary. We process the data you provide to process your order. For this purpose, we may pass on your payment data to our house bank. The legal basis for this is Art. 6 (1) sentence 1 lit. b) GDPR.

[OPTIONAL: You can voluntarily create a customer account through which we can store your data for future purchases. If an account is created under “My Account”, the data provided by you will be stored revocably. All further data, including your We may also process the data you provide to inform you about other interesting products from our portfolio or to send you emails with technical information. Due to commercial and tax law requirements, we are obliged to store your address, payment, and order data for a period of ten years. However, after two years, we restrict the processing, i.e. your data will only be used to comply with legal obligations. To prevent unauthorized access by third parties to your personal data, especially financial data, the ordering process is encrypted using TLS technology.

 

Timeliness and amendment of this privacy policy

 

This privacy policy is currently valid and has the status of Noveber 2024. Due to the further development of our website and offers thereon or due to changed legal or regulatory requirements, it may be necessary to change this privacy policy. The current privacy policy can be accessed and printed at any time on the website at https://www.docs4d/General Terms & Conditions

FrontLine - Platform

PRIVACY POLICY FOR EUROPE

 

Welcome to Docs4D FrontLine, the digital health portal for efficient and demand-oriented patient care.

For us at Docs4D GmbH (hereinafter referred to as “DOCS4D” or “we“, “us“, “our“), the protection of your privacy and your personal data processed during the use of the Docs4D FrontLine Platform is of great importance. We are aware of the responsibility that arises from the provision and storage of your personal data in the Docs4D FrontLine Platform. Therefore, our technology systems used for the Docs4D services are set up to the highest standards and the lawful processing of the data is at the core of our ethical understanding as a company.

We process your personal data in accordance with the applicable legal provisions on the protection of personal data, in particular the EU General Data Protection Regulation (“GDPR”) and the country-specific laws that apply to us. In this Privacy Policy, you will find out why and how DOCS4D processes your personal data that we collect from you or that you provide to us when you decide to use the Docs4D FrontLine Platform. In particular, you will find a description of the type of personal data we collect and process, as well as the purpose and basis on which we process the personal data; furthermore, you will find the rights to which you are entitled.

Please read the Privacy Policy carefully to ensure that you understand each provision. After reading the Privacy Policy, you will have the opportunity to consent to the Privacy Policy and consent to the processing of your personal data as described in the Privacy Policy. If you give your consent, the Privacy Policy becomes part of the contract between you and DOCS4D.

In case of questions of interpretation or disputes, only the German version of the Privacy Policy shall be binding and authoritative.

 

DEFINITIONS

“App user” means any user of the Docs4D Guardian mobile Application (your patient).

“Careplan provider” means you or any other service provider or third party (e.g. medical device manufacturer, pharmaceutical company) who makes Care Plans available to other Portal users via the Docs4D Store or other means of data exchange.

“Careplan user” means you or any other service provider (Portal User) who uses a Care Plan (“Pathway”) for the treatment of its registered Patients.

“Pathway” is a standardized treatment plan consisting of several scheduled care tasks, that can determine the steps for diagnoses and therapies. “Care tasks” are specific tasks or actions within a pathway that must be performed by the healthcare providers involved, the nursing staff or the patient themselves.

healthcare provider” means you or any other physician, clinic, healthcare facility or other healthcare professional acting alone or on behalf of you or another physician, clinic or healthcare facility (intended User).

Docs4D Guardian Application” refers to the mobile Docs4D Guardian application for patients who wish to use the services offered by DOCS4D via app.

FrontLine” is the platform operated by DOCS4D that provides digital care concepts (care plans) for the treatment of your registered patients via the Docs4D platform.

Docs4D FrontLine Platform” is the Docs4D web portal intended for professional use by portal users and serves as an interface between portal users and patients as app users.

Docs4D services” means the services, functionalities and other offers that are or could be offered to portal users via the Docs4D FrontLine Platform and/or to App Users via the Docs4D Guardian app.

 

DOCS4D” means DOCS4D GmbH, Germany.

Portal User” means you or any other service provider using the web-based Docs4D Frontline Platform.

Patient Privacy Policy” means the privacy policy that describes the collection, use and storage of the personal (health) information of patients using the Docs4D Guardian app. According to the terms of use, our offer is only aimed at patients aged 18 and over. Accordingly, no personal data of children and adolescents under the age of 18 is stored and processed.

Privacy Policy” means this statement provided to you as a user of the Docs4D FrontLine Platform, which describes how we collect, use and store your personal information and informs you of your broad rights.

Terms of Use” means the terms of use for the use of the Docs4D FrontLine Platform.

PROCESSING OF (TREATMENT) DATA

Docs4D GmbH, a company registered with the District Court of Trier under the registration number HRB 45209 with its registered office at Am Trimmelter Hof 66, 54296 Trier, Germany, offers and operates the interactive web portal Docs4D FrontLine Platform (for healthcare professionals) and the mobile application Docs4D Guardian app (for patients) as access to the Docs4D services. This privacy policy applies to all personal data processed by DOCS4D in connection with the use of the Docs4D FrontLine Platform. For the use of the Docs4D Guardian app by patients, you will find a separate privacy policy for patients here.

WHAT IS PERSONAL DATA

Personal data” means any information that allows a natural person to be identified. This includes but is not limited to your name, birthday, address, telephone number, email address and IP address.

Health data” means personal data relating to the physical or mental health of a natural person, including the provision of healthcare services, from which information about his or her state of health precedes.

Data is to be considered “anonymous” if no personal connection to the person/user can be established.

In contrast, “pseudonymized” data is data from which a personal reference or personally identifiable information is replaced by one or more artificial identifiers or pseudonyms, but which can generally be re-identified by the identifier key. (within the meaning of Art. 4 No. 5 GDPR).

Docs4D PWA App

A progressive web app (PWA) is a website that looks and has the functionality of a mobile app. PWAs are built to take advantage of the native features of mobile devices without the need for an app store. The goal of PWAs is to combine the difference between apps and the traditional web by bringing the benefits of native mobile apps into the browser. The PWA is based on the technology of “React Native for Web”. “React Native for Web” is an open-source software for PWA applications.

To use the Docs4D Guardian mobile App, patients need a computer or smartphone and an active internet connection. There is no need to download an app.

Some of the Docs4D Guardian app services cannot be used within the Docs4D PWA app, see the description below for details. These are the following services or specifications:

 

-Chat with healthcare providers;

-Video;

-Security PIN codes;

-Activity data tracking (e.g. via AppleHealth, GoogleFit, Withings).

The following information about the Docs4D Guardian app also applies to the Docs4D PWA app, unless otherwise described in this section.

 

WHAT PERSONAL DATA IS USED WHEN USING THE DOCS4D GUARDIAN MOBILE APP

 

We may process the following categories of data about you when using the Docs4D Guardian app:

Operational data: Personal data that you provide to us when registering and logging in to our Docs4D FrontLine Platform, when contacting us about issues with the portal or when otherwise interacting with us for the purpose of using the portal.

Treatment data: You collect personal data of your patients, such as name, age, height, weight, indication, symptoms of illness and other information in connection with the treatment of your patients (e.g. in a care plan) in the Docs4D FrontLine Platform. Activity data of your connected patients is made available to you in your Docs4D FrontLine Platform.

Commercial store data: Personal data that is processed by us in the case of using the Docs4D store, either in the context of authorship of care plans or the purchase of care plans. The use of the Docs4D store will require the processing of your name and other contact information as well as payment details (payment information only if the care plan is subject to a fee).

Activity data: Personal data that is processed by us when an app user connects the Docs4D Guardian app to a health application (e.g. AppleHealth, GoogleFit, Withings). Activity data of your connected patients is made available to you in your Docs4D FrontLine Platform.

Commercial and non-commercial research data: We process your personal data in anonymized/pseudonymized form to analyze and produce summary scientific reports in order to improve products, treatments and scientific results.

Product safety data: Personal data that is processed to comply with our legal obligations as the manufacturer of the Docs4D Guardian app as a medical device. In addition, your personal information may be processed in case you report an incident to fulfill legal security or vigilance purposes of medical device or pharmaceutical companies.

Reimbursement data: Personal data required for the reimbursement process.

Docs4D FrontLine Platform:

If the service provider decides to use the blockchain solution, DOCS4D implements an additional tool, called “Adapter Service”, which is used to communicate with the blockchain. The blockchain instance is hosted by DOCS4D.

Docs4D Guardian app:

Patients can connect to the same blockchain instance using the Phone Manager tool, which is also hosted by DOCS4D. This service is also hosted by DOCS4D.

Justification of processing: The processing of data by DOCS4D on behalf of the service provider is carried out based on Art. 28 GDPR (order processing agreement).

 

OPERATIONAL DATA PROCESSING

In case you are a contact person for the operation of the portal at your location/practice (e.g. IT administrator, appointed healthcare professional), you may provide us with certain personal data when you contact us to understand or discuss the features and use of the portal, or in the event of a service request.

In the event of a service request, the following personal data can also be viewed by authorized DOCS4D employees:

Your personal data that you have provided to us for registration and/or login to our portal (e.g. name, date of birth, profile picture, contact details).

Authorized DOCS4D employees who may access your database for the purpose of processing a service request are contractually obligated to keep all personal information strictly confidential.

When processing operational data, DOCS4D acts as a data controller responsible for the lawful processing of your personal data.

Types of Data: e-mail address, date of birth, date of registration, your IP address, pseudo-keys generated by the Portal.

The app uses Google Maps API to use geographic information. When using Google Maps, Google also collects, processes and uses data about the use of the map functions. You can find more detailed information about the scope, legal basis and purpose of data processing by Google as well as the storage period in the Google Privacy Policy.

Purpose of processing operational data: We use the operational data to maintain the functionalities of the Docs4D FrontLine Platform and to contact you directly if necessary or on your initiative (e.g. in the event of changes to terms of use, necessary support, technical problems, etc.). Furthermore, personal data (e-mail address) is required and processed within the framework of two-factor authentication every time you log in to the Docs4D FrontLine Platform.

Justification of processing: The processing of operational data is justified based on Art. 6 para. 1 lit. b GDPR for the performance of the contract that you conclude with DOCS4D for the purpose of using the Docs4D FrontLine Platform.

 

IP GEOLOCATION

We use a geolocation application for our services. We use ipapi (provided by apilayer Data Products GmbH, Elisabethstraße 15/5, 1010 Vienna, Austria) and Geoapify (provided by Keptago Ltd., N. Nikolaidi and T. Kolokotroni ONISIFOROU CENTER 8011 Paphos, Cyprus) to identify the location of patient users. We use it to secure our applications and to verify the location of the patient user to ensure that the use of our services is compliant. We do not combine the information we collect with any other information about the user that could identify them. The data processed by apilayer includes the patient’s IP address and other details about the location. The legal basis for the use is Art. 6 para. 1 lit. f GDPR. The data will be deleted when the associated purpose for which it was collected no longer exists and there is no longer a legal obligation to store it. For more information on their privacy policy, please see https://ipapi.com/privacy/ and Privacy Policy | Geoapify location platform.

 

PROCESSING OF TREATMENT DATA

While using the Docs4D FrontLine Platform, you enter personal (health) data of your patients into the Docs4D FrontLine Platform (e.g. provision of an individual care plan, reminder to take medication, etc.). In addition, you and your patients can upload documents and files to the Docs4D FrontLine Platform and share them with each other. In addition, location functions can be generated and implemented:

  •       Adding a location;
  •       Uploading the logo of the site;
  •       Adding the details of the location;
  •       Upload a privacy policy;

It is possible to create further consent requirements for the patient, for which the patient must give consent in order to connect to the website.

An uploaded privacy policy will be displayed to every patient who connects to the website. All declarations of consent must be documented in the uploaded privacy policy. Once a privacy policy has been uploaded, it can only be replaced by a new version but cannot be deleted.

The files are stored in a cloud database in Germany. You can allow the sharing of such files with other portal users within your institution for medical purposes. Other portal users do not have access to these files.

In accordance with the GDPR, you are responsible for the processing of patients’ health data in the context of the use of the Docs4D services as the data officer.

We process such personal data, including the patient’s health data, under an agreement with you and in accordance with your instructions. Please only process your patients’ data if you have obtained the required data consent from these patients. DOCS4D acts as a data processor in accordance with the separate data processing agreement,

which we have concluded with you based on Art. 28 GDPR.

 

PROCESSING OF COMMERCIAL STORE DATA

Only applicable if you use the Docs4D Store as a Careplan user.

The Docs4D store is integrated into the Docs4D FrontLine Platform and offers the purchase of care plans. After registering with the Docs4D FrontLine Platform, you can connect to the Docs4D store using your login details. You can use the Docs4D store to purchase care plans as a user.

Data of the careplan user:

The data of the careplan user, which the Docs4D Store processes during its use, is processed for the conclusion of a license agreement with the careplan provider – in this case DOCS4D – and, if a fee is due, for the processing and control of the payment transaction between the careplan provider – in this case DOCS4D – and the careplan user.

Types of data: name, contact details, bank account details.

Processing of commercial store data: Personal data that is processed by us in the case of using the Docs4D store as part of the purchase of care plans. In addition, the payment data (if a usage fee is charged) will be forwarded to the careplan provider.

Justification of the processing of commercial store data: The legal basis for the processing of commercial store data is Art. 6 para. 1 lit. b GDPR – the processing of the data serves the performance of the contract between careplan user and careplan provider – in this case DOCS4D.

 

PROCESSING OF ACTIVITY DATA

Only applicable if your connected app users consent to and enable data transfer.

Docs4D tools offer app users the option of connecting the Docs4D Guardian app to certain health apps (e.g. AppleHealth, GoogleFit, Withings) (“Health App“), provided that these are used by the app user and the connection is made by the app user. If the connection is established, activity data collected by the Health App will be provided to you for the purpose of providing additional, contextual information regarding the app user’s activity. Please note that activity data is not validated by Docs4D tools and should therefore not be used for diagnostic purposes as a basis for medical decision-making.

The processing of activity data is the responsibility of your patients.

Types of data: The type and scope of data transferred depend on the decision of the app users. Data may include weight, height, steps taken, calories burned, hours of sleep, heart rate, and blood pressure, among others.

Purpose of processing activity data: App user’s activity data is provided to  you for the purpose of providing additional, contextual information regarding the app user’s activity. Please note that activity data is not validated by Docs4D tools and should therefore not be used for diagnostic purposes as a basis for medical decision-making.

Justification of processing:

The data officer is the patient himself, by giving you access to his activity data for the purpose of reviewing the information shared. Therefore, no further justification is required.

 

PROCESSING OF PRODUCT SAFETY DATA

Only applicable if you use the medical device variant of the Docs4D tools.

The Docs4D FrontLine Platform and the Docs4D Guardian app are classified and marketed as medical devices in accordance with European medical device regulations. As the manufacturer of the Docs4D tool, we must comply with certain legal obligations (e.g. monitoring the functionality of the tool, evaluating incident reports that could be related to the use of the tool, tracking users, etc.). In addition, Docs4D tools allow you to collect personal data about specific medical devices or medicines used in the treatment of your patients. The manufacturers of such medical devices or medicinal products also have legal obligations regarding market surveillance (e.g. collection and evaluation of side effect reports).

DOCS4D is the data controller for the processing of product safety data.

Types of data: case reports, personal data provided in an incident report and results of the assessment, details of the reporter.

Processing of product safety data: We store and evaluate all personal data in connection with our legal obligations as a manufacturer of a medical device and transmit this personal data (if possible after pseudonymization) to competent authorities, notified bodies or other data controllers with supervisory obligations. In addition, we will store and transfer personal data related to medical devices and/or medicines if we receive communications from you as the reporter of such information, from your patient or from a third party (e.g. our distributors or importers of the Docs4D tools in your country) that must be reported to the manufacturer of the product in order for the manufacturer to comply with its legal obligations on product safety.

Justification of the processing of product safety data:

The legal basis for the processing of personal data for the fulfillment of legal obligations as a manufacturer of medical devices or medicinal products is Art. 6 para.1 lit. c, art. 9 para. 2 lit. i GDPR in conjunction with the post-market monitoring obligations under the Medical Devices Act and the Medical Devices Directive (regulated as of 26 May 2021 in Chapter VII of the new Medical Devices Regulation (EU) 2017/745) and/or the Medicines Act.

 

CHANGES TO THE PRIVACY POLICY

Only applicable if you use Docs4D tools for reimbursement.

The Docs4D FrontLine Platform supports you in initiating your standard procedures for reimbursement for the healthcare services provided to your patients via the Docs4D Guardian app. To enable the reimbursement process, the Docs4D FrontLine Platform supports the collection of your patients’ personal (health) data from the Docs4D FrontLine Platform in order to facilitate the transmission of this data to the patient’s cost unit as part of the standard reimbursement processes (either your Association of Statutory Health Insurance Physicians and/or the patient’s health insurance company). You are the data officer for the reimbursement data and responsible for compliance with data protection regulations for the processing of your patients’ personal data in the reimbursement process. DOCS4D acts as a data processor based on the data processing agreement with you as a healthcare provider.

Types of data: patient’s name, diagnosis, indications, treatment, duration of treatment, other data necessary for the management of reimbursement.

Processing of reimbursement data: You, as the officer, transmit the patient’s treatment data required for reimbursement to the cost unit (either your health insurance association and/or the patient’s health insurance company) and the cost unit processes the reimbursement data in order to reimburse you.

Justification of the processing of reimbursement data: The reimbursement data is processed based on §§ 295, 301 SGB V. The processing of the data by DOCS4D for you is also carried out based on Art. 28 GDPR (order processing agreement).

 

WHAT TECHNOLOGY IS USED BY THE DOCS4D FRONTLINE PLATFORM AND THE DOCS4D GUARDIAN APP?

The Docs4D FrontLine Platform works as a web-based tool for which you need a working internet connection and any current version of the internet browser Chrome, Firefox or Safari.

E-mail service

We use Sendgrid (provided by Twilio Inc., 1801 California Street Suite 500, Denver, CO 80202, USA). These e-mail services can be used to organize the sending of e-mails.  Sendgrid is used to send confirmation emails, transaction confirmations, and emails with important information related to requests. The data you enter for the purpose of receiving e-mails is stored on Sendgrid’s servers. When we send emails on your behalf through SendGrid, we use an SSL secured connection.

 

Email communication is used for the following tasks:

 

– Logging in to the web application for the first time;

– Resetting the password for the web application;

– Create an account for the patient application;

– Reset the password for the patient application;

– Generation and sending of a report;

– Replace push notifications with emails for PWA (Progressive Web App) in the following cases:

 

(i) if a Care Plan ends within one day;

(ii) if medication has been assigned;

(iii) if the Privacy Policy has been updated;

(iv) when an appointment is sent to patients and physicians, in particular for the “video call” appointment type;

(v) Any information relating to a “Caretask” or if a Healthcare Provider has assigned a Caretask.

 

Important Explanations of Push Notifications and Emails

As part of your support by Docs4D, we would like to inform you about how we handle notifications and important information that we send you.

 

  1.     Push notifications:
  • Docs4D Guardian app to inform you about tasks, appointments and important updates.
  • You have the option to disable these push notifications in your app’s settings.

 

  1.     Email notifications:
  • Whether you have enabled or disabled push notifications, we will continue to send you important information and reminders via email.
  • This ensures that you don’t miss any important notifications and that your support runs smoothly.

Why we do this:

  •       Our goal is that you are always informed about your tasks and important updates to optimally support your care.
  •       Emails are a reliable way to ensure that important information reaches you, even when push notifications are disabled.

Your options for action:

  •       If you do not want to receive push notifications, you can deactivate them in the settings of the Docs4D Guardian app.
  •       Please ensure that your email address is accurate and up-to-date to ensure the smooth receipt of our messages.
  •       If you do not want to receive email reminders, you can deactivate them in the settings of the Docs4D Guardian app.

Storage period

The data you provide to us to receive emails will be stored by us until you log out of our services and will be deleted from both our servers and Sendgrid’s servers after you log out.

 

SendGrid

https://sendgrid.com/resource/general-data-protection-regulation-2/

 

Visible

This is an open-source web analysis tool. Matomo (provided by InnoCraft Ltd., New Zealand) does not transmit data to servers outside of DOCS4D’s control. Matomo is initially disabled when you use our services. Only if you agree, your user behavior will be recorded anonymously. If deactivated, a “persistent cookie” will be stored, if your browser settings allow it. This cookie signals to Matomo that you do not want your browser to be recorded.

The usage information collected by the cookie is transmitted to our servers and stored there so that we can analyze user behavior.

 

The information generated by the cookie about your use is:

– User operating system;

– User geolocation;

– Browser;

– Role;

– IP address;

– Sites visited via web / PWA (for more information, see the section on PWA in this Privacy Policy);

– buttons that the user clicks on in the Docs4D FrontLine Platform, in the Docs4D Guardian app and in the Docs4D PWA.

 

The information generated by the cookie will not be passed on to third parties.

You can refuse the use of cookies by selecting the appropriate settings in your browser. However, please note that you may not be able to use all the features in this case. For more information, please visit: https://matomo.org/privacy-policy/

The legal basis for the processing of users’ personal data is Art. 6 para. 1 sentence 1 lit. a GDPR. The processing of users’ personal data enables us to analyse usage behaviour. By evaluating the data obtained, we are able to compile information about the use of the individual components of our services. This helps us to continuously improve our services and their usability.

We process and store personal data only for as long as is necessary to fulfil the intended purpose.

 

SECURE TRANSFER OF PERSONAL DATA

We use appropriate technical and organizational security measures to optimally protect the personal data stored by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. The security levels are continuously reviewed in cooperation with security experts and adapted to new security standards.

The data exchange from and to the portal as well as from and to the app is encrypted. We offer SSL as an encryption protocol for secure data transmission. The data exchange is also encrypted throughout and is carried out with pseudo-keys.

 

DATA TRANSFERS / DISCLOSURE TO THIRD PARTIES

We will only pass on your personal data to third parties within the framework of the legal provisions or on the basis of your consent. In all other cases, the information will not be disclosed to third parties, unless we are obliged to do so due to mandatory legal regulations (disclosure to external bodies, including supervisory or law enforcement authorities).

Any transmission of personal data is encrypted during transmission.

The information on how we handle the personal (health) data of your patients who use the Docs4D Guardian app is summarized in a separate privacy policy for the Docs4D Guardian app. You can find this privacy policy for patients here. Please also read this patient privacy policy carefully. For some of the processing of patient data, you are the data officer and responsible for compliance with data protection (e.g. transmission of treatment data to the patient).

 

GENERAL INFORMATION ON CONSENT TO DATA PROCESSING

Your consent also constitutes consent to data processing under data protection law. Before granting us your consent, we will inform you about the purpose of the data processing and your right to object.

If the consent also relates to the processing of special categories of personal data, the Docs4D FrontLine Platform will expressly inform you of this as part of the consent procedure.

Processing of special categories of personal data pursuant to Art. 9 para. 1 GDPR may only take place if this is necessary due to legal provisions and there is no reason to assume that your legitimate interests preclude the processing of this personal data or that you have given your consent to the processing of this personal data in accordance with Art. 9 para. 2 GDPR.

For the data processing for which your consent is required (as explained in this Privacy Policy), consent will be obtained as part of the registration process. After successful registration, the consents can be managed in the account settings of the Docs4D FrontLine Platform. In addition, DOCS4D will ask you to agree to a data processing agreement for the data processed by DOCS4D under your responsibility as a data controller.

 

DATA RECIPIENTS / CATEGORIES OF RECIPIENTS

In our organization, we ensure that only those persons who are obliged to do so in order to fulfill their contractual and legal obligations are entitled to process personal data.

In certain cases, service providers support our specialist departments in the fulfillment of their tasks. The necessary data protection agreements have been concluded with all service providers who are data processors for personal data. These service providers are Google (Google Firebase) cloud storage providers and support service providers.

Google Firebase is a “NoSQL database” that enables synchronization between the Docs4D FrontLine Platform and your patient’s Docs4D Guardian app. NoSQL defines a mechanism for storing data that is not only modeled in tabular relationships by allowing easier “horizontal” scaling compared to tabular/relational database management systems in a cluster of machines.

For this purpose, a pseudo-key of the Docs4D FrontLine Platform and the Docs4D Guardian app is stored in Google Firebase together with the corresponding care plan. The data transfer is pseudonymized for DOCS4D and its service providers, which means that DOCS4D and its service providers cannot establish a relationship with you as a data subject. This is achieved by encrypting the data during the transfer and using pseudo-keys to track these transfers instead of personal identifiers such as names or e-mail addresses.  Re-identification takes place as soon as the personal data has reached the patient account in the Docs4D Guardian app or in your account in the Docs4D FrontLine Platform after verification by specific tokens.

Our cloud storage providers offer cloud storage in which the Firebase manager, which manages the Firebase URLs for the Docs4D FrontLine Platform, is stored. In addition, these service providers provide the isolated server domain of the Docs4D FrontLine Platform, in which your personal data as well as that of your patient is stored.  It also hosts Docs4D’s video and file management service, which enables encrypted video conferencing and data exchange between you and your patient. Access to your personal data by you and your patient is ensured by sending specific tokens. This personal data is encrypted during the transfer and pseudonymized for DOCS4D and its service providers during the transfer and at rest. DOCS4D service providers do not have access to this personal data at any time.

Furthermore, we use service providers to process service requests (support service providers) regarding the use of the account, for example, if you have forgotten your password, want to change your stored e-mail address, etc. The necessary order processing agreements have been concluded with these service providers; furthermore, the employees entrusted with the processing of service requests were trained accordingly. Upon recieving your service request a ticket number will be assigned to it.

If it is a service request regarding your account usage, the relevant information that you have provided to us when contacting us will be forwarded to one of the authorized employees of the external service. They will then contact you.

Otherwise, it will remain processed by specially approved DOCS4D staff, as described under “PROCESSING OF OPERATIONAL DATA”.

Through our support service providers, we use the tool RepairCode, also known as Digital Twin Code. This is a customer experience platform for dealing with external feedback with the ability to create support tickets. Here you will find the

Privacy Policy: https://app.repaircode.de/?main=main-client – Legal/privacy.

 

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

Personal data collected by the Docs4D FrontLine Platform or the Docs4D Guardian app is not stored in the app stores. Personal data will only be transferred to third countries (outside the European Union or the European Economic Area) if this is necessary for the fulfilment of the contractual obligation, is required by law or you have given us your consent.

Synchronization of the Docs4D FrontLine Platform with the Docs4D Guardian app takes place with the help of Google Firebase. Google Firebase servers are hosted in the European Union. Nevertheless, according to the general Google Firebase terms and conditions, a temporary data transfer to countries in which Google and related service providers have branches is possible; for certain Google Firebase services, data is only transferred to the USA, unless processing takes place in the European Union or the European Economic Area. Unauthorized access to your data is prevented by end-to-end encryption and secure access tokens. Our online servers are hosted in Germany. For analysis purposes, the emails sent with SendGrid contain a so-called “tracking pixel” that connects to Sendgrid’s servers when the email is opened. This can be used to determine whether an e-mail message has been opened.

 

Legal basis

Data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. The lawfulness of the data processing operations that have already taken place remains unaffected by the revocation.

Please note that your data will usually be transmitted by us to a SendGrid server in the USA and stored there. We have concluded a contract with Sendgrid that contains the EU Standard Contractual Clauses. This ensures that there is a level of protection comparable to that of the EU.

To process activity data, interfaces to Google Cloud services (in the case of GoogleFit) or to AppleHealth or Withings are used within the App User‘s mobile device. Docs4D tools use these interfaces, which are provided by Google, Apple and Withings, to request activity data from the connected health applications. The enquiry sent by Docs4D tools does not contain any personal data. Personal data is made available to the Docs4D tools via these interfaces.

 

DURATION OF STORAGE OF PERSONAL DATA

We will retain your personal data for as long as it is needed for the purpose for which it is processed. Please note that numerous retention periods require the continued storage of personal data. This applies in particular to retention obligations under commercial or tax law.

Please note that DOCS4D is also subject to retention obligations, which are contractually agreed with you based on the legal provisions. In addition, due to the classification and, if applicable, your use of the Docs4D FrontLine Platform and the Docs4D Guardian app as a medical device, certain retention periods apply to the portal, which result from the Medical Devices Act. If there are no other retention obligations, the personal data will be routinely deleted as soon as the purpose has been achieved.

In addition, we may retain personal data if you have given us your consent to do so or if litigation arises and we use evidence within the statutory limitation periods, which can be up to 30 years; the regular limitation period is three years.

YOUR RIGHTS AS A DATA SUBJECT

Various personal data are necessary for the establishment, execution and termination of the contractual relationship and the fulfillment of the associated contractual and legal obligations. The same applies to the use of our Docs4D FrontLine Platform and the various functions it offers.

In certain cases, personal data must also be collected or made available in accordance with the legal provisions. Please note that without providing this personal data, it is not possible to process your request or fulfill the underlying contractual obligation.

 

AUTOMATED DECISIONS IN INDIVIDUAL CASES

We do not use purely automated processing to make decisions.

 

YOUR RIGHTS AS A PERSON CONCERNED

We would like to inform you about your rights as a data subject. These rights are set out in Articles 15 – 22 GDPR and include:

Right of access (Art. 15 GDPR): You have the right to request information about whether and how your personal data is being processed, including information about the purposes of processing, recipients, storage period, as well as your rights to rectification, deletion and objection. You also have the right to receive a copy of any personal data we hold about you.

Right to erasure / right to be forgotten (Art. 17 GDPR): You can ask us to delete your personal data collected and processed by us without undue delay. In this case, we will ask you to delete the Docs4D FrontLine Platform from your computer. Please note, however, that we can only delete your personal data after the expiry of the statutory retention periods.

Right to rectification (Art. 16 GDPR): You can ask us to update or correct inaccurate personal data concerning you or to complete incomplete personal data.

Right to data portability (Art. 20 GDPR): In principle, you can request that we provide you with personal data that you have provided to us and that is processed automatically based on your consent or the performance of a contract with you in machine-readable form so that it can be “ported” to a substitute service provider.

Right to restriction of data processing (Art. 18 GDPR): You have the right to request the restriction of the processing of your personal data if the accuracy of the data is contested, the processing is unlawful, the data is needed for legal claims or an objection to the processing is being examined.

Right to object to data processing (Art. 21 GDPR): You have the right to object to our use of your personal data and to withdraw your consent at any time if we process your personal data based on your consent. We will continue to provide our services if they are not dependent on withdrawn consent.

To exercise these rights, please contact us at: privacy@docs4d.com. Objection and revocation of consent must be declared in text form to privacy@docs4d.com .

We will require you to provide sufficient proof of your identity to ensure that your rights are protected and that your personal data will only be disclosed to you and not to third parties.

Please also contact us at any time at privacy@docs4d.com  if you have any questions about data processing in our company or if you would like to withdraw your consent. You also have the right to contact the competent data protection supervisory authority.

DATA PROTECTION SUPERVISOR

You can reach our data protection officer to answer all questions about data protection at privacy@docs4d.com.

 

CHANGES TO THE PRIVACY POLICY

We expressly reserve the right to change this Privacy Policy in the future at our sole discretion. Changes or additions may be necessary, for example, to meet legal requirements, to comply with technical and economic developments, or to meet the interests of app or portal users.

Changes are possible at any time and will be communicated to you in an appropriate manner and in a reasonable timeframe before they become effective (e.g. by posting a revised Privacy Policy at login or by giving advance notice of material changes).

 

DOCS4D GmbH

Mailing address

Am Trimmelter Hof 66

54296 Trier, Germany

T | +49 (0) 651 17084514

E | privacy@Docs4D.com

 

Contact information of the Data Protection Officer

privacy@Docs4D.com

 

In case of questions of interpretation or disputes, only the German version of the Privacy Policy shall be binding and authoritative.

Last updated on January 18, 2025.

Guardian - Mobile Application

PRIVACY POLICY FOR EUROPE

 

Welcome to Docs4D FrontLine, the digital health portal for efficient and demand-oriented patient care.

For us at Docs4D GmbH (hereinafter referred to as “DOCS4D” or “we“, “us“, “our“), the protection of your privacy and your personal data processed during the use of the Docs4D FrontLine Platform is of great importance. We are aware of the responsibility that arises from the provision and storage of your personal data in the Docs4D FrontLine Platform. Therefore, our technology systems used for the Docs4D services are set up to the highest standards and the lawful processing of the data is at the core of our ethical understanding as a company.

We process your personal data in accordance with the applicable legal provisions on the protection of personal data, in particular the EU General Data Protection Regulation (“GDPR”) and the country-specific laws that apply to us. In this Privacy Policy, you will find out why and how DOCS4D processes your personal data that we collect from you or that you provide to us when you decide to use the Docs4D FrontLine Platform. In particular, you will find a description of the type of personal data we collect and process, as well as the purpose and basis on which we process the personal data; furthermore, you will find the rights to which you are entitled.

Please read the Privacy Policy carefully to ensure that you understand each provision. After reading the Privacy Policy, you will have the opportunity to consent to the Privacy Policy and consent to the processing of your personal data as described in the Privacy Policy. If you give your consent, the Privacy Policy becomes part of the contract between you and DOCS4D.

In case of questions of interpretation or disputes, only the German version of the Privacy Policy shall be binding and authoritative.

 

DEFINITIONS

“App user” means any user of the Docs4D Guardian mobile Application (your patient).

“Careplan provider” means you or any other service provider or third party (e.g. medical device manufacturer, pharmaceutical company) who makes Care Plans available to other Portal users via the Docs4D Store or other means of data exchange.

“Careplan user” means you or any other service provider (Portal User) who uses a Care Plan (“Pathway”) for the treatment of its registered Patients.

“Pathway” is a standardized treatment plan consisting of several scheduled care tasks, that can determine the steps for diagnoses and therapies. “Care tasks” are specific tasks or actions within a pathway that must be performed by the healthcare providers involved, the nursing staff or the patient themselves.

healthcare provider” means you or any other physician, clinic, healthcare facility or other healthcare professional acting alone or on behalf of you or another physician, clinic or healthcare facility (intended User).

Docs4D Guardian Application” refers to the mobile Docs4D Guardian application for patients who wish to use the services offered by DOCS4D via app.

FrontLine” is the platform operated by DOCS4D that provides digital care concepts (care plans) for the treatment of your registered patients via the Docs4D platform.

Docs4D FrontLine Platform” is the Docs4D web portal intended for professional use by portal users and serves as an interface between portal users and patients as app users.

Docs4D services” means the services, functionalities and other offers that are or could be offered to portal users via the Docs4D FrontLine Platform and/or to App Users via the Docs4D Guardian app.

 

DOCS4D” means DOCS4D GmbH, Germany.

Portal User” means you or any other service provider using the web-based Docs4D Frontline Platform.

Patient Privacy Policy” means the privacy policy that describes the collection, use and storage of the personal (health) information of patients using the Docs4D Guardian app. According to the terms of use, our offer is only aimed at patients aged 18 and over. Accordingly, no personal data of children and adolescents under the age of 18 is stored and processed.

Privacy Policy” means this statement provided to you as a user of the Docs4D FrontLine Platform, which describes how we collect, use and store your personal information and informs you of your broad rights.

Terms of Use” means the terms of use for the use of the Docs4D FrontLine Platform.

PROCESSING OF (TREATMENT) DATA

Docs4D GmbH, a company registered with the District Court of Trier under the registration number HRB 45209 with its registered office at Am Trimmelter Hof 66, 54296 Trier, Germany, offers and operates the interactive web portal Docs4D FrontLine Platform (for healthcare professionals) and the mobile application Docs4D Guardian app (for patients) as access to the Docs4D services. This privacy policy applies to all personal data processed by DOCS4D in connection with the use of the Docs4D FrontLine Platform. For the use of the Docs4D Guardian app by patients, you will find a separate privacy policy for patients here.

WHAT IS PERSONAL DATA

Personal data” means any information that allows a natural person to be identified. This includes but is not limited to your name, birthday, address, telephone number, email address and IP address.

Health data” means personal data relating to the physical or mental health of a natural person, including the provision of healthcare services, from which information about his or her state of health precedes.

Data is to be considered “anonymous” if no personal connection to the person/user can be established.

In contrast, “pseudonymized” data is data from which a personal reference or personally identifiable information is replaced by one or more artificial identifiers or pseudonyms, but which can generally be re-identified by the identifier key. (within the meaning of Art. 4 No. 5 GDPR).

Docs4D PWA App

A progressive web app (PWA) is a website that looks and has the functionality of a mobile app. PWAs are built to take advantage of the native features of mobile devices without the need for an app store. The goal of PWAs is to combine the difference between apps and the traditional web by bringing the benefits of native mobile apps into the browser. The PWA is based on the technology of “React Native for Web”. “React Native for Web” is an open-source software for PWA applications.

To use the Docs4D Guardian mobile App, patients need a computer or smartphone and an active internet connection. There is no need to download an app.

Some of the Docs4D Guardian app services cannot be used within the Docs4D PWA app, see the description below for details. These are the following services or specifications:

 

-Chat with healthcare providers;

-Video;

-Security PIN codes;

-Activity data tracking (e.g. via AppleHealth, GoogleFit, Withings).

The following information about the Docs4D Guardian app also applies to the Docs4D PWA app, unless otherwise described in this section.

 

WHAT PERSONAL DATA IS USED WHEN USING THE DOCS4D GUARDIAN MOBILE APP

 

We may process the following categories of data about you when using the Docs4D Guardian app:

Operational data: Personal data that you provide to us when registering and logging in to our Docs4D FrontLine Platform, when contacting us about issues with the portal or when otherwise interacting with us for the purpose of using the portal.

Treatment data: You collect personal data of your patients, such as name, age, height, weight, indication, symptoms of illness and other information in connection with the treatment of your patients (e.g. in a care plan) in the Docs4D FrontLine Platform. Activity data of your connected patients is made available to you in your Docs4D FrontLine Platform.

Commercial store data: Personal data that is processed by us in the case of using the Docs4D store, either in the context of authorship of care plans or the purchase of care plans. The use of the Docs4D store will require the processing of your name and other contact information as well as payment details (payment information only if the care plan is subject to a fee).

Activity data: Personal data that is processed by us when an app user connects the Docs4D Guardian app to a health application (e.g. AppleHealth, GoogleFit, Withings). Activity data of your connected patients is made available to you in your Docs4D FrontLine Platform.

Commercial and non-commercial research data: We process your personal data in anonymized/pseudonymized form to analyze and produce summary scientific reports in order to improve products, treatments and scientific results.

Product safety data: Personal data that is processed to comply with our legal obligations as the manufacturer of the Docs4D Guardian app as a medical device. In addition, your personal information may be processed in case you report an incident to fulfill legal security or vigilance purposes of medical device or pharmaceutical companies.

Reimbursement data: Personal data required for the reimbursement process.

Docs4D FrontLine Platform:

If the service provider decides to use the blockchain solution, DOCS4D implements an additional tool, called “Adapter Service”, which is used to communicate with the blockchain. The blockchain instance is hosted by DOCS4D.

Docs4D Guardian app:

Patients can connect to the same blockchain instance using the Phone Manager tool, which is also hosted by DOCS4D. This service is also hosted by DOCS4D.

Justification of processing: The processing of data by DOCS4D on behalf of the service provider is carried out based on Art. 28 GDPR (order processing agreement).

 

OPERATIONAL DATA PROCESSING

In case you are a contact person for the operation of the portal at your location/practice (e.g. IT administrator, appointed healthcare professional), you may provide us with certain personal data when you contact us to understand or discuss the features and use of the portal, or in the event of a service request.

In the event of a service request, the following personal data can also be viewed by authorized DOCS4D employees:

Your personal data that you have provided to us for registration and/or login to our portal (e.g. name, date of birth, profile picture, contact details).

Authorized DOCS4D employees who may access your database for the purpose of processing a service request are contractually obligated to keep all personal information strictly confidential.

When processing operational data, DOCS4D acts as a data controller responsible for the lawful processing of your personal data.

Types of Data: e-mail address, date of birth, date of registration, your IP address, pseudo-keys generated by the Portal.

The app uses Google Maps API to use geographic information. When using Google Maps, Google also collects, processes and uses data about the use of the map functions. You can find more detailed information about the scope, legal basis and purpose of data processing by Google as well as the storage period in the Google Privacy Policy.

Purpose of processing operational data: We use the operational data to maintain the functionalities of the Docs4D FrontLine Platform and to contact you directly if necessary or on your initiative (e.g. in the event of changes to terms of use, necessary support, technical problems, etc.). Furthermore, personal data (e-mail address) is required and processed within the framework of two-factor authentication every time you log in to the Docs4D FrontLine Platform.

Justification of processing: The processing of operational data is justified based on Art. 6 para. 1 lit. b GDPR for the performance of the contract that you conclude with DOCS4D for the purpose of using the Docs4D FrontLine Platform.

 

IP GEOLOCATION

We use a geolocation application for our services. We use ipapi (provided by apilayer Data Products GmbH, Elisabethstraße 15/5, 1010 Vienna, Austria) and Geoapify (provided by Keptago Ltd., N. Nikolaidi and T. Kolokotroni ONISIFOROU CENTER 8011 Paphos, Cyprus) to identify the location of patient users. We use it to secure our applications and to verify the location of the patient user to ensure that the use of our services is compliant. We do not combine the information we collect with any other information about the user that could identify them. The data processed by apilayer includes the patient’s IP address and other details about the location. The legal basis for the use is Art. 6 para. 1 lit. f GDPR. The data will be deleted when the associated purpose for which it was collected no longer exists and there is no longer a legal obligation to store it. For more information on their privacy policy, please see https://ipapi.com/privacy/ and Privacy Policy | Geoapify location platform.

 

PROCESSING OF TREATMENT DATA

While using the Docs4D FrontLine Platform, you enter personal (health) data of your patients into the Docs4D FrontLine Platform (e.g. provision of an individual care plan, reminder to take medication, etc.). In addition, you and your patients can upload documents and files to the Docs4D FrontLine Platform and share them with each other. In addition, location functions can be generated and implemented:

  •       Adding a location;
  •       Uploading the logo of the site;
  •       Adding the details of the location;
  •       Upload a privacy policy;

It is possible to create further consent requirements for the patient, for which the patient must give consent in order to connect to the website.

An uploaded privacy policy will be displayed to every patient who connects to the website. All declarations of consent must be documented in the uploaded privacy policy. Once a privacy policy has been uploaded, it can only be replaced by a new version but cannot be deleted.

The files are stored in a cloud database in Germany. You can allow the sharing of such files with other portal users within your institution for medical purposes. Other portal users do not have access to these files.

In accordance with the GDPR, you are responsible for the processing of patients’ health data in the context of the use of the Docs4D services as the data officer.

We process such personal data, including the patient’s health data, under an agreement with you and in accordance with your instructions. Please only process your patients’ data if you have obtained the required data consent from these patients. DOCS4D acts as a data processor in accordance with the separate data processing agreement,

which we have concluded with you based on Art. 28 GDPR.

 

PROCESSING OF COMMERCIAL STORE DATA

Only applicable if you use the Docs4D Store as a Careplan user.

The Docs4D store is integrated into the Docs4D FrontLine Platform and offers the purchase of care plans. After registering with the Docs4D FrontLine Platform, you can connect to the Docs4D store using your login details. You can use the Docs4D store to purchase care plans as a user.

Data of the careplan user:

The data of the careplan user, which the Docs4D Store processes during its use, is processed for the conclusion of a license agreement with the careplan provider – in this case DOCS4D – and, if a fee is due, for the processing and control of the payment transaction between the careplan provider – in this case DOCS4D – and the careplan user.

Types of data: name, contact details, bank account details.

Processing of commercial store data: Personal data that is processed by us in the case of using the Docs4D store as part of the purchase of care plans. In addition, the payment data (if a usage fee is charged) will be forwarded to the careplan provider.

Justification of the processing of commercial store data: The legal basis for the processing of commercial store data is Art. 6 para. 1 lit. b GDPR – the processing of the data serves the performance of the contract between careplan user and careplan provider – in this case DOCS4D.

 

PROCESSING OF ACTIVITY DATA

Only applicable if your connected app users consent to and enable data transfer.

Docs4D tools offer app users the option of connecting the Docs4D Guardian app to certain health apps (e.g. AppleHealth, GoogleFit, Withings) (“Health App“), provided that these are used by the app user and the connection is made by the app user. If the connection is established, activity data collected by the Health App will be provided to you for the purpose of providing additional, contextual information regarding the app user’s activity. Please note that activity data is not validated by Docs4D tools and should therefore not be used for diagnostic purposes as a basis for medical decision-making.

The processing of activity data is the responsibility of your patients.

Types of data: The type and scope of data transferred depend on the decision of the app users. Data may include weight, height, steps taken, calories burned, hours of sleep, heart rate, and blood pressure, among others.

Purpose of processing activity data: App user’s activity data is provided to  you for the purpose of providing additional, contextual information regarding the app user’s activity. Please note that activity data is not validated by Docs4D tools and should therefore not be used for diagnostic purposes as a basis for medical decision-making.

Justification of processing:

The data officer is the patient himself, by giving you access to his activity data for the purpose of reviewing the information shared. Therefore, no further justification is required.

 

PROCESSING OF PRODUCT SAFETY DATA

Only applicable if you use the medical device variant of the Docs4D tools.

The Docs4D FrontLine Platform and the Docs4D Guardian app are classified and marketed as medical devices in accordance with European medical device regulations. As the manufacturer of the Docs4D tool, we must comply with certain legal obligations (e.g. monitoring the functionality of the tool, evaluating incident reports that could be related to the use of the tool, tracking users, etc.). In addition, Docs4D tools allow you to collect personal data about specific medical devices or medicines used in the treatment of your patients. The manufacturers of such medical devices or medicinal products also have legal obligations regarding market surveillance (e.g. collection and evaluation of side effect reports).

DOCS4D is the data controller for the processing of product safety data.

Types of data: case reports, personal data provided in an incident report and results of the assessment, details of the reporter.

Processing of product safety data: We store and evaluate all personal data in connection with our legal obligations as a manufacturer of a medical device and transmit this personal data (if possible after pseudonymization) to competent authorities, notified bodies or other data controllers with supervisory obligations. In addition, we will store and transfer personal data related to medical devices and/or medicines if we receive communications from you as the reporter of such information, from your patient or from a third party (e.g. our distributors or importers of the Docs4D tools in your country) that must be reported to the manufacturer of the product in order for the manufacturer to comply with its legal obligations on product safety.

Justification of the processing of product safety data:

The legal basis for the processing of personal data for the fulfillment of legal obligations as a manufacturer of medical devices or medicinal products is Art. 6 para.1 lit. c, art. 9 para. 2 lit. i GDPR in conjunction with the post-market monitoring obligations under the Medical Devices Act and the Medical Devices Directive (regulated as of 26 May 2021 in Chapter VII of the new Medical Devices Regulation (EU) 2017/745) and/or the Medicines Act.

 

CHANGES TO THE PRIVACY POLICY

Only applicable if you use Docs4D tools for reimbursement.

The Docs4D FrontLine Platform supports you in initiating your standard procedures for reimbursement for the healthcare services provided to your patients via the Docs4D Guardian app. To enable the reimbursement process, the Docs4D FrontLine Platform supports the collection of your patients’ personal (health) data from the Docs4D FrontLine Platform in order to facilitate the transmission of this data to the patient’s cost unit as part of the standard reimbursement processes (either your Association of Statutory Health Insurance Physicians and/or the patient’s health insurance company). You are the data officer for the reimbursement data and responsible for compliance with data protection regulations for the processing of your patients’ personal data in the reimbursement process. DOCS4D acts as a data processor based on the data processing agreement with you as a healthcare provider.

Types of data: patient’s name, diagnosis, indications, treatment, duration of treatment, other data necessary for the management of reimbursement.

Processing of reimbursement data: You, as the officer, transmit the patient’s treatment data required for reimbursement to the cost unit (either your health insurance association and/or the patient’s health insurance company) and the cost unit processes the reimbursement data in order to reimburse you.

Justification of the processing of reimbursement data: The reimbursement data is processed based on §§ 295, 301 SGB V. The processing of the data by DOCS4D for you is also carried out based on Art. 28 GDPR (order processing agreement).

 

WHAT TECHNOLOGY IS USED BY THE DOCS4D FRONTLINE PLATFORM AND THE DOCS4D GUARDIAN APP?

The Docs4D FrontLine Platform works as a web-based tool for which you need a working internet connection and any current version of the internet browser Chrome, Firefox or Safari.

E-mail service

We use Sendgrid (provided by Twilio Inc., 1801 California Street Suite 500, Denver, CO 80202, USA). These e-mail services can be used to organize the sending of e-mails.  Sendgrid is used to send confirmation emails, transaction confirmations, and emails with important information related to requests. The data you enter for the purpose of receiving e-mails is stored on Sendgrid’s servers. When we send emails on your behalf through SendGrid, we use an SSL secured connection.

 

Email communication is used for the following tasks:

 

– Logging in to the web application for the first time;

– Resetting the password for the web application;

– Create an account for the patient application;

– Reset the password for the patient application;

– Generation and sending of a report;

– Replace push notifications with emails for PWA (Progressive Web App) in the following cases:

 

(i) if a Care Plan ends within one day;

(ii) if medication has been assigned;

(iii) if the Privacy Policy has been updated;

(iv) when an appointment is sent to patients and physicians, in particular for the “video call” appointment type;

(v) Any information relating to a “Caretask” or if a Healthcare Provider has assigned a Caretask.

 

Important Explanations of Push Notifications and Emails

As part of your support by Docs4D, we would like to inform you about how we handle notifications and important information that we send you.

 

  1.     Push notifications:
  • Docs4D Guardian app to inform you about tasks, appointments and important updates.
  • You have the option to disable these push notifications in your app’s settings.

 

  1.     Email notifications:
  • Whether you have enabled or disabled push notifications, we will continue to send you important information and reminders via email.
  • This ensures that you don’t miss any important notifications and that your support runs smoothly.

Why we do this:

  •       Our goal is that you are always informed about your tasks and important updates to optimally support your care.
  •       Emails are a reliable way to ensure that important information reaches you, even when push notifications are disabled.

Your options for action:

  •       If you do not want to receive push notifications, you can deactivate them in the settings of the Docs4D Guardian app.
  •       Please ensure that your email address is accurate and up-to-date to ensure the smooth receipt of our messages.
  •       If you do not want to receive email reminders, you can deactivate them in the settings of the Docs4D Guardian app.

Storage period

The data you provide to us to receive emails will be stored by us until you log out of our services and will be deleted from both our servers and Sendgrid’s servers after you log out.

 

SendGrid

https://sendgrid.com/resource/general-data-protection-regulation-2/

 

Visible

This is an open-source web analysis tool. Matomo (provided by InnoCraft Ltd., New Zealand) does not transmit data to servers outside of DOCS4D’s control. Matomo is initially disabled when you use our services. Only if you agree, your user behavior will be recorded anonymously. If deactivated, a “persistent cookie” will be stored, if your browser settings allow it. This cookie signals to Matomo that you do not want your browser to be recorded.

The usage information collected by the cookie is transmitted to our servers and stored there so that we can analyze user behavior.

 

The information generated by the cookie about your use is:

– User operating system;

– User geolocation;

– Browser;

– Role;

– IP address;

– Sites visited via web / PWA (for more information, see the section on PWA in this Privacy Policy);

– buttons that the user clicks on in the Docs4D FrontLine Platform, in the Docs4D Guardian app and in the Docs4D PWA.

 

The information generated by the cookie will not be passed on to third parties.

You can refuse the use of cookies by selecting the appropriate settings in your browser. However, please note that you may not be able to use all the features in this case. For more information, please visit: https://matomo.org/privacy-policy/

The legal basis for the processing of users’ personal data is Art. 6 para. 1 sentence 1 lit. a GDPR. The processing of users’ personal data enables us to analyse usage behaviour. By evaluating the data obtained, we are able to compile information about the use of the individual components of our services. This helps us to continuously improve our services and their usability.

We process and store personal data only for as long as is necessary to fulfil the intended purpose.

 

SECURE TRANSFER OF PERSONAL DATA

We use appropriate technical and organizational security measures to optimally protect the personal data stored by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. The security levels are continuously reviewed in cooperation with security experts and adapted to new security standards.

The data exchange from and to the portal as well as from and to the app is encrypted. We offer SSL as an encryption protocol for secure data transmission. The data exchange is also encrypted throughout and is carried out with pseudo-keys.

 

DATA TRANSFERS / DISCLOSURE TO THIRD PARTIES

We will only pass on your personal data to third parties within the framework of the legal provisions or on the basis of your consent. In all other cases, the information will not be disclosed to third parties, unless we are obliged to do so due to mandatory legal regulations (disclosure to external bodies, including supervisory or law enforcement authorities).

Any transmission of personal data is encrypted during transmission.

The information on how we handle the personal (health) data of your patients who use the Docs4D Guardian app is summarized in a separate privacy policy for the Docs4D Guardian app. You can find this privacy policy for patients here. Please also read this patient privacy policy carefully. For some of the processing of patient data, you are the data officer and responsible for compliance with data protection (e.g. transmission of treatment data to the patient).

 

GENERAL INFORMATION ON CONSENT TO DATA PROCESSING

Your consent also constitutes consent to data processing under data protection law. Before granting us your consent, we will inform you about the purpose of the data processing and your right to object.

If the consent also relates to the processing of special categories of personal data, the Docs4D FrontLine Platform will expressly inform you of this as part of the consent procedure.

Processing of special categories of personal data pursuant to Art. 9 para. 1 GDPR may only take place if this is necessary due to legal provisions and there is no reason to assume that your legitimate interests preclude the processing of this personal data or that you have given your consent to the processing of this personal data in accordance with Art. 9 para. 2 GDPR.

For the data processing for which your consent is required (as explained in this Privacy Policy), consent will be obtained as part of the registration process. After successful registration, the consents can be managed in the account settings of the Docs4D FrontLine Platform. In addition, DOCS4D will ask you to agree to a data processing agreement for the data processed by DOCS4D under your responsibility as a data controller.

 

DATA RECIPIENTS / CATEGORIES OF RECIPIENTS

In our organization, we ensure that only those persons who are obliged to do so in order to fulfill their contractual and legal obligations are entitled to process personal data.

In certain cases, service providers support our specialist departments in the fulfillment of their tasks. The necessary data protection agreements have been concluded with all service providers who are data processors for personal data. These service providers are Google (Google Firebase) cloud storage providers and support service providers.

Google Firebase is a “NoSQL database” that enables synchronization between the Docs4D FrontLine Platform and your patient’s Docs4D Guardian app. NoSQL defines a mechanism for storing data that is not only modeled in tabular relationships by allowing easier “horizontal” scaling compared to tabular/relational database management systems in a cluster of machines.

For this purpose, a pseudo-key of the Docs4D FrontLine Platform and the Docs4D Guardian app is stored in Google Firebase together with the corresponding care plan. The data transfer is pseudonymized for DOCS4D and its service providers, which means that DOCS4D and its service providers cannot establish a relationship with you as a data subject. This is achieved by encrypting the data during the transfer and using pseudo-keys to track these transfers instead of personal identifiers such as names or e-mail addresses.  Re-identification takes place as soon as the personal data has reached the patient account in the Docs4D Guardian app or in your account in the Docs4D FrontLine Platform after verification by specific tokens.

Our cloud storage providers offer cloud storage in which the Firebase manager, which manages the Firebase URLs for the Docs4D FrontLine Platform, is stored. In addition, these service providers provide the isolated server domain of the Docs4D FrontLine Platform, in which your personal data as well as that of your patient is stored.  It also hosts Docs4D’s video and file management service, which enables encrypted video conferencing and data exchange between you and your patient. Access to your personal data by you and your patient is ensured by sending specific tokens. This personal data is encrypted during the transfer and pseudonymized for DOCS4D and its service providers during the transfer and at rest. DOCS4D service providers do not have access to this personal data at any time.

Furthermore, we use service providers to process service requests (support service providers) regarding the use of the account, for example, if you have forgotten your password, want to change your stored e-mail address, etc. The necessary order processing agreements have been concluded with these service providers; furthermore, the employees entrusted with the processing of service requests were trained accordingly. Upon recieving your service request a ticket number will be assigned to it.

If it is a service request regarding your account usage, the relevant information that you have provided to us when contacting us will be forwarded to one of the authorized employees of the external service. They will then contact you.

Otherwise, it will remain processed by specially approved DOCS4D staff, as described under “PROCESSING OF OPERATIONAL DATA”.

Through our support service providers, we use the tool RepairCode, also known as Digital Twin Code. This is a customer experience platform for dealing with external feedback with the ability to create support tickets. Here you will find the

Privacy Policy: https://app.repaircode.de/?main=main-client – Legal/privacy.

 

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

Personal data collected by the Docs4D FrontLine Platform or the Docs4D Guardian app is not stored in the app stores. Personal data will only be transferred to third countries (outside the European Union or the European Economic Area) if this is necessary for the fulfilment of the contractual obligation, is required by law or you have given us your consent.

Synchronization of the Docs4D FrontLine Platform with the Docs4D Guardian app takes place with the help of Google Firebase. Google Firebase servers are hosted in the European Union. Nevertheless, according to the general Google Firebase terms and conditions, a temporary data transfer to countries in which Google and related service providers have branches is possible; for certain Google Firebase services, data is only transferred to the USA, unless processing takes place in the European Union or the European Economic Area. Unauthorized access to your data is prevented by end-to-end encryption and secure access tokens. Our online servers are hosted in Germany. For analysis purposes, the emails sent with SendGrid contain a so-called “tracking pixel” that connects to Sendgrid’s servers when the email is opened. This can be used to determine whether an e-mail message has been opened.

 

Legal basis

Data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. The lawfulness of the data processing operations that have already taken place remains unaffected by the revocation.

Please note that your data will usually be transmitted by us to a SendGrid server in the USA and stored there. We have concluded a contract with Sendgrid that contains the EU Standard Contractual Clauses. This ensures that there is a level of protection comparable to that of the EU.

To process activity data, interfaces to Google Cloud services (in the case of GoogleFit) or to AppleHealth or Withings are used within the App User‘s mobile device. Docs4D tools use these interfaces, which are provided by Google, Apple and Withings, to request activity data from the connected health applications. The enquiry sent by Docs4D tools does not contain any personal data. Personal data is made available to the Docs4D tools via these interfaces.

 

DURATION OF STORAGE OF PERSONAL DATA

We will retain your personal data for as long as it is needed for the purpose for which it is processed. Please note that numerous retention periods require the continued storage of personal data. This applies in particular to retention obligations under commercial or tax law.

Please note that DOCS4D is also subject to retention obligations, which are contractually agreed with you based on the legal provisions. In addition, due to the classification and, if applicable, your use of the Docs4D FrontLine Platform and the Docs4D Guardian app as a medical device, certain retention periods apply to the portal, which result from the Medical Devices Act. If there are no other retention obligations, the personal data will be routinely deleted as soon as the purpose has been achieved.

In addition, we may retain personal data if you have given us your consent to do so or if litigation arises and we use evidence within the statutory limitation periods, which can be up to 30 years; the regular limitation period is three years.

YOUR RIGHTS AS A DATA SUBJECT

Various personal data are necessary for the establishment, execution and termination of the contractual relationship and the fulfillment of the associated contractual and legal obligations. The same applies to the use of our Docs4D FrontLine Platform and the various functions it offers.

In certain cases, personal data must also be collected or made available in accordance with the legal provisions. Please note that without providing this personal data, it is not possible to process your request or fulfill the underlying contractual obligation.

 

AUTOMATED DECISIONS IN INDIVIDUAL CASES

We do not use purely automated processing to make decisions.

 

YOUR RIGHTS AS A PERSON CONCERNED

We would like to inform you about your rights as a data subject. These rights are set out in Articles 15 – 22 GDPR and include:

Right of access (Art. 15 GDPR): You have the right to request information about whether and how your personal data is being processed, including information about the purposes of processing, recipients, storage period, as well as your rights to rectification, deletion and objection. You also have the right to receive a copy of any personal data we hold about you.

Right to erasure / right to be forgotten (Art. 17 GDPR): You can ask us to delete your personal data collected and processed by us without undue delay. In this case, we will ask you to delete the Docs4D FrontLine Platform from your computer. Please note, however, that we can only delete your personal data after the expiry of the statutory retention periods.

Right to rectification (Art. 16 GDPR): You can ask us to update or correct inaccurate personal data concerning you or to complete incomplete personal data.

Right to data portability (Art. 20 GDPR): In principle, you can request that we provide you with personal data that you have provided to us and that is processed automatically based on your consent or the performance of a contract with you in machine-readable form so that it can be “ported” to a substitute service provider.

Right to restriction of data processing (Art. 18 GDPR): You have the right to request the restriction of the processing of your personal data if the accuracy of the data is contested, the processing is unlawful, the data is needed for legal claims or an objection to the processing is being examined.

Right to object to data processing (Art. 21 GDPR): You have the right to object to our use of your personal data and to withdraw your consent at any time if we process your personal data based on your consent. We will continue to provide our services if they are not dependent on withdrawn consent.

To exercise these rights, please contact us at: privacy@docs4d.com. Objection and revocation of consent must be declared in text form to privacy@docs4d.com .

We will require you to provide sufficient proof of your identity to ensure that your rights are protected and that your personal data will only be disclosed to you and not to third parties.

Please also contact us at any time at privacy@docs4d.com  if you have any questions about data processing in our company or if you would like to withdraw your consent. You also have the right to contact the competent data protection supervisory authority.

DATA PROTECTION SUPERVISOR

You can reach our data protection officer to answer all questions about data protection at privacy@docs4d.com.

 

CHANGES TO THE PRIVACY POLICY

We expressly reserve the right to change this Privacy Policy in the future at our sole discretion. Changes or additions may be necessary, for example, to meet legal requirements, to comply with technical and economic developments, or to meet the interests of app or portal users.

Changes are possible at any time and will be communicated to you in an appropriate manner and in a reasonable timeframe before they become effective (e.g. by posting a revised Privacy Policy at login or by giving advance notice of material changes).

 

DOCS4D GmbH

Mailing address

Am Trimmelter Hof 66

54296 Trier, Germany

T | +49 (0) 651 17084514

E | privacy@Docs4D.com

 

Contact information of the Data Protection Officer

privacy@Docs4D.com

 

In case of questions of interpretation or disputes, only the German version of the Privacy Policy shall be binding and authoritative.

Last updated on January 18, 2025.

1. PRIVACY AT A GLANCE

General Information

Good day and welcome to our beautiful website. Our privacy policy gives you a simple overview of the type, scope, and purpose of collecting and processing personal data when visiting and using our online presence, the associated websites, features, and content as well as external online presentations. Our privacy policy is based on terms used by the European General Data Protection Regulation (GDPR) as well as the new Federal Data Protection Act (BDSG). You can view the corresponding definitions of terms (Art. 4 GDPR) for example at Art. 4 GDPR Definitions.

 

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is done by the website operator. You can find the operator’s contact details in the “Information about the responsible body” section of this privacy policy.

 

How do we collect your data?

Your data is collected in several ways:

 

  • Direct provision: Data that you provide to us, e.g., by entering information in a contact form.
  • Automated collection: Technical data (e.g., internet browser, operating system, or time of page access) collected by our IT systems when you visit the website, with your consent where necessary.

 

What do we use your data for?

 

  • To ensure the error-free provision of the website.
  • To analyze user behavior and improve our offerings.

 

What rights do you have regarding your data?

 

  • The right to obtain information about the origin, recipient, and purpose of your stored personal data free of charge at any time.
  • The right to request the correction or deletion of this data.
  • The right to withdraw consent for data processing at any time.
  • The right to request the restriction of the processing of your personal data in specific circumstances.
  • The right to lodge a complaint with the competent supervisory authority.

 

For further questions, contact us at: info@docs4d.com.

 

  1. GENERAL INFORMATION AND MANDATORY INFORMATION

 

Data protection

 

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done. We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may have security vulnerabilities. Complete protection of data from access by third parties is not possible.

 

Note on the responsible body

The responsible body for data processing on this website is:

 

Docs4D GmbH

Represented by Dr. Alexandros Paraforos

Am Trimmelter Hof 66

54296 Trier

Email: privacy@docs4d.com

 

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).

 

Storage Duration

Unless specified, your data will be stored until the purpose of processing ceases. Retention for legal reasons (e.g., tax compliance) will follow the statutory requirements (§ 257 HGB, § 147 AO).

 

Legal Basis for Data Processing

  • Art. 6(1)(a) GDPR: Consent-based processing.
  • Art. 6(1)(b) GDPR: Processing necessary for contractual obligations.
  • Art. 6(1)(c) GDPR: Legal obligations.
  • Art. 6(1)(f) GDPR: Legitimate interests.

 

General information on the legal basis for data processing on this website

 

If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR, if special categories of data are processed according to Art. 9 (1) GDPR. In the event of explicit consent to the transfer of personal data to third countries, data processing also takes place on the basis of Art. 49 (1) lit. a GDPR. If you have consented to the storage of cookies or access to information on your terminal device (e.g. via device fingerprinting), data processing is also carried out on the basis of § 25 (1) TDDDG. The consent can be revoked at any time. If your data is necessary for the fulfillment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 (1) lit. b GDPR. Furthermore, we process your data if this is necessary to fulfill a legal obligation based on Art. 6 (1) lit. c GDPR. Data processing may also be based on our legitimate interest according to Art. 6 (1) lit. f GDPR. Information about the relevant legal bases is provided in the following paragraphs of this privacy policy.

 

Data protection officer

 

We have appointed a data protection officer.

 

Data Protection Officer

 

Docs4D GmbH

Represented by Dr. Alexandros Paraforos

Am Trimmelter Hof 66

54296 Trier

Email: privacy@docs4d.com

 

  1. COOKIE CONSENT AND ANALYTICS

 

Cookie Banner

Our website uses a cookie banner for consent to tracking and non-essential cookies, as required by TTDSG. You can adjust preferences via the banner.

Google Analytics
We use Google Analytics (provider: Google Ireland Limited).

  • Purpose: Analyze visitor behavior and improve services.
  • Legal Basis: Art. 6(1)(a) GDPR. Consent can be revoked anytime.
  • Data Transfers: Protected by EU Standard Contractual Clauses (SCCs).

Browser Plugin: Google Opt-Out Plugin.
Privacy Policy: Google Privacy Policy.

 

  1. DATA TRANSFER TO THIRD COUNTRIES

 

EU-US Data Privacy Framework
Some tools used on our website (e.g., Google Analytics, LinkedIn) may transfer data to the USA or other third countries.

  • Transfers are only made to DPF-certified companies or under EU-approved safeguards like SCCs.

For details, visit: EU-US Data Privacy Framework.

Notice on the transfer of data to data protection-insecure third countries as well as

the transfer to US companies that are not DPF certified

We use, among other things, tools from companies based in third countries that are not secure in terms of data protection, as well as US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). If these tools are active, your personal data may be transferred to and processed in these countries. We would like to point out that no level of data protection comparable to that of the EU can be guaranteed in third countries that are not secure in terms of data protection. We would like to point out that, as a rule, the USA as a secure third country generally has a level of data protection comparable to that of the EU. A transfer of data to the USA is therefore permissible if the recipient is certified under the “EU-US Data Privacy Framework” (DPF) or has appropriate additional guarantees. Information on transfers to third countries, including the recipients of the data, can be found in this privacy policy.

 

Recipient of personal data/Order processing

 

As part of our business activities, we work with various external entities. In some cases, it is necessary to transfer personal data to these external entities. We only pass on personal data to external entities if it is necessary for the fulfillment of a contract, if we are legally obligated to do so (e.g. disclosure of data to tax authorities), if we have a legitimate interest under Art. 6 para. 1 lit. f GDPR in the disclosure, or if another legal basis allows the transfer of data.

When using data processors, we only pass on personal data of our customers based on a valid data processing agreement. If we commission third parties to process data based on a data processing agreement, this is done on the basis of Art. 28 GDPR. These are carefully selected and commissioned by us, are bound by our instructions, and are regularly checked.

In the case of joint processing, a contract for joint processing in accordance with Art. 26 GDPR is concluded.

 

  1. YOUR RIGHTS

You have the following rights:

 

  • Access (Art. 15 GDPR): Know if we process your data and obtain a copy.
  • Rectification (Art. 16 GDPR): Correct inaccurate or incomplete data.
  • Erasure (Art. 17 GDPR): Request deletion unless legally required otherwise.
  • Restriction (Art. 18 GDPR): Restrict processing under certain conditions.
  • Data Portability (Art. 20 GDPR): Receive your data in a machine-readable format.
  • Objection (Art. 21 GDPR): Object to data processing based on legitimate interests or direct marketing.

 

To exercise your rights, contact us:privacy@docs4d.com.

 

  1. INFORMATION, CORRECTION AND DELETION

 

You have the right to obtain free information at any time in accordance with applicable legal provisions pursuant to Art. 15 GDPR about your stored personal data, their origin and recipients, and the purpose of data processing, as well as, if applicable, a right to rectification or erasure of this data. In accordance with legal requirements in Germany, data is stored for a period of 6 years in particular pursuant to § 257 (1) HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting records, etc.) and for a period of 10 years pursuant to § 147 (1) AO (books, records, management reports, accounting records, commercial and business letters, documents relevant for taxation, etc.). You can contact us at any time regarding this as well as other questions about personal data.

 

  1. RIGHT TO RESTRICTION OF PROCESSING

 

You have the right to request the restriction of processing of your personal data. To do this, you can contact us at any time. The right to restrict processing exists in the following cases:

 

  • If you dispute the accuracy of your personal data stored with us, we usually need time to review this. During the review period, you have the right to request the restriction of processing of your personal data.
  • If the processing of your personal data has/had happened unlawfully, you can request the restriction of data processing instead of deletion.
  • If we no longer need your personal data, but you need it for the exercise, defense, or assertion of legal claims, you have the right to request the restriction of processing of your personal data instead of deletion.
  • If you have objected pursuant to Art. 21 para. 1 GDPR, a balancing of your interests and ours must be undertaken. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of processing of your personal data.

 

If you have restricted the processing of your personal data, these data may only be processed – apart from their storage – with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

 

  1. WITHDRAWAL OF YOUR CONSENT TO DATA PROCESSING

 

Many data processing operations are only possible with your explicit consent. You can revoke any consent given at any time. The legality of data processing until revocation remains unaffected by the revocation.

 

  1. RIGHT TO OBJECT TO DATA COLLECTION IN SPECIAL CASES AND TO DIRECT ADVERTISING (ART. 21 GDPR)

 

IF DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION DECLARATION. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR). IF YOUR PERSONAL DATA IS BEING PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR). You can inform us of your objection using the following contact details:

 

Docs4D GmbH

Represented by Dr. Alexandros Paraforos

Am Trimmelter Hof 66

54296 Trier

Email: privacy@docs4d.com

 

  1. RIGHT TO DATA PORTABILITY

 

You have the right to have data, which we process automatically on the basis of your consent or in fulfillment of a contract, handed over to yourself or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.

 

  1. RIGHT TO LODGE A COMPLAINT WITH THE COMPETENT SUPERVISORY AUTHORITY

 

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

You can contact the responsible state data protection officer at:

The state data protection officer for data protection and freedom of information in Rheinland-Pfalz:

Hintere Bleiche 34
55116 Mainz

Telefon: +49 (0) 6131 8920-0
Telefax: +49 (0) 6131 8920-299

Webseite: https://www.datenschutz.rlp.de/
E-Mail: poststelle@datenschutz.rlp.de

 

  1. OBJECTION TO ADVERTISING EMAILS

 

The use of contact data published in the context of the imprint obligation for sending unsolicited advertising and informational materials is hereby rejected. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of promotional information, such as spam emails.

 

Server log files

 

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

 

  • Browser type and browser version
  • operating system used
  • Referrer URL
  • hostname of the accessing computer
  • time of the server request
  • IP address

These data will not be merged with other data sources.

The collection of this data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website – for this purpose, the server log files must be recorded.

 

SSL or TLS encryption

 

This page uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

 

Encrypted payment transactions on this website

 

Is there an obligation to provide us with your payment details (e.g. account number for direct debit) after concluding a paid contract, these data will be necessary for payment processing.

The payment transactions using the common payment methods (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

In the case of encrypted communication, your payment data that you transmit to us cannot be read by third parties.

 

Contact form

 

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not share this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR, if your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; the consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after completion of processing your request). Mandatory legal provisions – in particular retention periods – remain unaffected.

 

Inquiry by email, phone or fax

 

If you contact us by email, phone, or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your concern. We do not disclose this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b DSGVO, provided your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO) if this has been requested; the consent can be revoked at any time.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent for storage, or the purpose for data storage ceases to apply (e.g., after completed processing of your concern). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

 

  1. HOSTING AND CONTENT DELIVERY NETWORKS (CDN)

 

In order to provide our online services securely and efficiently, we use the services of one or more web hosting providers, from whose servers (or servers managed by them) the online services can be accessed. For these purposes, we may utilize infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services. We host the contents of our website with the following provider:

 

DomainFactory

We use the web hosting service of Domainfactory for our website. The service provider is the German company.

DomainFactory GmbH
c/o WeWork
Neuturmstrasse 5
80331 München
Deutschland

Tel: +49 89 998 288 026

Fax: +49 89 1208 8320E

Mail: support@df.eu

 

DomainFactory is a full-service provider from München, which also operates its own servers in a data center in Germany. The use of webgo is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the most reliable presentation of our website. If the corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

For more information, please refer to webgo’s privacy policy:

https://www.df.eu/de/datenschutz/

 

order processing

We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

 

  1. SOCIAL MEDIA

 

Social media elements with Shariff

 

On this website, elements of social media are used (e.g. Facebook, Twitter, Instagram, Pinterest, XING, LinkedIn, Tumblr).

You can generally recognize the social media elements by their respective social media logos. To ensure data protection on this website, we only use these elements in conjunction with the so-called ‘Shariff’ solution. This application prevents the social media elements integrated on this website from transmitting your personal data to the respective provider as soon as you enter the page.

Only when you activate the respective social media element by clicking on the associated button, a direct connection to the server of the provider is established (consent). Once you activate the social media element, the respective provider receives information that you have visited this website with your IP address. If you are simultaneously logged into your respective social media account (e.g. Facebook), the respective provider can associate the visit to this website with your user account.

Activating the plugin constitutes consent within the meaning of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. You can withdraw this consent at any time with effect for the future.

The use of the service is to obtain the legally required consents for the use of certain technologies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

 

LinkedIn

 

This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Each time a page of this website containing elements from LinkedIn is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited this website with your IP address. If you click on the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn is able to associate your visit to this website with you and your user account. We would like to point out that as the provider of these pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn.

If consent has been obtained, the use of the above service is based on Art. 6 para. 1 lit. a DSGVO and § 25 TDDDG. The consent can be revoked at any time. If no consent has been obtained, the service is used based on our legitimate interest in the most comprehensive visibility in social media.

Data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found here:

https://www.linkedin.com/help/linkedin/answer/62538/data-transfers-from-the-eu-the-eea-and-switzerland?lang=en

https://www.linkedin.com/help/linkedin/answer/62538/data-transfers-from-the-eu-the-eea-and-switzerland?lang=en

For more information, please refer to LinkedIn’s Privacy Policy:

https://www.linkedin.com/legal/privacy-policy.

 

  1. ANALYSIS TOOLS AND ADVERTISING

 

Google Analytics

 

This website uses features of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics allows the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, dwell time, operating systems used, and the user’s origin. This data is summarized in a user ID and assigned to the respective end device of the website visitor.

Furthermore, we can record your mouse and scroll movements and clicks with Google Analytics, among other things. Google Analytics also uses various modeling approaches to supplement the collected data sets and employs machine learning technologies in data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information about the use of this website collected by Google is usually transferred to a server of Google in the USA and stored there.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. The consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA which is supposed to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to comply with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-

search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

 

Browser Plugin

 

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link:

https://tools.google.com/dlpage/gaoptout?hl=en.

For more information on how Google Analytics handles user data, please refer to Google’s privacy policy:

https://support.google.com/analytics/answer/6004245?hl=en.

 

 

  1. PLUGINS AND TOOLS

 

YouTube with enhanced privacy

 

This website embeds videos from the YouTube website. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in the extended data protection mode. According to YouTube, this mode means that YouTube does not store information about visitors to this website before they watch the video. However, the extended data protection mode does not necessarily exclude the transfer of data to YouTube partners. So, irrespective of whether you watch a video, YouTube establishes a connection to the Google DoubleClick network.

Once you start a YouTube video on this website, a connection to the YouTube servers is established. The YouTube server is informed about which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to directly associate your surfing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, after starting a video, YouTube may store various cookies on your device or use similar recognition technologies (e.g. device fingerprinting). This allows YouTube to obtain information about visitors to this website. Among other things, this information is used to capture video statistics, improve user-friendliness, and prevent fraud attempts.

Following the start of a YouTube video, additional data processing operations may be triggered over which we have no influence.

The use of YouTube is in the interest of an attractive presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If the corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, to the extent that the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

Further information on data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=en.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which aims to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

 

Google Fonts (local hosting)

 

This page uses Google Fonts for consistent font display, provided by Google. The Google Fonts are installed locally. There is no connection to Google servers.

For more information about Google Fonts, visit

https://developers.google.com/fonts/faq and Google’s privacy policy:

https://policies.google.com/privacy?hl=en.

 

Google Tag Manager

 

For our website we use the Google Tag Manager from the company Google Inc.. For the European region, the company responsible is Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland). This Tag Manager is one of many helpful marketing products from Google, with which we can centrally incorporate and manage code snippets from various tracking tools that we use on our website. We have a legitimate interest in analyzing the behavior of website visitors in order to improve our offer technically and economically. The legal basis for this is Art. 6 para. 1 lit. f GDPR. Google also processes data from you, among other things, in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data to the USA. More information can be found at: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Google also uses so-called standard contractual clauses (Art. 46 para. 2 and 3 GDPR), which are model templates provided by the EU to ensure European data protection standards for data transfer to third countries (such as the USA). Through the EU-US Data Privacy Framework and the standard contractual clauses, Google undertakes to comply with European data protection standards in data processing.

These clauses are based on the decision of the European Commission:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

Find more information here:

https://policies.google.com/privacy?hl=de?tid=331722842100

 

Order processing

 

We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This is a legally required contract that ensures that it processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

 

  1. ECOMMERCE AND PAYMENT PROVIDERS

 

Processing of customer and contract data

 

We collect, process and use personal customer and contract data to establish, design and modify our contractual relationships. We collect, process and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill for it. The legal basis for this is Art. 6 para. 1 lit. b GDPR. The collected customer data will be deleted after the order has been completed or the business relationship has ended and any statutory retention periods have expired. Statutory retention periods remain unaffected.

 

Data transmission when concluding a contract for online shops, merchants and goods shipping

 

If you order goods from us, we will pass on your personal data to the transport company responsible for delivery and to the payment service provider entrusted with payment processing. Only data that the respective service provider needs to fulfill its task will be disclosed. The legal basis for this is Art. 6 para. 1 lit. b GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures. If you have given corresponding consent in accordance with Art. 6 para. 1 lit. a GDPR, we will pass on your email address to the transport company responsible for delivery so that it can inform you by email about the shipping status of your order; you can revoke the consent at any time.

 

Data transmission during conclusion of contract for services and digital content

 

We only pass on personal information to third parties if this is essential for the execution of a contract, for example to the financial institution responsible for payment processing. There is no additional disclosure of the data unless you have expressly consented to the disclosure. Your data will not be disclosed to third parties without your express consent, for example for advertising purposes. The legal basis for data processing is Art. 6 para. 1 lit. b GDPR, which allows the processing of data for the performance of a contract or for pre-contractual measures. Medical services: We process the information of our patients and interested parties as well as other clients or contractual partners (hereinafter referred to as “patients”) in order to be able to offer our services. The processed data and their scope, purpose and necessity are based on the respective contractual and patient relationship. In the course of our work, we may also process special categories of data, in particular health information of the patients, possibly concerning their sexual life or sexual orientation, data relating to race and ethnic origin, political opinions, religious or philosophical beliefs or trade union membership. If necessary, we obtain explicit consent from the patients and otherwise process the special categories of data for the purpose of health care or to protect the vital interests of the patients. If it is necessary for the performance of the contract, the protection of vital interests or is legally required, or if consent of the patients exists, we disclose or transmit the patient data to third parties or agents such as authorities, medical facilities, laboratories, billing services, as well as service providers in the IT sector, in office organization or similar services, in compliance with professional regulations.

 

Using our webshop

 

If you want to place an order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we need for the processing of your order. Mandatory information required for the processing of contracts is marked separately, further information is voluntary. We process the data you provide to process your order. For this purpose, we may pass on your payment data to our house bank. The legal basis for this is Art. 6 (1) sentence 1 lit. b) GDPR.

[OPTIONAL: You can voluntarily create a customer account through which we can store your data for future purchases. If an account is created under “My Account”, the data provided by you will be stored revocably. All further data, including your We may also process the data you provide to inform you about other interesting products from our portfolio or to send you emails with technical information. Due to commercial and tax law requirements, we are obliged to store your address, payment, and order data for a period of ten years. However, after two years, we restrict the processing, i.e. your data will only be used to comply with legal obligations. To prevent unauthorized access by third parties to your personal data, especially financial data, the ordering process is encrypted using TLS technology.

 

Timeliness and amendment of this privacy policy

 

This privacy policy is currently valid and has the status of Noveber 2024. Due to the further development of our website and offers thereon or due to changed legal or regulatory requirements, it may be necessary to change this privacy policy. The current privacy policy can be accessed and printed at any time on the website at https://www.docs4d/General Terms & Conditions

en_USEnglish