We herewith wish to inform you about the processing of personal data by Berlin Heart, in particular when you are using our website. We process personal data (e.g. name, address, e-mail address and telephone number of a data subject) in accordance with the applicable law, in particular the General Data Protection Regulation (GDPR) and the German Data Protection Law (BDSG).
Controller in the sense of Art. 4 para. 7 GDPR is:
Berlin Heart GmbH
Represented by the directors Sven-René Friedel, Dr. Ares K. Menon
12247 Berlin Germany
Tel: +49 30 8187 2600
Fax: +49 30 8187 2601
You may contact our Data Protection Officer as follows:
Berlin Heart GmbH
- attn. the Data Protection Officer -
Tel: +49 30 8187 2106
The mere informatory use of our website only leads to a processing of personal data that are transmitted by your internet browser to our server. While visiting our website we process the following data. This is technically necessary for us in order to display the website and to safeguard its stability and security (legal basis: Art. 6 para. 1 phr. 1 lit. f GDPR):
When you are entering into personal contact with us by e-mail, letter, contact form or in another way we will process the transmitted data (e.g. your e-mail address, your name and/or your telephone number) in order to process and/or answer your request (legal basis: Art. 6 para. 1 phr. 1 lit. a, f GDPR). The data processed in this context will be deleted as soon as their storage is no longer necessary or we restrict the processing if we have to fulfill a legal obligation to retain such data.
5.1 Our website offers a secured user section, exclusively for certain user groups (inter alia clinics, distributors, patients), which provides such users access to additional, in particular product-specific information. If you belong to one of these user groups and wish to register a user account, you must fill in the information required in the registration form and register with a freely chosen password.
5.2 For registration we are using the so-called double-opt-in process. This means, your registration is only completed if you have priorly confirmed your registration by clicking on the link in the confirmation e-mail we will send to you for this purpose. If you do not confirm within 24 hours, your application will be automatically deleted from our database.
5.3 If you are using our portal, we will process your data necessary for the fulfilment of the contract until you permanently delete your account. Furthermore, we will process the data you have transferred to us on a voluntary basis for the time you are using the portal, unless you have deleted them before. You may manage and change all data in the secured user section. The data necessary for registration will be highlighted, other information is voluntary. Legal basis is Art. 6 para. 1 phr. 1 lit. b GDPR; for the voluntarily provided data: Art. 9 para. 2 lit. a GDPR for data concerning health, for other data Art. 6 para. 1 phr. 1 lit. a GDPR.
5.4 The connection is secured with TLS technology, in order to prevent third parties from unauthorized access to your personal data.
9.1 If data of a patient is transmitted to Berlin Heart, e.g. by contract partners (in particular by clinics where the patient receives the medical treatment), Berlin Heart will immediately pseudonymize or anonymize the patient’s data.
9.2 The patient’s data (including data concerning health) will only be processed by Berlin Heart, if this is permitted according to statutory provisions.
9.3 This is particularly the case if the patient has given his/her explicit consent to the processing of personal data for the purposes mentioned in the declaration of consent. Legal basis is Art. 9 para. 2 lit. a GDPR (for data concerning health), for other data Art. 6 para. 1 phr. 1 lit. a GDPR.
9.4 In addition, we will process personal data for necessary measures of quality assurance (Legal basis for data concerning health: Art. 9 para. 2 lit. h, i GDPR as well as § 22 para. 1 No. 1 lit. b, c BDSG – German Federal Data Protection Act; for other data: Art. 6 para. 1 phr. 1 lit. f GDPR) and the eventually necessary medical support of the patient, especially in case of emergency (Legal basis for data concerning health: Art. 9 para. 2 lit. c, h; for other data: Art. 6 para. 1 phr. 1 lit. a, f GDPR).
9.5 As a producer of medical devices Berlin Heart also has to fulfill legal reporting obligations towards public regulatory authorities. As an example, this applies for (adverse) events that may have led to a serious deterioration in the state of a patient’s health. These reporting obligations are also applicable towards public authorities in third countries (countries outside the European Union). We will only transfer patient data in a pseudonymized or, if possible and legally permitted, anonymized form (Legal basis for data concerning health: Art. 9 para. 2 lit. f, h, i GDPR as well as § 22 para. 1 No. 1 lit. b, c BDSG – German Federal Data Protection Act; for other data: Art. 6 para. 1 phr. 1 lit. a, f GDPR).
13.1 With respect to your personal data you have the following rights:
13.2 You may withdraw your consent at any time for the future without providing reasons.
13.3 If you think that we have not duly observed your rights, you are entitled to lodge a complaint with the supervisory authority concerning our processing of your personal data. However, before lodging a complaint, we would be happy if you could inform us about your criticism so that we are able to remedy the grounds of your complaint.
14.1 We process your data only for the period of time that is necessary to achieve the respective storage purpose or if we following our legal obligations. All server log files (including your IP-address) will be automatically erased within 14 days.
14.2 We will erase your personal data if the processing purpose or the legal storage obligation ceases to exist. Therefore, you don’t have to take any actions to this end.
15.2 You may configure your browser preferences according to your demands and, for example, prevent the acceptance of third party or all cookies. However, please note that by refusing cookies, some functions of this website may eventually not be accessible.
16.1 This website uses Google Analytics, a web analytics service of Google Inc. (“Google“). Google Analytics uses “cookies”, which means text files placed on your computer that allow an analyses how you use the website. The information generated by the cookie about your use of the website will in general be transmitted to and stored by Google on servers in the USA. If the IP – anonymization is activated on this website (see below), your IP-address will be previously shortened by Google within a member state of the European Union or in a contracting state to the Agreement on the European Economic Area. Only as an exception your IP-address will be fully transmitted to a server located in the USA and shortened there. Google will use these information on behalf of the controller for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services for the controller relating to website activity and internet usage.
16.2 Google will not associate your IP address with any other data held by Google.
16.4 This website uses Google Analytics with the extension „_anonymizeIp()“. Therefore, only shortened IP-addresses will be processed. A direct link to a data subject should be excluded.
16.5 We use Google Analytics to analyze and to constantly improve the use of our website. For cases of an exceptional transmission of personal data in the USA, Google has joined the EU-US Privacy Shield regulation, see https://www.privacyshield.gov/EU-US-Framework. Legal basis for the use of Google Analytics is Art. 6 para. 1 phr. 1 lit. f GDPR.
'personal data' means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
'processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
'restriction of processing' means the marking of stored personal data with the aim of limiting their processing in the future;
'consent' of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
'pseudonymisation' means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
'controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
'third party' means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
'processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;