×

You are using a browser that is no longer supported for this website.
Please use the latest version of Chrome, Firefox, Edge or Safari.

Privacy Policy

The following information is about the processing of personal data by Berlin Heart GmbH, in particular when using our website. The processing of personal data (e.g., name, address, e-mail address or telephone number of a data subject) is carried out pursuant to the statutory provisions, in particular the requirements of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

This privacy policy uses terms that are based on the wording of the GDPR. The definitions for some of these terms can be found at the end of this document.

1. Name and Address of the Controller

The controller pursuant to Art. 4, para. 7, GDPR is:

Berlin Heart GmbH
Represented by the Managing Directors Sven-René Friedel, Dr. med. Ares K. Menon
Wiesenweg 10
12247 Berlin
Telefon: +49 30 8187 2600
Fax: +49 30 8187 2601
E-Mail: info@berlinheart.de

 

2. Data Protection Officer

You may contact our Data Protection Officer as follows:

LOROP GmbH
Landgrafenstraße 16
10787 Berlin
E-Mail: datenschutz@lorop.de

 

3. Processing of Personal data when visiting our website

When using the website for strictly informational purposes, we only process the personal data that your browser transmits to the server we use. If you wish to view our website, we process the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis: Art. 6, para. 1, subpara. f, GDPR):

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • amount of data transferred in each case
  • Website from which the request originates
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.

4. Processing of personal data when contacting us personally

When you contact us by e-mail, post, via a contact form or in any other way, the data you provide (e.g., your e-mail address, your name and/or your telephone number) will be processed by us in order to process or respond to your request (legal basis: Art. 6, para. 1,, subpara. a, f, GDPR). We delete the data collected in this context as soon as storage is no longer required, or we restrict processing if there are any statutory retention obligations.

5. processing of personal data in video surveillance

We use video surveillance on the property we use. This is done to exercise domiciliary rights by controlling access, to prevent criminal offenses and to preserve evidence in the event of criminal offenses.

The legal basis for video surveillance is Art. 6, para. 1, subpara. f, GDPR, whereby our interests arise from the aforementioned purposes. Insofar as special categories of personal data are processed, this is done on the basis of Art. 9, para. 2, subpara. f, GDPR.

In the event of any suspected criminal acts, we may also pass the data on to law enforcement authorities.

Otherwise, the data will only be passed on if there is a legal basis for the transfer. This may be the case in particular if the police or other security authorities take action in the context of protecting property or persons and demand access to the video surveillance data.

Personal data is not processed in the context of video surveillance.

Data from video surveillance is generally deleted after 72 hours.

The data may be stored for a longer period of time if there are facts that justify the assumption that actions can be seen on recordings from a specific time that will be used to as evidence to prosecute a criminal offense or to assert claims under civil law.

6. Processing of personal data when using Microsoft Teams

The video conferencing function of Microsoft Teams enables us to offer you participation in our online events via audio/video. Microsoft Teams collects and processes various personal data, such as communication data (e-mail address, name), log files, metadata (IP address, time of participation) and profile data (user name). Data processing is carried out to provide the Teams functions, to improve the application, to enable troubleshooting and to fulfill contractual or legal obligations. The legal basis for the use results from Art. 6, para. 1, subpara. a, GDPR.

Login data and IP addresses are generally deleted after four weeks. Chat histories and recordings of online meetings are also stored, although recordings may be deleted after four weeks. 

Data is only passed on to third parties if this is necessary for the provision of the service or if there is a legal basis for doing so. Microsoft itself, as the provider of Teams, has access to the data as part of the order processing contract. 

Consent to use by Microsoft Teams is usually implied by participation in a meeting or use of the application. If consent is not given, an alternative means of communication must be used. 

Microsoft Teams is part of Microsoft Office 365. Microsoft Teams is a productivity, collaboration and exchange platform for individual users, teams, communities and networks that is used across company organizations. Among other things, this includes a video conferencing function.

Microsoft Office 365 is a software product of the company:

Microsoft Ireland Operations Limited
One Microsoft Place
South County Business Park
Leopardstown
Dublin 18
D18 P521
Ireland

Microsoft Teams is part of the Office 365 cloud application, a user account must be created in order to use it.

Data processing with Office 365 takes place on servers in data centers in the European Union, Ireland and the Netherlands.

7. Processing of Personal Data when registering a user account

7.1  Protected user areas

Our website offers a protected user area exclusively for certain user groups (clinics, distributors, patients, etc.) in order to provide users with access to further, in particular product-specific information. If you belong to one of these user groups and would like to set up a user account, you must complete the information requested in the registration form and register using a password of your choice.

7.2  Registration

We use a double opt-in procedure for registration, i.e., your registration is not complete until you have confirmed your log-in registration by clicking on the link contained in a confirmation e-mail sent to you for this purpose. If you do not confirm this within 24 hours, your log-in registration will be automatically deleted from our database.

7.3  Processing of data when using the portal

When you use our portal, we process the data required for the fulfillment of the contract until you ultimately delete your account access. Furthermore, we process the data you voluntarily provide for the duration of your use of the portal, unless you delete it beforehand. You can administrate and change all details in the protected customer area. The mandatory information required for registration is marked separately, any additional information is voluntary. The legal basis for this is Art. 6, para. 1, subpara. b, GDPR, for the voluntarily provided data Art. 9, para. 2, subpara. a, GDPR (for health data), otherwise Art. 6, para. 1, subpara. a, GDPR.

7.4  Encryption

To prevent unauthorized access to your personal data by third parties, the connection is encrypted using TLS technology.

7.5  Account deletion

The account can be deleted independently in the "Account" tab.

8. Processing of Personal Data in the context of "Share your Story"

If you use the "Share your Story" function we provide and send us your story about a heart disease, heart treatment or similar experience for publication on our website, we will process the personal data you provide for the purpose of an internal preliminary check as to whether we would like to publish your story and, if applicable, for publication on our website. Your personal data will only be published if it is contained in the document you have uploaded. The mandatory information required for transmission is marked separately, further information is voluntary. The legal basis for this is Art. 9, para. 2, subpara. a, e, GDPR (for health data), otherwise Art. 6, para. 1, subpara. a, f GDPR.

9. Processing of personal data in the application process and during employment

9.1  Application procedure

The legal basis for the processing of your personal data in this application procedure is primarily § 26 BDSG. Accordingly, the processing of data required in connection with the decision on the establishment of an employment relationship is permitted.

Should the data be required for legal prosecution after completion of the application process, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests in accordance with Art. 6, para. 1, subpara. f) GDPR. Our interest then lies in the assertion of or defense against claims.

We use a specialized software provider for the application process. The latter acts as a service provider for us and may also obtain knowledge of your personal data in connection with the maintenance and care of the systems. We have concluded a so-called order processing contract with this provider, which ensures that the data processing is carried out in a permissible manner.

Your application data will be reviewed by the HR department upon receipt of your application. Suitable applications are then forwarded internally to the department managers for the respective open position. The next steps in the procedure are then agreed. Within the company, only those persons have access to your data who need it for the proper course of our application procedure.

Applicants' data will be deleted after 5 months in the event of rejection.

In the event that you have consented to further storage of your personal data, we will transfer your data to our applicant pool. The data will be deleted there after 11 months.

9.2  Employment relationship

If a contractual relationship is established between you and us, the data transmitted will be processed for the purpose of entering into and implementing the employment relationship in compliance with the statutory provisions (legal basis: Art. 6, para. 1, subpara. b, GDPR). Otherwise, the application documents will be automatically deleted six months after completion of the application process, provided that no other legitimate interests on our part stand in the way of

10. Processing of personal data of other contractual partners

If you enter into a contractual relationship with us, e.g., as a customer or supplier, or if we are in the initiation phase of such a relationship, we process the data you provide to us, including the data of any contact persons at your company. This data is processed for the establishment and execution of the contractual relationship. The legal basis for this is Art. 6, para. 1, subpara. b, GDPR; for the data not required for this purpose but provided by you, Art. 6, para. 1, subpara. a, GDPR.

11. Recipients patient's information

11.1  Anonymizing or pseudonymizing patient’s information

If Berlin Heart receives patient information, e.g., from contractual partners (in particular from clinics treating patients), Berlin Heart will immediately pseudonymize or anonymize the patient's data.

11.2  Legality of processing patient’s information

Patient information, including health data, will only be processed by Berlin Heart if this is permitted by law.

11.3  Explicit consent of the patient

This is the case in particular if the patient has expressly consented to the processing of personal data or information for the purposes stated in the declaration of consent (legal basis for health data: Art. 9 para. 2 subpara. a GDPR; otherwise: Art. 6, para. 1, subpara. a, GDPR).

11.4   Processing purpose

Furthermore, processing is carried out for necessary quality assurance measures (legal basis for health data: Art. 9, para. 2, subpara. h, i GDPR and Section 22, para. 1, no. 1, subpara. b,, c BDSG; otherwise: Art. 6, para. 1, subpara. a, f, GDPR) as well as for any necessary medical support of the patient, in particular in an emergency (legal basis for health data: Art. 9, para. 2, subpara. c, h, GDPR; otherwise: Art. 6, para. 1, subpara. a, f GDPR).

11.5  Reporting obligations

As a manufacturer of medical devices, Berlin Heart is also subject to statutory reporting obligations to state supervisory authorities. This applies, for example, to incidents that may have led to a serious deterioration in a patient's state of health. These obligations also apply in part to the competent supervisory authorities in third countries, i.e., those outside the European Union, in accordance with national law. Patient information is always transmitted pseudonymously or, if possible and legally permissible, anonymously. (Legal basis for health data: Art. 9, para. 2, subpara. f, h, i, GDPR and Section 22, para. 1, no. 1 subpara. b, c, BDSG; otherwise: Art. 6, para. 1, subpara. a, f, GDPR).

12. Processing personal data for participation in events

If you participate in our events (e.g., training courses, Berlin Heart Academy, etc.), it is necessary for the conclusion of the contract for participation that you provide your personal data, which we require for the registration and implementation of the event. The mandatory information required for this is marked separately, further information is voluntary. The legal basis for this is Art. 6, para. 1, subpara. b, GDPR, for the voluntarily provided data Art. 6, para. 1, subpara. a, GDPR.

13. Recipients of personal data

Personal data will only be transferred to third parties in the cases specified in this declaration or if we expressly inform you of this elsewhere. In addition, we sometimes use external processors (Art. 28, GDPR) to provide our services (e.g., host providers, email providers). However, these process personal data exclusively within the European Union.

14. Profiling, data transfer to third countries

We do not use automated decision-making including profiling within the meaning of the GDPR. Data will only be transferred to third countries in the cases expressly mentioned in this declaration or elsewhere or with the corresponding consent.

15. Your rights

15.1  Rights

With respect to your personal data you have the following rights:

  • Right to information,
  • Right to rectification and erasure,
  • Right to restriction of processing,
  • Right to object to the processing,
  • Right of revocation if you have consented to the processing,
  • Right to data portability.

15.2  Revocation

Consent can be withdrawn at any time with effect for the future and without giving reasons.

15.3  Right of appeal

If you are of the opinion that we are not respecting your rights to the extent owed, you have the right to complain to a data protection supervisory authority about the processing of your personal data by us. Before you do this, however, we would be pleased if you could inform us of your criticism so that we can remedy the cause of the complaint ourselves.

16. Deletion of data

If the processing purpose no longer applies or if a storage period prescribed by law expires, we will delete the personal data. No action on your part is required for this.

17. Cookies

17.1  Website cookies

In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk and assigned to the browser you are using. This allows, among other things, the frequency of use and number of users of the pages to be determined and the behavior of page use to be analyzed. We also use cookies to make our website more user-friendly. Some cookies remain stored even after a website has been visited. If you visit our website again, we can retrieve cookies that are still stored.

17.2  Third-party cookies

You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that if you reject cookies, you may not be able to use all the functions of this website.

18. Analysis tools

18.1  Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website (see below), your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. Google will use this information on behalf of the controller for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the controller.

18.2  IP address 

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

18.3  Storage of cookies

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the all of the functions available on this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

18.4  Shortening of IP addresses

This website uses Google Analytics with the extension "_anonymizeIp()". As a result, IP addresses are further processed in abbreviated form, so that they cannot be traced back to individuals.

18.5  Analysis of website usage and statistics

We use Google Analytics to analyze and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has joined the EU-US Privacy Shield, see www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6, para. 1, subpara. f, GDPR.

18.6  Information about Google

Information about Google: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use: www.google.com/analytics/terms/de.html,overview of data protection: support.google.com/analytics/answer/6004245, and the privacy policy: policies.google.com/privacy.

19. Integration of YouTube videos 

19.1  Data transfer to YouTube

We have integrated YouTube videos into our online offering, which are stored on www.YouTube.com and can be played directly from our website. These are all integrated in "extended data protection mode", i.e., no data about you as a user is transferred to YouTube if you do not play the videos. The data mentioned in the following paragraph will only be transferred when the videos are played. We have no influence on this data transfer.

19.2  Use with Google account

By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the above-mentioned data processed during your visit to our website will be transmitted. This takes place regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. This kind of analysis is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.

19.3  Further information

Further information on the purpose and scope of data collection and its processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

20. Data protection information for the company's social media channels

The company operates social media profiles to provide targeted and balanced information for customers and patients, for marketing purposes, for public relations and for recruitment. For this purpose, links to posts on the LinkedIn, Xing and Instagram channels are also provided on the website. No user data is stored or transferred for the provision. Only by clicking on the articles will you be taken to the respective provider page. You must set up an account there in accordance with the regulations of the respective provider in order to view the content and observe the data protection information there. We do not collect any data on the use of the contributions.

20.1  Instagram

Further information on the purpose and scope of data collection and its processing by Instagram can be found in the provider's privacy policy. There you will also find further information on your rights and setting options to protect your privacy:

Data policy | Instagram help section

20.2  XING

Further information on the purpose and scope of data collection and its processing by Xing can be found in the provider's privacy policy. There you will also find further information on your rights and setting options to protect your privacy:

Data protection at XING

20.3  LinkedIn

Further information on the purpose and scope of data collection and its processing by Xing can be found in the provider's privacy policy. There you will also find further information on your rights and setting options to protect your privacy:

LinkedIn privacy policy

21. Definitions of the GDPR

For the purposes of the GDPR and this Privacy Policy and our website, the term:

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

"Processing" means any procedure or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction;

"Restriction of processing" means the marking of stored personal data with the aim of restricting its future processing;

"Consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

"Pseudonymization" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

"Third party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;

"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;