A) Responsible Person
Herr Dr. Seiler
Echterdinger Str. 57
Tel.: +49 711 489 660 60
Fax: +49 711 489 660 66
Data Protection Commissioner: Dr. Michael Peetz, Tel.: +49 711 489 660 60, E-Mail: firstname.lastname@example.org
B) Collection, processing and use of general data and information
To visit our website reoss.us, it is not necessary that you provide information about yourself. Our website is for informational purposes only.
By calling up Internet pages, your browser automatically transmits a series of general information and technical data. This also happens when you visit our website. The data are transmitted from your browser to our server and stored there in so-called log files. These include the type of browser used, the operating system, the website from which it was accessed (referrer), the date and time of access, the status code, the pages accessed, the amount of data transmitted by the server, and the IP address.
From the technical information we cannot draw conclusions about your person. The data and information are only required for technical reasons and are used to correctly deliver the contents of our website, to statistical evaluations regarding the security and stability of our systems, to ensure the long-term functioning and optimization of our systems and to detect cyberattacks, and to law enforcement agencies in the case of cyberattacks, to provide the information required for law enforcement.
The lawfulness of the processing of the automatically transmitted data is based on the first sentence of Article 6 Abs. 1 lit. f of the GDPR. Our legitimate interest results from the above mentioned processing purposes. Processing of the data for purposes other than those listed does not take place.
C) Collection, processing and use of personal data in myReOss®
As part of your registration with myReOss®, we collect and process the following personal data of the medical registrant:
- contact details (title, title, surname, first name, practice designation and address, telephone number, and e-mail address),
- VAT identification number (VAT ID),
- Language in which you want to use myReOss and
- the access data you have chosen yourself (username and password), whereby the password for us is not recognizable in plain text.
D) Collection, processing and use of patient data in myReOss®
As part of the ordering process on myReOss®, we collect and process by order of the treating physician the following patient data:
- contact details (title, surname, first name, date of birth, address)
- name of the treating physician
- name and 3D-data of the area to be medically treated
- planned surgery date
- payment & delivery address
Patient data is handled very carefully and fully compliant with the relevant legal regulations. We are granted to handle the patient's data upon consent (Art. 6 Abs. 1 lit. a GDPR), to fulfill a contract (Art. 6 Abs. 1 lit. b GDPR) or to protect his vital interests (Art. 6 Abs. 1 lit. d GDPR).
Cookies are small text files that are automatically exchanged between your browser and our server and stored on your computer. The start of programs or the execution of malicious content is not possible with cookies. Rather, cookies are used to facilitate navigation on our website and to provide certain functions.
In principle, you can also view our website without activated cookies. However, it may come to restrictions of functions.
F) Deletion or blocking of the data
The data listed under B) to E) and stored log files will only be stored for as long as necessary to fulfill the purposes listed. The deletion or blocking of the data takes place according to the legal regulations. If the data is needed for evidence in the event of a cyberattack, it will be exempted from deletion until the completion of the legal process.
G) Security measures used
Numerous technical and organizational measures (TOM) have been implemented to protect your data. Despite all the security measures taken, however, data transmitted in particular via the Internet can fall into the wrong hands due to weaknesses in the browser used. For this reason, we cannot guarantee absolute security of the data.
H) Cooperation with contract processors
As part of server hosting, we work together with a German-based order processor (hosting service provider). This collaboration will provide server infrastructure and storage capacity as well as security and maintenance services. We have entered into a contract with the processor (Article 28 of the GDPR) (order processing contract).
J) Use of Google Webfonts
Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA web fonts are script and font libraries that we use to make the content of our website browser-independent and visually appealing. In order to avoid having to reload Google Webfonts each time you switch to or between subpages of our website, they are loaded into the cache of the browser you are using. If your browser does not support Google Webfonts, our website will be displayed in a standard font.
Actually the user's rights are regulated by the official Standard Contractual Clauses (SCC): https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.
K) Your Rights
According to the provisions of the GDPR and properly legitimated, you have the following rights with regard to your data listed under B) to E) and stored in the log files:
- Right to information (Article 15 GDPR),
- Right to rectification (Article 16 GDPR),
- Right to cancellation (Article 17 GDPR),
- Right to restriction of processing (Article 18 GDPR),
- Right to data portability (Article 20 GDPR),
- Right of opposition (Article 21 GDPR) and
- Right to complain to the State Commissioner for Data Protection Baden-Württemberg (Article 77 GDPR).
If you want to use one of these rights, please contact the above mentioned responsible.
L) HIPAA Compliance
If our medical products are ordered by myReOss®, produced for and delivered to a U.S.-resident patient the "Standards for Privacy of Individually Identifiable Health Information of the U.S. Department of Health and Human Services" ("HSS") – implemented in the "Health Insurance Portability and Accountability Act of 1996" ("HIPAA") – are applicable.
A major goal of the HIPAA-Privacy Rule is to assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public's health and well being.
Processing the private data we fully comply with the HIPAA-Privacy Rules. If you have questions about, please the above mentioned responsible.