This data protection declaration and the cookie guidelines relate to the processing of your personal data and health data as a user of 321 MED and the 321 MED pages created by end customers. Personal data is all information that personally identifies you. According to Art. 4 No. 15 GDPR, health data is personal data that relates to the physical or mental health of a natural person, including the provision of health services, and from which information about their state of health can be obtained. The term processing is broadly defined; in accordance with Art. 4 No. 2 GDPR, it refers to any process carried out with or without the aid of automated processes or any such series of processes in connection with personal data such as the collection, recording, organization, ordering, the Storage, adaptation or modification, reading out, querying, use, disclosure by transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.

321 MED enables digital online-based interaction between patients and their healthcare facilities. Healthcare facilities can set up an online presence in the form of a so-called "321 MED page", which can be equipped with various modules and thus adapted in terms of functionality to the respective requirements. Depending on the functionality of the individual modules, personal data or health data may be recorded when they are used.

321 MED places the highest priority on data protection, data security and data control. 321 MED and all 321 MED Pages as well as their modules and functional processes are designed to process only an absolute minimum of personal data. All personal or health-related data in any form is furthermore encrypted both during transmission and subsequently during storage on our servers according to the best currently available standards. In addition, data is only stored for the time absolutely necessary to ensure the corresponding functionalities and then immediately automatically and completely deleted from our server. Users also have the option at any time to completely delete currently stored data from our servers with one click. Under no circumstances do we sell or transfer personal or health-related data to third parties, unless this is required by law.

We would like to explicitly point out that data transfers on the Internet can always have security gaps. It is therefore technically and therefore also ethically not possible to guarantee complete protection of data. However, we take all possible measures to protect your data according to the current state of technology and protect the security of your data to the best of our knowledge and belief.

In the following we will inform you again in detail about all the data collected, their processing processes and the individual measures for the best possible backup of all data:

321 MED enables digital online-based interaction between patients and their healthcare facilities. Healthcare facilities can set up an online presence in the form of a so-called "321 MED page" that is equipped with various modules and can therefore be adapted in terms of functionality to the respective requirements. Depending on the functionality of the individual modules, personal data or health data may be recorded when they are used.

321 MED places the highest priority on data protection, data security and data control. 321 MED and all 321 MED Pages as well as their modules and functional processes are designed to process only an absolute minimum of personal data. Furthermore, all personal or health-related data in any form is encrypted in accordance with the best currently available standards, both during transmission and subsequently when stored on our servers. In addition, data is only stored for the time absolutely necessary to ensure the corresponding functionalities and then immediately automatically and completely deleted from our server. Users also have the option at any time to completely delete currently stored data from our servers with one click. Under no circumstances do we sell or transfer personal or health-related data to third parties, unless this is required by law.

We would like to explicitly point out that data transmissions on the Internet can always have security gaps. It is therefore technically and therefore also ethically not possible to guarantee complete protection of data. However, we take all possible measures to protect your data according to the current state of technology and the provision of personal or health-related data is never mandatory. You can decide for yourself at any time whether or not your data will be recorded. However, it is necessary to provide personal or health-related data in order to be able to use some services and functions without restriction. If the input of personal data is required, we always inform you which data are necessary for the respective service and must therefore be provided, and which data can be transmitted voluntarily. In general, we only collect the minimum of personal data that is absolutely technically necessary.

In detail, the following personal and health-related data are collected for the following services / functionalities:

Website:
It is not necessary to collect personal or health-related data to use the website. No personal or health-related data is stored by 321 MED or individual 321 MED pages.

Messenger:
The following personal information must be provided in order to use the messenger: surname, first name, date of birth and email address. Freiwilling can also give a telephone number. In addition, the content of the individual messages sent via the messenger is saved. All personal and health-related data as well as the content of all messages are encrypted completely and separately with a separate security key for each message both during transmission (SSL) and when stored on our server (AES256). The entire message history as well as all associated personal and health-related data as well as all message content can be completely deleted by the user at any time with one click. In addition, every message history is automatically completely deleted 7 days after the last activity. All data is deleted with absolutely no residue - no data remains stored. Furthermore, different message flows cannot be assigned to one person, but are encrypted and stored completely independently of one another.

Organizer:
To use the organizer, the following personal information must be provided: surname, first name, date of birth, email address and telephone number, insurance status as well as the desired service and the reason for the appointment request. In addition, optional dates can be specified. In addition, the content of the individual messages sent via the organizer is saved. All personal and health-related data as well as the content of all messages are encrypted completely and separately with a separate security key for each message, both during transmission (SSL) and when stored on our server (AES256).The entire appointment request and message history as well as all associated personal and health-related data and all message content can be completely deleted by the user at any time with one click. In addition, every appointment request and message history is automatically and completely deleted 7 days after the appointment date. All data is deleted with absolutely no residue - no data remains stored. Furthermore, various appointment request and message flows cannot be assigned to one person, but are encrypted and stored completely independently of one another.

Evaluator:
It is not necessary to collect personal or health-related data to use the evaluator. No personal or health-related data are stored by 321 MED or individual 321 MED pages.

Although the collection, processing, transmission and provision of data via the service is secured, it is the responsibility of the user under all circumstances to ensure that the recipient (s) is / are entitled to receive potentially sensitive information of a private nature, such as medical information from which a specific patient can be derived. Therefore, users are responsible and liable for all information they send to other users. 321 MED assumes no responsibility or liability for sensitive information of a private nature that is collected, processed, transmitted or made available by users using the service without the required authorization.

The data processing that is required to ensure the functionality of 321 MED and 321 MED pages and thus enables the use of 321 MED and 321 MED pages is permitted on the basis of Art. 6 Para. 1 Subpara. 1 lit. b) GDPR.

321 MED and 321 MED pages only collect, process or use personal data insofar as they are necessary for technical implementation.

321 MED exclusively uses servers and other data processing or data storage systems that are located in Germany or in the area of ​​the European Union.

Personal data is collected and processed exclusively for the following purposes:
1. To enable access to our website or 321 MED pages
2. To provide services, functions and / or information as well as to enable the provision of information and the exchange of information via the website or 321 MED pages
3. To be able to send service messages
4. To enable the provision and transmission of information and data to other parties
5. To enable interaction with other parties
6. To improve the quality, security and user-friendliness of our website or 321 MED pages and to combat fraud
7. To comply with legal requirements and to resolve disputes.

Insofar as the aforementioned processing requires your consent, we ask for this in advance. You can withdraw your consent at any time.

321 MED or 321 MED pages stores and processes data exclusively on certified servers and other data processing or data storage systems that are located in Germany or in the area of ​​the European Union, are subject to German or European data protection and comply with all current security standards and safety norms.

All personal and health-related data are only stored for as long as this is necessary for the technical and functional implementation of the respective services. All personal and health-related data can be deleted at any time. In addition, all data is automatically deleted 7 days after it was last used. All deletion processes of personal and health-related data lead to a complete and residue-free deletion of the corresponding data from all data memories, databases and servers. At no time are personal or health-related data stored in the system of 321 MED or 321 MED pages whose last active technical and functional storage requirement was more than 7 days ago.

The data of individual 321 MED pages are not merged in a larger database or storage structure. Each 321 MED page has its own database structure in which only the data of the healthcare facility operating the 321 MED page is stored. There is no data aggregation or integration into larger, merging structures. The data of different 321 MED pages are not linked to each other at any time. The personal and health-related data on a 321 MED page can only be accessed by the health facility on which the 321 MED page is based.

You are entitled to find out what personal data we store about you, to check this data and to request its correction or deletion. You are also entitled to request that processing be restricted or to object to processing. You also have the right to data portability. To do this, you can send an email or a letter with your name and your contact information to privacy @ 321med. Com or 321 MED GmbH, Am heimlichen Grund 5, 92421 Schwandorf, Germany. In your application, please tell us as precisely as possible which personal data you are referring to. We generally respond to a request for review or correction within four weeks. In the event of a request for deletion, we will delete the personal data as soon as possible, insofar as we are not legally obliged to store the personal data or there are other compelling reasons that prevent deletion. After we have complied with the request for deletion, we will send you a confirmation message. If the personal data is not (completely) deleted, we will send you a message in which we explain why your request could not be (fully) fulfilled. If we cannot determine which personal data is meant by a request for review, correction or deletion, we can ask you to specify your request in more detail. We will only respond to your request if you send us the relevant details. If you have given your consent to the use of data, you can revoke this at any time with effect for the future, which does not affect the legality of the processing carried out up to the time of revocation. You also have the right to complain to a supervisory authority about the processing of your personal data in our company.

We automatically collect the minimally technically necessary data for every access to the offer (so-called server log files). This includes data such as the name of the website accessed, the date and time of access, any error messages, etc. This is exclusively information that does not allow any conclusions to be drawn about your person. This information is technically necessary in order to correctly deliver the website content you have requested and is mandatory when using the Internet. We use anonymous information of this type only for statistical evaluations for the purpose of operation, security and optimization of the offer. However, 321 MED reserves the right to retrospectively check the log data if there is a legitimate suspicion of illegal use based on concrete evidence.

This website uses third party content and services:
1. Fonts from Google Fonts
2. External plugins and code libraries (e.g. jQuery)
3. The services of the company "Stripe" for processing payments
4. The services of the company "Restpack" for generating PDF and image files from web content
5. The services of the company "Twilio" for technical infrastructure for SMS services and live video services

In addition, maps from Google Maps, RSS feeds, graphics or other data from other websites can be integrated. This may require that the providers of this content (hereinafter referred to as "third-party providers") collect IP addresses and any other data. Without this data, services cannot be provided or content cannot be transmitted to the browser of the respective user. We have no control over whether the third-party provider collects or stores such data. As far as we know, we will inform users about it.

This privacy policy and cookie policy do not relate to the third-party websites or services to which we link or which we otherwise mention or use on our website or services. This also applies to links and publication on social media sites. We do not take any responsibility for the data or the data protection guidelines of third parties. For details, please refer to the data protection declarations of the third parties in question.

Cookies are small text files that are saved by your browser. Below we briefly explain which cookies we use on our website and which we do not, and what they are used for.

Functional cookies store simple, anonymized data so that functions of the website (such as logging in) work smoothly. These cookies are required to ensure that modern web applications function properly and securely.

Analytical cookies collect statistical information about users of the website so that the user experience can be continuously improved. These cookies have no direct impact on the user experience and many browsers offer the option to refuse them. To block cookies, change your browser settings accordingly.

Cross Site / Domain - Cookies (cross-website cookies / domain cookies) are used to identify a user on several websites in order to track his activities. 321 MED can receive these cookies from third party websites to determine how users came to our website. However, our website does not place any cookies of this type on the user's device so that they can be tracked further after they have left the 321 MED page.

You can also delete cookies that have already been installed. How to change the settings differs from browser to browser. Use the help function of your browser for this.

321 MED and 321 MED pages only use technically necessary cookies. We do not use cookies that go beyond what is technically necessary.

321 MED sets the following cookies:
1. The cookie consent module we use sets a cookie to note your consent to the use of cookies.

In addition, third-party services used may, under certain circumstances, store cookies on your device. We have no control over whether third-party providers set or process corresponding cookies.

In order to be able to use 321 MED or a 321 MED page, no further technical prerequisites are required apart from an internet-capable device and an internet connection. Registration or provision of other data is not required unless special services (e.g. messenger) are used explicitly. No other information or device IDs are collected. 321 MED or 321 MED pages do not access functions of their terminal device. Even if you save a 321 MED page on your smartphone in order to use it like an app, there is no access to any data or functions of your smartphone.

This data protection declaration can be adapted by us in order to align it with the current legal requirements or to implement changes to our services in the data protection declaration. For subsequent visits, the new, current data protection declaration applies accordingly.