PRIVACY POLICY

Last updated: 19th of July, 2019

General information and mandatory information

Responsible body for the data processing on this website:

MEDIGO GmbH (www.medigo.com) | Rosenthaler Str. 13 | 10119 Berlin
Managing Directors: Ugur Samut, Ieva Soblickaite & Pawel Cebula
The responsible person(s) decides alone or jointly with others on the purposes and means of processing personal data (e.g. names, contact details, etc.).

Medigo has appointed a Data Protection Officer:

Frank Gundlach

Mein-Datenschutzbeauftragter.de | Hafenstraße 1a | 23568 Lübeck
Phone: +49 451 16085-226 | E-mail: frank.gundlach@hub24.de OR dataprotection@medigo.com

MEDIGO GmbH SERVICES

MEDIGO GmbH (hereinafter referred to as "MEDIGO") operates a platform for the provision of advertising for providers of medical services, including hospitals and clinics worldwide ("medical service providers"), either via its own website or its own mobile application ("platform"). MEDIGO is solely responsible for controlling the data and processing the information obtained via the platform or other communication between the user, hospital, clinic, or third party and a member of the MEDIGO customer service team ("Care Team"). MEDIGO may use the services of third parties, service providers, and affiliated companies to conduct business operations and to process data provided by users and may pass on the data for these purposes. MEDIGO remains responsible for the information collected and shared under this Privacy Policy, except in cases where MEDIGO cannot be held responsible for a breach of this Privacy Policy.

The user can use individual services ("special services") of MEDIGO. For this purpose, it is necessary that the user consents to the collection, processing, and use of his/her personal data and, if applicable, also of special personal data. This applies in particular to the special services listed below:

  1. MEDIGO operates an online platform which enables the user to contact a medical provider as well as third-party providers and associated companies (e.g. travel agencies, customer service agencies, payment service providers, or translators) whose services are advertised via our platform.
  2. If a medical service provider concludes a medical treatment contract with the user, the user agrees that the medical service provider shall inform MEDIGO of the type and date of the medical treatment as well as the amount to be paid and the date of the invoice transmitted by the medical service provider to the user (and, if required by law, that the medical service provider shall transmit the corresponding data to MEDIGO).
  3. If a third-party provider concludes a contract with the user for certain services, the user authorizes the third-party provider to inform MEDIGO of the amount and date of the invoice transmitted by the third-party provider to the user.
  4. If the user is the policyholder of an insurance partner of MEDIGO ("insurer"), the user authorizes the medical service provider, the third-party provider, and the insurer to inform MEDIGO of the specific personal data relating to the medical treatment of the user as well as the amount and date of the invoice transmitted by the service provider to the user or to the insurer.
  5. Forums will be set up on the platform or on the websites of associated companies to enable the exchange of experiences and opinions between users.
  6. The user is offered a regular newsletter.
  7. MEDIGO uses the personal data for its own advertising purposes and sends the user information about MEDIGO, new products and services, medical service providers, etc., by email, phone call, SMS, or post.

PURPOSE OF USE AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

We process personal data required for the establishment, implementation, or processing of our range of services on the legal basis of Art. 6, Para. 1, lit. b or f, DSGVO. If you have given us your consent to process personal data for specific purposes, we will process it on the basis of your consent pursuant to Art. 6, Para. 1, lit. a, DSGVO.

If we use external services in the context of order data processing, the processing is carried out on the legal basis of Art. 28, DSGVO.

Personal data is collected, processed, and used by us exclusively for the following purposes:

Purpose of data processing Legal basis for data processing
for contact and related correspondence on the basis of your consent
for processing your request and for any further advice you may require on the basis of your consent
to display comments in our blog function on the basis of legitimate interests
to contact us to verify your data on the basis of your consent
to ensure that our website is presented to you in the most effective and interesting way possible (e.g. through anonymous evaluation) on the basis of legitimate interests
for the technical realisation of our offers on the basis of legitimate interests

CONSENT OF THE USER

By clicking on the appropriate box during the request and order process, the user agrees to the following forms of data processing:

  1. The user agrees that MEDIGO collects, stores, and uses the personal data and special personal data transmitted during the inquiry process for the following purposes:
    • To provide the data to the medical service provider designated by the user (clinics, hospitals, dentists, or specialists established in the EEA or in other countries) or, if no medical service provider has been designated, to up to three medical service providers selected by MEDIGO according to fixed criteria (state of health, preferred country, language of the medical service provider and the user, reaction of the medical service provider in previous cases, and "best price" for the procedure requested by the user) in order either to request an offer or to book a service from the medical service provider,
    • Passing on this data to third parties, partners, and affiliated companies within and outside the European Economic Area (EEA) who provide customer service, advertising, or payment services on behalf of MEDIGO in accordance with MEDIGO's instructions and in compliance with the data protection declaration and corresponding confidentiality and security measures of MEDIGO,
    • For any service for which the user has registered on this website, and
    • For internal price calculation and offer examination, in each case to the extent necessary for this purpose.
  2. The user agrees that MEDIGO may review, search, and analyse communication via the platform or by e-mail between the user and MEDIGO's medical service partners for purposes of fraud prevention, risk assessment, compliance, investigation, product development, research, and customer care. MEDIGO uses automated methods to check, search, and analyse user communications. For individual investigations into suspected fraud, customer support, or to evaluate and improve the functionality of automated tools, individual communications may need to be manually reviewed.
  3. The user has the right to object to such collection, processing, and use of personal data and special personal data at any time and with effect for the future (see section "Revocation of your consent to data processing"). However, MEDIGO will then no longer be able to provide the user with the services that require the processing of personal data or specific personal data.

COLLECTED AND PROCESSED PERSONAL DATA

We collect and process your personal data only if you provide them voluntarily and with your consent, e.g., by filling out our forms (free offer) or by sending emails. Within the framework of the available forms or messages, this is primarily the following data:

Data of interested parties for services:

  • first name
  • surname
  • email address
  • telephone number
  • the agreement to the data protection declaration
  • the consent

The collection and storage of special personal data (such as information on medical status, health, sex life, habits, and religion) is carried out for the conclusion of a corresponding agreement, for the opening of a customer account, or for establishing contact with MEDIGO or a medical service partner of MEDIGO.

MEDIGO's medical service providers are essentially clinics, hospitals, dentists or established specialists in the EEA or in other countries.

These data will be used exclusively for the aforementioned purposes, unless the user expressly permits MEDIGO to use them for other purposes. In this case, the data will be used only to the extent necessary for the respective purpose, e.g., conclusion, execution, and performance of the contract.

Personal data and its contents provided by you remain exclusively with us and our affiliated companies. We will only store and process your data for the purposes stated. Any use beyond the stated purpose requires your express consent.

The data processing by our partners is subject to their data protection regulations.

The personal data will be deleted immediately in case of revocation of your consent or if the purpose of data use no longer exists.

DISCLOSURE OF PERSONAL DATA

MEDIGO uses a variety of third-party providers and affiliated companies to offer services via the platform. These third parties and affiliates may originate in the European Economic Area ("EEA") or in other countries. The third-party providers and affiliates may assist MEDIGO with the following:

  1. the verification or confirmation of the user’s identification;
  2. the comparison of information with public databases;
  3. background checks, fraud prevention, and risk assessments; or
  4. the provision of after-sales services, advertising, or payment services.

Since the disclosure of personal data and special personal data to third parties is not permitted under the above provisions, personal data and special personal data shall be disclosed to third parties only in the following cases:

  1. We pass on personal data and special personal data to our partners and affiliated companies (within the meaning of § 15 ff. AktG) in order to enable a service that MEDIGO cannot provide itself (e.g. a payment service). This is done according to MEDIGO's instructions and in compliance with MEDIGO's data protection declaration and corresponding confidentiality and security measures.
  2. To the extent required and permitted by law, we will disclose personal data and specific personal data to companies, organisations, or individuals outside MEDIGO if we believe the disclosure is necessary to enforce the applicable terms of use (including to investigate possible violations), to resolve security or technical problems, or to protect the rights of MEDIGO.

If MEDIGO goes through or is involved in a merger, acquisition, restructuring, sale of assets, bankruptcy, or insolvency, MEDIGO may sell, transfer, or share some or all of its assets, including user information. In this case, MEDIGO will inform the user prior to the transfer of personal data and specific personal data. The data will then be subject to a different privacy policy.

REVOCATION OF YOUR CONSENT TO DATA PROCESSING

Some data processing operations are only possible with your express consent. A revocation of your already given consent is possible at any time. To revoke your consent, send an informal email to dataprotection@medigo.com. Enter your name, address and (if applicable) user name. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

RIGHT TO APPEAL TO THE COMPETENT SUPERVISORY AUTHORITY

In the event of a breach of data protection law, you as the party concerned, have the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority with regard to data protection issues is the data protection officer of the federal state in which our company has its registered office. The following link provides a list of data protection officers and their contact details: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit

RIGHT TO DATA TRANSFERABILITY

You have the right to have data which we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to third parties. The information is provided in a machine-readable format. If you request the direct transfer of the data to another responsible person, this will only be done as far as it is technically feasible.

RIGHT TO INFORMATION, CORRECTION, BLOCKING, DELETION

You have the right to free information about your stored personal data, the origin of the data, its recipients, the purpose of the data processing and, if applicable, the right to correction, blocking, or deletion of this data at any time within the framework of the applicable statutory provisions. In this regard and also for further questions on the subject of personal data, you can contact us at any time via the contact options listed in the imprint.

SSL OR TLS ENCRYPTION

For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption. This means that the data you transmit via this website cannot be read by third parties. You can recognise an encrypted connection by the "https://" address line of your browser and by the lock symbol in the browser line.

NEWSLETTER DATA

To send our newsletter, we need an email address from you. It is necessary to verify the email address provided and consent to receive the newsletter. Supplementary data is not collected or is voluntary. The use of the data takes place exclusively for the dispatch of the newsletter.

The data collected during newsletter registration will be processed exclusively on the basis of your consent (Art. 6, para. 1, lit. a, DSGVO). A revocation of your already given consent is possible at any time. To revoke your consent, send an informal e-mail or use the "unsubscribe" link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

Data entered to set up the subscription will be deleted if you unsubscribe. If this data has been transmitted to us for other purposes and elsewhere, it will remain with us.

SERVER LOG FILES

In server log files, the provider of the website automatically collects and stores information that your browser automatically transmits to us. These are:

  • Visited page on our domain
  • Date and time of the server request
  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • IP address

These data are not merged with other data sources. The data processing is based on Art. 6, para. 1, lit. b, DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

STORAGE PERIOD OF CONTRIBUTIONS AND COMMENTS

Contributions and comments as well as related data, such as IP addresses, are stored. The content remains on our website until it has been completely deleted or had to be deleted for legal reasons.

Contributions and comments are stored on the basis of your consent (Art. 6, para. 1, lit. a, DSGVO). A revocation of your already given consent is possible at any time. An informal notification by email is sufficient for the revocation. The legality of data processing operations that have already taken place remains unaffected by the revocation.

COOKIES

MEDIGO collects and stores anonymous data for optimisation and marketing purposes, e.g., data on anonymous user profiles and user behaviour. Flash cookies may also be used for this purpose. Cookies and flash cookies are alphanumeric identification codes that MEDIGO stores on the user's hard drive via the user's web browser or other programs. If the user does not wish cookies to be stored, he can deactivate them in accordance with the manufacturer's instructions for the browser in question.

  1. Cookies do not have to be accepted in order to access the MEDIGO website. However, if the user wishes to mark a clinic as a favourite or wishes to receive a reminder of the clinics visited, he/she must set the browser to accept cookies.
  2. Cookies and flash cookies are small files that are stored on the user's hard drive and store the preferred settings and other data that the MEDIGO computer system requires for interaction with the browser. There are two types of cookies: session cookies, which are deleted when the user exits the browser, and temporary cookies, which are stored by the user's browser for an extended period of time. Cookies help MEDIGO to adapt the platform to the user and to reflect preferences and usage habits. They also allow MEDIGO to store information entered so that the user does not have to re-enter it the next time he/she visits.
  3. Most of the cookies used by MEDIGO are session cookies that are automatically deleted at the end of a browser session. MEDIGO also uses cookies that remain on the user's computer after closing the browser. With these cookies, the MEDIGO system can recognise whether the user has already visited the platform and can call up the settings and clinics preferred by the user. These temporary cookies remain on the computer for about a month and are then automatically deleted. MEDIGO collects and analyses data via such cookies in order to develop strategies for improving the platform. This is to simplify the use of the MEDIGO website.
  4. MEDIGO cookies are not used to store personal data. Our cookies are not designed to identify an individual user. If a cookie is activated, it is given an ID number which is used for internal purposes and is not suitable for identifying the user or for accessing personal data such as names or IP addresses. The anonymous data from the cookies allow an assessment of which pages of the MEDIGO website are most frequently visited and which procedures and clinics are most popular.
  5. The MEDIGO website collects data that can be useful for the creation of advertisements and online offers for the user. This data is not used to identify you as a user, it is only used to optimise the platform. The data collected by these cookies are not stored together with the user's personal data, they are only used to send the user advertising or messages about offers and services via click-stream analyses, which are tailored to his/her individual needs.
  6. MEDIGO uses retargeting techniques to tailor the online offering to the user. Retargeting technology allows MEDIGO to advertise recently accessed and similar clinics on partner websites, including those of other companies that may be relevant to the user. This data is anonymous, no personal data is stored and no user profiles are created.

GOOGLE ANALYTICS

This website uses Google Analytics, an internet analysis tool provided by Google, Inc. ("Google"). Google Analytics uses so-called "cookies". These are text files which are stored on your computer and enable an analysis of your use of the website. The data generated by the cookies for your use of the website (including your IP address) are sent to a Google server in the USA and stored there. If IP anonymization is activated, Google will shorten or anonymise the last eight-bit character of the IP address for all Member States of the European Union and for other contracting parties to the Agreement on the European Economic Area. The complete IP address will only be transmitted completely to a Google server in the USA in exceptional cases and shortened there. Google uses this data for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google does not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, but please note that if you do this you may not be able to use the full functionality of this website. Please note, however, that in this case not all functions of this website may be available. 

You can prevent Google from collecting and using data (cookies and IP addresses) by downloading and installing this browser plug-in provided by Google.

Please note that on this website the Google Analytics code is supplemented by anonymizeIp() in order to enable anonymized collection of IP addresses (so-called IP masking).

Further information on Googles terms of use and data protection can be found here and here.

USE OF FACEBOOK SOCIAL PLUGINS

Our website uses so-called social plugins ("plugins") of the social network Facebook, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA.

The plug-ins are marked with a Facebook logo or the addition "Social Plug-in of Facebook" or "Facebook Social Plugin." You can find an overview of the Facebook plugins and their appearance here.

If you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has called up the corresponding page of our website, even if you do not have a Facebook profile or are not logged on to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there.

If you are logged in to Facebook, Facebook can assign your visit to our website directly to your Facebook profile. If you interact with the plug-ins, for example by clicking on the "Like" button or making a comment, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook friends.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options to protect your privacy can be found in Facebook's data protection information.

If you do not want Facebook to associate the data collected through our website directly with your Facebook profile, you must log out of Facebook before visiting our website. You can also prevent the loading of Facebook plugins completely with add-ons for your browser, e.g this add-on for Mozilla Firefox, this add-on for Opera or this add-on for Chrome

USE OF TWITTER PLUGINS (E.G. "TWITTER"-BUTTON) 

Our website uses so-called social plug-ins ("plugins") of the microblogging service Twitter, which is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). The plugins are marked with a Twitter logo, for example in the form of a blue "Twitter bird". An overview of the Twitter plugins and their appearance can be found here

If you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the Twitter servers. The content of the plugin is transmitted by Twitter directly to your browser and integrated into the page. Through the integration, Twitter receives the information that your browser has called the corresponding page of our website, even if you do not have a profile on Twitter or are not logged in to Twitter. This information (including your IP address) is transmitted directly from your browser to a Twitter server in the USA and stored there.

If you are logged in to Twitter, Twitter can assign your visit to our website directly to your Twitter account. If you interact with the plugins, for example by pressing the "Twitter" button, the corresponding information is also transmitted directly to a Twitter server and stored there. The information is also published on your Twitter account and displayed to your contacts there.

The purpose and scope of the data collection and the further processing and use of the data by Twitter as well as your rights in this regard and setting options to protect your privacy can be found in Twitter's data protection information.

If you do not want Twitter to associate the data collected via our website directly with your Twitter account, you must log out of Twitter before visiting our website. You can also completely prevent the loading of Twitter plugins with add-ons for your browser, e.g., with the script blocker "NoScript".

USE OF GOOGLE+ PLUGINS

Our website uses so-called social plugins ("plugins") of the social network Google+, which is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). For example, the plugins can be recognised by buttons with the character "+1" on a white or coloured background. An overview of the Google plugins and their appearance can be found here.

If you call up a page of our website that contains such a plugin, your browser establishes a direct connection to Google's servers. The content of the plugin is transmitted by Google directly to your browser and integrated into the page. Through the integration, Google receives the information your browser has called the corresponding page of our website, even if you do not have a profile on Google+ or are not currently logged on to Google+. This information (including your IP address) is transmitted directly from your browser to a Google server in the USA and stored there.

If you are logged in at Google+, Google can assign the visit of our website directly to your Google+ profile. If you interact with the plugins, for example by pressing the "+1" button, the corresponding information is also transmitted directly to a Google server and stored there. The information is also published on Google+ and displayed to your contacts there.

The purpose and scope of the data collection and the further processing and use of the data by Google as well as your rights in this regard and setting options to protect your privacy can be found in Google's data protection information.

If you do not want Google to associate the data collected via our website directly with your profile on Google+, you must log out of Google+ before visiting our website. You can also completely prevent the loading of Google plugins with add-ons for your browser, e.g. with the script blocker "NoScript".

LINKEDIN PLUGIN

Our website uses features of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, MountainView, CA 94043, USA. Each time you visit one of our pages that contains LinkedIn features, a connection is established to LinkedIn servers. LinkedIn will be notified that you have visited our web pages with your IP address. If you click the LinkedIn "Recommend" button and are logged into your LinkedIn account, LinkedIn will be able to associate your visit to our site with you and your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn.  Further information on this can be found in LinkedIn's data protection declaration.

The aforementioned wording was provided by www.mein-datenschutzbeauftragter.de

CHANGES TO THE DATA PROTECTION DECLARATION

MEDIGO reserves the right to change this Privacy Policy at any time in accordance with its terms. MEDIGO will post any changes to the Privacy Policy on this website. In addition, users will be notified by email of any significant changes.

 

By using our site, you agree to the MEDIGO Terms and Conditions and Privacy Policy. MEDIGO does not provide medical advice, diagnosis or treatment. The information on this site is designed to support, not replace, the relationship that exists between a patient/site visitor and his/her existing physician.

Copyright © 2019 Medigo GmbH