English

Data Protection Declaration for Website Operators in Accordance with the Requirements of the GDPR

LR - Medizinisch Diagnostisches Labor GmbH is pleased that you are visiting our website. Data protection and data security when using our website are very important issues for us. We would therefore like to take the opportunity of informing you of the personal data that we record during your visit to our website and the purposes for which these data are used.

Since changes in the law or changes in our internal company processes might make it necessary to amend this data protection declaration, we would like to ask you to study this data protection declaration regularly. It can be retrieved, stored and printed at any time under data protection declaration.

§ 1 Responsible party and scope of application

The responsible party within the meaning of the EU General Data Protection Regulation (hereafter GDPR) and other national data protection laws of the member-states as well as other provisions of the law governing data protection is:

LR - Medizinisch Diagnostisches Labor GmbH

Max-Planck-Straße 18

D- 54296 Trier

Tel.: +49 (0)651 9945340

contact@lr-mdl.com

www.lr-mdl.com


This data protection declaration applies to the Internet facility of LR - Medizinisch Diagnostisches Labor GmbH, that may be retrieved under the domain www.lr-mdl.com as well as various sub-domains (hereafter referred to as “our Website”).

§ 2 Data protection officer

The responsible party’s data protection officer may be reached under:

LR - Medizinisch Diagnostisches Labor GmbH

Max-Planck-Straße 18

D- 54296 Trier

dpo@lr-mdl.com

www.lr-mdl.com

§ 3 Basic principles of data processing

Personal data refers to all information relating to an identified or identifiable person. This includes for example information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or your behaviour as a user. Information that does not enable us to establish a connection to you as a person (or only with disproportionate effort), e.g. by anonymising the information, is not personal data. The processing of personal data (for example the collection, request for, use, storage or transmission) always requires a basis in law or your consent. Processed personal data are deleted as soon as the purpose of processing has been achieved and no retention obligations stipulated by law have to be safeguarded any longer.

Should we process your personal data in order to prepare certain offers, we will inform you subsequently of the specific transactions, scope and purpose of the data processing, the legal basis for this processing and the period of time the data is stored in the particular case.

§ 4 Individual processing transactions
  1. Provision and use of the website

    1. Nature and scope of the data processing

      When you refer to and use our website, we record the personal data that your browser automatically transmits to our server. This information is temporarily stored in a so-called log-file. When you use our website, we record the following data that we require for technical reasons in order to display our website to you and to ensure its stability and security:

      • IP address of the computer seeking information,
      • Date and time of the access,
      • Name and URL of the file referred to,
      • Website from which the access takes place (referrer URL),
      • Browser used and possibly your computer’s operating system as well as your access provider’s name
    2. Legal basis

      Article 6 para. 1.f GDPR serves as the legal basis for the data processing. The processing of the data referred to is necessary in order to provide a website and therefore serves to safeguard a legitimate interest of our company.

    3. Period during which data is stored

      The data referred to are deleted as soon as they are no longer required in order to display the website. Data are stored in log-files for a period of seven days. The recording of the data is absolutely necessary for the operation of the Internet facility in order to provide the website and to store the data in log-files. Consequently, the user has no opportunity to object. Additional storage may then take place in individual cases should this be stipulated by law.

  2. Registration / user account

    1. Nature and scope of the data processing

      We offer users the opportunity to register themselves by providing personal data (Pat-Med log-in, electronic findings transfer). We use the processed data to create an individualised user account enabling you to use certain contents and services on our website, such as the provision of examination results and traceability in the event of ambiguities. We process your e-mail address as part of this process in order that we can send you new access data should you have forgotten this data.

      The following summary enables you to identify in detail which personal data we process from you for the purposes of registration:

      Patients (Pat-Login): Name, given name, form of address, e-mail and home address, telephone number
      Doctors (Med-Login): Name, given name, e-mail and practice address, fax and telephone number
    2. Legal basis

      The processing of the personal data referred to (see § 4 2. a.) is based on the following declaration of consent voluntarily provided by you in accordance with article 6 para. 1.a GDPR:

      Declaration of consent
      I consent to the storage of log-in data when registering for the user account Pat-Med. In this way, I can register in future by entering my user name and password without having to enter my data once more. I have read and accept the current data protection declaration and standard terms and conditions. I can revoke this consent at any time to take effect for the future by referring to contact(at)lr-mdl.com.
    3. Period during which data is stored

      Data processed during registration will be deleted as soon as registration on our website is cancelled or amended. Data may continue to be stored in certain cases should this be stipulated by law.

    4. Cancellation of registration

      As user, you may at any time cancel your registration. You may have the data stored on you amended at any time. In order to achieve this, please proceed as follows: you submit your wish to delate your account data to our customer service department under contact(at)lr-mdl.com.

      Should however the data processed be required to fulfil a contract or to carry out pre-contractual measures, premature deletion of the data is only possible provided that this is not contrary to contractual or legal requirements.

  3. Online payment

    1. Nature and scope of the data processing

      We offer users the opportunity to pay online for services on our website by stating their personal data. The data required for this purpose is entered into an input screen and transmitted to us and stored. The IP address is immediately made unrecognisable. The following data is recorded as part of the ordering process:

      • Date, time
      • Payment reference (e.g. reference number)
      • Price
      • E-mail address
      • Means of payment (credit card, credit card number)
      • IP address

      In order to process payments, we forward your payment data to the payments service providers appointed by us. These companies may only use your data to process the order and not for any other purposes.

    2. Legal basis

      In processing your personal data (see § 4 3. a.) that are required to fulfil a purchase contract concluded with us, article 6 para. 1.a) GDPR serves as the legal basis. This also applies to processing transactions that are required in oder to carry out pre-contractual measures.

      Declaration of consent:
      By entering my data and activating the button “Check”, I declare my consent to the use of my data to process the payment. I have been informed that my data will only be forwarded to the appointed payments service provider solely in order to process the payment.
      I may revoke my consent to record personal data recorded during the registration process at any time.
    3. Period during which data is stored

      Once the contract has been completely processed and the purchase price paid in full, your data will be blocked for any further use and deleted once the retention period stipulated in tax and commercial law has expired, unless you have given your express consent to the continued use of your data. Continued storage may then take place in individual cases should this be required by law.

  4. Contact form

    1. Nature and scope of the data processing

      On our website we offer you the opportunity to make contact with us by means of a form that we provide. As part of the process of sending your enquiry by means of the contact form, reference is made to this data protection declaration in order to obtain your consent. Should you make use of the contact form, the following personal data on you will be processed:

      • Name
      • E-mail address
      • Subject
      • Content of the message
      • Date and time of the e-mail

      The provision of your e-mail address in this context serves to allocate your enquiry and to be able to answer you. Use of the contact form will not entail forwarding your personal data to third parties.

    2. Legal basis

      The data processing described above (see § 4 5. a.) for the purpose of making contact is based on article 6 para. 1.f GDPR. Our processing of the personal data entered onto the input screen serves solely to process the establishment of contact. In the event of contact by e-mail, the company also has the required legitimate interest in processing the data.
      Other personal data processed as part of dispatching your enquiry serves to prevent misuse of the contact form and to ensure the security of our IT systems.

      Declaration of consent:
      By entering my data and activating the button “Send”, I declare my consent to the use of my provides e-mail address in order to answer my enquiry.
      I may revoke my consent at any time to the recording of personal data collected during the registration process.
    3. Period during which data is stored

      The personal data on you processed through the contact form will be deleted as soon as your enquiry has been answered and the subject at issue has been finally clarified. Continued storage may then take place in individual cases should this be required by law.

§ 5 Forwarding of data

We only forward your data to third parties if:

  • you have given your express consent to the data being forwarded in accordance with article 6 para. 1 clause 1.a GDPR,

  • there is a legal obligation to forward the data in accordance with article 6 para. 1 clause 1.c GDPR,

  • this is permitted by law and is necessary in order to fulfil the contractual relationship with you in accordance with article 6 para. 1 clause 1.b GDPR,

  • it is necessary to forward the data in accordance with article 6 para. 1 clause 1.f GDPR in order to assert, exercise or defend legal claims and there is no reason to assume that that you have an overwhelming interest worthy of protection in not forwarding your data.

§ 6 Use of cookies
  1. Nature and scope of the data processing

    We use cookies on our website. Cookies are small files that we transmit to your terminal’s browser during your visit to our internet pages and that are stored there. Some of the functions on our website can only be offered subject to the use of technically required cookies. Other cookies on the other hand enable us to carry out various analyses. Cookies are able for example to recognise your browser when you next use our website and to transmit various information to us. With the aid of cookies, we are able to amongst other things to make our Internet facility more user-friendly for you by making your use of our website more transparent and maintaining your preferred settings (for instance, country and language settings). Should third parties process information through cookies, they collect this data directly from your browser. Cookies do not cause any damage to your terminal. They are unable to carry out any programmes and do not contain any viruses.
    Various kinds of cookies are used on our website whose nature and function is described in greater detail below.
    Transient cookies are used on our website that are automatically deleted as soon as you close your browser. This kind of cookie makes it possible to record your session ID. This enables various enquiries of your browser to be allocated to a single sitting. And makes it possible for us to recognise your terminal on subsequent visits to the website.
    Persistent cookies are used as part of the Pat-Med log-in. Persistent cookies are cookies that remain stored in your browser over a longer period of time and transmit information to us. The length of time that they are stored varies with the cookie. You can delete persistent cookies yourself using the appropriate browser settings.
    These cookies are required for technical reasons to enable you to visit our website and to use the functions that we offer. This relates for example to the following applications: Pat-Med log-in. These cookies also contribute to a use of the website that is more secure and in accordance with regulations.
    With the aid of these cookies, we are able to carry out an analysis of your use of the website and to improve its performance and functionality. Information is recorded for example on how visitors use our website, which pages are referred to most frequently or whether errors are displayed on certain pages.

  2. Legal basis

    Due to the purposes of use described (see § 6. a.), the legal basis for the processing of personal data using cookies is to be found in article 6 para. 1.f GDPR.

  3. Period during which data is stored

    As soon as the data transmitted to us through cookies in order to achieve the purposes described above is no longer required, this information is deleted. Continued storage may then take place in individual cases should this be required by law.

  4. Configuration of browser settings

    Most browsers are pre-set in such a way that they accept cookies as standard. You can however configure your browser in such a way that that it only accepts certain cookies or even no longer accepts any cookies at all. We draw attention to the fact however that you might not be able to use all the functions on our website if cookies are deactivated by your browser settings on our website. You can also delete cookies that are already stored in your browser by means of browser settings. Moreover, it is also possible to set your browser in such a way that you are informed before cookies are stored. Since different browsers may differ in how they function, we request that you use the possible configuration alternatives in your browser’s help menu. 
    Should you wish to have a comprehensive summary of all third party access on your Internet browser, we recommend that you install plugins especially developed for this purpose.

§ 7 Tracking and analysis tools

We do not use tracking and analysis tools to record visitors’ use of our website statistically or to use the information obtained in this way to further develop our online facility for you.

§ 8 Hyperlinks

Our website has so-called hyperlinks to other providers’ websites. By activating this hyperlink you will be forwarded from our website directly to the other provider. You will recognise this amongst other things by a change in the URL. We are unable to assume any responsibility for the confidential treatment of your data on these third-party websites since we have no influence on whether this provider complies with the regulations on data protection. Please familiarise yourself on the treatment of your personal data by these companies by referring directly to these websites.

§ 9 Rights of those affected

The GDPR provides you as the party affected by the processing of personal data with the following rights:

  • In accordance with article 15 GDPR, you may demand information on your personal data processed by us. In particular, you may demand information on the purposes of the processing, the categories of personal data, the categories of recipients to whom the data has been or will be disclosed, the planned length of time the data is to be stored, the existence of a right to correct, delete, restrict or object to the processing, the existence of a right to complain, the origin of their data should we have not collected this data, on transmission to third countries or to international organisations as well as the existence of automatic decision-making including profiling and any meaningful information on its details.

  • In accordance with article 16 GDPR, you may demand the immediate correction of inaccurate data or that your personal data stored by us should be completed.

  • In accordance with article 17 GDPR, you may demand the deletion of your personal data stored by us should the processing not be required in oder to exercise the right of freedom of speech nor information required in order to fulfil a legal obligation, required for reasons of public interest or in order to assert, exercise or defend legal claims.

  • In accordance with article 18 GDPR, you may demand that the processing of your personal data be restricted should you dispute the accuracy of this information, the processing be illegal, should we no longer require the information and you reject its deletion because you need this information in order to assert, exercise or defend legal claims. You are also entitled to the rights provided by article 18 GDPR, should you have objected to processing in accordance with article 21 GDPR.

  • In accordance with article 20 GDPR, you may demand to receive your personal data that you have provided to us in a structured, standard and machine-readable format or you may demand that this information should be transmitted to some other responsible party.

  • In accordance with article 7 para. 3 GDPR, you may at any time revoke your consent once given to us. The consequence of this revocation is that in future we may no longer continue processing data based on this consent.

  • In accordance with article 77 GDPR, you are entitled to complain to a regulatory authority. As a rule, you may refer this complaint to the regulatory authority at your customary place of residence, place of work or our company’s registered office.

§ 10 Right to object

In processing your personal information on the basis of a legitimate interest in accordance with article 6 para. 1 clause 1.f GDPR, article 21 GDPR entitles you to object to the processing of your personal data should there be grounds related to your particular situation or should the objection be aimed at direct advertising. In the case of direct advertising, you have a general right to object that we will implement even in the absence of a particular situation.

§ 11 Data security and security measures

We undertake to protect your privacy and to treat your personal data confidentially. In order to prevent manipulation, loss or misuse of your data stored by us, we take extensive technical and organisational precautions that are regularly reviewed and adjusted in line with technical progress. These precautions include amongst other things the use of recognised encoding procedures (SSL or TLS).?We would like to draw your attention however to the fact that, due to the structure of the Internet, it is possible that individuals and institutions outside our area of responsibility will not comply with the rules of data protection and the security measures referred to above. In particular, data disclosed without encryption – e.g. should this be disclosed by e-mail – may also be read by third parties. Technically, we have no influence in such cases. The protection against misuse of information provided by the user, by means of encoding or some other method, is the responsibility of the user.

 

Current state of documentation: May 2018