Detailed patient information in accordance with the GDPR


1. art. 13 GDPR

1.1 Description of the processing activity
This data protection information is provided in order to fulfil the treatment contract between you and the clinic and the associated obligations.

The collection of health data is a prerequisite for your treatment. If the necessary information is not provided, careful treatment cannot take place.

1.2 Name and contact details of the person responsible
Responsible for data collection is
Mr E. Spitkowski, Managing Director of PAN Klinik am Neumarkt GmbH, Zeppelinstr. 1, 50667 Cologne, e-mail: info@pan-klinik.de

1.3 Contact details of the data protection officer
The data protection officer is
Dr Andreas Pinheiro, LL.M.
Berrenrather Str. 274, 50937 Cologne
Company ap-datenschutz

1.4 Origin of the personal data
PAN Klinik am Neumarkt GmbH processes personal data that it receives from you as part of its business relationship.

In addition, it processes personal data that it has received from the doctors treating you (e.g. name and date of the surgery appointment), insofar as this is necessary for the fulfilment of the hospital contract with you.

1.5 Purposes and legal bases of the processing
1.5.1 The following categories of data are processed:

  • Patient data (name, address, telephone number, e-mail)
  • Sensitive data (treatment data, health data)
  • Sensitive data (religious affiliation, racial or ethnic origin)
  • Sensitive data (biometric data, genetic data)
  • Sensitive data (sex life or sexual orientation)
  • Bank details
  • Social security data
  • Social data (e.g. when exchanging data with KVs)
  • Payment data
  • Advertising and sales data
  • Employee data
  • Supplier data (e.g. laboratories, doctors, technical service providers)


1.5.2 Your data is collected in order to
to fulfil the treatment contract between you and the clinic and the associated obligations. The data includes your personal data (name, address, etc.) but also medical histories, diagnoses, therapy suggestions and findings that we or other doctors collect. For these purposes, other doctors or psychotherapists with whom you are undergoing treatment may also provide us with data (e.g. in doctor's letters).

1.5.3 Legal bases of the processing
If sensitive data pursuant to Art. 9 GDPR is processed in the course of administrative activities, this is generally based on Art. 9 para. 2 lit. h GDPR. In this case, disclosure is only permitted if it is made to specialised personnel who are subject to a confidentiality obligation within the meaning of Section 203 of the German Criminal Code (StGB).

Your health data (e.g. medical reports, admissions, findings) will also be processed by PAN Klinik am Neumarkt GmbH in special cases on the basis of your consent in accordance with Art. 9 para. 2 lit. a GDPR (consent), this includes the transfer of health data to other doctors who are not involved in the treatment (if there is no legal basis) or to billing services for private patients or when using the appointment scheduling software, the transmission of tissue samples or the transfer of data from the laboratory findings system.

Your data is processed on the basis of Art. 6 para. 1 lit. a GDPR (consent) or, in the case of health data, on the basis of Art. 9 para. 2 lit. a GDPR (consent); this includes the disclosure of data for advertising purposes for which consent is required.

Your data will also be processed on the basis of Art. 6 para. 1 lit. b GDPR (fulfilment of the contract), e.g. for billing and accounting purposes.

Your data will also be processed on the basis of Art. 6 para. 1 lit. c GDPR (legal obligation). Diagnostic documents from a radiological examination must be kept for 30 years. Otherwise, a 10-year period from the HGB and the AO often applies. X-ray or CT examinations may be passed on to an attending physician on the basis of a legal order in order to spare you unnecessary exposure to radiation.

Beyond the actual fulfilment of the contract, PAN Klinik am Neumarkt GmbH processes personal data in accordance with Art. 6 para. 1 sentence 1 letter f GDPR. This is permissible insofar as the processing is necessary to safeguard our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, prevail. Such a legitimate interest exists in the case of

a) Acting within the scope of receivables management. The "outsourcing" of receivables management corresponds to the general expectations in legal transactions, especially for small and medium-sized companies.

b) Notification and data exchange with credit agencies (e.g. SCHUFA) to report a documented inability or unwillingness to pay for specific business transactions. This only takes place if the debtor's inability or unwillingness to pay is documented, for example by a government agency.

c) Assertion of legal claims and defence in legal disputes

d) To advertise our own products within the permitted legal framework, but not to patients (e.g. existing customer advertising or recommendation advertising (flyers) not relevant under data protection law)

e) To ensure the IT security and IT operations of the company, as long as no health data needs to be disclosed.

f) To prevent and investigate criminal offences, in particular we use data analyses to identify indications of fraud or abuse.

1.6 Recipients or categories of recipients of the personal data
Within PAN Klinik am Neumarkt GmbH, those departments that need your data to fulfil the clinic's contractual obligations will have access to it. Processors engaged by PAN Klinik am Neumarkt GmbH (Art. 28 GDPR) may also receive data for these purposes.

A list of the contractors and service providers we use with whom we have business relationships that are not merely temporary can be found in the appendix to this text.

  • Doctors providing further treatment, if the forwarding of the examinations is regulated by law (e.g. Section 28 (6) RöV) or you have given your consent.
  • Supervisory and authorisation authorities
  • The Association of Statutory Health Insurance Physicians (KV)
  • Your statutory health insurance company
  • Medical service of the health insurance funds (MDK)
  • Professional associations (BG) within the scope of § 201, 203 SGB VII
  • Private clearing centres
  • Medical associations
  • Attending physicians and anaesthetists involved in the treatment
  • External service providers

1.7 Transfer of personal data to a third country
There are no plans to transfer your personal data to a third country or an international organisation.

1.8 Duration of storage of personal data
We delete your personal data as soon as it is no longer required for the above-mentioned purposes. Data may be stored for the period in which legal claims are asserted against us statutory regular limitation period 3 years § 195 BGB, up to 30 years § 197 BGB.

We also store your data insofar as we are legally obliged to do so. Corresponding proof and retention obligations arise for us from:

  • the German Fiscal Code (§ 147 AO 6 or 10 years)
  • 10-year retention period for the patient file (Section 630f (3) BGB)
  • the German Commercial Code (§ 257 HGB 6 or 10 years)
  • the X-Ray Ordinance (§ 28 RöV, 30 years)


1.9 Rights of data subjects
According to the General Data Protection Regulation, you have the following rights:

If your personal data is processed, you have the right to obtain information about the personal data stored about you (Art. 15 GDPR).

If incorrect personal data is processed, you have the right to rectification (Art. 16 GDPR).

If the legal requirements are met, you can request the erasure or restriction of processing and object to processing (Art. 17, 18 and 21 GDPR).

If you have consented to the data processing or a contract for data processing exists and the data processing is carried out using automated procedures, you may have a right to data portability (Art. 20 GDPR).

If you make use of your above-mentioned rights, the controller will check whether the legal requirements for this are met.

If you are of the opinion that data processing violates applicable data protection law, you have the right to lodge a complaint with a data protection supervisory authority. You can reach the supervisory authority responsible for our company using the following contact details

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, P.O. Box 20 24 44, 40102 Düsseldorf

1.10. Obligation to provide the data
PAN Klinik am Neumarkt GmbH requires your data in order to carry out and invoice your treatment and, if necessary, to transmit diagnoses and findings to doctors providing further treatment.

Without this data, PAN Klinik am Neumarkt GmbH will generally have to refuse to conclude the contract or will no longer be able to fulfil an existing contract and may have to terminate it.

You are also contractually obliged under the care contract to provide PAN Klinik am Neumarkt GmbH with your patient master data (name, address, telephone number, e-mail address). If you do not provide this data, we will not be able to provide treatment.

1.11. Special case: Obligation to provide information in the event of a subsequent change of purpose
None

1.12. Indication of the existence of automated decision-making including profiling
PAN Klinik am Neumarkt GmbH processes some of your data automatically with the aim of evaluating certain personal aspects (profiling). We use profiling in the following cases:

Art. Appendix 1: Service providers who work for us by way of order processing (as of NOV 2020):

Client

Service provider

Object/purpose of the assignment

PAN Klinik am Neumarkt GmbH

medi2consult


Central IT service provider; data carrier destruction;

PAN Klinik am Neumarkt GmbH

Fa. Pelz Zeit- und Datenerfassungs OHG


Software maintenance

PAN Klinik am Neumarkt GmbH

Fa. Apleona


Maintenance work according to maintenance plan

PAN Klinik am Neumarkt GmbH

CGM (Compu Group Medical)


Software maintenance

PAN Klinik am Neumarkt GmbH

Fa. Rincon


Website support

PAN Klinik am Neumarkt GmbH

Fa Niesen


Destruction of files and data carriers

PAN Klinik am Neumarkt GmbH

Fa. Local Performances


Advertising agency

PAN Klinik am Neumarkt GmbH

DATEV


Processing of invoices in the DATEV Cloud


2. information about your right to object in accordance with Art. 21 GDPR

1. you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (f) of Article 6(1) GDPR (data processing on the basis of a balancing of interests). If you object, PAN Klinik am Neumarkt GmbH will no longer process your personal data unless PAN Klinik am Neumarkt GmbH can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

2. in individual cases, PAN Klinik am Neumarkt GmbH processes your personal data for the purpose of direct advertising. You have the right to object at any time to the processing of data concerning you for the purpose of such advertising. If you object to processing for direct marketing purposes, PAN Klinik am Neumarkt GmbH will no longer process your personal data for these purposes. The objection can be made informally and should preferably be addressed to 
PAN Klinik am Neumarkt GmbH , Zeppelinstr. 1, 50667 Cologne, info@pan-klinik.de, 0221 2776-610