Privacy Policy

Our handling of personal data has been aligned with global principles and standards relating to transparency in the use of personal data, the observance and granting of rights of choice, access regulations, rules on data integrity, data security, data transfer and monitoring the lawfulness of processing. The MVZ für Diagnostik, Prävention, Onkologie und Gastroenterologie Tübingen GmbH complies in particular with the General Data Protection Regulation (GDPR) and the German Genetic Diagnostics Act.

Consent

By using this website, you consent to the electronic storage and use of your data as described below. Changes to this privacy policy will always be announced on this page so that you are always informed about what data the MVZ für Diagnostik, Prävention, Onkologie und Gastroenterologie Tübingen GmbH stores and how it is used.

Where required by applicable data protection law, we will also expressly request your consent for the further processing of the personal data collected on this website or provided by you.

This consent can be revoked at any time by sending an e-mail to info(at)mvz-tuebingen.de. In any case, MVZ für Diagnostik, Prävention, Onkologie und Gastroenterologie Tübingen GmbH undertakes to treat all personal data provided confidentially and not to pass on any data to third parties.

Collection and processing of personal data

MVZ für Diagnostik, Prävention, Onkologie und Gastroenterologie Tübingen GmbH would like to better understand your wishes and interests and offer you the best possible service. Therefore, MVZ für Diagnostik, Prävention, Onkologie und Gastroenterologie Tübingen GmbH collects and uses personal information in the manner described below and in accordance with applicable data protection law.

When you visit our website, we collect your IP address and use cookies and other Internet technologies (hereinafter referred to as “automated tools” and “integrated web links”) to collect general information about visitors to our website. Below we explain which technologies are used and what type of information is collected.

We also collect and process data that you provide to us voluntarily, for example when you contact us by means of the contact form.

What data do we collect and why?

The MVZ für Diagnostik, Prävention, Onkologie und Gastroenterologie Tübingen GmbH would like to use the collected data to offer you consistent personalised care. MVZ für Diagnostik, Prävention, Onkologie und Gastroenterologie Tübingen GmbH will only use your data as described in this privacy policy. Any subsequent change in the purpose of use is subject to your express consent unless the change is otherwise legitimised by applicable legal provisions.

We always process your personal data for a specific purpose

In particular, we may process your personal data for the following purposes:

• To process orders
• To inform you about our diagnostic services, the procedure, costs and payment, and other information. In some cases, this may also include information from other companies and business partners, insofar as their products complement the products of MVZ für Diagnostik, Prävention, Onkologie und Gastroenterologie Tübingen GmbH in a beneficial way
• To contact you, answer customer enquiries and provide information on dispatch and billing issues
• To process job enquiries
• To fulfil contractual obligations
• To answer your enquiries and provide you with efficient support
• For archiving and logging
• For invoicing and accounting
• For other purposes required by law and authorities
• In certain cases, we are legally obliged to transmit data to a requesting government body (institution or authority). The legal basis for processing is Art. 6 (1) c GDPR or Section 24 (2) (1) BDSG.
• In some cases, business partners require personal data from our customers, usually in the context of order fulfilment (e.g. in the event of complaints). This request for personal data is expressly provided for by law. The MVZ für Diagnostik, Prävention, Onkologie und Gastroenterologie Tübingen GmbH remains responsible for the protection of your data even in this case – in addition to the data processor, if applicable. The respective business partner works in accordance with our instructions, which MVZ für Diagnostik, Prävention, Onkologie und Gastroenterologie Tübingen GmbH ensures through strict contractual regulations.

IP addresses

IP addresses are used to analyse malfunctions, administer the website and obtain demographic information. MVZ für Diagnostik, Prävention, Onkologie und Gastroenterologie Tübingen GmbH only collects such data in anonymised form and does not link it to a registered user’s profile without their consent. When you visit our website, only the domain name is recorded by default.

MVZ für Diagnostik, Prävention, Onkologie und Gastroenterologie Tübingen GmbH only collects data in connection with your visit to our website. We do not collect any personal data in connection with your visits to the websites of other companies or organisations that do not belong to us.

This website uses the cookie consent tool “CCM19” from Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn (“CCM19”) to obtain user consent for cookies and cookie-based applications that require consent.

When visiting our site, users are shown a banner, which is embedded on the page using JavaScript code. In this banner, they can give their consent for certain cookies and/or cookie-based applications by checking a box. The tool blocks all cookies requiring consent until the respective consent has been given by checking the box. This ensures that such cookies are only stored on the respective end device with the user’s explicit consent.

In order to assign page views to unique users and to be able to individually record, log, and store the consent settings made by the user for the duration of a session, the cookie consent tool collects certain user information (including the IP address) when our website is accessed. This information is transmitted to CCM19 servers and stored there.

CCM19 is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 (1) (c) GDPR. Further information on data use by CCM19 can be found at https://www.ccm19.de/datenschutzerklaerung.html.

If you enter your e-mail address in the contact form, we will also contact you by e-mail. We will not pass on your e-mail address to third parties outside the MVZ für Diagnostik, Prävention, Onkologie und Gastroenterologie Tübingen GmbH. You can decide at any time that you no longer wish to receive e-mails from us.

Depending on the settings of your e-mail programme, information may be automatically transmitted to us when you send an e-mail to MVZ für Diagnostik, Prävention, Onkologie und Gastroenterologie Tübingen GmbH.

We work together with service providers who process certain data on our behalf exclusively in accordance with the applicable data protection law. In particular, we have concluded agreements with our service providers on data processing on our behalf that meet the requirements of Article 28 GDPR.

Our texts use fonts from Adobe Fonts, a service provided by Adobe Inc, 345 Park Avenue, San Jose, CA 95110-2704 (“Adobe”).

When you access one of our pages, your browser loads the required web fonts into your browser cache so that texts and fonts are displayed correctly. To do so, your browser connects to the Adobe server. For this purpose, information such as the fonts provided, JavaScript version, IP address, etc. is collected.

You can find more detailed information on Adobe’s privacy policy here: https://www.adobe.com/de/privacy/policies/adobe-fonts.html

To improve the accessibility of our website, we use the “One Click Accessibility” plugin from the provider OneTap (wponetap.com). The plugin lets visitors customise the display of the website to their individual needs – for example, by enlarging the font or increasing the contrast. The plugin does not process any personal data and does not transfer any data to OneTap servers. Cookies are not set by OneTap. All settings made are stored locally in the user’s browser to retain the selected configuration during a subsequent visit. The use is based on Art. 6 (1) f GDPR (legitimate interest). Our interest lies in improving the user-friendliness and accessibility of our website.

Further information about the provider: https://wponetap.com/

The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR. With the tracking measures used, we aim to ensure a demand-oriented design and the continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the tracking tools described in more detail below.

Google Tag Manager

Use Google Tag Manager: Google Tag Manager is a solution that allows marketers to manage website tags through a single interface. The Tag Manager tool itself (which implements the tags) is a cookie-loose domain and does not collect any personal information. The tool is responsible for triggering other tags, which in turn may collect data. Google Tag Manager has no access to this data. When disabled at the domain or cookie level, all tracking tags implemented with the Google Tag Manager will continue to be disabled. https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties if

1. You have given your express consent in accordance with Art. 6 (1) (1) a GDPR and/or Section 26 (2) German Federal Data Protection Act (BDSG).
2. The disclosure pursuant to Art. 6 (1) (1) f) GDPR is necessary for the assertion, exercise or defence of legal claims. There is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.
3. There is a legal obligation for the disclosure pursuant to Art. 6 (1) (1) c GDPR.
4. Diese gesetzlich zulässig und nach Art. 6 Abs. 1 S. 1 lit. b) DSGVO, § 26 Abs. 1 BDSG für die Abwicklung eines Vertragsverhältnisses mit Ihnen oder für vorvertragliche Maßnahmen auf Ihre Veranlassung erforderlich ist.

A transfer to a third country or an international organisation is not intended and no automated decision-making takes place, unless otherwise provided for in this data protection declaration.

If necessary, information from MVZ für Diagnostik, Prävention, Onkologie und Gastroenterologie Tübingen GmbH will also be passed on to business partners, service providers, third parties or subcontractors. Such transfer may be necessary in order to provide a service or transaction requested by you, e.g., for order processing or customer service purposes.

MVZ für Diagnostik, Prävention, Onkologie und Gastroenterologie Tübingen GmbH may be obliged to disclose your data and related information in response to a court or official order. We also reserve the right to use your data for the assertion of or defence against legal claims.

In the event of a takeover or merger with another company, it may be necessary to disclose or pass on personal data to potential or actual buyers. In such a case, MVZ für Diagnostik, Prävention, Onkologie und Gastroenterologie Tübingen GmbH will endeavour to protect the data as far as possible.

In accordance with applicable law, we reserve the right to store and pass on personal and other data to detect and combat illegal activities and attempted fraud or a breach of the terms of use of MVZ für Diagnostik, Prävention, Onkologie und Gastroenterologie Tübingen GmbH.

Our website may contain links to third-party websites. The MVZ für Diagnostik, Prävention, Onkologie und Gastroenterologie Tübingen GmbH is not responsible for the data protection precautions or the content of websites outside the MVZ für Diagnostik, Prävention, Onkologie und Gastroenterologie Tübingen GmbH.

We only retain personal data for as long as required by the purpose or legal provisions for which it was collected.

For easy directions to our site, we use the map service of Google Maps, which belongs to the provider Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Maps stores your IP address in order to provide you with the necessary information. This storage takes place on Google’s servers in the United States; we have no influence on this transmission. Google Maps uses Google Fonts for its fonts and texts, which are loaded into your browser cache, to ensure a standardised display. The use of Google Maps is based on your consent in accordance with Section 6 (2) DSG-EKD (Data Protection Act of the Evangelical Church in England) and Section 25 (1) TTDSG (Telecommunications and Telemedia Data Protection Act). This consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) in accordance with TTDSG. You have the right to withdraw your consent at any time. The revocation does not affect the legality of the data processing carried out before the revocation. The transfer of data to the United States is carried out using the standard contractual clauses of the EU Commission.

Further information can be found here: privacy.google.com/businesses/gdprcontrollerterms/ and privacy.google.com/businesses/gdprcontrollerterms/sccs/. Further information on the handling of user data can be found in Google’s privacy policy: policies.google.com/privacy.

§ 1 Collection of personal data

(1) T2med GmbH & Co KG (“T2med”) collects and processes the personal data of its customers, business partners and employees in compliance with the applicable statutory data protection regulations, in particular, in compliance with the requirements of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

(2) The party responsible for data collection and processing is T2med GmbH & Co: Bismarckallee 15, 24105 Kiel, Germany, fax: +49 431 – 55 680 690, e-mail:info@t2med.de . You can contact the data protection officer (Niels Köhrer, specialist lawyer for IT law, www.koehrer.de) by e-mail at dsb@t2med.de or by post at our address with the addition “Data Protection Officer”.

§ 2 Purposes, scope and duration of data collection and processing; legal bases

(1) T2med collects and processes personal data of customers who have purchased software licences from T2med or who have concluded a software licence agreement and maintenance contract with T2med. In particular, the customer’s contact data (name, practice name, address, telephone and fax numbers, e-mail address, homepage, operating site numbers, KV region, practice type, previous practice programme), the physician data of the physicians covered by the licence (title, name, HZV, LANR, BSNR) and the customer’s account data are collected and processed. Data is collected and processed on the basis of Art. 6 (1) b GDPR to fulfil the mutual obligations arising from the licence and software maintenance agreements concluded. The data is processed for the duration of the contractual relationship and beyond that only to the extent necessary to fulfil the contractual and legal obligations.

(2) When the Internet domain www.patmed.de, www.t2med.de or its subpages operated by T2med are called, data is automatically sent to the T2med server by the browser and stored for a limited period of time. The storage serves internal system-related and statistical purposes. The following are logged: the name of the retrieved file, date and time of retrieval, amount of data transferred, notification of successful retrieval, web browser and requesting domain. The IP addresses of the requesting computers are also logged. Further personal data is only collected if the user of the website and/or customer provides information voluntarily, for example, as part of an enquiry or registration, in particular, to register for the T2med forum or conclude a contract or by means of the settings of their browser. Data is collected and processed in accordance with Art. (6) (1) (1) f GDPR. When making entries in the online contact form on the website, contacting T2med electronically, registering for the forum or otherwise placing orders with T2med through the website, consent is given to the collection and processing of the personal data transmitted. Data processing is carried out exclusively for the purpose of processing and responding on the basis of consent pursuant to Art. 6 (1) (1) a GDPR. The personal data collected in this way will be automatically deleted as soon as the enquiry has been completed and there are no reasons for further storage (e.g. subsequent commissioning of T2med). The PatMed and T2med websites use cookies. A cookie is a text file that is sent when a website is visited and stored temporarily on the hard drive of the website user and/or customer. If the corresponding T2med server is called again by the user of the website and/or customer, the browser of the user of the website and/or customer sends the previously received cookie back to the server. The server can then analyse the information received through this procedure in various ways. Cookies can be used, for example, to control the display of adverts or make it easier to navigate a website. If the user of the website and/or customer wishes to prevent the use of cookies, they can do so by making local changes to their settings in the Internet browser used on their computer, i.e. the programme for opening and displaying Internet pages (e.g. Internet Explorer, Mozilla Firefox, Opera or Safari). The data collection and processing associated with cookies for the abovementioned purposes is justified to safeguard the legitimate interests of T2med in accordance with Art. 6 (1) (1) f GDPR. Plugins from the following social networks are integrated into the T2med website: Facebook, Twitter, Instagram. The legal basis for the use of social media plugins is Art. 6 (1) (1) f GDPR. A legitimate interest and purpose of the use of plugins is to publicise T2med’s services more widely. The social networks are responsible for handling their users’ data in compliance with data protection regulations.

(3) The collection and processing of personal data of T2med employees is carried out on the basis of Art. 6 (1)b GDPR for the fulfilment of mutual obligations arising from employment relationships and for the fulfilment of legal obligations by T2med in accordance with Art. 6 (1) c GDPR, in particular for tax and social security reasons. Personal data of applicants for employee positions are collected and processed for the purpose of the application procedure on the basis of the consent associated with the sending of application documents on the basis of Art. 6 (1) a GDPR. Employee data will be processed for the duration of the employment relationship and subsequently to the extent necessary for the settlement of existing reciprocal claims or to fulfil T2med’s legal obligations. Applicant data will be stored for the duration of the application process and then deleted.

(4) The collection and processing of personal data of business partners (in particular, suppliers and service providers) is carried out in accordance with Art. 6 (1) b GDPR for the initiation, implementation and follow-up of the respective contractual relationships to the extent necessary. In particular, contact details of business partners and their employees are collected and processed. Data will be processed for as long as required to safeguard the legitimate interests of T2med, in particular to enforce any claims. Beyond this use, data will only be collected and processed with the consent of the business partner concerned.

(5) The PatMed app uses push services from Firebase Cloud Messaging. If the push service is used, a device token from Apple or a registration ID from Google is assigned. These are encrypted, anonymised device IDs. The sole purpose of their use is to provide the push services. It is not possible for T2med to identify the individual user. The push service can be customised or deactivated on the user’s operating system if required. The push messages are end-to-end encrypted.
Other Firebase services are not used.

Further information on the terms of use of Firebase Cloud Messaging can be found on the Firebase website: https://firebase.google.com/terms/.

§ 3 Rights of data subjects affected by data collection and processing

The data subjects affected by the collection and processing of personal data by T2med have the rights listed below with regard to data collection and processing:

(1) Right to information in accordance with Art. 15 GDPR

Data subjects may request information from T2med as to whether personal data is processed by T2med. However, there is no right to information if the provision of the requested information must be kept secret for legitimate reasons, in particular, due to an overriding legitimate interest of a third party. In this case, a balance must be struck between the data subject’s interest in information and the third party’s interest in confidentiality. A right to information is also excluded if the personal data must not be deleted only due to statutory retention periods or serve exclusively for data backup or data protection control, provided that the provision of the requested information would require a disproportionately high effort and the processing for other purposes is excluded by suitable technical and organisational measures. If the right to information is not excluded, T2med may be requested to provide the following information:

• Purpose of data collection and processing;
• Categories of personal data processed;
• Recipients or categories of recipients to whom personal data is disclosed;
• Duration of storage of the personal data or, if this is not possible, criteria for determining the storage period
• The existence of a right to rectification or erasure or restriction of processing of personal data or a right to object to such processing
• The existence of a right to lodge a complaint with a supervisory authority;
• If personal data was not collected from the data subject: available information on the origin of the data
• Where applicable, the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and envisaged consequences of automated decision-making
• Where applicable, in the case of transfer to recipients in third countries, unless the EU Commission has decided on the adequacy of the level of protection pursuant to Art. 45 (3) GDPR, information on the appropriate safeguards pursuant to Art. 46 (2) GDPR for the protection of personal data.

(2) Right to receive a copy pursuant to Art. 15 (3) GDPR and right to data portability pursuant to Art. 20 GDPR

Data subjects have the right to receive a copy of the personal data concerning them and, in this context, to data portability if the processing is based on the consent of the data subject (Art. 6 (1) (1) a or Art. 9 (2) a GDPR) or on a contract with the data subject and the processing is carried out using automated procedures. The right to data portability includes the right to data portability, provided that it does not adversely affect the rights and freedoms of third parties: the personal data must be receivedin a structured, commonly used and machine-readable format, and the data subject must be able to transmit those data to another controller without hindrance from T2med in any form. Where technically feasible, the data subject may request that T2med transmit the personal data directly to another data controller.

(3) Right to rectification and restriction of processing pursuant to Art. 16 GDPR and Art. 18 GDPR

a) If a data subject discovers that T2med has incorrect personal data relating to the data subject, the data subject may request that T2med rectify this incorrect data without delay. In the case of incomplete personal data, completion may be requested.

b) A data subject may request the restriction of processing if

• the accuracy of the personal data is contested, for the duration of the verification of accuracy by T2med;
• the processing is unlawful and the restriction of the use of the personal data is requested instead of erasure;
• the personal data are no longer necessary for the purposes of the processing by T2med, but are required by the data subject for the establishment, exercise or defence of legal claims;
• an objection has been lodged pursuant to Art. 21 (1) GDPR pending the verification as to whether the legitimate grounds of T2med override those for the restriction.

Restriction of processing means that personal data will only be processed with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of a third party or for reasons of important public interest. T2med will inform the data subject before cancelling a restriction.

(4) Right to erasure pursuant to Art. 17 GDPR

The data subject has the right to erasure of personal data (“right to be forgotten”), unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation or for the performance of a task carried out in the public interest, and one of the following reasons applies

• the personal data is no longer necessary in relation to the purposes for which it was processed;
• the justification for the processing was solely the consent of the data subject, which has since been withdrawn
• an objection has been lodged against the processing of personal data that T2med has made public;
• an objection has been lodged to the processing of personal data not made public by T2med and there are no overriding legitimate grounds for the processing
• the personal data has not been processed unlawfully;
• the erasure of the personal data is no longer necessary for compliance with a legal obligation to which T2med is subject.

There is no right to erasure if, in the case of lawful non-automated data processing, erasure is not possible or only possible with disproportionate effort due to the special type of storage and the interest in erasure is low. In this case, the restriction of processing may be requested instead of erasure.

(5) Objection and revocation of consent

If the processing of personal data is based on Art. 6 (1) (1) f GDPR (legitimate interest of the controller or a third party), the data subject has the right to object to the processing of personal data concerning them at any time for reasons arising from their particular situation. This also applies to profiling based on Art. 6 (1) (1) e or f GDPR. After exercising the right to object, T2med will no longer process the personal data concerned unless T2med can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject. The same applies in the case of processing for the establishment, exercise or defence of legal claims by T2med.

The data subject may object at any time to the processing of personal data concerning them for direct marketing purposes. This also applies to profiling in connection with such direct marketing. After exercising the right to object, T2med will no longer use the personal data concerned for direct marketing purposes. The data subject has the option of informing T2med of the objection informally by telephone, e-mail, fax or post.

The person affected by the collection and storage of data has the right to revoke their consent at any time with effect for the future. The revocation of consent can be communicated informally to T2med by telephone, e-mail, fax or post. The revocation does not affect the legality of the data processing until receipt of the revocation. If the data processing is carried out exclusively on the basis of the consent given in advance, T2med shall cease the data processing immediately after revocation of the consent.

§ 4 Data transfer; organisational measures

(1) Forwarding of data

T2med will only disclose or otherwise transfer personal data to third parties if required for the purpose of contract fulfilment or billing purposes or if the data subject has given their prior consent. Any consent given can be revoked at any time with effect for the future.

(2) Technical measures for data protection

For the processing of personal data by T2med, suitable technical and organisational measures are taken to ensure that the personal data is protected. These measures include, in particular, the pseudonymisation and encryption of personal data, data backup and the evaluation of technical and organisational measures.

§ 5 Processors of personal data

On the basis of the software utilisation and maintenance contracts, T2med also offers its customers remote maintenance and servicing of the software products. In this way, T2med is enabled to access and process the personal data collected and processed by its customers. This processing of personal data is inextricably linked to the services provided by T2med to its customers. T2med guarantees to its customers that all data protection provisions under the GDPR and BDSG are also observed with regard to this data in accordance with this data protection notice.

§ 6 Right of complaint in relation to T2med

Data subjects affected by the collection and processing of personal data have the right to lodge a complaint with the supervisory authority responsible for T2med in accordance with Art. 77 GDPR: State Data Protection Officer Marit Hansen, Independent State Centre for Data Protection Schleswig-Holstein, P.O. Box 7116, 24171 Kiel, Germany. A complaint may also be lodged with the supervisory authority responsible for the data subject’s usual place of residence or workplace.

1. We process applicant data only for the purpose and within the scope of the application process in accordance with the legal requirements. Applicant data is processed to fulfil our (pre-)contractual obligations as part of the application process within the scope of Art. 6 (1) b GDPR/Art. 6 (1) f GDPR if the data processing becomes necessary for us, e.g. in the context of legal proceedings (in Germany, Section 26 BDSG also applies).
2. The application process requires applicants to provide us with applicant data. Necessary applicant data includes personal details, postal and contact addresses and the documents relating to the application, such as cover letter, CV and references. Applicants can also voluntarily provide us with additional information.
3. By submitting their application to MVZ für Diagnostik, Prävention, Onkologie und Gastroenterologie Tübingen GmbH, applicants consent to the processing of their data for the purposes of the application process in accordance with the type and scope set out in this privacy policy.
4. Insofar as special categories of personal data within the scope of Art. 9 (1) GDPR are voluntarily communicated as part of the application process, their processing is also carried out in accordance with Art. 9 (2) b GDPR (e.g. health data, such as severely disabled status or ethnic origin). Insofar as special categories of personal data within the scope of Art. 9 (1) GDPR are requested from applicants as part of the application process, their processing is also carried out in accordance with Art. 9 (2) a GDPR (e.g. health data if required for the exercise of the profession).
5. Applicants can send us their applications by post or by e-mail. Please note, however, that e-mails are generally not sent in encrypted form and applicants must ensure that they are encrypted themselves. We can therefore accept no responsibility for the transmission path of the application between the sender and receipt on our server. If the applicant has any concerns regarding the security of the application documents sent by e-mail, we recommend sending the application documents by post.
6. In the event of a successful application, the data provided by the applicant may be processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicant’s data will be deleted. Applicants’ data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.
7. The deletion takes place, subject to a justified cancellation by the applicants, after the application procedure has been completed for six months so that we can answer any follow-up questions about the application and fulfil our obligations to provide evidence under the Gleichbehandlungsgesetz (German Equal Treatment Act). If you have been accepted for a position as part of the application process, the data from the application will be transferred to a personnel file and deleted 10 years after termination of the employment relationship.

Invoices for any reimbursement of travel expenses will be archived in accordance with tax regulations.

You have the right,

1. to request information about your personal data processed by us in accordance with 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, such as the existence of automated decision-making and, if applicable, meaningful information about its details;
2. in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or the completion of your personal data stored by us
3. in accordance with Art. 17 GDPR, to demand the erasure of personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation in the public interest or for the establishment, exercise or defence of legal claims
4. in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
5. in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller
6. in accordance with Art. 7 para. 3 GDPR, to revoke your consent given to us at any time. The consequence of this is that we may no longer continue the data processing that was based on this consent in the future; and
7. to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or the registered office of our company.

The competent supervisory authority for data protection at MVZ für Diagnostik, Prävention, Onkologie und Gastroenterologie Tübingen GmbH:

Baden-Württemberg Supervisory Authority
The State Commissioner for Data Protection Baden-Württemberg
P.O. Box 10 29 32, 70025 Stuttgart
Lautenschlagerstraße 20, 70173 Stuttgart
Tel. +49 711 615541-0
Fax: +49 711 615541-15
Mail: poststelle@lfd.bwl.de
http://www.baden-wuerttemberg.datenschutz.de

To assert the aforementioned rights and ask questions about data protection, you can contact the data controller in accordance with Section 1 above or send an e-mail to info(at)mvz-tuebingen.de

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 (1) (1) f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation. If you would like to exercise your right of cancellation or objection, simply send an e-mail to info(at)mvz-tuebingen.de

1. We use the widespread SSL (Secure Sockets Layer) method in conjunction with the highest level of encryption supported by your browser when you visit our website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can recognise whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.
2. We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
3. In addition, we oblige each of our employees to maintain data protection and confidentiality in accordance with the General Data Protection Regulation (GDPR).

Due to current circumstances, such as a change in the relevant data protection regulations, we will update this privacy policy if necessary.

Status: 30/07/2025