OpenEDC OpenEDC Health UG (haftungsbeschränkt)
Dear visitor, contract partner, interested party,
In accordance with the provisions of Articles 13, 14, and 21 of the General Data Protection Regulation (GDPR), we would like to inform you about the processing of your personal data and your related data protection rights. The specific data processed and the manner in which it is used are primarily determined by the requested or agreed services. To ensure that you are fully informed about the processing of your personal data in the context of the fulfillment of a contract or the execution of pre-contractual measures, please take note of the following information.
Responsible in the sense of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations:
OpenEDC Health UG (limited liability)
— represented by Dr. Leonard Greulich
Meppener Str. 11a
48155 Münster
Germany
Phone: +49 1590 5368729
Email: mail@openedc.app
The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data are all data with which you can be personally identified. Detailed information on the subject of data protection can be found in our privacy policy listed below this text.
We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). Insofar as personal data are required for the initiation or execution of a contractual relationship or in the context of the execution of pre-contractual measures, processing is lawful according to Art. 6 Para. 1 lit. b GDPR.
If you give us express consent to process personal data for specific purposes (e.g., disclosure to third parties, evaluation for marketing purposes, or promotional approach via email), the legality of this processing is based on your consent according to Art. 6 Para. 1 lit. a GDPR. A given consent can be revoked at any time with effect for the future.
If necessary and legally permissible, we process your data beyond the actual contractual purposes to fulfill legal obligations according to Art. 6 Para. 1 lit. c GDPR. In addition, processing may occur to protect legitimate interests of us or third parties as well as to assert and defend legal claims according to Art. 6 Para. 1 lit. f GDPR. Where appropriate, we will inform you separately about the legitimate interest, provided that this is legally required.
Below you will find information on the data subject rights the applicable data protection law grants you against the controller with regard to the processing of your personal data:
The right to request information about your personal data processed by us according to Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, limitation of processing or objection, the existence of a right to complain, the source of your data if they were not collected by us, and the existence of automated decision-making including profiling and possibly meaningful information about their details.
The right to demand the immediate correction of incorrect or complete your personal data stored by us according to Art. 16 GDPR.
The right to request the deletion of your personal data stored by us according to Art. 17 GDPR, unless the processing is necessary to exercise the right of freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or to assert, exercise or defend legal claims.
The right to demand the restriction of the processing of your personal data according to Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse their deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing according to Art. 21 GDPR.
The right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller according to Art. 20 GDPR.
The right to complain to a supervisory authority according to Art. 77 GDPR. As a rule, you can contact the supervisory authority of our above-mentioned seat, or if applicable, that of your usual place of residence or workplace.
The right to revoke consent given according to Art. 7 Para. 3 GDPR: You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the affected data immediately, provided further processing cannot be based on a legal basis for processing without consent. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
If your personal data are processed by us based on legitimate interests according to Art. 6 Para. 1 S. 1 lit. f GDPR, you have the right according to Art. 21 GDPR to object to the processing of your personal data, provided there are reasons for this arising from your particular situation. As far as the objection is directed against the processing of personal data for the purpose of direct advertising, you have a general right of objection without the requirement of specifying a particular situation.
If you wish to exercise your right of revocation or objection, an email to the above-mentioned contact address is sufficient.
The provision of personal data for the decision on a contract conclusion, the fulfillment of the contract, or the execution of pre-contractual measures is voluntary. However, we can only make the decision within the framework of contractual measures if you provide personal data necessary for the contract conclusion, fulfillment, or pre-contractual measures.
We reserve the right to adapt or update this privacy policy if necessary in accordance with the applicable data protection regulations. In this way, we can adjust it to current legal requirements and take into account changes in our services, e.g., when introducing new services. The most current version applies to your visit.
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected:
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
The legal basis for the temporary storage of data and log files is Art. 6 Para. 1 lit. f GDPR.
The storage in log files is to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
Our legitimate interest in data processing according to Art. 6 Para. 1 lit. f GDPR also lies in these purposes.
In the case of storing the data in log files, these are deleted after no more than seven days. Further storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
Contacting us is possible via the provided email address or via our contact form on our website. In both cases, the user’s personal data transmitted with the contact will be stored.
There is no disclosure of the data to third parties in this context. The data is used exclusively for processing the conversation.
The legal basis for processing the data transmitted in the course of sending an email is Art. 6 Para. 1 lit. f GDPR.
The processing of personal data from the input mask serves us solely to process the contact. This also constitutes the necessary legitimate interest in processing the data.
The data sent by you to us via contact requests remain with us until you request us to delete, revoke your consent to the storage, or the purpose for the data storage lapses (e.g., after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
For the registration to the demo, we optionally collect your email address and the timestamp. These data are collected to contact you later and obtain feedback on the software.
The legal basis for processing the data is the necessity for the fulfillment of a contract according to Art. 6 Para. 1 lit. b GDPR.
The data processing serves to contact you later and obtain feedback on the software.
In the case of data storage, these are deleted after a maximum of 30 days. However, longer storage is possible. In this case, personal email addresses are deleted or alienated so that an assignment is no longer possible.
During registration, we collect data such as your name, email address, a self-defined password, your IP address, a timestamp, and other voluntary information.
Our qualified infrastructure service providers process your account data, on which the software service OpenEDC is operated.
We use the Open Telekom Cloud for hosting infrastructure components and data storage. The Open Telekom Cloud is ISO 27001 certified and guarantees the server location in Germany.
T-Systems International GmbH, Hahnstraße 43d, D-60528 Frankfurt am Main
We have concluded a contract with T-Systems containing so-called standard contractual clauses. T-Systems undertakes therein to process your user data only according to our instructions and to maintain the EU level of data protection.
The legal basis for data processing is the necessity for contract fulfillment according to Art. 6 Para. 1 lit. b GDPR.
On our website, you can register for OpenEDC by providing your personal data. This data is entered into an input mask, transmitted to us, and stored in a user account.
The registration of a user account is required for contract fulfillment or for the performance of pre-contractual measures. The service can only be used with such an account, and the booking process within the software itself can be carried out.
The data is used for the one-time creation of the account, personalization of the service, and sending of emails necessary for contract fulfillment.
The basic duration of data storage until deletion serves contract fulfillment. You initiate the deletion of the account.
In the context of managing and billing subscriptions, we collect names and contact details of contact persons, contract data, used services, and data for payment transactions as well as for sending invoices.
For the integration of the booking process and the self-management of the subscription, we integrate Stripe into our purchasing process. To enable loading, your IP address and further browser information are automatically transmitted to Stripe’s servers and necessary cookies are set.
We also use Stripe for payment processing via SEPA direct debit and credit card payments.
Stripe Inc. 510 Townsend Street, San Francisco, CA 94103, USA
Privacy Policy: https://stripe.com/de/privacy
Stripe maintains an adequate level of protection and we have concluded a contract with Stripe containing so-called standard contractual clauses. In this contract, Stripe undertakes to process your user data only according to our instructions and to comply with the EU level of data protection.
The processing of the data is necessary for the fulfillment of a contract according to Art. 6 Para. 1 lit. b GDPR.
In the context of the subscription and billing, we process inventory data and contract data to fulfill our contractual obligations and for the self-management of your booked subscription.
For this purpose, we use the subscription management and payment service of Stripe.
The cancellation and deletion of the account are initiated by you unless legal requirements necessitate longer storage periods.
We offer you various assistance to work efficiently with our software and to solve problems as quickly as possible. In the course of these help services, we collect personal data. These are used exclusively for fulfilling the request and for statistical evaluations of support usage.
The processing of the data is based on the necessity for the fulfillment of a contract according to Art. 6 Para. 1 lit. b GDPR, as the support is an integral part of our software service.
The purpose of data collection is to offer you various assistance so that you can work efficiently with our software and your problems are solved as quickly as possible.
The requests are deleted after the issue has been clarified.