The responsible person(s) decides alone or jointly with others on the purposes and means of processing personal data (e.g. names, contact details, etc.). Medicalxtourism has appointed a Data Protection Officer:
The user can use individual services (“special services”) of Medicalxtourism. For this purpose, it is necessary that the user consents to the collection, processing, and use of his/her personal data and, if applicable, also of special personal data.
This applies in particular to the special services listed below:
- Medicalxtourism operates an online platform which enables the user to contact a medical provider as well as third-party providers and associated companies (e.g. travel agencies, customer service agencies, payment service providers, or translators) whose services are advertised via our website(s).
- If a medical service provider concludes a medical treatment contract with the user, the user agrees that the medical service provider shall inform Medicalxtourism, with line-item breakdown, of the type and date of the medical treatment as well as the amount to be paid and the date of the invoice transmitted by the medical service provider to the user (and, if required by law, that the medical service provider shall transmit the corresponding data to Medicalxtourism).
- If a third-party provider concludes a contract with the user for certain services, the user authorizes the third-party provider to inform Medicalxtourism of the amount and date of the invoice transmitted by the third-party provider to the user with fees included and explained.
- If the user is the policyholder of an insurance partner of Medicalxtourism (“insurer”), the user authorizes the medical service provider, the third-party provider, and the insurer to inform Medicalxtourism of the specific personal data relating to the medical treatment of the user as well as the amount and date of the invoice transmitted by the service provider to the user or to the insurer.
- Forums will be set up on the platform or on the websites of associated companies to enable the exchange of experiences and opinions between users.
- The user is offered enrollment to receive emails with promotions by the Medicalxtourism.
- Medicalxtourism uses the personal data for its own advertising purposes and sends the user information about Medicalxtourism, new products and services, medical service providers, etc., by email, phone call, SMS, or post.
PURPOSE OF USE AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
We process personal data required for the establishment, implementation, or processing of our range of services. If you have given us your consent to process personal data for specific purposes, we will process it on the basis of your consent.
Personal data is collected, processed, and used by us exclusively for the following purposes:
- for contact and related correspondence
- for processing your request and for any further advice you may require
- to display comments in our blog function
- to contact us to verify your data
- to ensure that our website is presented to you in the most effective and interesting way possible (e.g. through anonymous evaluation)
- for the technical realization of our offers
CONSENT OF THE USER
By clicking on the appropriate box during the request and order process, the user agrees to the following forms of data processing:
- The user agrees that Medicalxtourism collects, stores, and uses the personal data and special personal data transmitted during the inquiry process for the following purposes:
- To provide the data to the medical service provider designated by the user (clinics, hospitals, dentists, or specialists around the world or, if no medical service provider has been designated, to up to fifteen medical service providers selected by Medicalxtourism according to fixed criteria (state of health, preferred country, language of the medical service provider and the user, reaction of the medical service provider in previous cases, and “best price” for the procedure requested by the user or based on the limited information available to Medicalxtourism) in order either to request an offer or to book a service from the medical service provider.
- Passing on this data to third parties, partners, and affiliated companies globally who provide customer service, advertising, or payment services on behalf of Medicalxtourism in accordance with Medicalxtourism’s instructions and in compliance with the data protection declaration and corresponding confidentiality and security measures of Medicalxtourism.
- For any service for which the user has registered on this website.
- For internal price calculation and offer examination, in each case to the extent necessary for this purpose.
- The user agrees that Medicalxtourism may review, search, and analyze communication via the platform or by e-mail between the user and Medicalxtourism’s medical service partners for purposes of fraud prevention, risk assessment, compliance, investigation, product development, research, and customer care. Medicalxtourism uses automated methods to check, search, and analyze user communications. For individual investigations into suspected fraud, customer support, or to evaluate and improve the functionality of automated tools, individual communications may need to be manually reviewed.
- The user has the right to object to such collection, processing, and use of personal data and special personal data at any time and with effect for the future (see section “Revocation of your consent to data processing”). However, Medicalxtourism will then no longer be able to provide the user with the services that require the processing of personal data or specific personal data.
COLLECTED AND PROCESSED PERSONAL DATA
We collect and process your personal data only if you provide them voluntarily and with your consent, example, by filling out our forms (free offer) or by sending emails. Within the framework of the available forms or messages, this is primarily the following data:
Data of interested parties for services:
- first name
- last name
- email address
- telephone number
- the agreement to the data protection declaration
- the consent
The collection and storage of special personal data (such as information on medical status, health, sex life, habits, and religion) is carried out for the conclusion of a corresponding agreement, for the opening of a customer account, or for establishing contact with Medicalxtourism or a medical service partner of Medicalxtourism.
Medicalxtourism’s medical service providers are essentially clinics, hospitals, dentists or established specialists around the world.
These data will be used exclusively for the aforementioned purposes, unless the user expressly permits Medicalxtourism to use them for other purposes. In this case, the data will be used only to the extent necessary for the respective purpose, e.g., conclusion, execution, and performance of the contract.
Personal data and its contents provided by you remain exclusively with us and our affiliated companies. We will only store and process your data for the purposes stated. Any use beyond the stated purpose requires your express consent.
The data processing by our partners is subject to their data protection regulations.
The personal data will be deleted immediately in case of revocation of your consent or if the purpose of data use no longer exists.
DISCLOSURE OF PERSONAL DATA
Medicalxtourism uses a variety of third-party providers and affiliated companies to offer services via the platform. These third parties and affiliates may originate from anywhere in the world.
The third-party providers and affiliates may assist Medicalxtourism with the following:
- the verification or confirmation of the user’s identification;
- the comparison of information with public databases;
- background checks, fraud prevention, and risk assessments; or
- the provision of after-sales services, advertising, or payment services.
Since the disclosure of personal data and special personal data to third parties is not permitted under the above provisions, personal data and special personal data shall be disclosed to third parties only in the following cases:
- We pass on personal data and special personal data to our partners and affiliated companies in order to enable a service that Medicalxtourism cannot provide itself (e.g. a payment service). This is done according to Medicalxtourism’s instructions and in compliance with Medicalxtourism’s data protection declaration and corresponding confidentiality and security measures.
REVOCATION OF YOUR CONSENT TO DATA PROCESSING
Some data processing operations are only possible with your express consent. A revocation of your already given consent is possible at any time. To revoke your consent, send an informal email to email@example.com. Enter your name, address and (if applicable) user name. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
RIGHT TO APPEAL TO THE COMPETENT SUPERVISORY AUTHORITY
In the event of a breach of data protection law, you as the party concerned, have the right to lodge a complaint with the competent supervisory authority.
RIGHT TO DATA TRANSFERABILITY
You have the right to have data which we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to third parties. The information is provided in a machine-readable format. If you request the direct transfer of the data to another responsible person, this will only be done as far as it is technically feasible.
RIGHT TO INFORMATION, CORRECTION, BLOCKING, DELETION
You have the right to free information about your stored personal data, the origin of the data, its recipients, the purpose of the data processing and, if applicable, the right to correction, blocking, or deletion of this data at any time within the framework of the applicable statutory provisions. In this regard and also for further questions on the subject of personal data, you can contact us at any time via the contact options listed in the imprint.
SSL OR TLS ENCRYPTION
For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption. This means that the data you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the “https://” address line of your browser and by the lock symbol in the browser line.
To send our newsletter, we need an email address from you. It is necessary to verify the email address provided and consent to receive the newsletter. Supplementary data is not collected or is voluntary. The use of the data takes place exclusively for the dispatch of the newsletter.
The data collected during newsletter registration will be processed exclusively on the basis of your consent. A revocation of your already given consent is possible at any time. To revoke your consent, send an informal e-mail or use the “unsubscribe” link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
Data entered to set up the subscription will be deleted if you unsubscribe. If this data has been transmitted to us for other purposes and elsewhere, it will remain with us.
SERVER LOG FILES
In server log files, the provider of the website automatically collects and stores information that your browser automatically transmits to us.
- Visited page on our domain
- Date and time of the server request
- Browser type and browser version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- IP address
These data are not merged with other data sources.
STORAGE PERIOD OF CONTRIBUTIONS AND COMMENTS
Contributions and comments as well as related data, such as IP addresses, are stored. The content remains on our website until it has been completely deleted or had to be deleted for legal reasons.
A revocation of your already given consent is possible at any time. An informal notification by email is sufficient for the revocation. The legality of data processing operations that have already taken place remains unaffected by the revocation.
Medicalxtourism collects and stores anonymous data for optimization and marketing purposes, e.g., data on anonymous user profiles and user behavior. Flash cookies may also be used for this purpose. Cookies and flash cookies are alphanumeric identification codes that Medicalxtourism stores on the user’s hard drive via the user’s web browser or other programs. If the user does not wish cookies to be stored, he can deactivate them in accordance with the manufacturer’s instructions for the browser in question.
- Cookies do not have to be accepted in order to access the Medicalxtourism website. However, if the user wishes to mark a clinic as a favorite or wishes to receive a reminder of the clinics visited, he/she must set the browser to accept cookies.
- Cookies and flash cookies are small files that are stored on the user’s hard drive and store the preferred settings and other data that the Medicalxtourism computer system requires for interaction with the browser. There are two types of cookies: session cookies, which are deleted when the user exits the browser, and temporary cookies, which are stored by the user’s browser for an extended period of time. Cookies help Medicalxtourism to adapt the platform to the user and to reflect preferences and usage habits. They also allow Medicalxtourism to store information entered so that the user does not have to re-enter it the next time he/she visits.
- Medicalxtourism cookies are not used to store personal data. Our cookies are not designed to identify an individual user. If a cookie is activated, it is given an ID number which is used for internal purposes and is not suitable for identifying the user or for accessing personal data such as names or IP addresses. The anonymous data from the cookies allow an assessment of which pages of the Medicalxtourism website are most frequently visited and which procedures and clinics are most popular.
- The Medicalxtourism website collects data that can be useful for the creation of advertisements and online offers for the user. This data is not used to identify you as a user, it is only used to optimize the platform. The data collected by these cookies are not stored together with the user’s personal data, they are only used to send the user advertising or messages about offers and services via click-stream analyses, which are tailored to his/her individual needs.
- Medicalxtourism uses retargeting techniques to tailor the online offering to the user. Retargeting technology allows Medicalxtourism to advertise recently accessed and similar clinics on partner websites, including those of other companies that may be relevant to the user. This data is anonymous, no personal data is stored and no user profiles are created.
This website uses Google Analytics, an internet analysis tool provided by Google, Inc. (“Google”). Google Analytics uses so-called “cookies”. These are text files which are stored on your computer and enable an analysis of your use of the website. The data generated by the cookies for your use of the website (including your IP address) are sent to a Google server in the USA and stored there. If IP anonymization is activated, Google will shorten or anonymize the last eight-bit character of the IP address for all Member States of the European Union and for other contracting parties to the Agreement on the European Economic Area.
USE OF FACEBOOK SOCIAL PLUGINS
Our website uses so-called social plugins (“plugins”) of the social network Facebook, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA.
The plug-ins are marked with a Facebook logo or the addition “Social Plug-in of Facebook” or “Facebook Social Plugin.” You can find an overview of the Facebook plugins and their appearance here.
If you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has called up the corresponding page of our website, even if you do not have a Facebook profile or are not logged on to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there.
If you are logged in to Facebook, Facebook can assign your visit to our website directly to your Facebook profile. If you interact with the plug-ins, for example by clicking on the “Like” button or making a comment, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook friends.
The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options to protect your privacy can be found in Facebook’s data protection information.
If you do not want Facebook to associate the data collected through our website directly with your Facebook profile, you must log out of Facebook before visiting our website.
Our website uses Facebook’s re-targeting technology. For this purpose, our website contains Facebook re-targeting pixels, which permit Facebook to identify a member as a visitor of our website on the basis of pseudonymous date and use such information in order to display our advertisement or offers in the Facebook Ads network. This does not involve the collection of personally identifiable information and does therefore not enable us to identify you on Facebook. The pseudonymous data collected through the re-targeting pixels will not be connected with your Facebook user data. More information can be found on Facebook “Custom Audience” re-targeting and how you can adjust your settings.
USE OF TWITTER PLUGINS (E.G. “TWITTER”-BUTTON)
Our website uses so-called social plug-ins (“plugins”) of the microblogging service Twitter, which is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”). The plugins are marked with a Twitter logo, for example in the form of a blue “Twitter bird”. An overview of the Twitter plugins and their appearance can be found here.
If you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the Twitter servers. The content of the plugin is transmitted by Twitter directly to your browser and integrated into the page. Through the integration, Twitter receives the information that your browser has called the corresponding page of our website, even if you do not have a profile on Twitter or are not logged in to Twitter. This information (including your IP address) is transmitted directly from your browser to a Twitter server in the USA and stored there.
If you are logged in to Twitter, Twitter can assign your visit to our website directly to your Twitter account. If you interact with the plugins, for example by pressing the “Twitter” button, the corresponding information is also transmitted directly to a Twitter server and stored there. The information is also published on your Twitter account and displayed to your contacts there.
The purpose and scope of the data collection and the further processing and use of the data by Twitter as well as your rights in this regard and setting options to protect your privacy can be found in Twitter’s data protection information.
If you do not want Twitter to associate the data collected via our website directly with your Twitter account, you must log out of Twitter before visiting our website.
Our website uses features of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, MountainView, CA 94043, USA. Each time you visit one of our pages that contains LinkedIn features, a connection is established to LinkedIn servers. LinkedIn will be notified that you have visited our web pages with your IP address. If you click the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn will be able to associate your visit to our site with you and your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn. Further information on this can be found in LinkedIn’s data protection declaration
CHANGES TO THE DATA PROTECTION DECLARATION
What are my data protection rights in Europe?
Each and every data subject has:
- the right of access according to Art. 15 GDPR,
- the right to rectification according to Art. 16 GDPR,
- the right to erasure according to Art. 17 GDPR,
- the right to restriction of processing according to Art. 18 GDPR and
- the right to data portability under Art. 20 GDPR.
- In addition, you may revoke consent in principle with effect for the future. You furthermore have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).
We would also like to note your right to object according to Art 21. GDPR:
Information about your right to object according to Art. 21 GDPR You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 (1) (e) GDPR (data processing in the public interest) and Art. 6 (1) (f) of the General Data Protection Regulation (data processing based on balancing of interests); this also includes profiling under these provisions within the meaning of Art. 4 No. 4 GDPR, which we use to analyze questionnaires or for advertising purposes. If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves the purposes of asserting, exercising or defending legal claims. In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is associated with such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for such purposes. Objections do not require a particular form and no costs are incurred, other than the transmission costs according to the basic tariffs.