Data protection

Information in accordance with the EU General Data Protection Regulation GDPR

In order to comply with our data protection obligations, we hereby provide you with the information required in accordance with Article 13 of the European General Data Protection Regulation (EU GDPR).

Responsible body

The person responsible for processing your personal data is:

Rapid test center Hanover
Owner: Dr. med. Konstantin Boeck
Karmarschstrasse 40
30159 Hanover

Telephone 0511 23 52 301
Email: [email protected]

You can contact our data protection officer as follows:

Mr. Stephan Böttger
c / o HSP ADVICE GmbH & Co. KG
Windmühlenstrasse 3
30159 Hanover

Phone: 0511-220013-0
Fax: 0511-220013-88
Email: [email protected]

Information by affected group (GENERAL INFORMATION)

Interested persons:

The personal data transmitted by you will be used for the purpose of organizing an appointment or providing the service offered in accordance with Art. 6 Para. 1 U para. 1 lit. b) GDPR collected, processed and used. The provision of your personal data is necessary for the registration and appointment organization or the processing of the contract. If this is not provided, it is unfortunately not possible for us to organize an appointment or to allow the contractual relationship to come about. Automated decision-making is not carried out. Your personal data will not be passed on to external third parties. If operationally necessary, external service providers are integrated as processors (Art. 28 GDPR) in compliance with data protection regulations. A transfer of the personal data you have provided to a third country or an international organization does not take place and is also not planned. Your data will be stored by us for the duration of the test or contractual relationship and beyond that for as long as the statutory retention period ends. According to Art. 15 GDPR, you have the right to information about the processing of your personal data. In addition, you are free to exercise your rights to correction, deletion or, if deletion is not possible, to restriction of processing and data portability in accordance with Articles 16-18, 20 GDPR. If you want to exercise this right, please contact our data protection officer. You also have the right to complain to the responsible supervisory authority at any time. If you are of the opinion that your personal data is not being processed in compliance with data protection laws, we would kindly ask you to contact our data protection officer. Furthermore, according to Art. 13 Para. 2 lit. b) GDPR the right to object to the processing of your personal data at any time.

Patients:

The personal data transmitted by you are used for the purpose of agreeing an appointment or the provision of the service offered in accordance with Art. 6 Para. 1 U para. 1 lit. b) GDPR collected, Section 57 Para. 1 StBerG and § 57 Abs. 2 StBerG processed and used. The provision of your personal data is necessary for the provision of the service. If this is not provided, it is unfortunately not possible for us to provide advice / testing. Automated decision-making is not carried out.

Your personal data will not be passed on to external third parties unless there are legal requirements against it, as is the case in the case of a positive test result. In this case, the following personal data will be transmitted to the responsible health authority on the basis of Sections 6 to 9 of the Infection Protection Act (IfSG):

  • Surname
  • First name
  • birth date
  • gender
  • Street and house number
  • Postal code and city
  • Phone number
  • E-mail address
  • The location of the test center
  • The time at which the test was carried out
  • Test manufacturer and the name of the test used
  • The test result (positive)

If operationally necessary, external service providers are integrated as processors (Art. 28 GDPR) in compliance with data protection regulations. A transfer of the personal data you have provided to a third country or an international organization does not take place and is also not planned. Your data will be stored by us for the duration of the service or contractual relationship and beyond that for as long as the statutory retention period ends. According to Art. 15 GDPR, you have the right to information about the processing of your personal data. In addition, you are free to exercise your rights to correction, deletion or, if deletion is not possible, to restriction of processing and data portability in accordance with Articles 16-18, 20 GDPR. If you want to exercise this right, please contact our data protection officer. You also have the right to complain to the responsible supervisory authority at any time. If you are of the opinion that your personal data is not being processed in compliance with data protection laws, we would kindly ask you to contact our data protection officer. Furthermore, according to Art. 13 Para. 2 lit. b) GDPR the right to object to the processing of your personal data at any time.

Visitors:

The personal data transmitted by you are used for the purpose of collecting data in our visitor list and information required by the company in accordance with Art. 6 Para. 1 U para. 1 lit. f) GDPR collected, processed and used. The provision of your personal data is necessary for operational reasons. If they are not made available, you are not allowed to enter our company premises or our company buildings. Automated decision-making is not carried out. Your personal data will not be passed on to external third parties. If operationally necessary, external service providers are integrated as processors (Art. 28 GDPR) in compliance with data protection regulations. A transfer of the personal data you have provided to a third country or an international organization does not take place and is also not planned. Your data will be stored by us for the duration of the operational requirement. According to Art. 15 GDPR, you have the right to information about the processing of your personal data. In addition, you are free to exercise your rights to correction, deletion or, if deletion is not possible, to restriction of processing and data portability in accordance with Articles 16-18, 20 GDPR. If you want to exercise this right, please contact our data protection officer. You also have the right to complain to the responsible supervisory authority at any time. If you are of the opinion that your personal data is not being processed in compliance with data protection laws, we would kindly ask you to contact our data protection officer. Furthermore, according to Art. 13 Para. 2 lit. b) GDPR the right to object to the processing of your personal data at any time.

Applicants:

The personal data transmitted by you are used for the purpose of deciding on the establishment of an employment relationship in accordance with Art. 88 Para. 1 GDPR i. V. m. § 26 Abs. 1 Federal Data Protection Act collected, processed and used. The provision of your personal data is necessary for handling the application process and for deciding whether to establish an employment relationship. If this is not available, it is unfortunately not possible for us to take you into account when making the selection to fill the advertised position. Automated decision-making is not carried out. Your personal data will not be passed on to external third parties. If operationally necessary, external service providers are integrated as processors (Art. 28 GDPR) in compliance with data protection regulations. To assess your documents, they will be forwarded to the responsible contact person in the relevant department for which the application is intended. A transfer of the personal data you have provided to a third country or an international organization does not take place and is also not planned. Your application documents will be stored by us for the duration of the application process and will also be kept for 3 months in order to be able to answer any questions you may have. After this time, the documents will be deleted. In the case of documents sent in by post, they will be returned or destroyed after the 3 months have elapsed. Only with your express written consent do we save your data until further notice, so that we can contact you in the future about job offers within our company that are of interest to you. According to Art. 15 GDPR, you have the right to information about the processing of your personal data. In addition, you are free to exercise your rights to correction, deletion or, if deletion is not possible, to restriction of processing and data portability in accordance with Articles 16-18, 20 GDPR. If you want to exercise this right, please contact our data protection officer. You also have the right to complain to the responsible supervisory authority at any time. If you are of the opinion that your personal data is not being processed in compliance with data protection laws, we would kindly ask you to contact our data protection officer. Furthermore, according to Art. 13 Para. 2 lit. b) GDPR the right to object to the processing of your personal data at any time.

Employee:

The personal data transmitted by you will be used for the purpose of implementing and terminating the employment relationship in accordance with Art. 88 Para. 1 GDPR i. V. m. § 26 Abs. 1 sentence 1 of the Federal Data Protection Act (BDSG) collected and processed. The provision of your personal data is necessary for employment in our company and for the implementation of the employment relationship. If this is not provided, it is unfortunately not possible for us to employ you in our company. Automated decision-making is not carried out. Your personal data will be passed on to the respective health insurance company, the tax office and other authorities which require data in the context of the employment relationship due to a legal obligation, as well as to external business partners (e.g. tax consultants, payroll accounting, data protection officers, etc.) to the extent that which is necessary for the implementation of the employment relationship, initiation or fulfillment of contracts or is within the legitimate interests of the person responsible. Your personal data will not be passed on to external third parties. If operationally necessary, external service providers are integrated as processors (Art. 28 GDPR) in compliance with data protection regulations. A transfer of the personal data you have provided to a third country or an international organization does not take place and is also not planned. Your data will be stored by us for the duration of the employment relationship and also kept for the time of the statutory retention period. After this time, the documents will be deleted or destroyed in accordance with data protection regulations. According to Art. 15 GDPR, you have the right to information about the processing of your personal data. In addition, you are free to exercise your rights to correction, deletion or, if deletion is not possible, to restriction of processing and data portability in accordance with Articles 16-18, 20 GDPR. If you want to exercise this right, please contact our data protection officer. You also have the right to complain to the responsible supervisory authority at any time. If you are of the opinion that your personal data is not being processed in compliance with data protection laws, we would kindly ask you to contact our data protection officer. Furthermore, according to Art. 13 Para. 2 lit. b) GDPR the right to object to the processing of your personal data at any time.

Service providers / suppliers:

The personal data transmitted by you are used for the purpose of providing the service you offer in accordance with Art. 6 Para. 1 U para. 1 lit. b) GDPR collected, processed and used. The provision of your personal data is necessary for the execution of the contract. In the event of non-provision, it is unfortunately not possible for us to allow the contractual relationship to come about. Automated decision-making is not carried out. Your personal data will not be passed on to external third parties. If operationally necessary, external service providers are integrated as processors (Art. 28 GDPR) in compliance with data protection regulations. A transfer of the personal data you have provided to a third country or an international organization does not take place and is also not planned. Your data will be stored by us for the duration of the contractual relationship and also for so long until the statutory retention period ends. According to Art. 15 GDPR, you have the right to information about the processing of your personal data. In addition, you are free to exercise your rights to correction, deletion or, if deletion is not possible, to restriction of processing and data portability in accordance with Articles 16-18, 20 GDPR. If you want to exercise this right, please contact our data protection officer. You also have the right to complain to the responsible supervisory authority at any time. If you are of the opinion that your personal data is not being processed in compliance with data protection laws, we would kindly ask you to contact our data protection officer. Furthermore, according to Art. 13 Para. 2 lit. b) GDPR the right to object to the processing of your personal data at any time.

Responsible supervisory authority for data protection:

The State Commissioner for Data Protection Lower Saxony
Barbara Thiel
Prinzenstrasse 5
30159 Hanover

Phone: 0511-120 4500
Fax: 0511-120 4599
Email: [email protected]
www.lfd.niedersachsen.de

Data protection

The provisions contained in this data protection declaration also apply to our appearances on social media channels that are linked on the website and all other appearances that are operated by us.

Thank you for your interest in our services. The protection of your personal data during the collection, processing and use on the occasion of your visit to our homepage, use of our applications (applications for appointment booking and transmission of test results and the associated visit to our test centers is important to us.

Your data is protected in accordance with legal regulations.

Please take a moment to read the information below.

These provide you with information on how we handle your personal data, how and for what purpose this data is used, to whom we pass this data on and how we protect your personal data.

Your personal rights are our top priority and we do our best to protect and guarantee these rights.

Description of the processing activity

Your personal data (see list below) will be recorded, processed, stored and used by us if you do not record it yourself in the online procedure (you will receive information on this in the online procedure). These data are stored and used in an application (“Quick Test Butler”) operated for us by Webbee GmbH (external service provider as contract processor – Art. 28 GDPR – data protection compliant https://www.schnelltestbutler.com/impressum) processed. This is used to book the appointment or the manual check-IN (registration for the smear). The test result is also made available to you via this application if we do not print it out for you manually. Your personal data is also stored in the application for billing purposes and to document the test. We can access and process the data there. Reports to the health department are also made in the event of a positive test result from this application or manually.

Processing purposes

Your personal data will be processed for the following purposes:

§ To enable scheduling and organization for the test

§ To enable you to call up the test result via the Internet or to receive the results by e-mail (encrypted)

  • In order to be able to settle the performance / implementation of the test with the Federal Republic of Germany by us (free citizen test)
  • In order to be able to bill you for our services (no free citizen test)
  • To document the test execution and the test result for the legally prescribed duration
  • In order to be able to send a report by name to the responsible health authority in the event of a positive test result in accordance with §§ 6 to 9 IfSG
  • In order to be able to process / carry out your legitimate inquiries and the contractual services

Collection and processing of data

For the organization of appointments and tests, documentation, analysis and transmission of the results, we use, among other things, the applications and infrastructure of a contract processor (external service provider – see above – who is obliged to ensure data protection and data security). You can access this application via our website (https://schnelltest-hannover.de) by booking an appointment in one of our test centers. In the following, we therefore speak of “homepage” or “website” as a whole.

Every access to our homepage and every retrieval of a file stored on the homepage is logged. The storage serves internal system-related and statistical purposes. The following are logged: name of the file accessed, date and time of access, amount of data transferred, notification of successful access, web browser, pages visited and the requesting domain. Additionally, the IP addresses of the requesting computers are logged. However, since this website is anonymized by the IP, your IP address is saved in abbreviated form so that it is no longer possible to assign it to a person.

Insofar as personal data (such as name, address, e-mail address, etc.) is collected on this website, this is done with the voluntary consent of you and with your knowledge. The personal data you may provide when contacting us will be recorded, used and stored by us within the framework of the provisions of the following laws / ordinances:

  • Telemedia Act (TMG)
  • Federal Data Protection Act (BDSG new)
  • EU General Data Protection Regulation (EU GDPR)
  • Infection Protection Act (IfSG)
  • Coronavirus Test Ordinance (TestV)
  • Civil Code (BGB)
  • Social Code (SGB)
  • Commercial Act (HGB)
  • Tax Code (AO)

Which personal data do we collect or which you enter:

  • Surname
  • First name
  • birth date
  • gender
  • Street and house number
  • Postal code and city
  • Phone number
  • E-mail address
  • The location of the test center
  • The appointment for the smear
  • The time at which the test was carried out
  • Test manufacturer and the name of the test used
  • The serial number and batch or an individual designation of the test assigned by the test center
  • A hash value that is newly determined for each test
  • The test result (positive, negative, no findings / invalid)

Use and disclosure of personal data

Insofar as you have provided us with personal data, e.g. B. through contact / registration forms, newsletter registration, online shop, e-mail or correspondence, ordering advertising materials (magazines; information brochures; catalogs), we only use these in accordance with the German data protection regulations to answer your inquiries, to justify, to process and termination of contracts concluded with you and for technical administration.

Your personal data will only be passed on to third parties or otherwise transmitted if this is for the purpose of fulfilling the contract – in particular passing on test data to service providers, laboratories and / or suppliers and the health department (for the purpose of reporting by name according to §§ 6 to 9 IfSG perform) etc. is necessary, this is necessary for billing purposes (TestV) or you have given your prior consent.

All of your personal data and other information that you provide to us using the contact form set up on our website will only be collected, processed and used to process and answer your request. After registration, we will send you a confirmation email with an activation link for this service, which allows us to verify your identity and confirms your consent again. Your e-mail address will only be used by us for the purpose of electronic mailing and will not be passed on to third parties.

Storage and deletion of personal data:

Your data will be deleted or blocked immediately after answering, processing and performing individual contractual services, provided that there are no statutory retention requirements.

Extract from the deletion periods:

  • Your registration hash values will be deleted after 14 days
  • Billing-related data will be deleted from December 31, 2024 according to TestV
  • Data justifying billing within the meaning of the AO 10 years after the end of the calendar year of the individual test completion
  • Patient data within the meaning of the SGB 10 years after the end of the calendar year of the last treatment

Online application

We only use the personal data you provide to process your application for the advertised position. Your data is transmitted to us in encrypted form using the so-called Transport Layer Security (TLS). Only people who are involved in the application process will be informed of your personal data. We do not pass on your personal data to third parties unless you have consented to the data being passed on or we are obliged to pass on data due to legal provisions and / or official or judicial orders. It will not be used for any other purpose.

Your data will be automatically deleted within three months of completing the specific application process. This does not apply if statutory provisions prevent deletion, further storage is necessary for the purpose of providing evidence or you have expressly consented to longer storage.

You have the right to revoke your consent to data processing with effect for the future at any time. You have the right to request information about the personal data stored about you free of charge. In addition, you have the right to correct, block and delete this personal data in accordance with the statutory provisions.

Talent pool

If you decide to be included in the talent pool, the entire company can access your personal data in the event of job vacancies. You can join the talent pool by accepting an invitation from an ecruiter, confirming your will in writing or proactively using the “Get in touch” form.

Protection of stored data

We use technical and organizational security measures (TOM) to protect the personal data you have made available to us from manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously improved and adapted according to the state of the art. It cannot be ruled out that unencrypted data disclosed can be viewed by third parties. It should be noted that with regard to data transmission over the Internet (e.g. when communicating by e-mail), no secure transmission is guaranteed. Sensitive data should therefore either not be transmitted at all or only via a secure connection (SSL, TLS, S / MIME, etc.).

Protection of minors

Consent to the processing of personal data can only be given by an adult. In principle, no data is collected from minors. We expressly point out that in the case of processing patients, we must also collect the necessary data on their underage children if necessary. The legal guardian must give his / her consent for this.

Storage of anonymized data / cookies

No usage data is collected or stored on this website. So-called “cookies” are used to ensure technical operation. These are text files that are stored on your computer and that enable you to use the website (login / session cookies).

It is also possible to use the website without registering for the test without cookies. Most browsers are preset to automatically accept cookies. However, you can deactivate the saving of cookies or set your browser so that it notifies you before cookies are saved.