DocCheck Privacy Policy

DocCheck Community GmbH, Vogelsanger Strasse 66, D-50823 Cologne ("DocCheck") collects personal data as part of its business activities

  • on doccheck.com and other DocCheck domains
  • on doccheckshop.de and other DocCheck shop domains
  • in DocCheck apps
  • on websites and apps that use the DocCheck system as an authorization procedure ("single sign-on")
  • on websites and apps that advertise the DocCheck ad server
  • on websites and apps that perform special sub-functions (e.g., site statistics, market research)
  • in emails sent by DocCheck
  • in other interactions with DocCheck (telephone, fax, trade fairs, congresses etc.)

which are necessary for the use of the services and information offered by DocCheck ("Services") or for the processing of which we are otherwise entitled or obligated. The protection of these data is ensured in compliance with the data protection regulations, in particular the EU General Data Protection Regulation (GDPR). You give your consent to the collection, storage and use of your personal information for the purposes set forth in this statement. If a form of data collection or processing is not covered by this privacy policy, we will ask for a separate consent. You can view and change the data you provide in your user account. Any consent given by you may be withdrawn at any time with effect for the future.

 

1 Name and address of the responsible legal entity

Responsible in terms of the General Data Protection Regulation (GDPR), and other regulations and laws with data protection character is:

DocCheck Community GmbH
Vogelsanger Str. 66
50823 Cologne
Germany
Tel .: 0221-920530
E-Mail: info(at)doccheck.com

The legal representative of DocCheck Community GmbH are the managing directors: Dr. Frank Antwerpes and Julia Kroll.

 

2 Name and address of the data protection officer

The data protection officer of DocCheck Community GmbH is:
Tim Halver
DocCheck AG
Vogelsanger Str. 66
50823 Cologne
Germany
Tel .: 0221-920530
E-Mail: datenschutz(at)doccheck.com
For any questions about privacy, you can contact our data protection officer directly.

 

3 Collection of your data
As part of your registration for DocCheck and during your usage of DocCheck personal data will be collected or updated. Data collection is performed in two ways:
1. by entering data into form fields or by sending us information by e-mail, post or fax ("Active Data Collection")
2. by logging your actions, when you use the DocCheck services ("passive data collection")
Regardless of the type of data collection, DocCheck follows the principle of data minimization. We only collect information that is necessary to fulfill the contract between you and DocCheck or is relevant for an optimal user experience.

 

3.1 Data that you provide

3.1.1 Basic personal data

When registering, we will collect the personal information we need to set up your DocCheck account and provide our services. These are first name, surname, profession, area of expertise, area of activity, additional names, postal code, street, residence, e-mail address and a self-chosen password. This data is assigned to an individual user ID, which is provided by DocCheck. Your password will be saved via a one-way hash function. This means it can not be recovered or read by anyone, including DocCheck. This data processing is based on art. 6 para. 1 sentence 1 letter b) GDPR.

You can also use DocCheck without signing up in read-only mode, but you will not have a user profile, can not post or upload files to DocCheck, and will not receive personalized information.

3.1.2 Proof of medical qualification

In addition, we ask you to upload a proof of your medical qualification. If you provide a proof of your affiliation to a medical profession to DocCheck, it will be stored with link to your user profile. Without your basic personal data and professional credentials, DocCheck can not review your affiliation with the medical community and can not grant access to information and services that are restricted under the EU-Directive 2001/83/EC or due to ethical reasons. You can use DocCheck without professional credentials, but you will have limited access to some services. The above-mentioned data processing is necessary to extend the functionality of your DocCheck account and is based on art. 6 para. 1 sentence 1 letter b) GDPR as well as to comply with the legal obligation and therefore art. 6 para 1 sentence 1 letter c) GDPR.

3.1.3 Photograph 

If you want, you can upload a photo to your profile on DocCheck. This photo will be publicly displayed in your profile. The data processing is based on your consent given by uploading your profile picture in accordance with art. 6 para. 1 sentence 1 letter a) GDPR and art. 9 para. 2 letter a) GDPR.

3.1.4 Extended personal data

As part of your usage of DocCheck, we kindly ask you from time to time to provide further information after you finished your registration, e.g. which professional interests you have, if and how you would like to be contacted by eMail or if you would like to participate in market research studies. This extended personal data will be added to your user profile "non-publicly". You may delete, amend, publish or update this data at any time for the future, depending on how much information you want to share with DocCheck and other DocCheck users. The processing of data is based on your personal consent in accordance with art. 6 para. 1 sentence 1 letter a) of the GDPR.

3.1.5 Ratings, Posts and Files

When using DocCheck, you can post reviews, write posts (e.g. comments, blogs, case reports), create author profiles (Flexikon), and upload various files (such as pictures, lectures, scripts, videos). These reviews, posts, and files are linked to your user profile. By saving your posts and/or uploading files, you agree to publish this information under your chosen authorship and privacy preference. In addition, your publications will appear under "activities" in your user profile and elsewhere on the DocCheck website. The data processing is based on your consent by using the respective functions according to art. 6 para. 1 sentence 1 letter a) GDPR. As part of the provision of our services requested by you, the data processing is also necessary for the execution of the contract and is based in this respect on art. 6 para. 1 sentence 1 letter b) GDPR. Since DocCheck can neither verify the nature nor the content of the files during the upload process, you have to ensure that the posts or files contain no personal information that violates your rights or the rights of third parties.

3.1.6 Communication data

We store the information, if you want to receive emails from DocCheck and what kind of emails you want to receive (see also section 3.1.4). When you communicate with DocCheck via email or chat or use the DocCheck platform to communicate with other users ("inMail"), we store the content of the communication and any information you choose to provide. Without the storage of this communication data, DocCheck can not perform its customer service and you can not use the DocCheck platform to exchange messages with other users. The data processing takes place in order to provide and carry out the respective communication process or in the case of your request to the customer service for answering this request and is therefore based on art. 6 para. 1 sentence 1 letter b) GDPR.

3.1.7 Market research data

When you participate in a market research study on DocCheck, we will store the answers you provided in the questionnaire. If necessary, further personal data (i.e. the size and location of your practice, age, gender, place of residence) may also be collected. Depending on the purpose of the study, health data can also be collected (e.g. diagnoses, illnesses, use of medication, visits to the doctor, dietary habits, physical limitations).Participation in market research studies is voluntary. Before your participation, you will be asked separately for your consent to store your answers. When we collect particularly sensitive data according to Article 9 GDPR (e.g. health data), we explicitly state this in the context of this declaration of consent before beginning a study.     

In this respect, the processing of data is based on your consent in accordance with art. 6 para. 1 sentence 1 letter a) GDPR and art. 9 para. 2 letter a) GDPR. The data collected in the context of market research will only be assigned to your user profile with your express consent.

If you take part in a survey via chat or web video, we save the chat history and record the video. Regardless of agreeing to this privacy policy, we will separately request your consent to the recording of this information prior to participation. Also in this respect, the data processing is based on your consent in accordance with art. 6 para. 1 sentence 1 letter a) GDPR and art. 9 para. 2 letter a) GDPR.

3.1.8 Employer approval

If you want to take part in a market research study as an employed doctor, DocCheck needs the approval of your employer. You can send us the approval by e-mail or upload. It will be stored non-publicly with your user record as long as required by legal stipulations. The data processing is based on the legal obligation to store the evidence that such an authorization existed in accordance with art. 6 para. 1 sentence 1 letter c) and f) GDPR.

3.1.9 Bank details

If you participate in some DocCheck services, we ask for your bank details. We need this information to transfer money that you earned. If you don't provide your bank details, we can not pay out any money you have earned on DocCheck. The data processing thus serves the fulfillment of our contractual duties, it is based on art. 6 para. 1 sentence 1 letter b) GDPR.

3.1.10 Job application data

You have the opportunity to use DocCheck for job applications and to create a public candidate profile on DocCheck. You determine the type and extent of the data provided in the candidate profile yourself. You can inform potential employers about the profile you have published. The data processing is based on your consent through the use of the application according to art. 6 para. 1 sentence 1 letter a) GDPR.

3.1.11 Competitions

To carry out competitions, your e-mail address is saved to make contact with you and, should you win a prize, your address data to enable us to send the prize. Your address data can be transmitted to a delivery company. There will be no other transmission of data to third parties.

Data processing is exclusively done to carry out the competition. The legal basis for the processing of data for fulfilling this obligation is thus Article 6 paragraph 1 sentence 1 point b) GDPR. 

3.2 Data that is collected automatically

3.2.1 Usage data

We collect information about your interaction with the DocCheck website, such as page-calls or downloads, your search queries, the channels you subscribe to, the logins on partner sites and apps that use DocCheck as an access system, your participation in market research and other activities on the DocCheck platform. These data are mostly pseudonymised and are not visible to third parties. Above all, your usage data serves to continuously improve the individual information offered by DocCheck. In addition, usage data is statistically evaluated in order to optimize the services and the user interface of DocCheck. Your usage data will also be collected to increase privacy and data security in our organization to ensure the best possible level of protection for the personal information we process. The processing of your data takes place in this respect in our legitimate interest and is based on art. 6 para. 1 sentence 1 letter f) GDPR.

3.2.2 Technical data

DocCheck has integrated the iframes of some third-party providers into its web pages (e.g. Sketchfab, Easyzoom, Trinket, Userlike, Youtube, etc.). These iframes will collect

  • your IP address,
  • the access date and the access time,
  • the website from which the access is made (referrer URL),
  • information about used hardware and software (e.g., browser features),
  • device information (e.g., screen resolution).

This data is not used to draw conclusions about you or your behaviour, but to ensure the correct presentation of the web page or iframe. Processing in this respect is in our legitimate interest and is based on art. 6 para. 1 sentence 1 letter f) GDPR.

3.2.3 E-mail data

DocCheck stores information related to the distribution of e-mails. This includes the type of e-mail, its date of delivery, the information if the e-mail was opened and events that may have taken place in the e-mail (e.g. clicking on a button). These data are aggregated and processed as anonymized statistics. The statistics are used by either DocCheck or third parties in order to analyze general user behavior regarding e-mail delivery. Furthermore, we register when you opt-in or opt-out of the various types of DocCheck e-mail.

The data processing ensures the technical functionality of our services and the prevention of any violation of our terms of use. It proves, that you agreed to receive e-mails. It takes place in our legitimate interest in accordance with art. 6 para. 1 sentence 1 letter f) GDPR. When sending bMails (see Terms and Conditions, may not apply in your region), DocCheck also stores the information on which link you have clicked in the footer of the bMail. This information is necessary to make payments to charity organisations or to your DocCheck customer account. In this respect, the processing takes place for the calculation and settlement of your payment claims and is based on art. 6 para. 1 sentence 1 letter b) GDPR.

3.2.4 Chat data

As part of the user support via chat on the DocCheck website, DocCheck stores conversations between users and support staff. The chat data is not assigned to an individual DocCheck user. Unless you don't transmit personal data within the conversation on your own initiative (for example, e-mail address), you remain anonymous. The processing of the chat data takes place for the execution of the contract and is based on art. 6 para. 1 sentence 1 letter b) GDPR.

3.2.5 Payment data

In connection with payment transactions on the DocCheck platform, we will store the payment instrument used, date and time of the transaction, payment amount, expiry date of the payment instrument and other transaction details. This information is necessary in order to adequately fulfill the contract between you and DocCheck and to enable the payment services and is based on art. 6 para. 1 sentence 1 letter b) GDPR.

3.2.6 Customer account

If you participate in bMail and market research (may not apply in your region), DocCheck will save the claims you have acquired as well as the events that justify these claims. This takes place for the execution of the contract and is based on art. 6 para. 1 sentence 1 letter b) GDPR. Since claims may be the subject of taxation, the storage period is based on legal requirements in accordance with art. 6 para. 1 sentence 1 c) GDPR.

3.2.7 Cookies 

We only use technically necassary cookies and similar technologies such as web beacons. Their use is necessary for the fulfillment of the contract between you and DocCheck in accordance with art. 6 para. 1 sentence 1 letter b) GDPR or lies in our legitimate interest in accordance with art. 6 para. 1 sentence 1 letter f) GDPR. Further details about the usage and technical background of cookies used on our web site can be found in our cookie disclaimer. You can disable the use of cookies in your browser settings. Deactivation can lead to functional restrictions or to a malfunction of the DocCheck website. The DocCheck website currently does not respond to a "Do not track" signal in the HTTP header of your browser or mobile app due to a lack of standardization regarding the interpretation of this signal.

3.3 Integration of services and content of third parties

In our online offering and based on our legitimate interest (i.e. interest in the analysis, optimisation and economic operation of our online offering in terms of Article 6 paragraph 1 sentence 1 point f) GDPR), we use contents or services of third-party providers, in order to integrate their contents and services, such as videos or fonts (hereinafter uniformly referred to as “contents“). This always assumes that the third-party providers of these contents find the IP addresses of the users since they would not be able to send the contents to their browsers without the IP address. The IP address is thus required in order to display these contents. We aim at only using such contents whose respective providers make use of the IP address only for the purpose of delivering theses contents. Third-party providers can use so-called pixel tags (invisible graphic elements also called “web beacons”) for statistical or marketing purposes. “Pixel tags“ provide information concerning user traffic on websites with integrated external contents. Pseudonymous information can furthermore be stored on the user device in cookies needed for technical reasons and can contain information concerning browser and operating system, referring websites, duration of website visits as well as other information on the use of our online offering. This information can be linked to information from other sources.    

The following list provides you with an overview of third-party providers and their contents, including links to their privacy policies containing further information about data processing and ways to withdraw consent as partly mentioned here previously (so-called opt out):

3.3.1 YouTube

On our website we make use of YouTube. This is a video portal operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary company of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereinafter only referred to as “YouTube”).The processing of user data partly takes place on servers operated by Google in the USA. Data transfer to the USA is based on standard contractual clauses of the EU Commission. In addition, we have concluded a contract on the commissioning of data processing with Google which ensures that the processing of personal data is subject to a level of security corresponding to that of the GDPR.

We use YouTube employing the “Privacy-enhanced mode” function in order to be able to show you videos. The legal basis for this is Article 6 paragraph 1 point f) GDPR. Our legitimate interest is to improve the quality of our website. According to information provided by YouTube, the “Privacy-enhanced mode” function ensures that the data specified in more detail below will only be transferred to the YouTube server if you actually start a video.

Without this “Privacy-enhanced mode”, a connection to the YouTube server in the USA is established as soon as you visit one of our web pages with an integrated YouTube video.

This connection is necessary in order to be able to display the respective video on our website via your web browser. In the course of this, YouTube records and processes a minimum of your IP address, the date and time as well as the website you visited. Furthermore, a connection to the Google advertising network “DoubleClick” is established.

If you are logged in to YouTube simultaneously, YouTube assigns the connection information to your YouTube account. If you want to prevent this, you must either log out from YouTube before visiting our website or enter the corresponding settings in your YouTube user account.

YouTube continuously saves technically necessary cookies via your web browser on your terminal device for the purpose of functionality and analysis of user behaviour. If you do not wish to allow this processing, you can prevent the storage of cookies by entering the corresponding setting for your web browser.

You can find further information on the collection and use of data as well as your rights and privacy controls in this regard in Google’s Privacy Policy.

3.3.2 Vimeo

We make use of Vimeo in order to display videos on our website. This is a service operated by Vimeo, LL C, 555 West 18th Street, New York 10011, USA, hereinafter only referred to as “Vimeo“.

The processing of user data partly takes place on servers operated by Vimeo in the USA. Data transfer to the USA is based on standard contractual clauses of the EU Commission. In addition, we have concluded a contract on the commissioning of data processing with Vimeo which ensures that the processing of personal data is subject to a level of security corresponding to that of the GDPR.

The legal basis for this is Article 6 paragraph 1 point f) GDPR. Our legitimate interest is to improve the quality of our website.

When visiting a page on our website in which a Vimeo video is embedded, a connection to the servers of Vimeo in the USA is established to display the video. For technical reasons, it is necessary for Vimeo to process your IP address. Furthermore, the date and time of your visit to our website is recorded.

If you are logged in to Vimeo simultaneously while visiting one of our webpages in which a Vimeo video is embedded, Vimeo may assign the information gathered to your personal Vimeo user account. If you want to prevent this, you must either log out from Vimeo before visiting our website or configure your Vimeo user account accordingly.

For reasons of functionality and usage analysis, Vimeo uses the web analysis service Google Analytics. Google Analytics stores cookies needed for technical reasons via your internet browser on your terminal device and information about the use of our webpages in which a Vimeo video is embedded is transmitted to Google. We cannot rule out that Google processes this information in the USA.

If you do not wish to allow this data processing, you can prevent the installation of cookies by entering the corresponding settings for your internet browser. If you are a registered member of Vimeo, you can also use the settings of Vimeo to manage the cookies used.

You can find further information about the collection and use of data as well as about your rights and ways to protect your privacy in Vimeo’s Privacy Policy.

3.3.3 Instagram

In our online offering, we integrate functions and contents of Instagram, provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, hereinafter only referred to as Instagram. The contents can comprise images, videos or texts and buttons which you can use to show that you like content or that you want to follow the authors of such content or that you want to subscribe to our comments.

Instagram is a subsidiary of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, hereinafter referred to as “Facebook“.

The processing of user data partly takes place on servers operated by Facebook in the USA. Data transfer to the USA is based on standard contractual clauses of the EU Commission. In addition, we have concluded a contract on the commissioning of data processing with Facebook which ensures that the processing of personal data is subject to a level of security corresponding to that of the GDPR.

The legal basis for this is Article 6 paragraph 1 point f) GDPR. Our legitimate interest is to improve the quality of our website.

When visiting a page on our website in which a function or content of Instagram is embedded, a connection to the servers of Instagram in the USA is established to display the function or content. For technical reasons, it is necessary for Instagram to process your IP address. Furthermore, the date and time of your visit to our website is recorded.

If you are logged in to Instagram simultaneously while visiting one of our webpages in which a function or content of Instagram is embedded, Instagram may assign the information gathered to your personal Instagram user account. If you want to prevent this, you must either log out from Instagram before visiting our website or configure your Instagram user account accordingly.

You can find further information about the collection and use of data as well as about your rights and ways to protect your privacy in Instagram’s Privacy Policy.

3.3.4 Sketchfab

In our online offering, we make use of the website sketchfab.com operated by Sketchfab, Inc., Sketchfab HQ, 1123 Broadway #501 (25th St), New York City, NY 10010 USA, hereinafter only referred to as “Sketchfab“, for displaying and animating 3D models. All Sketchfab servers are located in the European Union (Ireland).

If you visit one of our webpages which has a Sketchfab plugin, a connection to Sketchfab servers is established. For technical reasons, it is necessary for Sketchfab to process your IP address. Furthermore, date and time of your visit to our website is processed. In addition, the Sketchfab server receives information on which of our pages you visited.

If you are logged in to Sketchfab simultaneously while visiting one of our webpages in which a function or content of Sketchfab is embedded, Sketchfab may assign the information gathered to your personal Sketchfab user account. If you want to prevent this, you must either log out from Sketchfab before visiting our website or configure your Sketchfab user account accordingly.

The use of Sketchfab is based on our legitimate interest in the attractive appearance of our online offering. The legal basis is Article 6 paragraph 1 point f) GDPR.

You can find further information about the collection and use of data as well as about your rights and ways to protect your privacy in Sketchfab’s Privacy Policy.

3.3.5 Facebook

In our online offering and based on our legitimate interest (i.e. interest in the analysis, optimisation and economic operation of our online offering in terms of Article 6 paragraph 1 sentence 1 point f) GDPR), we use social plugins (“plugins”) for the social network facebook.com which are needed for technical reasons. Facebook.com is an internet service of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. In the EU, this service is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, hereinafter both only referred to as “Facebook”. Plugins can display interactive elements or contents (e.g. videos, graphic elements or text) and can be identified by one of the Facebook logos (a white “f” on a blue tile, the word “Like” or the “Thumbs Up” sign), or may additionally be marked as “Facebook Social Plugin”. Here you can find a list and can see what the Facebook social plugins look like.    

The processing of user data partly takes place on servers operated by Facebook in the USA. Data transfer to the USA is based on standard contractual clauses of the EU Commission. In addition, we have concluded a contract on the commissioning of data processing with Facebook which ensures that the processing of personal data is subject to a level of security corresponding to that of the GDPR.

When you visit a page on our website containing a plugin which is needed for technical reasons, your device will establish a direct connection to the Facebook servers. Facebook then directly transmits the content of the plugin to your terminal device which will integrate it into the webpage. A user profile for you may be created from the data processed. We cannot influence the scope of data which Facebook collects via this plugin and can only inform you according to the best of our knowledge.

Due to the integration of the plugin, Facebook receives the information that you visited the corresponding page on the website. If you are logged in to Facebook, Facebook can assign your visit to your Facebook user account. If you interact with the plugins, e.g. by using the like button or leaving a comment, your device directly transmits the corresponding information to Facebook and it is stored there. If you are not a member of Facebook, Facebook may still get to know your IP address and store it. According to Facebook, only anonymized IP addresses are stored in Germany.

You can find more information concerning the purpose and scope of data collection as well as further processing and use of data by Facebook and the corresponding rights and settings for the protection of your privacy in Facebook’s data protection information.

If you are a Facebook member and you do not want Facebook to collect your data via our website and to connect it to your membership data stored at Facebook, you have to log out from Facebook before using our website and delete your cookies. Further settings and withdrawals of consent to the use of data for advertising purposes can be made within the Facebook profile settings or via their US American website or their EU website. Settings are made independently of the platform, i.e. they are applied to all devices like desktop computers or mobile devices.

3.3.6 Twitter

In our online offering, we use the plugin for the social network Twitter. Twitter is an internet service of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA, hereinafter only referred to as “Twitter“.

The processing of user data partly takes place on servers operated by Twitter in the USA. Data transfer to the USA is based on standard contractual clauses of the EU Commission. In addition, we have concluded a contract on the commissioning of data processing with Twitter which ensures that the processing of personal data is subject to a level of security corresponding to that of the GDPR.

When you visit a page on our website containing a plugin which is needed for technical reasons, your internet browser downloads an image of the plugin from the Twitter servers in the USA. For technical reasons, it is necessary for Twitter to process your IP address. Furthermore, the date and time of your visit to our website is recorded.

If you are logged in to Twitter simultaneously while visiting one of our webpages which contains a plugin, the information on your specific visit gathered by the plugin is recognized by Twitter. Twitter may assign the information gathered to your personal Twitter user account. If you use, for instance, the Twitter “share” button, this information is stored in your Twitter user account and may be published on the Twitter platform. If you want to prevent this, you must either log out from Twitter before visiting our website or configure your Twitter user account accordingly.

The use of Twitter is based on our legitimate interest in the attractive appearance of our online offering. The legal basis is Article 6 paragraph 1 point f) GDPR.

You can find further information about the collection and use of data as well as about your rights and ways to protect your privacy in Twitter’s Privacy Policy.

3.3.7 Zendesk

On our website, you have the possibility to contact us. For this purpose, we use the Zendesk Chat. The provider is Zendesk, Inc., 1019 Market Street in San Francisco, CA 94103 USA.

The processing of user data partly takes place on servers operated by Zendesk in the USA. Data transfer to the USA is based on standard contractual clauses of the EU Commission. In addition, we have concluded a contract on the commissioning of data processing with Zendesk which ensures that the processing of personal data is subject to a level of security corresponding to that of the GDPR.

The legal basis is Article 6 paragraph 1 point f) GDPR. Our legitimate interest is the quick and efficient processing of your enquiries as well as supporting you in the best possible way when you require information. 

When you use the Zendesk Chat, a connection to the Zendesk servers in the USA is established. For technical reasons, it is necessary for Zendesk to process your IP address. Furthermore, the date and time of your use of the chat are recorded. To chat about general service questions, you do not have to reveal your name. To process enquiries relating to your account or your purchases at DocCheck, necessary data such as surname, first name, postal address, telephone number, e-mail address, or profession may be recorded via the chat.

Additionally, you may have to identify yourself as a doctor via the Zendesk Chat. This may become necessary for us to enable you to access our restricted areas and pages. The legal basis is Article 6 paragraph 1 sentence 1 point b) GDPR. For further information please refer to 3.1.2.

We only use the personal data you transmit for processing your individual enquiry. For further use of this data, we need your consent. All transmitted data is treated confidentially. The data transmitted and the chat record with our Service Desk will be stored for follow-up questions or later contact. 

If you are not happy to have your enquiry processed via Zendesk, you can send your enquiry alternatively to info(at)doccheck.com.

You can find further information about the collection and use of data as well as about your rights and ways to protect your privacy in Zendesk’s  Privacy Policy.

3.3.8 Trinket

In our online offering, we make use of the internet service Trinket to display and deal with applications, requests, and medical calculations. Trinket is a service operated by Forkable, Inc., Trinket, 502 Adams St, Raleigh, NC, 27605-1202 USA, hereinafter referred to as “Trinket“. The applications we developed together with Trinket are integrated via iFrame in our website.

The processing of user data partly takes place on servers operated by Trinket in the USA. Data transfer to the USA is based on standard contractual clauses of the EU Commission. In addition, we have concluded a contract on the commissioning of data processing with Trinket which ensures that the processing of personal data is subject to a level of security corresponding to that of the GDPR.

When you visit a page on our website which contains a Trinket iFrame, a connection to the Trinket servers is established. When the iFrame is clicked on, it is necessary for Trinket for technical reasons to record your IP address as well as the date and time you clicked on it. If you are logged in to Trinket simultaneously while visiting one of our webpages which contains an application created with Trinket, the information gathered may be assigned to your personal Trinket user account. If you want to prevent this, you must either log out from Trinket before visiting our website or configure your Trinket user account accordingly.

The use of Trinket is based on our legitimate interest in the attractive appearance of our online offering. The legal basis is Article 6 paragraph 1 point f) GDPR.

You can find further information about the collection and use of data as well as about your rights and ways to protect your privacy in Trinket’s  Privacy Policy .

3.3.9 Use of Google Data Studio

We use Google Data Studio, an analytical service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter only referred to as "Google". Google Data Studio uses data from Google Analytics and other sources if we link these data sources. Access is via a browser, the data sources are directly linked via Google Data Studio. You can find further information on the use of Google Data Studio in the information provided by Google.

The processing of user data partly takes place on servers operated by Google in the USA. Data transfer to the USA is based on standard contractual clauses of the EU Commission. In addition, we have concluded a contract on the commissioning of data processing with Google which ensures that the processing of personal data is subject to a level of security corresponding to that of the GDPR.  

We make use of Google Data Studio based on our legitimate interest. Our legitimate interest is the compiling of visual content in the form of reports and dashboards to optimize our offering for our customers and to design it to meet their requirements. The legal basis for the use of Google Data Studio is thus Article 6 paragraph 1 point f) DS-GVO.

You can find further information about the use of Google Analytics in item 10.1 of his Privacy Policy.

Further information on Google Data Studio can be found here.

3.3.10 Zammad

We use the helpdesk system Zammad provided by Zammad GmbH, Marienstraße 18 in 10117 Berlin, Germany, hereinafter referred to as “Zammad“. We have concluded a contract on the commissioning of data processing with Zammad for this purpose.

Zammad uses data (chat protocols, e-mails with e-mail address) only for technical reasons related to the processing of enquiries and does not transfer it to third parties.
During the processing of service enquiries, it may become necessary to collect more of your data.

We make use of Zammad based on our legitimate interest, i.e. the quick and efficient processing of enquiries. The legal basis is Article 6 paragraph 1 sentence 1 point f) GDPR

If you are not happy to have your data collected by the Zammad software, you can use alternative means of communication such as e-mail or telephone.

You can find further information in Zammad’s Privacy Policy.

3.3.11 Typeform

On our website, we make use of the service Typeform operated by TYPEFORM S.L., Carrer Bac de Roda, 163, 08018 Barcelona (Spain) (“Typeform”) to process user information in online contact forms. In doing so, personal data supplied by the user are stored and processed. Processing of data is done on the servers of Amazon Web Services, Inc. 410 Terry Avenue North Seattle WA 98109 (USA). The main server is located in Virginia, USA and the backup server in Frankfurt/Main, Germany.

For the aforementioned purposes, we have concluded a contract on the commissioning of data processing with Typeform according to Article 28 GDPR and the security of transmission is additionally provided for by so-called standard contractual clauses which ensure that the processing of personal data is subject to a level of security corresponding to that of the GDPR. 

The legal basis for the data processing is our legitimate interest to display forms and surveys on specific topics in a targeted way and to individually adapt the display to topics and questions, thus Article 6 paragraph 1 sentence 1 point f) GDPR.  If your enquiry is made by means of a contact form, the processing of data can additionally serve to fulfil a contract and is thus based on Article 6 paragraph 1 sentence 1 point b) GDPR.

You can find further information in Typeform’s Privacy Policy.

3.3.12 SoundCloud

On our website, audio files are embedded using the service SoundCloud. The service is operated by SoundCloud Global Limited & Co. KG, Rheinsberger Str. 76/77, 10115 Berlin, Germany, hereinafter referred to as "SoundCloud".

To display audio content, we use SoundCloud cookies needed for technical reasons via iFrame on individual pages. In this way, a connection between your browser and a SoundCloud server is established and SoundCloud receives the information that you visited our website with your IP address. If you click the share button while logged in to your SoundCloud user account, you can link the contents of our website to your SoundCloud profile and/or share these contents. In this way, SoundCloud can assign your visit to our website to your user account. We underline that as the provider of the website we receive no information as to the content of the transmitted data or their use by SoundCloud.

If you do not want SoundCloud to assign your visit to our website to your SoundCloud user account, please log out from your SoundCloud user account before activating any content of the SoundCloud plugin.

We use SoundCloud in our legitimate interest in the attractive appearance of our online offering. This constitutes a legitimate interest in the sense of Article 6 paragraph 1 sentence 1 point f) GDPR. You cannot use this function without supplying data.

You can find further information on the treatment of user data in SoundCloud’s Privacy Policy.

3.4 Fanpage

We operate a fanpage on the platform instagram.com belonging to Facebook Inc., 1601 S. California Avenue, Palo Alto, CA, 94304, USA. In the EU, this platform is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, hereinafter both only referred to as “Facebook“.

Each visit to and every interaction with our fanpage causes data processing, regardless of whether you have an account with Instagram or Facebook or not. If you are logged in to your account, the operators of Instagram and/or affiliated companies assign the information relating to your visit to the fanpage to your account information and may use this to establish a profile. If you do not want such profiling, please log out before visiting our fanpage.

In our shared responsibility with Facebook, we analyse how you use our fanpage (website insights). By means of these website insights, we process statistical data from our fanpage, such as gender, age range, location, pages visited, interactions and information on paid activity, reach, accounts you accessed, impressions and impressions per day. This is done based on our legitimate interest according to Article 6 paragraph 1 sentence 1 point f) GDPR to enhance the attractivity of posts on the website or to determine the right moment to publish something.

You can find the necessary information on data processing in the framework of website insights according to GDPR in Facebook’s data protection information.

Here Facebook provides you with the relevant contents of the contract on data processing in shared responsibility concluded between Facebook and us according to Article 26 GDPR.

4 Storage of your data 

Your personal data is stored on DocCheck servers and is protected from unauthorized access by access controls and firewalls. The processing of user data is mainly carried out in-house. If third parties are involved in data storage or processing, they have a data processing contract that guarantees the processing of your data at the same level, that is used by DocCheck.

The proof of your medical qualification and employer approvals are stored partly electronically and partly as physical documents (depending on how it has been provided).

When uploading files, some file formats (e.g. videos, PDF documents, PowerPoint presentations, etc.) are stored in cloud services. No personal data is transmitted along with the file.

Pseudonymised/anonymised data collected by web beacons is stored on the systems of their respective providers.

 

5 Visibility of your data 

You can basically control the visibility of your data yourself. However, as DocCheck is a social media platform, some of your data or activities will appear publicly, e.g. your name and your profession. For other personal data you can define different levels of visibility. 

The visibility levels are "private" (= only visible to you), "contacts" (= only visible to DocCheck users you follow and follow you), "DocCheck users" (= visible to all DocCheck users) and "all" (= public, i.e. also visible to users without DocCheck login). The visibility levels for your assets are "Draft" or "Private" (= only visible to you), "Medical Professionals" (= only visible to DocCheck users with a medical background), "DocCheck Users" (= visible to all DocCheck Users, i.e. also without a professional medical background) and "all" (= public, i.e. also visible to users without DocCheck login). 

Some of your personal information is also visible outside DocCheck by default. These are your name and surname, your job, your area of expertise and your position. Other data is only visible, if you have shared it with a specific group of users. 

You can partially disable the visibility of your data and its search engine findability. However, the texts and files you publish are publicly available and searchable if you do not set their visibility to "private" - e.g. Pictures, videos or blog posts.

If you don't understand the different visibility levels or if you are feeling uncomfortable to publish your profile as a medical professional on the web, you should not use DocCheck. 

 

6 Use of your data

6.1 DocCheck services

We use the data listed under 3.1 and 3.2 when you are registering for and using the various DocCheck services. The processing takes place in order to provide these services and is based on art. 6 para. 1 sentence 1 letter b) GDPR.

Your basic user data creates a public profile on DocCheck and allows you to access the various contents and functions of DocCheck. This enables you to write comments, create content, and upload and share files with other DocCheck users under your name. You can also submit candidate profiles, job offers or job requests with DocCheck. We use your delivery address to deliver products ordered by you. We use your bank details to pay claims that you have acquired by participating in market research or receiving bMails from DocCheck.

6.2 Authorization

If you are a licensed medical professional, your data authorizes you to access content that, under the terms of the EU-Directive 2001/83/EC, may only be made available to healthcare professionals (for example, prescription drug information). In this respect we process the data for the purpose of fulfilling the contract between you and DocCheck (art. 6 para. 1 sentence 1 letter b) GDPR) as well as for fulfilling a legal obligation (art. 6 para. 1 sentence 1 letter c) GDPR).

6.3 Personalization

We use your data to personalize the information on DocCheck in order to offer contents and services that match your professional activity and your interests. This includes a personal home page that provides an overview of news in channels that you have subscribed to. The same applies to the information you receive with the DocCheck News via email. In this respect the data processing has the purpose to fulfill our contract and to make our offers more user-friendly, as stipulated in art. 6 para. 1 sentence 1 letter b) and f) GDPR.

6.4 Improvements

We use your data to continuously improve our services. By analyzing the usage data, we can see if there are any errors in the use of our services or problems in understanding the user interface. In addition, we can see which areas and services of DocCheck are particularly interesting for users and which content we may need to optimize. The rationale for the data processing is based on art. 6 para. 1 sentence 1 letter f) GDPR and takes place in our legitimate interest in website statistics and improving our services.

6.5 Communication

We use your data to ensure smooth communication between you and DocCheck via email. Through the data, we can address you personally and customize the eMail delivery to your needs. The data processing takes place to answer your request and thus to fulfill our contract. Furthermore we have a legitimate interest to ensure the technical functionality of our services and to personalize them in favor of a higher user-friendliness and attractiveness. The use of your data is based on art 6 para. 1 sentence 1 letter b) and f) GDPR.

6.6 Marketing

We use your data to inform you about new DocCheck services that are relevant for your interests and professional activities. The data also enables us to present our advertising or third-party advertising in a way that it reaches the right recipient. Your usage data will also be used to evaluate the success of marketing campaigns. We share this information with the advertisers. However, it contains only anonymized and aggregated data so that no information about your individual behavior to advertising is shared with third parties. This data processing serves the financing of DocCheck, it takes place in our legitimate interest and is based in this respect on art. 6 para. 1 sentence 1 letter f) GDPR.

6.7 Market research

We use your information to invite you to market research studies. In the context of market research studies, we use your data to create our own studies or studies on behalf of customers. Because market research contributes to the financing of DocCheck services, we have a legitimate business interest in collecting this information. Your participation enables us to provide our services for free. All market research data is pseudonymised and aggregated in the report. Neither the raw data nor the report allow to identify a specific person. We use the employer approval you provided to check whether employed doctors are allowed to participate in our market research in accordance with labor regulations. The data processing is based on our legitimate business interests in accordance with art. 6 para. 1 sentence 1 letter f) GDPR.

6.8 Statistics

We use pseudonymised and anonymised data to improve and finance our website for legitimate business purposes (art. 6 para. 1 sentence 1 letter f) GDPR) in order to develop usage statistics, overall analyzes and business intelligence strategies. They enable us to make informed decisions, to inform advertisers about the scope of DocCheck and to inform us about our course of business.

6.9 Customer Support

We store your communication with DocCheck to help you to solve problems you might experience with our services. The relevant data processing helps us to fulfill our contract and is based on art. 6 para. 1 sentence 1 letter b) GDPR.

6.10 Security

We want to create a trusted environment for the exchange of professional information. Your public profile and your professional credentials give other users the assurance that medical statements are backed by the necessary expertise. We use stored IP addresses to prevent the misuse of your password after spying, loss or disclosure. An indication of misuse of a password is, for example, a use by multiple IP addresses. Since your DocCheck password gives access to your user profile, this mechanism serves your data security. The relevant data processing serves our legitimate interest to increase data security and is based on art. 6 para. 1 sentence 1 letter f) GDPR. 

6.11 Availability

We collect the information referred to in point 3.2.2 to improve the availability of our services. They ensure a smooth server connection, a stable delivery of our HTML-code and the right formatting of content on different devices. In this respect the data processing is based on our need to fulfill our contract and on legitimate business interests in accordance with art. 6 para. 1 sentence 1 letter b) and f) GDPR.

6.12 Conflict resolution

We use your information to resolve possible legal conflicts between you and DocCheck, for example, if there is uncertainty whether or not you have consented to receive emails. Data processing is therefore in our legitimate interest to provide such evidence and is based on article 6 paragraph 1 sentence 1 letter f) GDPR.

 

7 Disclosure of data

7.1 Conditions of Disclosure

Your personal information will not be shared with third parties unless 

  • you have given the explicit consent to this transfer (art. 6 para. 1 sentence 1  letter a) GDPR)
  • DocCheck is required to do so due to an official requirement or by statutory regulations (art. 6 para. 1 sentence 1 letter c) GDPR)
  • it is necessary to assert, exercise or defend legal claims and there is no reason to believe that you have a legitimate interest in the non-disclosure of your data (art. 6 para. 1 sentence 1 letter f) GDPR)
  • it is necessary for the fulfillment of contractual relationships with you (art. 6 para. 1 sentence letter 1 b) GDPR)
  • there is a legitimate business interest of DocCheck, e.g. because we use data processors, especially when DocCheck has to rely on web services of third parties.

7.2 Single sign-on 

The login on websites and apps of companies that use DocCheck as an access system is processed on DocCheck servers. Depending on the procedure (s.b.) this can involve a transfer of personal data. The extent of the data transfer depends on the method used: 

  • "Standard": This method does not transfer any data. 
  • "Unique Key": This procedure passes a random string that is used to identify repeated visits. The string does not allow any identification of the user. No personal data will be passed on to the entity using the login. 
  • "Routing": In this procedure, the occupation, the country, the language or the field of expertise of the user are transferred anonymously to the respective site operator. The purpose of this procedure is to provide different relevant services or contents to different users. The information is transferred without reference to a specific user. This procedure can be combined with "Unique Key". The anonymity of the user is not influenced by this combination.
  • "Personal": In this process, a company would like to receive personal data from you as part of the login. The individual data fields that are to be transferred are displayed and the purpose of the data processing is explained. Further details can be found in the privacy policy of the respective company. Your data will only be passed on if you explicitly confirm your consent by clicking or pressing a button. You can revoke this consent at any time with effect for the future by writing an email to info@doccheck.com. 

If you are unsure, which method is used on a given website, you can always ask us under info@doccheck.com.

7.3 Order processing

DocCheck uses data processors for the delivery of e-mails and for the collection of market research results.

Emails are handled by EMARSYS eMarketing Systems GmbH, Märzstrasse 1, 1150 Vienna ("EMARSYS"), for DocCheck. EMARSYS receives email address, title, salutation and other user parameters from DocCheck, so that the e-mails can be sent with a personal touch. The terms of the data processing are fixed in a contract for order processing with EMARSYS. The transfer of user data to third parties by EMARSYS is prohibited.

To collect market research data, DocCheck uses the software "EFS Survey" from Questback. Questback will not receive any data from Doccheck, besides an anonymised user ID. In individual cases, data such as occupation, gender, place of residence, practice size or other parameters will be processed. This information stays anonymous - it is not linked to the name of an individual user within EFS Survey. The terms of the data processing are fixed in a order processing contract with Questback. Questback has a contractual obligation not to disclose any market research data to third parties. Should a collection of personal data be necessary in EFS Survey - e.g. participants who are not DocCheck users and have been recruited by post - the users will be notified in a separate privacy policy prior to participation.

7.4 Collection of data in the framework of market research

DocCheck employs a selected data processor for data collection in the framework of market research.

For collecting market research data, DocCheck uses for quantitative surveys the interview software G3plus produced by Rogator AG, Emmericher Str. 17, 90411 Nuremberg, Germany and for qualitative surveys the software "QDC Studio" produced by Kernwert GmbH, Gubener Str. 24, 10243 Berlin, Germany.

The conditions for data processing are stipulated according to Article 28 GDPR in a contract on the commissioning of data processing with Rogator AG and Kernwert GmbH.

7.4.1 Quantitative surveys with G3Plus

For random sampling, DocCheck also uses, apart from its own software, the panel software RogPanel produced by Rogator AG, Emmericher Str. 17, 90411 Nuremberg, Germany. For this purpose, your master data such as name, e-mail address, gender or specialized field are imported by DocCheck into the panel software. We also use the panel software to send out e-mail invitations for quantitative market research studies. In individual cases, data such as profession, gender, place of residence, size of the doctor’s practice or other parameters can be asked for. If your data collected in the framework of a study deviate from your master data, DocCheck can update, rectify, and supplement your data with your prior consent. This enables DocCheck in future to invite you to participate in studies which may be relevant for you according to your master data. Rogator AG is not permitted to transfer data to third parties or to use data or information directly.

If further collection of personal data in G3Plus or RogPanel becomes necessary – for instance for participants who do not use DocCheck and were recruited by mail – separate information on data protection and data processing is provided before participation. Data is collected in this case by Rogator AG as a service provider for DocCheck. This collecting of data is subject to the contract on the commissioning of data processing concluded between DocCheck and Rogator AG according to Article 28 GDPR.

DocCheck remains responsible for all data collected and remains your contact person.

7.4.2 Qualitative surveys

To participate in qualitative studies, potential participants who were for instance recruited via a quantitative pre-survey, receive an invitation by e-mail including all important information on the planned DocCheck study. This comprises general information on who commissioned the study, the purpose of the study, description of the topic, type of data to be collected, duration of study and stipulations on data deletion. The invitation e-mail contains access data for each participant as well as a link to log in to Kernwert GmbH’s QDC Studio. Participation is voluntary and is subject to your consent to the purposes specified for this study and data processing according to Article 6 paragraph 1 point a) GDPR.

If it becomes necessary to collect personal data in QDC Studio, the data is collected by Kernwert GmbH as a service provider for DocCheck. This collecting of data is subject to the contract on the commissioning of data processing concluded between DocCheck and Kernwert GmbH according to Article 28 GDPR.

DocCheck remains responsible for all data collected and remains your contact person.


7.5 Statistics on usage / results from market research

Statistics on usage and results from market research which DocCheck provides to third parties contain only anonymised and aggregated data. It is impossible to trace this data to an individual person.

The transfer of your personal data in the framework of pharmacovigilance is done based on our legal obligation according to the German Medicinal Products Act (AMG) and the German Medical Devices Act (MPG). DocCheck acts in this context as an agent according to Article 6 paragraph 1 sentence 1 point c) GDPR. Our legitimate interest is to fulfil our contractual reporting obligations towards the manufacturers according to Article 6 paragraph 1 sentence 1 point f) GDPR.

If particular categories of personal data are processed, for instance health data, processing is done to guarantee high standards of quality and safety in healthcare and in the use of drugs and medicinal products (Article 9 paragraph 2 point i) GDPR) and for scientific or statistical purposes (Article 9 paragraph 2 point j) GDPR).

8 Data security

When using the DocCheck website we use SSL, so that the transfer of data between you and DocCheck is encrypted if your browser supports this technology. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we provide the next available standard. You recognize the encryption by a lock or key symbol in your browser. DocCheck takes appropriate technical and organizational security measures to protect your data from loss or unauthorized access by third parties resulting in manipulation, theft or destruction. Our security measures comply with the latest standards and are constantly being improved in line with technological developments.

 

9 Analysis tools

Some of the information mentioned under 3.2 is collected using external third-party analysis tools, which are listed below. The legal basis of the data processing is a legitimate interest in data processing according to art. 6 para. 1 f GDPR. The rationale lies in the continuous optimization of our website and in the need to maintain the functionality of our applications. 

The respective data categories and processing purposes can be found in the descriptions of the analysis tools:

9.1 Google Analytics

For the purpose of customizing and the continuous optimization of our pages, we use Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland;  hereinafter "Google". In this context, pseudonymized user profiles are created and technically necessary cookies (see point 4) are used. The information generated by the cookie about your use of this website such as

  • Browser type/version,
  • Operating system used,
  • Referrer URL (the previously visited page),
  • Host name of the accessing computer (IP address),
  • Time of the server request,

are transferred to a Google server in the US and stored there. DocCheck has limited the storage period offered by Google to the minimum of 26 months. The information is used to evaluate the usage of the website, to compile reports on the website activities and to provide further services associated with the usage of the website and the Internet in general for the purposes of market research and tailor-made website design. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of the company. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (IP masking).

The processing of user data partly takes place on servers operated by Google in the USA. Data transfer to the USA is based on standard contractual clauses of the EU Commission. In addition, we have concluded a contract on the commissioning of data processing with Google which ensures that the processing of personal data is subject to a level of security corresponding to that of the GDPR.

You may refuse the installation of the technically necessary cookies by selecting the appropriate settings on your browser; however, we point out that in this case, not all features of this website may be fully functional.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (see link).

As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent the data collection of Google Analytics by setting an opt-out cookie that prevents future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

The use of Google Analytics and the related data processing includes the use of cookies based on Art. 6 para. 1 sentence 1 letter f) GDPR as we have a legitimate interest in being able to display targeted advertising to finance our services.

For more information about Google Analytics related privacy, please visit the Google Analytics Help Center.

9.2 Skalierbares Zentrales Messverfahren (SZMnG)

DocCheck utilizes the measuring method ("SZMnG") of INFOnline GmbH to determine statistical parameters about the use of our offers. It installs a cookie with the identifier "ioam.de". The aim of the usage measurement is to statistically determine the number of visits to our website, the number of website visitors and their surfing behavior - on the basis of a uniform, standardized procedure - and thus to obtain market-wide comparable values.

For all digital offers provided by members of the "Informationgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e.V." (IVW) or the studies of the "Arbeitsgemeinschaft Online-Forschung e.V." (AGOF), the usage statistics are regularly processed by AGOF and the "Arbeitsgemeinschaft Media-Analyse e.V." (agma) and published with the performance value "Unique User" and by IVW with the performance values "Page Impression" and "Visits". These ranges and statistics can be viewed on the respective websites.

Further information on data protection related to the measurement procedure can be found in our Privacy Declaration and in the data protection declaration on the website of INFOnline GmbH, which governs the measurement procedure, the data protection website of AGOF and the data protection website of IVW.

9.2.1 Legal basis for processing

Measurement by INFOnline GmbH using the SZMnG measurement method is carried out with a legitimate interest in accordance with Art. 6 para. 1 sentence 1 letter f) GDPR.

The purpose of the processing of personal data is the compilation of statistics and the creation of user categories. The statistics serve to be able to trace and document the use of our offers. The user categories form the basis for an interest-oriented adjustment of advertising media and/or advertising measures. In order to market this website, a usage measurement that ensures comparability with other market participants is essential. Our legitimate interest stems from the economical usability of the findings resulting from the statistics and user categories and the market value of our website - also in direct comparison with third-party websites - which can be determined from these statistics.

In addition, we have a legitimate interest in making the pseudonymized data available to INFOnline, AGOF, and IVW for market research purposes (AGOF, agma) and for statistical purposes (INFOnline, IVW). Furthermore, we have a legitimate interest in making the pseudonymized data available to INFOnline for the further development and provision of interest-oriented advertising material.

9.2.2 Type of data

INFOnline GmbH collects the following data which according to GDPR relate to persons:

  • IP address: On the Internet, every device needs a unique address, the so-called IP address, for the transfer of data. The storage of this IP address, at least for a short period of time, is technically necessary due to the way the Internet functions. Before any processing of these IP addresses, they are shortened by 1 byte and then processed only in an anonymised form. The complete IP addresses are not stored or further processed.
  • A client identifier generated at random: To be able to identify computer systems for reach data processing either a cookie with the identifier “ioam.de“, a “local storage object“ or a signature established from various information transferred automatically by your browser is used. This identifier is unique for a browser, as long as the cookie or local storage object is not deleted. A measuring of data and the subsequent assignment to a client identifier is also possible if you visit other websites which also use the measuring method (“Scaleable Central Measurement System next Generation“) of INFOnline GmbH.

The cookie will expire after a maximum of one year.

9.2.3 Use of data

The measurement system of INFOnline GmbH used on our website collects usage data. This is done to measure performance parameters such as page impressions, visits and clients and to establish other indicators (e.g. qualified clients). In addition, the data recorded are used as follows:

  • A so-called geolocation, meaning the allocation of a website visit to the location of the visitor, is established exclusively on the basis of anonymised IP addresses and only on a geographical level of the German Länder/ regions. From geographical information collected in this way it is impossible to trace the exact location of a user.
  • The usage data of a technical client (e.g. a browser on a device) are merged from our different webpages and stored in a data base. This information is used to estimate by technical means information on age or gender and is transmitted to the German Association for Online Research (AGOF) for further processing of reach data. In the framework of an AGOF study, demographic factors are estimated by technical means on the basis of a random sample. They concern the following categories: age, gender, nationality, profession, family status, general information on the household, household income, place of residence, use of the Internet, online interests, user location, user type.

9.2.4 Duration of data storage

The complete IP address is not stored by INFOnline GmbH. The shortened IP address is stored for a maximum of 60 days. Usage data in connection with a unique identifier are stored for a maximum of six months.


9.2.5 Transmission of data

The IP address as well as the shortened IP address are not transmitted. For the carrying out of the AGOF study, data with client identifiers are transmitted to the following service providers of AGOF:

9.2.6 Right of objection

If you do not wish to participate in the measurement, you can object by following this link: https://optout.ioam.de to guarantee an exclusion from the measurement, it is technically necessary to set a cookie. If you delete this cookie in your browser, it is necessary to repeat the opt-out process at the link above.

10 Duration of data storage

We only process personal data for as long as this is necessary for the above-mentioned purposes. Afterwards, personal data is deleted if there is no conflict with legally stipulated retention periods.

11 Your rights 

Regarding the use of your data, you have the following rights. You are welcome to contact us at any time under info@doccheck.com or to consult our data protection officer (see above).

11.1 Right of access

You have the right to receive from us at any time gratuitous information about the personal data stored about you and a copy of this information. Furthermore, you have the right of information about the following topics:

  • the purposes of the processing
  • the categories of personal data concerned
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
  • the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data or to object to such processing
  • the right to lodge a complaint with a supervisory authority
  • where the personal data are not collected from you directly, any available information as to their source
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you

You also have the right to know whether personal data has been transmitted to a third country or to an international organization. If this is the case, you have the right to obtain information about the appropriate guarantees in connection with the transfer. 

In order to get access to this information, you can contact our data protection officer or our customer service at info(at)doccheck.com at any time. 

Your right of information is based essentially on art. 15 GDPR.

11.2 Right to rectification

You have the right to demand the immediate correction of incorrect personal data concerning you. You also have the right to request the completion of incomplete personal data, including by means of a supplementary statement, taking into account the purposes of processing. DocCheck offers you the opportunity to process a large part of your data yourself in your user account. However, part of your data (especially your job or last name) can not be changed directly by you. If you would like to exercise your right to rectification, you can always contact our data protection officer or our customer service at info(at)doccheck.com.

Your right to rectification is based on Art. 16 GDPR

11.3 Right to erasure

You have the right to demand that your personal data is deleted without delay if one of the following reasons applies and the processing is not required: 

  • The personal data has been collected for such purposes or otherwise processed for which they are no longer necessary. 
  • You revoke your consent, on which the processing was based in accordance with art. 6 para. 1 lettter a) of the GDPR or art. 9 para. 2 letter a) of the GDPR, and there is no other legal basis for the processing. 
  • You object to the processing in accordance with art. 21 para. 1 GDPR, and there are no legitimate reasons for the processing, or you object to the processing in accordance with art. 21 para. 2 of the GDPR. 
  • The personal data were processed unlawfully. 
  • We are required to clear your personal information in order to fulfill a legal obligation under EU or national law. 
  • The personal data were collected in relation to the offer of information society services referred to in art. 8 para. 1 GDPR. 

If any of the above reasons apply and you wish to delete the personal information stored by us, you may contact our data protection officer or our customer service at info(at)doccheck.com at any time. Our data protection officer or our employees will arrange that the deletion request will be fulfilled as soon as possible.

Please note that depending on the scope of your request for deletion, the further use of your DocCheck account and DocCheck password may be impossible.

Documents that you have uploaded and published while using DocCheck under recognition of the DocCheck Terms and Conditions, e.g. texts, pictures, videos are no longer connected to your user account after deletion. Since DocCheck can not verify that any documents you have published contain personal information, you must notify us separately if you also want to delete those documents. We kindly ask you to give this notice along with your request to delete your account, otherwise we will not be able to identify your documents clearly. 

Your right to data deletion is based on art. 17 GDPR.

11.4 Right to restriction of processing

You have the right to obtain restriction of data processing if any of the following conditions apply: 

  • The accuracy of your personal information is contested by you for a period of time that allows us to verify the accuracy of your personal information.
  • The processing is unlawful and you refuse the deletion of personal data and instead require the restriction of the use of personal data. 
  • We no longer need your personal information for processing purposes, but you do need it to assert, exercise or defend your rights. 
  • You have contradicted to the processing according to art. 21 para. 1 GDPR and it is not yet clear whether the legitimate reasons of our company outweigh your rights. 

If one of the above conditions is met and you want to restrict the personal data stored by us, you can contact our data protection officer or our customer support at any time. Our data protection officer or another employee will set the restriction of processing into effect. 

Your right to restriction of processing is based on art. 18 GDPR.

11.5 Right to data portability

You have the right to receive your personal information provided to us in a structured, common and machine-readable format. This includes the right to transfer this data to another entity without hindrance by us, provided that (i) the processing is based on the consent pursuant to art. 6 para. 1 letter a) GDPR or art. 9 para. 2 letter a) GDPR or based on a contract pursuant to art. 6 para. 1 letter b) of the GDPR; and (ii) the processing is carried out by automated means, unless the processing is necessary for the performance of a task in the public interest or in the exercise of public authority, which has been assigned to us. 

In addition, when exercising your right to data portability, you have the right to obtain that personal data be transmitted directly from one controller to another, as far as technically feasible and provided that this does not affect the rights and freedoms of others.

Your right to data portability is based on art. 20 GDPR.

11.6 Right to object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data pursuant to art 6 para. 1 letter e) or f) GDPR. This also applies to profiling based on these provisions. 

We will not process personal information in the event of an objection unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or serve to assert, exercise or defend legal claims.

If we process personal data for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

In addition, you have the right, on grounds relating to your particular situation, to object the processing of your personal data for scientific or historical research purposes or for statistical purposes pursuant to art. 89 para. 1 of the GDPR unless such processing is necessary to fulfill a public interest task. 

To exercise the right to object, you can contact our data protection officer or our customer support at info(at)doccheck.com at any time. You are also free, in the context of the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right of objection by means of automated procedures using technical specifications. 

Your right to object is based on art. 21 GDPR.

11.7 Automated decisions on a case-by-case basis, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision

  • is necessary for entering into, or performance of, a contract between you and us,
  • is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests or
  • is based on your explicit consent.

If the decision to conclude or fulfill a contract between us and you is required or is made with your explicit consent, we will take reasonable steps to safeguard your rights and freedoms and your legitimate interests.

If you want to enforce rights related to automated decisions, you can contact our data protection officer or our customer support at info(at)doccheck.com at any time. 

These rights are based on art. 22 GDPR

11.8 Right to revoke your consent

You have the right to revoke your consent to the processing of your personal data in whole or in part at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent before the revocation. If you would like to exercise your right to revoke your consent, you can contact our data protection officer or our customer support at any time. The contact details can be found above this privacy policy.

Your right to revoke your consent to data prcessing is based on art. 7 para. 3 GDPR. 

11.9 Right to lodge a complaint 

You have the right to he right to lodge a complaint with a supervisory authority. This right is based on art. 56 para. 2 GDPR.

 

12 Changes to this Privacy Policy 

DocCheck reserves the right to change this Privacy Policy at any time in accordance with legal requirements and will - if necessary - point out changes in an appropriate location. If necessary, DocCheck may also seek your consent to changes to this Privacy Policy. You can find the current version of this privacy policy at any time at info.doccheck.com/en/privacy/.

Last change: 02/2022