DocCheck Privacy Policy

DocCheck Community GmbH, Vogelsanger Strasse 66, D-50823 Cologne ("DocCheck") collects personal data as part of its business activities

  • on doccheck.com and other DocCheck domains
  • on doccheckshop.de and other DocCheck shop domains
  • in DocCheck apps
  • on websites and apps that use the DocCheck system as an authorization procedure ("single sign-on")
  • on websites and apps that advertise the DocCheck ad server
  • on websites and apps that perform special sub-functions (e.g., site statistics, market research)
  • in emails sent by DocCheck
  • in other interactions with DocCheck (telephone, fax, trade fairs, congresses etc.)

which are necessary for the use of the services and information offered by DocCheck ("Services") or for the processing of which we are otherwise entitled or obligated. The protection of these data is ensured in compliance with the data protection regulations, in particular the EU General Data Protection Regulation (GDPR). You give your consent to the collection, storage and use of your personal information for the purposes set forth in this statement. If a form of data collection or processing is not covered by this privacy policy, we will ask for a separate consent. You can view and change the data you provide in your user account. Any consent given by you may be withdrawn at any time with effect for the future.


1 Name and address of the responsible legal entity

Responsible in terms of the General Data Protection Regulation (GDPR), and other regulations and laws with data protection character is:

DocCheck Community GmbH
Vogelsanger Str. 66
50823 Cologne
Germany
Tel .: +49 (0)221-920530
E-Mail: info@doccheck.com
The legal representative of DocCheck Community GmbH is its managing director, Frank Antwerpes


2 Name and address of the data protection officer

The data protection officer of DocCheck Community GmbH is:
Tim Halver
DocCheck AG
Vogelsanger Str. 66
50823 Cologne
Germany
Tel .: +49 (0)221-920530
E-Mail: datenschutz@doccheck.com
For any questions about privacy, you can contact our data protection officer directly.


3 Collection of your data

As part of your registration for DocCheck and during your usage of DocCheck personal data will be collected or updated. Data collection is performed in two ways:

  1. 1. by entering data into form fields or by sending us information by e-mail, post or fax ("Active Data Collection")
  2. 2. by logging your actions, when you use the DocCheck services ("passive data collection")

Regardless of the type of data collection, DocCheck follows the principle of data minimization. We only collect information that is necessary to fulfill the contract between you and DocCheck or is relevant for an optimal user experience.


3.1 Data that you provide

3.1.1 Basic personal data

When registering, we will collect the personal information we need to set up your DocCheck account and provide our services. These are first name, surname, profession, area of expertise, area of activity, additional names, postal code, street, residence, e-mail address and a self-chosen password. This data is assigned to an individual user ID, which is provided by DocCheck. Your password will be saved via a one-way hash function. This means it can not be recovered or read by anyone, including DocCheck. This data processing is based on art. 6 para. 1 sentence 1 letter b) GDPR.

You can also use DocCheck without signing up in read-only mode, but you will not have a user profile, can not post or upload files to DocCheck, and will not receive personalized information.


3.1.2 Proof of medical qualification

In addition, we ask you to upload a proof of your medical qualification. If you provide a proof of your affiliation to a medical profession to DocCheck, it will be stored with link to your user profile. Without your basic personal data and professional credentials, DocCheck can not review your affiliation with the medical community and can not grant access to information and services that are restricted under the EU-Directive 2001/83/EC or due to ethical reasons. You can use DocCheck without professional credentials, but you will have limited access to some services. The above-mentioned data processing is necessary to extend the functionality of your  DocCheck account and is based on art. 6 para. 1 sentence 1 letter b) GDPR.


3.1.3 Photograph

If you want, you can upload a photo to your profile on DocCheck. This photo will be publicly displayed in your profile. The data processing is based on your consent given by uploading your profile picture in accordance with art. 6 para. 1 sentence 1 letter a) GDPR.


3.1.4 Extended personal data

As part of your usage of DocCheck, we kindly ask you from time to time to provide further information after you finished your registration, e.g. which professional interests you have, if and how you would like to be contacted by eMail or if you would like to participate in market research studies. This extended personal data will be added to your user profile "non-publicly". You may delete, amend, publish or update this data at any time, depending on how much information you want to share with DocCheck and other DocCheck users. The processing of data is based on your personal consent in accordance with art. 6 para. 1 sentence 1 letter a) of the GDPR.


3.1.5 Ratings, Posts and Files

When using DocCheck, you can post reviews, write posts (e.g. comments, blogs, case reports), create author profiles (Flexikon), and upload various files (such as pictures, lectures, scripts, videos). These reviews, posts, and files are linked to your user profile. By saving your posts and/or uploading files, you agree to publish this information under your chosen authorship and privacy preference. In addition, your publications will appear under "activities" in your user profile and elsewhere on the DocCheck website. The data processing is based on your consent by using the respective functions according to art. 6 para. 1 sentence 1 letter a) GDPR. As part of the provision of our services requested by you, the data processing is also necessary for the execution of the contract and is based in this respect on art. 6 para. 1 sentence 1 letter b) GDPR. Since DocCheck can neither verify the nature nor the content of the files during the upload process, you have to ensure that the posts or files contain no personal information that violates your rights or the rights of third parties.


3.1.6 Communication data

We store the information, if you want to receive emails from DocCheck and what kind of emails you want to receive (see also section 3.1.4). When you communicate with DocCheck via email or chat or use the DocCheck platform to communicate with other users ("inMail"), we store the content of the communication and any information you choose to provide. Without the storage of this communication data, DocCheck can not perform its customer service and you can not use the DocCheck platform to exchange messages with other users. The data processing takes place in order to provide and carry out the respective communication process or in the case of your request to the customer service for answering this request and is therefore based on art. 6 para. 1 sentence 1 letter b) GDPR.


3.1.7 Market research data

When you participate in a market research study on DocCheck, we will store the answers you provided in the questionnaire. If necessary, further personal data (i.e. the size and location of your practice) may also be collected. Participation in market research studies is voluntary. Before your participation, you will be asked separately for your consent to store your answers. In this respect, the processing of data is based on your consent in accordance with art. 6 para. 1 sentence 1 letter a) GDPR. The data collected in the context of market research is not stored in your user profile. If you take part in a survey via chat or web video, we save the chat history and record the video. Regardless of agreeing to this privacy policy, we will separately request your consent to the recording of this information prior to participation. Also in this respect, the data processing is based on your consent in accordance with art. 6 para. 1 sentence 1 letter a) GDPR.


3.1.8 Employer approval

If you want take part in a market research study as an employed doctor, DocCheck needs the approval of your employer. You can send us the approval by e-mail or upload. It will be stored non-publicly with your user record as long as required by legal stipulations. The data processing is based on the legal obligation to store the evidence that such an authorization existed in accordance with art. 6 para. 1 sentence 1 letter c) and f) GDPR.


3.1.9 Bank details

If you participate in some DocCheck services, we ask for your bank details. We need this information to transfer money that you earned - i.e. from participating in market research studies or by receiving bMails. If you don't provide your bank details, we can not pay out any money you have earned on DocCheck. The data processing thus serves the fulfillment of our contractual duties, it is based on art. 6 para. 1 sentence 1 letter b) GDPR.


3.1.10 eCommerce

As part of the use of the DocCheck Shop we ask for your practice or company name, your billing address, your shipping address and your form of payment. This information is necessary for the fulfillment of the eCommerce transaction between DocCheck and you. It will be stored for the period determined by general legal requirements. Without this data, no eCommerce agreement between you and DocCheck can come into effect. The data processing is thus based on art. 6 para. 1 sentence 1 letter b) GDPR.


3.1.11 Job application data

You have the opportunity to use DocCheck for job applications and to create a public candidate profile on DocCheck. You determine the type and extent of the data provided in the candidate profile yourself. You can inform potential employers about the profile you have published. The data processing is based on your consent through the use of the application according to art. 6 para. 1 sentence 1 letter a) GDPR.


3.2 Data that is collected automatically

3.2.1 Usage data

We collect information about your interaction with the DocCheck website, such as page-calls or downloads, your search queries, the channels you subscribe to, the logins on partner sites and apps that use DocCheck as an access system, your participation in market research and other activities on the DocCheck platform. These data are mostly pseudonymised and are not visible to third parties. Above all, your usage data serves to continuously improve the individual information offered by DocCheck. In addition, usage data is statistically evaluated in order to optimize the services and the user interface of DocCheck. Your usage data will also be collected to increase privacy and data security in our organization to ensure the best possible level of protection for the personal information we process. The processing of your data takes place in this respect in our legitimate interest and is based on art. 6 para. 1 sentence 1 letter f) GDPR.


3.2.2 Technical data

DocCheck has integrated the iframes of some third-party providers into its web pages (e.g. Sketchfab, Easyzoom, Trinket, Userlike, Youtube, etc.). These iframes will collect

  • your IP address,
  • the access date and the access time,
  • the website from which the access is made (referrer URL),
  • information about used hardware and software (e.g., browser features),
  • device information (e.g., screen resolution)

This data is not used to draw conclusions about you or your behaviour, but to ensure the correct presentation of the web page or iframe. Processing in this respect is in our legitimate interest and is based on art. 6 para. 1 sentence 1 letter f) GDPR.


3.2.3 E-mail data

DocCheck stores information related to the distribution of e-mails. This includes the type of e-mail, its date of delivery, the information if the e-mail was opened and events that may have taken place in the e-mail (e.g. clicking on a button). These data are aggregated and processed as anonymized statistics. The statistics are used by either DocCheck or third parties in order to analyze general user behavior regarding e-mail delivery. Furthermore, we register when you opt-in or opt-out of the various types of DocCheck e-mail.

The data processing ensures the technical functionality of our services and the prevention of any violation of our terms of use. It proves, that you agreed to receive e-mails. It takes place in our legitimate interest in accordance with art. 6 para. 1 sentence 1 letter f) GDPR. When sending bMails (see Terms and Conditions, may not apply in your region), DocCheck also stores the information on which link you have clicked in the footer of the bMail. This information is necessary to make payments to charity organisations or to your DocCheck customer account. In this respect, the processing takes place for the calculation and settlement of your payment claims and is based on art. 6 para. 1 sentence 1 letter b) GDPR.


3.2.4 Chat data

As part of the user support via chat on the DocCheck website, DocCheck stores conversations between users and support staff. The chat data is not assigned to an individual DocCheck user. Unless you don't transmit personal data within the conversation on your own initiative (for example, e-mail address), you remain anonymous. The processing of the chat data takes place for the execution of the contract and is based on art. 6 para. 1 sentence 1 letter b) GDPR.


3.2.5 Payment data

In connection with payment transactions on the DocCheck platform, we will store the payment instrument used, date and time of the transaction, payment amount, expiry date of the payment instrument and other transaction details. This information is necessary in order to adequately fulfill the contract between you and DocCheck and to enable the provision of the payment services and is based on art. 6 para. 1 sentence 1 letter b) GDPR.


3.2.6 Customer account

If you participate in bMail and market research (may not apply in your region), DocCheck will save the claims you have acquired as well as the events that justify these claims. This takes place for the execution of the contract and is based on art. 6 para. 1 sentence 1 letter b) GDPR. Since claims may be the subject of taxation, the storage period is based on legal requirements in accordance with art. 6 para. 1 sentence 1 c) GDPR.


3.2.7 Cookies

We use cookies and similar technologies such as web beacons. Their use is necessary for the fulfillment of the contract between you and DocCheck in accordance with art. 6 para. 1 sentence 1 letter b) GDPR or lies in our legitimate interest in accordance with art. 6 para. 1 sentence 1 letter f) GDPR or is based on your consent in regard to art. 6 para. 1 sentence 1 letter a) of the GDPR. Further details about the usage and technical background of cookies used on our web site can be found in our cookie disclaimer. You can disable the use of cookies in your browser settings. Deactivation can lead to functional restrictions or to a malfunction of the DocCheck website.


4 Storage of your data

Your personal data is stored on DocCheck servers and is protected from unauthorized access by access controls and firewalls. The processing of user data is mainly carried out in-house. If third parties are involved in data storage or processing, they have a data processing contract that guarantees the processing of your data at the same level, that is used by DocCheck. The proof of your medical qualification and employer approvals are stored partly electronically and partly as physical documents (depending on how it has been provided). When uploading files, some file formats (e.g. videos, PDF documents, PowerPoint presentations, etc.) are stored in cloud services. No personal data is transmitted along with the file. Pseudonymised/anonymised data collected by web beacons (e.g. Google Analytics) is stored on the systems of their respective providers.


5 Visibility of your data

You can basically control the visibility of your data yourself. However, as DocCheck is a social media platform, some of your data or activities will appear publicly, e.g. your name and your profession. For other personal data you can define different levels of visibility.

The visibility levels are "private" (= only visible to you), "contacts" (= only visible to DocCheck users you follow and follow you), "DocCheck users" (= visible to all DocCheck users) and "all" (= public, i.e. also visible to users without DocCheck login). The visibility levels for your assets are "Draft" or "Private" (= only visible to you), "Medical Professionals" (= only visible to DocCheck users with a medical background), "DocCheck Users" (= visible to all DocCheck Users, i.e. also without a professional medical background) and "all" (= public, i.e. also visible to users without DocCheck login).

Some of your personal information is also visible outside DocCheck by default. These are your name and surname, your job, your area of expertise and your position. Other data is only visible, if you have shared it with a specific group of users.

You can partially disable the visibility of your data and its search engine findability. However, the texts and files you publish are publicly available and searchable if you do not set their visibility to "private" - e.g. Pictures, videos or blog posts.

If you don't understand the different visibility levels or if you are feeling uncomfortable to publish your profile as a medical professional on the web, you should not use DocCheck.


6 Use of your data

6.1 DocCheck services

We use the data listed under 3.1 and 3.2 when you are registering for and using the various DocCheck services. The processing takes place in order to provide these services and is based on art. 6 para. 1 sentence 1 letter b) GDPR and your consent art. 6 para. 1 sentence 1 letter a) GDPR. Your basic user data creates a public profile on DocCheck and allows you to access the various contents and functions of DocCheck. This enables you to write comments, create content, and upload and share files with other DocCheck users under your name. You can also submit candidate profiles, job offers or job requests with DocCheck. We use your delivery address to deliver products ordered by you. We use your bank details to pay claims that you have acquired by participating in market research or receiving bMails from DocCheck.


6.2 Authorization

If you are a licensed medical professional, your data authorizes you to access content that, under the terms of the EU-Directive 2001/83/EC, may only be made available to healthcare professionals (for example, prescription drug information). In this respect we process the data for the purpose of fulfilling the contract between you an DocCheck (art. 6 para. 1 sentence 1 b) GDPR) as well as for fulfilling a legal obligation (art. 6 para. 1 sentence 1 c) GDPR).


6.3 Personalization

We use your data to personalize the information on DocCheck in order to offer contents and services that match your professional activity and your interests. This includes a personal home page that provides an overview of news in channels that you have subscribed to. The same applies to the information you receive with the DocCheck News via email. In this respect the data processing has the purpose to fulfill our contract and to make our offers more user-friendly, as stipulated in art. 6 para. 1 sentence 1 letter b) and f) GDPR.


6.4 Improvements

We use your data to continuously improve our services. By analyzing the usage data, we can see if there are any errors in the use of our services or problems in understanding the user interface. In addition, we can see which areas and services of DocCheck are particularly interesting for users and which content we may need to optimize. The rationale for the data processing is based on art. 6 para. 1 sentence 1 letter f) GDPR and takes place in our legitimate interest in website statistics and improving our services.


6.5 Communication

We use your data to ensure smooth communication between you and DocCheck via email. Through the data, we can address you personally and customize the eMail delivery to your needs. The data processing takes place to answer your request and thus to fulfill our contract. Furthermore we have a legitimate interest to ensure the technical functionality of our services and to personalize them in favor of a higher user-friendliness and attractiveness. The use of your data is based on art. 6 para. 1 sentence 1 letter b) and f) GDPR.


6.6 Marketing

We use your data to inform you about new DocCheck services that are relevant for your interests and professional activities. The data also enables us to present our advertising or third-party advertising in a way that it reaches the right recipient. Your usage data will also be used to evaluate the success of marketing campaigns. We share this information with  the advertisers. However, it contains only anonymized and aggregated data so that no information about your individual behavior to advertising is shared with third parties. This data processing serves the financing of DocCheck, it takes place in our legitimate interest and is based in this respect on art. 6 para. 1 sentence 1 letter f) GDPR.


6.7 Market research

We use your information to invite you to market research studies. In the context of market research studies, we use your data to create our own studies or studies on behalf of customers. Because market research contributes to the financing of DocCheck services, we have a legitimate business interest in collecting this information. Your participation enables us to provide our services for free. All market research data is pseudonymised and aggregated in the report. Neither the raw data nor the report allow to identify a specific person. We use the employer approval you provided to check whether employed doctors are allowed to participate in our market research in accordance with labor regulations. The data processing is based on our legitimate business interests in accordance with art. 6 para. 1 sentence 1 letter f) GDPR.


6.8 Statistics

We use pseudonymised and anonymised data to improve and finance our website for legitimate business purposes (art. 6 para. 1 sentence 1 letter f) GDPR) in order to develop usage statistics, overall analyzes and business intelligence strategies. They enable us to make informed decisions, to inform advertisers about the scope of DocCheck and to inform us about our course of business.


6.9 Customer Support

We store your communication with DocCheck to help you to solve problems you might experience with our services. The relevant data processing helps us to fulfill our contract and is based on art. 6 para. 1 sentence 1 letter b) GDPR.


6.10 Security

We want to create a trusted environment for the exchange of professional information. Your public profile and your professional credentials give other users the assurance that medical statements are backed by the necessary expertise. We use stored IP addresses to prevent the misuse of your password after spying, loss or disclosure. An indication of misuse of a password is, for example, a use by multiple IP addresses. Since your DocCheck password gives access to your user profile, this mechanism serves your data security. The relevant data processing serves our legitimate interest to increase data security and is based on art. 6 para. 1 sentence 1 letter f) GDPR.


6.11 Availability

We collect the information referred to in point 3.2.2 to improve the availability of our services. They ensure a smooth server connection, a stable delivery of our HTML-code and the right formatting of content on different devices. In this respect the data processing is based on our need to fulfill our contract and on legitimate business interests in accordance with art. 6 para. 1 sentence 1 letter b) and f) GDPR.


6.12 Conflict resolution

We use your information to resolve possible legal conflicts between you and DocCheck, for example, if there is uncertainty whether or not you have consented to receive emails. Data processing is therefore in our legitimate interest to provide such evidence and is based on article 6 paragraph 1 sentence 1 letter f) GDPR.


7 Disclosure of data

7.1 Conditions of Disclosure

Your personal information will not be shared with third parties unless

  • you have given the explicit consent to this transfer (art. 6 para. 1 sentence 1 a) GDPR)
  • DocCheck is required to do so due to an official requirement or by statutory regulations (art. 6 para. 1 sentence 1 c) GDPR)
  • it is necessary to assert, exercise or defend legal claims and there is no reason to believe that you have a legitimate interest in the non-disclosure of your data (art. 6 para. 1 sentence 1 f) GDPR)
  • it is necessary for the fulfillment of contractual relationships with you (art. 6 para. 1 sentence 1 letter b) GDPR)
  • there is a legitimate business interest of DocCheck, e.g. because we use data processors, especially when DocCheck has to rely on web services of third parties.


7.2 Single sign-on

The login on websites and apps of companies that use DocCheck as an access system is processed on DocCheck servers. Depending on the procedure (s.b.) this can involve a transfer of personal data. The extent of the data transfer depends on the method used:

  • "Standard": This method does not transfer any data.
  • "Unique Key": This procedure passes a random string that is used to identify repeated visits. The string does not allow any identification of the user. No personal data will be passed on to the entity using the login.
  • "Routing": In this procedure, the occupation, the country, the language or the field of expertise of the user are transferred anonymously to the respective site operator. The purpose of this procedure is to provide different relevant services or contents to different users. The information is transferred without reference to a specific user. This procedure can be combined with "Unique Key". The anonymity of the user is not influenced by this combination.
  • "Personal": In this process, a company would like to receive personal data from you as part of the login. The individual data fields that are to be transferred are displayed and the purpose of the data processing is explained. Further details can be found in the privacy policy of the respective company. Your data will only be passed on if you explicitly confirm your consent by clicking or pressing a button. You can revoke this consent at any time with effect for the future by writing an email to info@doccheck.com.

If you are unsure, which method is used on a given website, you can always ask us under info@doccheck.com.


7.3 Order processing

DocCheck uses data processors for the delivery of e-mails and for the collection of market research results.

Emails are handled by Copernica B.V. for DocCheck. Copernica receives email address, title, salutation and other user parameters from DocCheck, so that the e-mails can be sent with a personal touch. The terms of the data processing are fixed in a contract for order processing with Copernica. The transfer of user data to third parties by Copernica is prohibited.

To collect market research data, DocCheck uses the software "EFS Survey" from Questback. Questback will not receive any data from Doccheck, besides an anonymised user ID. In individual cases, data such as occupation, gender, place of residence, practice size or other parameters will be processed. This information stays anonymous - it is not linked to the name of an individual user within EFS Survey. The terms of the data processing are fixed in a order processing contract with Questback. Questback has a contractual obligation not to disclose any market research data to third parties. Should a collection of personal data be necessary in EFS Survey - e.g. participants who are not DocCheck users and have been recruited by post - the users will be notified in a separate privacy policy prior to participation.


7.4 Usage statistics/market research results

Any statistics and market research results that DocCheck makes available to third parties only use aggegrated and anonymised data. The identification of a single person is not possible. If sharing your personal information might be useful (for example, in the event of drug safety issues), DocCheck will notify you. After that, you can decide on your own if you want to share your data or not.


8 Duration of data storage

Your data is stored on DocCheck servers until you delete your DocCheck account. If your account is inactive for more than 24 months - i.e. you have never used your login and have not responded to any e-mails from DocCheck during this time - we will delete your account. Data which we have to store for a longer period due to legal regulations is exempted.


9 Data security

When using the DocCheck website we use SSL, so that the transfer of data between you and DocCheck is encrypted if your browser supports this technology. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we provide the next available standard. You recognize the encryption by a lock or key symbol in your browser. DocCheck takes appropriate technical and organizational security measures to protect your data from loss or unauthorized access by third parties resulting in manipulation, theft or destruction. Our security measures comply with the latest standards and are constantly being improved in line with technological developments.


10 Analysis tools

Some of the information mentioned under 3.2 is collected using external third-party analysis tools, which are listed below. The legal basis of the data processing is a legitimate interest in data processing according to art. 6 para. 1 f GDPR. The rationale lies in the continuous optimization of our website and in the need to maintain the functionality of our applications. The respective data categories and processing purposes can be found in the descriptions of the analysis tools:


10.1 Google Analytics

For the purpose of customizing and the continuous optimization of our pages, we use Google Analytics, a web analysis service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). In this context, pseudonymized user profiles are created and cookies (see point 4) are used. The information generated by the cookie about your use of this website such as

  • Browser type/version,
  • Operating system used,
  • Referrer URL (the previously visited page),
  • Host name of the accessing computer (IP address),
  • Time of the server request,

are transferred to a Google server in the US and stored there. Google is Privacy Shield certified and has thus committed to complying with the EU-US Privacy Shield Agreement published by the US Department of Commerce on the collection, use, and storage of personal data from EU member states. DocCheck has limited the storage period offered by Google to the minimum of 14 months. The information is used to evaluate the usage of the website, to compile reports on the website activities and to provide further services associated with the usage of the website and the Internet in general for the purposes of market research and tailor-made website design. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of the company. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (IP masking).

You may refuse the installation of cookies by selecting the appropriate settings on your browser; however, we point out that in this case, not all features of this website may be fully functional.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (see link).

As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent the data collection of Google Analytics by setting an opt-out cookie that prevents future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

For more information about Google Analytics related privacy, please visit the Google Analytics Help Center.

The use of Google Analytics and the related data processing includes the use of cookies based on Art. 6 para. 1 sentence 1 letter f) GDPR as we have a legitimate interest in being able to display targeted advertising to finance our services.


10.2 Skalierbares Zentrales Messverfahren (SZMnG)

DocCheck utilizes the measuring method ("SZMnG") of INFOnline GmbH (https://www.INFOnline.de) to determine statistical parameters about the use of our offers. It installs a cookie with the identifier "ioam.de". The aim of the usage measurement is to statistically determine the number of visits to our website, the number of website visitors and their surfing behavior - on the basis of a uniform, standardized procedure - and thus to obtain market-wide comparable values.

For all digital offers provided by members of the "Informationgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e.V." (IVW - http://www.ivw.eu) or the studies of the "Arbeitsgemeinschaft Online-Forschung e.V." (AGOF - http://www.agof.de), the usage statistics are regularly processed by AGOF and the "Arbeitsgemeinschaft Media-Analyse e.V." (agma - http://www.agma-mmc.de) and published with the performance value "Unique User" and by IVW with the performance values "Page Impression" and "Visits". These ranges and statistics can be viewed on the respective websites.

Further information on data protection related to the measurement procedure can be found in our Privacy Declaration and in the data protection declaration on the website of INFOnline GmbH (https://www.INFOnline.de), which governs the measurement procedure, the data protection website of AGOF (http://www.agof.de/datenschutz) and the data protection website of IVW (http://www.ivw.eu).

Measurement by INFOnline GmbH using the SZMnG measurement method is carried out with a legitimate interest in accordance with art. 6 para. 1 sentence 1 letter f) GDPR.

The purpose of the processing of personal data is the compilation of statistics and the creation of user categories. The statistics serve to be able to trace and document the use of our offers. The user categories form the basis for an interest-oriented adjustment of advertising media and/or advertising measures. In order to market this website, a usage measurement that ensures comparability with other market participants is essential. Our legitimate interest stems from the economical usability of the findings resulting from the statistics and user categories and the market value of our website - also in direct comparison with third-party websites - which can be determined from these statistics.

In addition, we have a legitimate interest in making the pseudonymized data available to INFOnline, AGOF, and IVW for market research purposes (AGOF, agma) and for statistical purposes (INFOnline, IVW). Furthermore, we have a legitimate interest in making the pseudonymized data available to INFOnline for the further development and provision of interest-oriented advertising material.

If you do not wish to participate in the measurement, you can object by following this link: https://optout.ioam.de to guarantee an exclusion from the measurement, it is technically necessary to set a cookie. If you delete this cookie in your browser, it is necessary to repeat the opt-out process at the link above.


11 Your rights

Regarding the use of your data, you have the following rights. You are welcome to contact us at any time under info@doccheck.com or to consult our data protection officer (see above).


11.1 Right of access

You have the right to receive from us at any time gratuitous information about the personal data stored about you and a copy of this information. Furthermore, you have the right of information about the following topics:

  • the purposes of the processing
  • the categories of personal data concerned
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
  • the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data or to object to such processing
  • the right to lodge a complaint with a supervisory authority
  • where the personal data are not collected from you directly, any available information as to their source
  • the existence of automated decision-making, including profiling, referred to in art. 22 para. 1 and 4 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you

You also have the right to know whether personal data has been transmitted to a third country or to an international organization. If this is the case, you have the right to obtain information about the appropriate guarantees in connection with the transfer.

In order to get access to this information, you can contact our data protection officer or our customer service at any time.

Your right of information is based essentially on art. 15 GDPR.


11.2 Right to rectification

You have the right to demand the immediate correction of incorrect personal data concerning you. You also have the right to request the completion of incomplete personal data, including by means of a supplementary statement, taking into account the purposes of processing. DocCheck offers you the opportunity to process a large part of your data yourself in your user account. However, part of your data (especially your job or last name) can not be changed directly by you. If you would like to exercise your right to rectification, you can always contact our data protection officer or our customer service.

Your right to rectification is based on Art. 16 GDPR


11.3 Right to erasure

You have the right to demand that your personal data is deleted without delay if one of the following reasons applies and the processing is not required:

  • The personal data has been collected for such purposes or otherwise processed for which they are no longer necessary.
  • You revoke your consent, on which the processing was based in accordance with art. 6 para. 1 letter a) of the GDPR or art. 9 para. 2 letter a) of the GDPR, and there is no other legal basis for the processing.
  • You object to the processing in accordance with art. 21 para. 1 GDPR, and there are no legitimate reasons for the processing, or you object to the processing in accordance with art. 21 para. 2 of the GDPR.
  • The personal data were processed unlawfully.
  • We are required to clear your personal information in order to fulfill a legal obligation under EU or national law.
  • The personal data were collected in relation to the offer of information society services referred to in art. 8 para. 1 GDPR.

If any of the above reasons apply and you wish to delete the personal information stored by us, you may contact our data protection officer or our customer service at any time. Our data protection officer or our employees will arrange that the deletion request will be fulfilled as soon as possible. Please note that depending on the scope of your request for deletion, the further use of your DocCheck account and DocCheck password may be impossible. Documents that you have uploaded and published while using DocCheck under recognition of the DocCheck Terms and Conditions, e.g. texts, pictures, videos are no longer connected to your user account after deletion. Since DocCheck can not verify that any documents you have published contain personal information, you must notify us separately if you also want to delete those documents. We kindly ask you to give this notice along with your request to delete your account, otherwise we will not be able to identify your documents clearly.
Your right to data deletion is based on art. 17 GDPR.


11.4 Right to restriction of processing

You have the right to obtain restriction of data processing if any of the following conditions apply:

  • The accuracy of your personal information is contested by you for a period of time that allows us to verify the accuracy of your personal information.
  • The processing is unlawful and you refuse the deletion of personal data and instead require the restriction of the use of personal data.
  • We no longer need your personal information for processing purposes, but you do need it to assert, exercise or defend your rights.
  • You have contradicted to the processing according to art. 21 para. 1 GDPR and it is not yet clear whether the legitimate reasons of our company outweigh your rights.

If one of the above conditions is met and you want to restrict the personal data stored by us, you can contact our data protection officer or our customer support at any time. Our data protection officer or another employee will set the restriction of processing into effect.

Your right to restriction of processing is based on art. 18 GDPR.


11.5 Right to data portability

You have the right to receive your personal information provided to us in a structured, common and machine-readable format. This includes the right to transfer this data to another entity without hindrance by us, provided that (i) the processing is based on the consent pursuant to art. 6 para. 1 letter a) GDPR or art. 9 para. 2 letter a) GDPR or based on a contract pursuant to art. 6 para. 1 letter b) of the GDPR; and (ii) the processing is carried out by automated means, unless the processing is necessary for the performance of a task in the public interest or in the exercise of public authority, which has been assigned to us.

In addition, when exercising your right to data portability, you have the right to obtain that personal data be transmitted directly from one controller to another, as far as technically feasible and provided that this does not affect the rights and freedoms of others (art. 20 para. 1 GDPR).

Your right to data portability is based on art. 20 GDPR.


11.6 Right to object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data pursuant to art. 6 para. 1 letter e) or f) GDPR. This also applies to profiling based on these provisions.
We will not process personal information in the event of an objection unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or serve to assert, exercise or defend legal claims.
If we process personal data for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
In addition, you have the right, on grounds relating to your particular situation, to object the processing of your personal data for scientific or historical research purposes or for statistical purposes pursuant to art. 89 para. 1 of the GDPR unless such processing is necessary to fulfill a public interest task.
To exercise the right to object, you can contact our data protection officer or our customer support at any time. You are also free, in the context of the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right of objection by means of automated procedures using technical specifications.
Your right to object is based on art. 21 GDPR.


11.7 Automated decisions on a case-by-case basis, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision

  • is necessary for entering into, or performance of, a contract between you and us,
  • is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests or
  • is based on your explicit consent.

If the decision to conclude or fulfill a contract between us and you is required or is made with your explicit consent, we will take reasonable steps to safeguard your rights and freedoms and your legitimate interests.
If you want to enforce rights related to automated decisions, you can contact our data protection officer or our customer support at any time.
These rights are based on art. 22 GDPR


11.8 Right to revoke your consent

You have the right to revoke your consent to the processing of your personal data in whole or in part at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent before the revocation. If you would like to exercise your right to revoke your consent, you can contact our data protection officer or our customer support at any time. The contact details can be found above this privacy policy.
Your right to revoke your consent to data prcessing is based on art. 7 para. 3 GDPR.


11.9 Right to lodge a complaint

You have the right to he right to lodge a complaint with a supervisory authority. This right is based on art. 56 para. 2 GDPR.


12 Changes to this Privacy Policy

DocCheck reserves the right to change this Privacy Policy at any time in accordance with legal requirements and will - if necessary - point out changes in an appropriate location. If necessary, DocCheck may also seek your consent to changes to this Privacy Policy. You can find the current version of this privacy policy at any time at http://info.doccheck.com/en/privacy/.

Last change: 24.5.2018

Copyright ©2015 DocCheck Medical Services GmbH