Privacy policy myProbatix
Status: December 2023
In the following, we inform about the processing of personal data when using our website (myProbatix portal). Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior. In this way, we would like to inform you about our processing operations and at the same time comply with the legal obligations, in particular from the EU General Data Protection Regulation (GDPR).
1. Responsible
The responsible person within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Venture Leap Ltd,
Bismarckstr. 10-12,
10625 Berlin
represented by the managing director:
Dr. Daniel Werner
Venture Leap GmbH is hereinafter also referred to as “the operator” of the websites.
If you have any questions about this data protection declaration or about the protection of your data by the operator, you can also contact the operator’s data protection officer at any time:
2. What data is processed and for what purpose?
a) General website use
When using the websites, the following technically necessary data is processed:
- IP address of the terminal device used
- Name of the retrieved file
- Date and time of retrieval
- Data volume transferred
- Message about successful retrieval
- Browser type and version as well as the operating system you are using
- Referrer URL
- requesting provider
- Screen resolution
The processing of the described data is technically necessary to display the website to you and to ensure stability and security. The operator also evaluates this information for statistical purposes and to improve these websites without forming personal user profiles.
The legal basis is Art. 6 para. 1 p. 1 lit. f) GDPR. The legitimate interest lies in the provision of a functional and user-friendly homepage.
b) Registration / user account
In order to be able to book the services available via the myProbatix portal, it is necessary to set up a user account. This requires the processing of the following master data:
- First name, last name
- Gender
- Date of birth
- Home/Post Address
- Phone/mobile number
- E-mail address
Optionally, you can specify the following data:
- Identity card number
- Insurance number (PKV)
- Health insurance number (GKV)
The processing of the described data is necessary for the execution of the user contract according to the terms of use deposited in the registration process.
The legal basis is thus a contract pursuant to sec. Art. 6 par. 1 p. 1 lit. b) GDPR.
c) Test booking and processing
If you book a service (examination) with one of our cooperation partners (e.g. medical practices, MVZs, pharmacies, laboratories) via the myProbatix portal, the following data will be processed for this purpose:
- Information about the provider of the test
- Type of test
- Details of the person making the booking (master data, see above)
- Payment data
The Operator shall use the data to book sampling appointments with the respective cooperation partner and shall make it available to the latter for this purpose.
During test execution, further test-specific information may be processed by the respective cooperation partner.
After sampling, the sample is sent to a laboratory contracted by the operator for evaluation. The laboratory transmits the test results to the operator, who makes them available to the ordering person in their respective user account on the myProbatix portal.
In this context, “health data” within the meaning of Article 4 No. 15 of the GDPR, i.e. personal data relating to the physical or mental health of a natural person, including the provision of health services, and from which information about his or her state of health is obtained, are processed.
The processing of data during sample collection as well as during sample evaluation is carried out by health professionals, who are subject to a professional duty of confidentiality, under their own responsibility. For further information on data protection, please contact the respective cooperation partner.
The legal basis for the processing is your express consent pursuant to. Art. 9 par. 2 lit. a) GDPR.
d) Contact
The operator’s offer also allows you to contact the operator. This is possible, for example, by providing a telephone number or sending an e-mail. If you use the possibilities to contact us, the operator processes your personal and contact data, e.g.
- Name, first names
- Address
- E-mail address and phone number
The information you provide when contacting us will be stored in order to process your request and any subsequent correspondence.
Where applicable, we process data comparable to the above categories.
The processing of the aforementioned data is carried out for the implementation of pre-contractual measures or for the fulfillment of the contract in accordance with Art. 6 para. 1 Sentence 1 lit. b) GDPR. In addition, the processing of data may also be carried out to protect the legitimate interests of the operator on the basis of a balancing of interests pursuant to Art. 6 para. 1 Sentence 1 lit. f) GDPR are made. In the event of unlawful use of this website, this data also serves to clarify any infringements that may have occurred.
The operator also evaluates this information for statistical purposes and to improve these websites without forming personal user profiles. Data that we collect for usage analysis is aggregated immediately after collection so that it is no longer possible to draw conclusions about a specific natural person.
e) Analysis tools and tools from third-party providers
When you visit this website, your surfing behavior can be statistically evaluated.
This is mainly done with so-called analysis programs. Detailed information about these analysis programs can be found in the following privacy policy.
3. cookies
The operator uses cookies that are necessary for the operation and playout of functions in order to make the use of this website secure and user-friendly. This is the only way users can navigate the web pages and operate the modules or functions of the website. Without these cookies, the use of the website may not be possible or only possible to a limited extent. Some functions require that the browser is recognized even after a page change.
The data collected with the help of these necessary cookies are not used to create user profiles. The following data is stored and transmitted in the cookies:
- Current session ID
- Usage of certain website content, for example, frequency or volume of use
- Awareness of certain website content
Since websites have no memory, cookies inform the server which pages to display to the visitor. This has the advantage that the visitor does not have to remember everything or navigate through the entire page again.
The technically and functionally necessary cookies used are session cookies. The data stored therein is automatically deleted after the end of your visit.
The processing of data by means of technically and functionally necessary cookies is based on Art. 6 para. 1 p. 1 lit. b) GDPR to initiate or conclude a contract. In addition, the processing of data may also be carried out to protect the legitimate interests of the operator on the basis of a balancing of interests pursuant to Art. 6 para. 1 Sentence 1 lit. f) GDPR are made.
4. international transfers of personal information
There is no transfer of data to countries outside the scope of the GDPR.
We would like to point out that the USA, as a safe third country, generally has a legal framework comparable to that of the EU. level of data protection. Data transfer to the USA is then permitted if the recipient is certified under the “EU-US Data Privacy Framework” (DPF) or has appropriate has additional guarantees. Information on transfers to third countries including the Data recipients can be found in this privacy policy. If companies outside the EU are used for data processing, they are certified in accordance with the EU-US Data Privacy Framework.
No health-related data is passed on to providers outside the EU.
5. your rights
You have the following rights vis-à-vis the Operator regarding the personal data concerning you:
- Right to information,
- Right to rectification or deletion,
- Right to restriction of processing,
- Right to data portability,
- Right to object to processing,
- Right to revoke consent given with effect for the future.
You also have the right to complain to a data protection supervisory authority about our processing of your personal data.
6. automated decision making
Data from visits to this website are not used for automated decision-making within the meaning of Art. 22 DSGVO.
6. hosting
We host the content of our website with the following provider:
Hetzner
The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter referred to as Hetzner). Details can be found in Hetzner’s privacy policy:
https://www.hetzner.com/de/rechtliches/datenschutz.
The use of Hetzner is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring that our website is presented as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Job processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that the personal data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.
7. storage period
Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, deletion will take place after these reasons no longer apply.
7. storage period
Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, deletion will take place after these reasons no longer apply.