Privacy policy

The privacy policy applies to all websites operated and provided by

Medizinische Einrichtungen des Bezirks Oberpfalz - KU, Anstalt des öffentlichen Rechts, in short "medbo"
Universitätsstr. 84 | 93053 Regensburg
Phone +49 (0)941/941-0 | Fax +49 (0)941/941-1105

and for the processing of personal data in the context of contracts that you conclude with us.

We process the personal data collected via this website exclusively as set out in this statement.

Below you can find out how we process your personal data, for what purposes it is processed, with whom it is shared and what control and information rights you may have.

General information

As a company, we are subject to the provisions of the European General Data Protection Regulation (GDPR). We collect and use our users' personal data only to the extent necessary to provide a functional website and our content and services. To protect your rights when processing your personal data, we have taken technical and organisational measures to ensure compliance with data protection regulations. Your data will only be processed to the extent permitted by law or with your consent.

I. Summary of our processing activities

The following summary briefly describes the processing activities on our website. You will find more detailed information on this in the designated sections below.

  • If you visit our website for informational purposes, only limited personal data (e.g. your IP address) will be processed in order to display the website to you (see section IV).
  • We use cookies and Matomo on our website (see VI).
  • We have taken appropriate security measures to protect your personal data (see XI) and only store it for as long as necessary (see XII).
  • Depending on the circumstances of the specific case, you may have certain rights in relation to the processing of your personal data (see XIII).

II Server hosting

This website is hosted externally. The personal data collected on this website is stored on the servers of the hoster(s). This may primarily involve IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website. External hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers (Article 6(1)(b) GDPR) and in the interest of secure, fast and efficient provision of our online offering by a professional provider (Article 6(1)(f) GDPR). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Article 6(1)(a) GDPR, insofar as the consent allows the storage of cookies or access to information in the user's end device (e.g. device fingerprinting). Consent can be revoked at any time. Our hoster(s) will only process your data to the extent necessary to fulfil its performance obligations and follow our instructions with regard to this data.

  • We use the following hoster(s): CONCEPTNET GmbH, Linzer Straße 13, 93055 Regensburg, Germany

Order processing
We have concluded an order processing contract (AVV) with the above-mentioned provider. This is a contract prescribed by data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
 

III Definition of terms

  • Personal data means any information relating to a living individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier.
  • Processing means any operation which is performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

IV. Legal bases for data processing

Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6(1a) GDPR serves as the legal basis.

When processing personal data that is necessary for the fulfilment of a contract to which the data subject is a party, Article 6(1b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Article 6(1c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1d) GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Article 6 (1f) GDPR serves as the legal basis for the processing.

V. Use of the website for informational purposes

If you visit our website, we may automatically collect additional information about you, which only contains personal data in limited cases and is automatically recorded by our server, such as

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (e.g. file transferred, file not found)
  • Web browser and operating system used
  • Complete IP address of the requesting computer
  • Amount of data transferred

We require the automatically collected personal data for the provision of our website and for our legitimate interest in ensuring the stability and security of the website (Article 6 (1) sentence 1 lit. f GDPR).
Automatically collected personal data is stored for a maximum of three months and then properly deleted.

VI Facebook, Instagram, LinkedIn, Twitter and YouTube: The medbo on social media

In order to optimise your use of our website, you are offered the following additional services from third-party providers when you visit our website:

  • Integration of YouTube videos
    Videos from the external video platform YouTube are integrated on our website. By default, only deactivated images from the YouTube channel are embedded, which do not establish an automated connection with the YouTube servers. This means that the operator does not receive any data from the user when the web pages are accessed.
    You can decide for yourself whether the YouTube videos should be activated. Only when you authorise playback of the videos by clicking on "Permanent activation" do you give your consent for the necessary data (including the Internet address of the current page and your IP address) to be transmitted to the operator.
    In order to save your desired setting, we will set a cookie that saves the parameters. When these cookies are set, however, we do not store any personal data; they only contain anonymised data for browser customisation. The videos are then active and can be played by the user. If you would like to deactivate the automatic loading of YouTube videos again, you can uncheck the consent box under the data protection symbol. This will also update the cookie settings.
    YouTube is a service provided by YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, a subsidiary of Google LLC, 1600 Amphitheater Parkway, Mountainview, California 94043, USA. Further information on the purpose and scope of data processing (also outside the European Union and outside the USA) as well as information on setting options.

    The data protection notices that apply to medbo's externally linked social media sites can be found here:
  • Facebook/Instagram (Meta):
    medbo refers to the general privacy policies of Meta, such as Facebook Fanpages, Instagram, Facebook Messenger et cetera(https://www.facebook.com/about/privacy/) and the Page Insights Addendum regarding the controller(https://www.facebook.com/legal/terms/page_controller_addendum).
    Facebook (Meta) and medbo are joint controllers for the processing of Insights data. Insofar as data processing is carried out by medbo within the framework of Facebook/Instagram by Meta, your personal data will be processed within the framework of our legitimate interest for the purpose of public relations (Article 6(1)(f) GDPR).
    medbo is jointly responsible with Meta for processing the personal data of visitors to the Facebook page in accordance with Article 26 GDPR.
    The so-called Page Insights Addendum(https://www.facebook.com/legal/terms/page_controller_addendum) stipulates that Meta is primarily responsible for data processing and that medbo does not have access to the individual data of users, but can only retrieve aggregated statistics, such as gender or age distribution. Furthermore, Meta undertakes to respect the rights of data subjects and, for example, to respond to requests for information, objection or deletion. To fulfil these rights when using the Facebook fan page, please contact Meta. We are obliged to forward the information relevant to your enquiry to Meta without delay - but within seven calendar days at the latest.
    medbo has no influence on the type and scope of the data processed by Meta, the type of processing and use or the transfer of this data to third parties. We also have no effective control options in this respect.
    With regard to the integration of Facebook Like buttons, only deactivated buttons are displayed by default, which do not yet establish contact with Meta's servers.
    On the part of medbo, user data is only stored to the extent specified in the data protection declaration. It is not known exactly to what extent Meta stores data and subsequently uses it for its own purposes. However, it can be assumed that Meta very probably records and analyses all user entries and actions. It also appears certain that Meta also passes this data on to third parties.
    If the medbo channels on Facebook and Instagram are marked with "like" and followed, medbo can only view the publicly accessible data of this user. This data is not stored by medbo.
    However, if the user discloses their data when making contact independently via the comment or message function provided by Facebook and Instagram, this data is processed and stored for the duration of this processing. It should be noted that this data is also stored by Meta.
    The statistics provided by Meta to the administrators do not allow any conclusions to be drawn about personal data or the identity of specific persons. In addition, they are only issued in summarised form. During use, Meta also learns the most important data of the computer system used (e.g. log data, browser type and version, IP address, processor type, etc.) and becomes aware of every visit to other websites on which a Facebook button is installed (so-called widget data).
    This enables Meta to get a very precise picture of the preferences, interests and contacts of its users and also to examine general surfing behaviour - beyond pure Facebook and Instagram use.
    With this in mind, we recommend that you read Facebook's data usage guidelines at http://de-de.facebook.com/about/privacy carefully and make the appropriate privacy settings in your account.
    There is also the possibility that Meta processes the data obtained outside the scope of the General Data Protection Regulation. 
     
  • Twitter:
    medbo uses the technical platform and services of Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A. Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, is responsible for the data processing of persons living outside the United States.
    medbo refers to the general data protection guidelines of Twitter. There you will find information about which data is processed by Twitter and for what purposes. You have the option of restricting the processing of your data in the general settings of your Twitter account and under "Data protection and security". On mobile devices (smartphones, tablet computers), you can also restrict Twitter's access to contact and calendar data, photos, location data, etc. in the settings options there. However, this depends on the operating system used. Due to the fact that Twitter Inc. is a non-European provider with a European branch only in Ireland, it is not bound by German data protection regulations according to its own interpretation. This concerns, for example, your rights to information, blocking or deletion of data or the possibility to object to the use of usage data for advertising purposes.
    Insofar as data processing by medbo takes place within the framework of Twitter, your personal data will be processed within the framework of our legitimate interest for the purpose of public relations work (Article 6(1)(f) GDPR).
    We have no influence on the type and scope of the data processed by Twitter, the type of processing and use or the disclosure of this data to third parties. We also have no effective control options in this respect. There is also the possibility that Twitter may process the data obtained outside the scope of the General Data Protection Regulation.
    We hereby expressly object to the use of contact data published as part of our duty to provide a legal notice by third parties for the purpose of sending unsolicited advertising and information material. Reference to the medbo website is generally permitted.
    medbo automatically collects and processes the data provided by Twitter or the user (user name, link to the Twitter profile, type of publication, content of the publication, time, date, page subscriber) for the purposes of community management and benchmarking.
    If the medbo page is followed, medbo can only view the publicly accessible data of this user.
    If the user discloses their data when making contact independently via the tweet or message function provided by Twitter, this data is processed and stored. It should be noted that this data is also stored by Twitter.
    The general statistics provided by Twitter to administrators do not allow any conclusions to be drawn about personal data or the identity of specific persons. In addition, they are only issued in summarised form. 
     
  • LinkedIn:
    LinkedIn is a so-called social network and is offered by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
    This privacy policy contains more detailed information on the processing of personal data when using medbo's LinkedIn service.

VII Cookies & web analysis

We use cookies on our website. Cookies do not cause any damage to your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

  • Purpose, legal basis and legitimate interest
    We use the following cookies to ensure the correct technical and functional provision of this website. Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit.In the case of cookies that ensure the functionality of this website, the legal basis is Article 6(1)(f) GDPR. If the cookies are not technically necessary, you will be asked in the cookie banner whether you agree to the setting of the cookie.

    You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
  • Matomo
    This website uses the open source web analysis service Matomo.
     
  • IP anonymisation
    We use IP anonymisation for analysis with Matomo. This means that your IP address is shortened before it is analysed so that it can no longer be clearly assigned to you.
     
  • Hosting
    We host Matomo on an external server in accordance with the descriptions under point II Server hosting. There are no plans to transfer data to third parties (and in particular to third countries).
     
  • Data collected
    With the help of Matomo, we are able to collect and analyse data about the use of our website by website visitors. This enables us to find out, among other things, when which pages were accessed and from which region. We also record various log files (e.g. IP addressin anonymised form, referrer, browser and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases and similar).

    During your website visit, the following data, among others, is collected.
    • the pages you visit, your "click path"
    • Achievement of "website goals" (conversions, e.g. newsletter registrations, downloads, purchases)
    • Your user behaviour (e.g. clicks, dwell time, bounce rates)
    • Your approximate location (region)
    • Your IP address (anonymised)
    • Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
    • Your internet provider
    • the referrer URL (via which website/advertising medium you came to this website)
  • Possibility of cancellation
    If a corresponding consent has been requested in our cookie banner and the cookies are not technically necessary, the processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

    You can edit your cookie settings by clicking on the following button:

VIII. Third party content

This website may contain links to third-party websites. We are not responsible for the content and data processing on the corresponding third-party websites. No liability or other responsibility is assumed for this content. Information on data processing on the relevant websites can be found in the privacy policy of the relevant websites.

Due to data protection concerns, medbo does not use social plugins, such as the Facebook Like button, on its website. This means that no data is transferred to social media providers when you visit a page on the website. Connections to social media providers are only offered via a simple link to the respective website. It is possible to use the Like button or corresponding functions on the social media websites. In this case, the data protection information and the setting options for protecting the privacy of the respective social media provider should be observed.

IX. Disclosure of personal data to third parties

If we are legally authorised or obliged to do so (e.g. due to applicable law or a court order), your personal data may be passed on to third parties.

X. Obligation of employees to data protection

Employees of medbo are obliged to protect trade secrets and thus also to comply with the relevant statutory provisions on data protection.

XI. Transfer of personal data

If you have provided us with personal data - for example in a form or by e-mail - we will only use it for the intended purpose, either to answer your enquiry, to process contracts concluded with you or to send you requested documents and for technical administration. Your personal data will only be passed on and otherwise transmitted if this is necessary for the purpose of processing the contract or fulfilling the service you have requested or if you have given your prior consent. You have the right to revoke your consent at any time with effect for the future. Stored personal data will be deleted if you withdraw your consent to storage, if knowledge of the data is no longer required to fulfil the purpose for which it was stored or if storage of the data is not permitted for other legal reasons.

Like many e-mail providers, we use filters against unwanted advertising ("SPAM filters"), which in rare cases automatically categorise normal e-mails as unwanted advertising and delete them. E-mails containing harmful programmes ("viruses") are automatically deleted by us in all cases.

XII. Security

We have appropriate, state-of-the-art security measures in place to protect your data from loss, misuse and alteration. For example, our security guidelines and data protection declarations are regularly reviewed and improved where necessary. In addition, only authorised employees have access to personal data. Although we cannot ensure or guarantee that data will never be lost, misappropriated or altered, we do everything in our power to prevent this.
Please bear in mind that data transmission over the Internet is never completely secure. We cannot guarantee the security of the data entered on our website during transmission via the Internet. This is at your own risk.

XIII. Storage periods

Our aim is to process personal data only to the smallest possible extent. The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which medbo is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

XIV. Your rights

You are entitled to so-called data subject rights, i.e. rights that you can exercise as a data subject in individual cases. You can assert these rights against medbo:

  • Right to information: (Article 15 EU GDPR)
    You have the right to request information about which of your personal data is collected, stored and processed.
  • Right to erasure or restriction of processing: (Articles 17 and 18 EU GDPR)
    You have the option of requesting the erasure or restriction of processing (restriction, for example, in the case of other overriding legal provisions) of your personal data.
  • Right to rectification: (Article 16 EU GDPR)
    You have the right to request the rectification of inaccurate personal data concerning you.
  • Right to data portability: (Article 20 EU GDPR)
    You have the right to have data that has been collected about you transferred to another controller in a commonly used, machine-readable format.
  • Right to object: (Article 21 EU GDPR)
    You have the option to object to the processing of your data for internal purposes at any time in the future.

XV. Revocation of consents granted

If the processing of your data is based on consent that you have given to medbo, you have the right to withdraw your consent at any time. You can send this declaration - in writing/by e-mail/fax - to the hospital operator as the operator of the website. It is not necessary to give reasons for this. However, your cancellation is only valid from the time you make it. It has no retroactive effect. The processing of your data up to this point in time remains lawful.

XVI. Contact person

  • Controller for the processing of personal data pursuant to GDPR:
    Pursuant to Article 4(7) GDPR, the public authority responsible for processing is the controller for the processing of personal data within the meaning of the GDPR. In the public sector, this means the authority or other public body that carries out data processing to fulfil its tasks.

    The controller within the meaning of the GDPR is therefore:
    Medizinische Einrichtungen des Bezirks Oberpfalz - KU (Anstalt des öffentlichen Rechts)
    Universitätsstr. 84 | 93053 Regensburg
    Phone +49 (0)941/941-0 | Fax +49 (0)941/941-1105
    Email: info@medbo.de
     
  • Contact Data Protection Officer of medbo in accordance with Article 37 GDPR
    Medizinische Einrichtungen des Bezirks Oberpfalz - KU (Anstalt des öffentlichen Rechts)
    Data Protection Officer
    Universitätsstr. 84 | 93053 Regensburg
    Email: datenschutz@medbo.de

    The information you provide when you contact us (e.g. name or email address) will only be processed in order to deal with your enquiry. It will then be deleted immediately. Alternatively, we restrict the processing of your personal data in accordance with the statutory provisions on retention obligations.
     
  • Supervisory authority pursuant to Article 51 GDPR
    Irrespective of the fact that you are also free to seek judicial assistance, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of your data is not permitted under data protection law. This arises from Article 77 GDPR. The complaint to the supervisory authority can be made informally. In accordance with Article 15 of the Bavarian Data Protection Act (BayDSG), the Bavarian State Commissioner for Data Protection is responsible for monitoring compliance with data protection regulations by the public authorities of the Free State of Bavaria and also at medbo.

    Bavarian State Commissioner for Data Protection
    Phone +49 (0) 89/212672-0
    E-Mail: poststelle@datenschutz-bayern.de
    Internet: www.datenschutz-bayern.de

XVII. Changes to this privacy policy

We reserve the right to amend this privacy policy in accordance with the updates to our website. Please visit this website regularly to view the current privacy policy. This privacy policy was last updated on 28.09.2022.

Data protection information in accordance with Art. 13 of the General Data Protection Regulation (GDPR) for interested parties

  1. Name/contact details of the controller
    Medizinische Einrichtungen des Bezirks Oberpfalz - Kommunalunternehmen (Anstalt des öffentlichen Rechts) - hereinafter medbo -, Universitätsstr. 84, 93053 Regensburg, Phone +49 (0)941/941-0
    Email: info@medbo.de, Director: Dr med. Dr jur. Helmut Hausner
     
  2. Contact details of the data protection officer
    Andreas Eisenhart, medbo KU, August-Holz-Straße 1, 93413 Cham, phone +49 (0)9971/76655-9676
    e-mail: datenschutz@medbo.de 
     
  3. Purposes for which the personal data is to be processed
    The purpose of data collection is to provide you with information for a future application and to remain in contact with you until your application. 
    For this purpose, we process (in particular store) all the data you provide to us as part of your contact card. Based on the data provided in the contact card, we check which information is of interest to you and send it to you by e-mail several times a year. If you apply for a job with us, you will be informed separately about the additional personal data to be collected as part of the application process.
     
  4. Legal basis for processing
    The legal basis for data collection and data processing is, in particular, Article 6(1) sentence 1 point (b).
     
  5. Recipients or categories of recipients of the personal data
    Your personal data will be forwarded to or can be viewed by our Education, Personnel Development and Content Marketing department - Content Marketing division.
     
  6. Duration of data storage:
    We store your data for a maximum of five years. Unless you inform us beforehand by email that we should delete you from our contact list. 
     
  7. Your rights under the GDPR:
    If your personal data is processed, you have the right to obtain information about the personal data stored about you (Article 15 GDPR).
    If incorrect personal data is processed, you have the right to rectification (Article 16 GDPR).
    If the legal requirements are met, you can request the erasure or restriction of processing and object to processing (Articles 17, 18 and 21(1) GDPR). 
    You also have the right to lodge a complaint with the Bavarian State Commissioner for Data Protection. You can contact them using the following contact details:

    Der Bayerische Landesbeauftragter für den Datenschutz (BayLfD)
    Wagmüllerstraße 18, 80538 München
    Postal address: Postfach 22 12 19, 80502 München
    Phone +49 (0) 89/212672-0 | Fax +49 (0) 89/212672-50
    Email: poststelle@datenschutz-bayern.de
    Internet: www.datenschutz-bayern.de

    If you make use of the above rights, medbo will check whether the legal requirements for this are met.

Data protection information in accordance with Article 13 of the General Data Protection Regulation (GDPR) for applicants

Data protection information in accordance with Article 13 GDPR

  1. Responsible body
    Name of the responsible body:
    Medizinische Einrichtungen des Bezirks Oberpfalz - Kommunalunternehmen (Anstalt des öffentlichen Rechts) - hereinafter medbo -
    Director: Dr med. Dr jur. Helmut Hausner
    Address of the responsible body: Universitätsstr. 84, 93053 Regensburg
    Phone +49 (0)941/941-0
    Email: info@medbo.de
     
  2. Data protection officer
    Name of the data protection officer: Andreas Eisenhart
    Address: medbo KU, August-Holz-Straße 1, 93413 Cham
    Phone +49 (0) 9971/76655-9676
    Email: datenschutz@medbo.de
     
  3. Purpose of data collection, storage, processing or use
    The purpose of data collection is to be able to carry out a lawful review of an application as part of the application process. For this purpose, we process (in particular store) all data provided to us as part of an application. Based on the data submitted as part of the application, we check whether we can invite you to an interview as part of the selection process. We then collect and process certain other personal data that is essential for the selection decision in the case of generally suitable applicants. If an applicant is considered for employment, he/she will be informed separately about the additional personal data to be collected as part of the recruitment process.
     
  4. Collection of data from third parties
    In principle, the controller collects personal data from the data subject. If, in exceptional cases, the controller collects data from third parties, the data subject will be informed in accordance with the provisions of Article 14 GDPR, including the source.
     
  5. Legal basis
    The legal basis for data collection and data processing follows in particular from Article 6(1) sentence 1 point (b), Article 9 GDPR and Article 6(1) sentence 1 point (f).1(b), Article 9(2)(b) and (h), Article 88 GDPR in conjunction with Article 4(1), (2) sentence 1, Article 8(1) sentence 1 no. 2 and no. 3 BayDSG. The GDPR authorises the processing of applicant data if this processing is necessary for a contract. In the case of an application to medbo, this authorisation also applies to the processing of data prior to the conclusion of a contract.
     
  6. Recipients or categories of recipients of the personal data
    Personal data is forwarded to or can be viewed by our
    • Human Resources Management department, Executive Board, Directorate and the responsible specialist department, the responsible head of department and the Legal department for the preparation and implementation of the preliminary and final selection decision as well as for the final decision on the recruitment of the most suitable applicant
    • Staff Council to safeguard its participation rights in accordance with the Bavarian Staff Representation Act (BayPVG),
    • Representatives of the severely disabled to safeguard their participation rights in accordance with the Ninth Social Security Code,
    • Administrative Board in filling the positions of the Executive Board and its deputies, the head of the psychiatric ward and his/her deputies and the chief physicians to safeguard its participation rights in accordance with the statutes of medbo KU,
    • external companies if this is necessary. Examples of this are postal service providers for the delivery of letters.
       
  7. Transfer to third countries
    There are no plans to transfer your data to third countries.
     
  8. Automated decision-making (profiling)
    Unless otherwise stated in separate information on the processing activity, no personal automated decision-making (profiling) takes place at the controller.
     
  9. Storage periods and deletion of data
    We store and process data for as long as we need it to fulfil the purposes described above. Application documents are generally stored for six months, unless a contractual relationship is subsequently established. If an application is unsuccessful or is withdrawn, we will destroy the data submitted as part of an application no later than six months after notification of rejection. Storage within these periods is necessary in the event of any legal disputes on legal grounds. If the person concerned is hired, he/she will be informed separately about the regulations then applicable to the handling of personnel data, in particular with regard to the creation of personnel files.
     
  10. Notification in the event of a breach of data protection
    In the event of a breach of data protection, the controller shall notify the competent data protection supervisory authority. If the breach results in a high risk to the personal rights and freedoms of a natural person, the controller will notify the data subject.
     
  11. Rights of data subjects
    We would also like to inform you about your rights under the GDPR (in particular Articles 15 to 21, 77 GDPR) in the event that you are affected:
  • If your personal data is processed, you have the right to obtain information about the personal data stored about you.
  • If incorrect personal data is processed, you have the right to rectification.
  • If the legal requirements are met, you can request the deletion or restriction of processing.

  • You also have the right to lodge a complaint with the Bavarian State Commissioner for Data Protection. You can contact him at the following address:
    The Bavarian State Commissioner for Data Protection (BayLfD)
    Wagmüllerstraße 18, 80538 Munich
    Postal address: Postfach 22 12 19, 80502 Munich
    Phone +49 (0)89 212672-0 | Fax 089 212672-50
    E-mail: poststelle@datenschutz-bayern.de
    Internet: www.datenschutz-bayern.de
     

    As a data subject, you can also exercise your right to object at any time without giving reasons and amend or completely revoke a declaration of consent with effect for the future. You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. This does not affect the data processing carried out up to the time of cancellation. You can send your cancellation to the contractual partner either by post, e-mail or fax. You will not incur any costs other than the postage costs or the transmission costs according to the existing basic tariffs

    . Should you exercise your above-mentioned rights, medbo will check whether the legal requirements for this are met.

    If the deletion of the applicant data is requested during the application process, this will be considered as a withdrawal of the application

    (Human Resources Department, as of August 2018).

Data protection information in accordance with Article 13 of the General Data Protection Regulation (GDPR) for applicants (students)

  1. Responsible body
    Name of the responsible body: Medizinische Einrichtungen des Bezirks Oberpfalz - Kommunalunternehmen (Anstalt des öffentlichen Rechts)
    Director: Dr med. Dr jur. Helmut Hausner

    Address of the responsible body: Universitätsstr. 84, 93053 Regensburg, phone +49 (0)941/941-0, e-mail: info@medbo.de
     
  2. Data protection officer
    Name of the data protection officer:
    Andreas Eisenhart

    Address:
    medbo KU, August-Holz-Straße 1, 93413 Cham
    Phone +49 (0) 9971/76655-9676
    Email: datenschutz@medbo.de
     
  3. Purpose of data collection, storage, processing or use
    The purpose of data collection is to be able to carry out a lawful review of an application as part of the application process. For this purpose, we process (in particular store) all data provided to us as part of an application. Based on the data submitted as part of the application, we check whether we can invite you to an interview as part of the selection process. We then collect and process certain other personal data that is essential for the selection decision in the case of generally suitable applicants. If an applicant is considered for the establishment of a training relationship, he/she will be informed separately about the additional personal data to be collected as part of the recruitment process.
     
  4. Collection of data from third parties
    In principle, the controller collects personal data from the data subject. If, in exceptional cases, the controller collects data from third parties, the data subject will be informed in accordance with the provisions of Article 14 GDPR, including the source.
     
  5. Legal basis
    The legal basis for data collection and data processing follows in particular from Article 6 (1) sentence 1 letter b, Article 9 (2) letter b and h, Article 88 GDPR in conjunction with Article 4 (1), (2) sentence 1, Article 8 (1) sentence 1 number 2 and number 3 BayDSG. The GDPR authorises the processing of applicant data if this processing is necessary for a contract. In the case of an application to medbo, this authorisation also applies to the processing of data prior to the conclusion of a contract.
     
  6. Recipients or categories of recipients of the personal data
    Personal data is forwarded to or can be viewed by our
    • Personnel Management Department, Executive Board, Directorate, School Management, full-time teaching staff, school secretariat as well as the responsible specialist department, the responsible head of department and the Legal Department for the preparation and implementation of the preliminary and final selection decision as well as for the final decision on the admission of the most suitable applicant,
    • Staff Council to safeguard its participation rights in accordance with the BayPVG,
    • Representatives of severely disabled persons to safeguard their participation rights under the Ninth Social Security Code,
    • external companies if this is necessary. Examples of this are postal service providers for the delivery of letters.
       
  7. Transfer to third countries
    There are no plans to transfer your data to third countries.
     
  8. Automated decision-making (profiling)
    Unless otherwise stated in separate information on the processing activity, no personal automated decision-making (profiling) takes place at the controller.
     
  9. Storage periods and deletion of data
    We store and process data for as long as we need it to fulfil the purposes described above. Application documents are generally stored for six months, unless a contractual relationship is subsequently established. If an application is unsuccessful or is withdrawn, we will destroy the data submitted as part of an application no later than six months after notification of rejection. Retention within these periods is necessary in the event of any legal disputes on legal grounds. If a training relationship is established, the person concerned will be informed separately about the regulations then applicable to the handling of personal data, in particular with regard to the creation of personnel files.
     
  10. Notification in the event of a breach of data protection
    In the event of a breach of data protection, the controller shall notify the competent data protection supervisory authority. If the breach results in a high risk to the personal rights and freedoms of a natural person, the controller will notify the data subject.
     
  11. Rights of data subjects
    We would also like to inform you about your rights under the GDPR (in particular Articles 15 to 21, 77 GDPR) in the event that you are affected:
  • If your personal data is processed, you have the right to obtain information about the personal data stored about you.
  • If incorrect personal data is processed, you have the right to rectification.
  • If the legal requirements are met, you can request the deletion or restriction of processing.
  • You also have the right to lodge a complaint with the Bavarian State Commissioner for Data Protection. You can contact them using the following contact details:
    Der Bayerische Landesbeauftragte für den Datenschutz (BayLfD), Wagmüllerstraße 18, 80538 München, Postanschrift: Postfach 22 12 19, 80502 München, Fon +49 (0) 89/212672-0, Fax +49 (0) 89/212672-50, E-Mail: poststelle@datenschutz-bayern.de, Internet: www.datenschutz-bayern.de

    As a data subject, you can also exercise your right to object at any time without giving reasons and amend or completely revoke a declaration of consent with effect for the future. You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. This does not affect the data processing carried out up to the time of cancellation. You can send your cancellation to the contractual partner either by post, e-mail or fax. You will not incur any costs other than the postage costs or the transmission costs according to the existing basic tariffs.

    If you make use of your above-mentioned rights, medbo will check whether the legal requirements for this are met.
    If the deletion of the applicant data is requested during the application process, this will be considered as a withdrawal of the application.
    (Human Resources Department, as of August 2018)

Data protection information in accordance with Art. 13 General Data Protection Regulation (GDPR) Employees

Data protection information in accordance with Art. 13 GDPR

  1. Responsible body
    Name of the responsible body:
    Medizinische Einrichtungen des Bezirks Oberpfalz - Kommunalunternehmen (Anstalt des öffentlichen Rechts)
    Director: Dr med. Dr jur. Helmut Hausner

    Address of the responsible body:
    Universitätsstr. 84, 93053 Regensburg
    Telephone: +49 (0)941/941-0
    Email: info@medbo.de
     
  2. Data Protection Officer
    Name of the Data Protection Officer:
    Andreas Eisenhart

    Address:
    medbo KU, August-Holz-Straße 1, 93413 Cham
    Phone: +49 (0) 9971/76655-9676
    Email: datenschutz@medbo.de
     
  3. Purpose of data collection, storage, processing or use
    Your data will be processed
    • to conclude an employment contract or other employment relationship and to fulfil the contractual relationship
    • to terminate the employment relationship and to wind up the contractual relationship.
       
  4. Collection of data from third parties
    In principle, the controller collects personal data from the data subject. If, in exceptional cases, the controller collects data from third parties, the data subject will be informed in accordance with the provisions of Art. 14 GDPR, including the source.
     
  5. Legal basis
    The legal basis for data collection and data processing in the context of recruitment and employment is in particular Art. 6 para. 1 sentence 1 lit. b, lit. c and e GDPR, Art. 9 para. 2 letters b and h GDPR, Art. 88 para. 1 GDPR, Art. 8 para. 1 sentence 1 no. 2 and 3 BayDSG, § 611 BGB, § 3 para. 4 TVöD-K, § 3 para. 5 TV-Ärzte/VKA, § 4 TVAöD (BBiG, Pflege) § 4 TVPöD; for recruitment in the driving service additionally § 31 para. 2 StVZO, § 11 para. 9 in conjunction with Annex 5 FeV, § 12 in conjunction with Annex 6 No. 2 FeV.
     
  6. Recipients or categories of recipients of the personal data
    • Public bodies that receive data on the basis of statutory provisions (existence of overriding legal provisions) (in particular authorities and social insurance institutions), e.g. German Federal Pension Insurance, responsible tax office, occupational pension schemes. Additionally for people with severe disabilities or equalisation: Due to a proven severe disability or equalisation as part of the recruitment process, personal data is also passed on to the following external bodies: Federal Employment Agency: In order to fulfil the obligation under Section 163 (2) SGB IX, the Ministry of State transmits personal data to the Federal Employment Agency annually in the form of a list of employees with severe disabilities and equivalent status.
    • Internal departments involved in the execution of the respective processes, e.g. Human Resources Management Department, Payroll, Bookkeeping, Accounting, Auditing, Purchasing, Staff Council to safeguard its rights, Company Health Management, IT.
    • External contractors pursuant to Art. 28 GDPR (processing or use of personal data on behalf of third parties) and external companies, if necessary, e.g. Anstalt für Kommunale Datenverarbeitung in Bayern (AKDB) for the purpose of payroll accounting, Consal Service GmbH, postal service providers for the delivery of letters, financial institutions for the processing of payments to you, Bayerische Versorgungskammer (Bayerischer Versorgungsverband, supplementary pension scheme), pension providers, the State Office for Statistics, Kommunale Unfallversicherung Bayern (KUVB), provident funds, Versicherungskammer Bayern - Sparkasse Regensburg, employers concerned in the case of multiple employment or insurance companies.
       
  7. Transfer to third countries
    There are no plans to transfer your data to third countries.
     
  8. Automated decision-making (profiling)
    Unless otherwise stated in separate information on the processing activity, no personal automated decision-making (profiling) takes place at the controller.
     
  9. Storage periods and deletion of data
    We store and process data for as long as we need it to fulfil the purposes described above. Application documents are generally stored for six months, unless a contractual relationship is subsequently established. If an application is unsuccessful or is withdrawn, we will destroy the data submitted as part of an application no later than six months after notification of rejection. Storage within these periods is necessary in the event of any legal disputes on legal grounds. If the person concerned is hired, he/she will be informed separately about the regulations then applicable to the handling of personnel data, in particular with regard to the creation of personnel files.
     
  10. Notification in the event of a breach of data protection
    In the event of a breach of data protection, the controller shall notify the competent data protection supervisory authority. If the breach results in a high risk to the personal rights and freedoms of a natural person, the controller will notify the data subject.
     
  11. Rights of data subjects
    We would also like to inform you about the rights to which you are entitled under the GDPR (in particular Art. 15 to 21, 77 GDPR) in the event that you are affected:
  • If your personal data is processed, you have the right to obtain information about the personal data stored about you.
  • If incorrect personal data is processed, you have the right to rectification.
  • If the legal requirements are met, you can request the deletion or restriction of processing.
  • You also have the right to lodge a complaint with the Bavarian State Commissioner for Data Protection. You can contact them using the following contact details:
    The Bavarian State Commissioner for Data Protection (BayLfD), Wagmüllerstraße 18, 80538 Munich, postal address: Postfach 22 12 19, 80502 Munich, telephone: 089 212672-0, fax: 089 212672-50, e-mail: poststelle@datenschutz-bayern.de, Internet: www.datenschutz-bayern.de

    As a data subject, you can also exercise your right to object at any time without giving reasons and amend or completely revoke a declaration of consent with effect for the future. You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. This does not affect the data processing carried out up to the time of cancellation. You can send your cancellation to the contractual partner either by post, e-mail or fax. You will not incur any costs other than the postage costs or the transmission costs according to the existing basic tariffs.

    If you make use of your above-mentioned rights, medbo will check whether the legal requirements for this are met.'
    If the deletion of the applicant data is requested during the application procedure, this will be regarded as a withdrawal of the application.
    (Human Resources Department, as of August 2018)

Institute for Education and Personnel Development - IBP

In accordance with Article 13 of the GDPR, we are obliged to provide you with the following information when collecting data:

  1. Name and contact details of the controller
    Medizinische Einrichtungen des Bezirks Oberpfalz - KU (Anstalt des öffentlichen Rechts, "medbo" for short)
    Universitätsstr. 84
    93053 Regensburg
    Tel +49 (0)941/941-0
    Fax +49 (0)941/941-1105
    Email: info@medbo.de 
     
  2. Contact details of the data protection officer
    Medizinische Einrichtungen des Bezirks Oberpfalz - KU (Anstalt des öffentlichen Rechts)
    Data protection officer
    Universitätsstr. 84
    93053 Regensburg
    Email: datenschutz@medbo.de 
     
  3. Purpose of processing 
    Your data will be used for the purpose of contract fulfilment in accordance with Article 6, paragraph 1 b GDPR by the Institute for Education and Personnel Development of the Bezirksklinikum Regensburg. 
     
  4. Recipients of the data
    The recipients of your data are therefore the Institute for Education and Personnel Development of the District Hospital Regensburg.
     
  5. Duration of data storage
    Your data will be deleted after the purpose for which it was collected no longer applies and after the statutory retention period.
     
  6. Right to information, rectification and erasure
    In accordance with Article 15 GDPR, you have the right to request information about whether and how we use your personal data. Article 16 GDPR grants you the right to request the rectification of your personal data. You also have the right to request the erasure of your data if one of the grounds in Article 17 GDPR applies.
     
  7. Right to restriction of processing
    Under the conditions of Article 18 GDPR, you have the right to restrict the processing of your personal data.
     
  8. Right to withdraw consent
    If the processing of your data is based on consent that you have given to the Institute for Education and Personnel Development of the Bezirksklinikum Regensburg, you have the right to withdraw your consent at any time. You can send this declaration - in writing / by e-mail / fax - to the Institute for Education and Personnel Development of the District Hospital Regensburg. It is not necessary to give reasons for this. However, your cancellation is only valid from the time you make it. It has no retroactive effect. The processing of your data up to this point in time remains lawful.
     
  9. Right to lodge a complaint
    Irrespective of the fact that you are also free to seek judicial assistance, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of your data is not permitted under data protection law. This arises from Art. 77 GDPR. The complaint to the supervisory authority can be made informally. In accordance with Art. 15 BayDSG, the Bavarian State Commissioner for Data Protection is responsible for monitoring compliance with data protection regulations at the public bodies of the Free State of Bavaria and also at medbo.

    Bayerischer Landesbeauftragter für den Datenschutz
    (Telephone: (089) 2 1 26 72 - 0 | Email: poststelle@datenschutz-bayern.de)
    Internet: www.datenschutz-bayern.de

Data protection information in accordance with Art. 13 General Data Protection Regulation (GDPR) - PR/Newsletter

In accordance with Article 13 of the GDPR, we are obliged to provide you with the following information when collecting data:

  1. Name and contact details of the controller
    Medizinische Einrichtungen des Bezirks Oberpfalz - KU (Anstalt des öffentlichen Rechts, "medbo" for short)
    Universitätsstr. 84
    93053 Regensburg
    Tel +49 (0)941/941-0
    Fax +49 (0)941/941-1105
    Email: info@medbo.de
     
  2. Contact details of the data protection officer
    Medizinische Einrichtungen des Bezirks Oberpfalz - KU (Anstalt des öffentlichen Rechts)
    Data protection officer
    Universitätsstr. 84
    93053 Regensburg
    Email: datenschutz@medbo.de
     
  3. Purpose of processing 
    Your data will be processed by medbo for the purpose of sending you the newsletter or invitations to events or job offers. Your personal data will not be used for any other purpose. Data processing is carried out on the basis of Art. 6 para. 1 letter a GDPR
     
  4. Recipient of the data
    The recipient of your data is exclusively the respective office responsible for dispatch within medbo.
     
  5. Duration of data storage
    Your data will be deleted after you withdraw your consent.
     
  6. Right of access, rectification and erasure
    In accordance with Article 15 GDPR, you have the right to request information about whether and how we use your personal data. Article 16 GDPR grants you the right to request the rectification of your personal data. You also have the right to request the erasure of your data if one of the grounds in Article 17 GDPR applies.
     
  7. Right to restriction of processing
    Under the conditions of Article 18 GDPR, you have the right to restrict the processing of your personal data.
     
  8. Right to withdraw consent
    If the processing of your data is based on consent that you have given to medbo, you have the right to withdraw your consent at any time. You can send this declaration - in writing / by e-mail / fax - to medbo. You do not need to give reasons for this. However, your cancellation is only valid from the time you make it. It has no retroactive effect. The processing of your data up to this point in time remains lawful.
    If you no longer wish to receive a newsletter, event invitations or job offers in the future, please follow the steps at the end of the respective notification.
     
  9. Right to lodge a complaint
    Irrespective of the fact that you are also free to seek judicial assistance, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of your data is not permitted under data protection law. This arises from Art. 77 GDPR. The complaint to the supervisory authority can be made informally. In accordance with Art. 15 BayDSG, the Bavarian State Commissioner for Data Protection is responsible for monitoring compliance with data protection regulations at the public bodies of the Free State of Bavaria and also at medbo.
    Contact:
    Bavarian State Commissioner for Data Protection
    (Telephone: (089) 2 1 26 72 - 0,
    E-mail: poststelle@datenschutz-bayern.de)
    Internet: www.datenschutz-bayern.de

Data protection information of the Medical Centre of the District of Upper Palatinate - KU for online meetings, telephone conferences and webinars via "Zoom"

We would like to inform you below about the processing of personal data in connection with the use of "Zoom".

  1. Purpose of processing
    We use the "Zoom" tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: "online meetings"). "Zoom" is a service provided by Zoom Video Communications, Inc. based in the USA.
     
  2. Responsible party
    The party responsible for data processing that is directly related to the organisation of "online meetings" is the Medizinisches Einrichtungen des Bezirks Oberpfalz - KU (medbo for short), possibly in conjunction with an external speaker.

    Note: If you access the "Zoom" website, the provider of "Zoom" is responsible for data processing. However, accessing the website is only necessary to use Zoom in order to download the software for using Zoom. 
    You can also use Zoom if you enter the relevant meeting ID and any other access data for the meeting directly in the Zoom app.

    If you do not want to or cannot use the Zoom app, the basic functions can also be used via a browser version, which you can also find on the Zoom website. 
     
  3. What data is processed?
    Various types of data are processed when you use Zoom. The scope of the data also depends on the data you provide before or when participating in an "online meeting".

    The following personal data is processed:
    User details: first name, surname, telephone (optional), email address, password (if "single sign-on" is not used), profile picture (optional), department (optional)
    Meeting metadata: topic, description (optional), participant IP addresses, device/hardware information.
    For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
    When dialling in by telephone: details of the incoming and outgoing telephone number, country name, start and end time. If necessary, further connection data such as the IP address of the device may be stored.
    Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an "online meeting". In this respect, the text entries you make are processed in order to display them in the "online meeting" and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the "Zoom" applications.

    To participate in an "online meeting" or enter the "meeting room", you must at least provide information about your name (although you can also use a pseudonym here).
     
  4. Scope of processing
    We use "Zoom" to conduct "online meetings". If we want to record "online meetings", we will inform you transparently in advance and - if necessary - ask for your consent. The fact of the recording will also be displayed to you in the "Zoom" app.
    If it is necessary for the purpose of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case.
    In the case of webinars, we may also process the questions asked by webinar participants for the purposes of recording and following up on webinars. 
    If you are registered as a user with "Zoom", reports on "online meetings" (meeting metadata, telephone dialling data, questions and answers in webinars, survey function in webinars) can be stored for up to one month at "Zoom".
    The possibility of software-based "attention monitoring" ("attention tracking") in "online meeting" tools such as "Zoom" is deactivated.
    Automated decision-making within the meaning of Art. 22 GDPR is not used.
     
  5. Legal basis for data processing
    Insofar as personal data of medbo employees and, if applicable, their authorised representatives are processed, Section 26 BDSG is the legal basis for data processing. If, in connection with the use of "Zoom", personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of the use of "Zoom", Art. 6 para. 1 lit. f) GDPR is the legal basis for data processing. In these cases, our interest lies in the effective organisation of "online meetings".
    Otherwise, the legal basis for data processing when holding "online meetings" is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are held within the framework of contractual relationships. 
    If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here too, we are interested in the effective organisation of "online meetings".
     
  6. Recipients / disclosure of data
    Personal data that is processed in connection with participation in "online meetings" is generally not disclosed to third parties (exception: you explicitly consent to the disclosure of data).
    Other recipients: The provider of "Zoom" necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in our order processing contract with "Zoom".
     
  7. Data processing outside the European Union
    "Zoom" is a service provided by a provider from the USA. Personal data is therefore also processed in a third country. We have concluded an order processing contract with the provider of "Zoom" that meets the requirements of Art. 28 GDPR. 
    An adequate level of data protection is guaranteed by the conclusion of the so-called EU standard contractual clauses. In our account with Zoom, we have stipulated that only German or European data centres will be used. This means that your personal data is never sent to the USA. We also ensure that all data relating to an online conference is deleted by us no later than 48 hours after the end of the conference. In this way, we work with Zoom in the most data-efficient way possible.
    Zoom nevertheless processes data outside the EU. In this case, however, it is not your personal data, but data from us that is used for billing purposes.

    We make sure that as little personal data as possible is processed by Zoom. For example, we do not send invitations to online conferences via the Zoom invitation tool, but by email or newsletter via medbo accounts. When participating in an online conference, you can control which data you share yourself.
     
  8. Data protection officer
    You can contact our data protection officer as follows: 
    Medizinische Einrichtungen des Bezirks Oberpfalz - KU (Anstalt des öffentlichen Rechts)
    Data protection officer
    Universitätsstr. 84
    93053 Regensburg
    Email: datenschutz@medbo.de
     
  9. Your rights as a data subject
    As a data subject, you have a right to information about the use of personal data concerning you. We will provide you with information at any time. If possible, please submit your request for information in writing. We ask for your understanding that we will request appropriate proof of authentication from you for any request for information that is not made in writing - you must be able to prove that you are the person you claim to be.
    You have the right to rectification, erasure or restriction of the processing of your personal data to the extent that you are legally entitled to do so. 
    You have a legally defined right to object to the processing of your personal data.
    You also have the right to data portability under data protection law.
     
  10. Deletion of data
    We generally delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfil contractual services, to check and grant or defend against warranty and guarantee claims. In the case of statutory retention obligations, erasure will only be considered after the respective retention obligation has expired.
     
  11. Right to lodge a complaint with a supervisory authority 
    You have the right to lodge a complaint about the processing of personal data by us with a supervisory authority for data protection. The competent supervisory authority is the Bavarian State Commissioner for Data Protection:

    Contact details:
    Bavarian State Commissioner for Data Protection
    (phone: (089) 2 1 26 72 - 0,
    e-mail: poststelle@datenschutz-bayern.de)
    Internet: www.datenschutz-bayern.de

Data protection information of the medical facilities of the district of Upper Palatinate - KU for the use of WhatsApp

The other data protection declarations of medbo - in particular the data protection declaration for applicants - can be found at www.medbo.de/datenschutz. The following statements only apply to the processing of data if you wish to contact us via WhatsApp.

  1. For the information service offered here, medbo uses the technical platform and services of WhatsApp Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland. The controller within the meaning of the GDPR for the WhatsApp messenger service is WhatsApp Ireland; the competent supervisory authority is the Irish Data Protection Authority. medbo uses hardware and software components from Userlike UG and 360dialog GmbH in order to be able to offer communication via WhatsApp in compliance with the GDPR as far as possible. In this context, medbo has concluded contracts with both companies (data protection information Userlike: https://www.userlike.com/de/data-privacy, data protection information 360dialog GmbH: https://www.360dialog.com/de/kontakt#dataprivacy). Userlike and 360dialog provide medbo with the necessary platform to communicate with you via WhatsApp.
     
  2. When using WhatsApp, WhatsApp collects, among other things, your IP address and individual IDs for products from meta-companies that are linked to the same account or device, in accordance with its own statements. WhatsApp provides more information on this, as well as on other automatically collected information, in its own privacy policy. You can find the complete WhatsApp privacy policy here: https://www.whatsapp.com/legal/privacy-policy-eea
     
  3. The data collected about you in this context will be processed by WhatsApp or Meta and may be transferred to countries outside the European Union. WhatsApp describes in general terms what information WhatsApp receives and how it is used in the aforementioned privacy policy. We would like to point out that WhatsApp and Meta may use certain personal data collected in the course of WhatsApp communication for their own purposes. medbo has no influence on this processing.
     
  4. Communication via WhatsApp is end-to-end encrypted. However, the way in which WhatsApp uses the data for its own purposes, the extent to which activities are assigned to individual users, how long WhatsApp stores this data and whether data is passed on to third parties is not conclusively and clearly stated by WhatsApp and is not known to us.
     
  5. Further information on data processing can be found in the WhatsApp help section: https://faq.whatsapp.com/.
     
  6. You can contact WhatsApp Support here for answers to further questions - in particular regarding the rights of data subjects under the GDPR:
  7. https://www.whatsapp.com/contact/?lang=de&subject=messenger.
     
  8. By contacting us via WhatsApp, you accept the above points, in particular the transfer of data to Meta, in the sense of consent pursuant to Art. 6 para. 1 lit. a GDPR. medbo uses WhatsApp exclusively for the purpose of answering your questions. The following information is collected by medbo in the course of communication Date and time of a communication, specified name, user name, telephone number and content of the communication as well as any information that you transmit to us as part of the chat communication.
     
  9. You are under no obligation to use WhatsApp to contact medbo or to provide us with information via this messenger service. Alternatively, you can reach us via the contact options listed above.
    You have the right to withdraw your consent at any time without giving reasons. In the event of revocation, we will delete the data collected by medbo and instruct our processors Userlike and 360dialog to delete all data as well. We have no influence on the deletion of the data collected by WhatsApp/ Meta. We do not use data for purposes other than the WhatsApp chat. The deletion of the chat data stored by medbo itself takes place after the chat conversation has ended.
     
  10. If you have any further questions, you can contact our data protection officer:
    Medizinische Einrichtungen des Bezirks Oberpfalz - KU (Anstalt des öffentlichen Rechts)
    Data Protection Officer, Universitätsstr. 84 | 93053 Regensburg
    Email: datenschutz@medbo.de
     
  11. Right to lodge a complaint with a supervisory authority 
    You have the right to lodge a complaint about the processing of personal data by us with a supervisory authority for data protection. The competent supervisory authority is the Bavarian State Commissioner for Data Protection:
    Contact details:
    Bavarian State Commissioner for Data Protection
    (phone: (089) 2 1 26 72 - 0,
    e-mail: poststelle@datenschutz-bayern.de)
    Internet: www.datenschutz-bayern.de

Data protection information of the Medical Facilities of the District of Upper Palatinate - KU on the use of the VITAS telephone assistant

1. responsible body

Name of the responsible body: Medizinische Einrichtungen des Bezirks Oberpfalz - Kommunalunternehmen (Anstalt des öffentlichen Rechts) Management Board: Dr med. Dr jur. Helmut Hausner Address of the responsible body: Universitätsstr. 84, 93053 Regensburg, phone +49 (0)941/941-0, e-mail: info@medbo.de

2. data protection officer

Name of the data protection officer: Andreas Eisenhart Address: medbo KU, August-Holz-Straße 1, 93413 Cham Phone +49 (0) 9971/76655-9676 Email: datenschutz@medbo.de

3. purpose of data collection, storage, processing or use

The purpose of data processing is to ensure that medbo can be reached by telephone and to process your enquiry in a time-saving manner.

4 Scope of data processing

medbo uses the VITAS telephone assistant from VITAS GmbH, Zollhof 7, 90443 Nuremberg, which is based on artificial intelligence and is able to answer calls for us and ask for all the data necessary to process your enquiry in a natural flow of conversation. Your personal data is recorded and converted into text form so that it can then be made available to our team in a clearly organised format. The telephone assistant ensures that we are available to you by telephone. As the party responsible for data processing, we have determined in advance which data the VITAS telephone assistant requests and collects on our behalf when configuring the telephone assistant. You yourself determine which data you wish to communicate to the telephone assistant during the course of the call.

The data that we process may include

- Address

- Name (surname and first name)

- Your date of birth - Your mobile phone number or landline number

- Biometric data (Art. 4 No. 14 GDPR) in the form of your voice recording

- Health data (Art. 4 No. 15 GDPR)

The data collected varies depending on the call request. The data will only be used to process your request. VITAS GmbH uses processors to provide the service. This may result in the aforementioned data being transferred to a country that does not guarantee the same data protection standards as the European Union. In this case, VITAS GmbH will ensure that the service providers guarantee an equivalent level of data protection by contract or other means. You have the right to be informed about the appropriate guarantees in accordance with Art. 46 GDPR. You are welcome to request a copy of these guarantees from VITAS GmbH. Detailed information on data processing by VITAS GmbH can be found here: https://www.telefonassistent.de/datenschutz

5 Legal basis for data processing

We process your data on the basis of your express consent (Art. 6 para. 1 letter a, Art. 9 para. 2 letter a GDPR), which is collected during the telephone conversation. You can revoke this consent at any time without giving reasons, even after the telephone conversation, by contacting us using the contact details given in point 1 of this data protection notice. In this case, we also undertake to delete all data collected about you, unless we are obliged to observe certain statutory retention periods that may prevent the data from being deleted immediately. The revocation of your consent does not affect the legality of the data processing carried out on the basis of your consent until the revocation. The further use of your data after you have given your consent, for example to make appointments, also serves the purpose of initiating or implementing a treatment contract with us (Art. 6 para. 1 lit. c, e, para. 2, 3 GDPR in conjunction with Art. Art. 9 para. 2 letter h, para. 3, para. 4 GDPR in conjunction with. §§ Sections 630a ff, 630f BGB)

6. duration of storage

We generally store your data for as long as is necessary for the purposes of processing your enquiry and the associated treatment services or for as long as there is a retention obligation. Personal data processed by the VITAS telephone assistant is generally stored for a period of two weeks. After this period has expired, the data is automatically deleted, unless legal requirements demand longer storage. The conversation converted into text is only stored within Europe. Insofar as we use information from the call such as personnel master data and the categorised reason for the call for internal administration (e.g. appointment booking via our internal calendars), it may be stored for a longer period of time if this is necessary for the planning and provision of treatment services.

7. no automated decision-making; use of AI technology

Automated decision-making (profiling) within the meaning of Art. 22 GDPR does not take place. Further processing also takes place when using the VITAS telephone assistant as part of internal administration with the final decision being made by medbo employees. The VITAS telephone assistant is based on artificial intelligence (AI) technologies and generates statements based on probability algorithms and its own training data set. In individual cases, this may result in incorrect or incomprehensible statements. We are in close dialogue with the provider in order to continuously improve the precision of the VITAS telephone assistant; should you therefore notice any errors or inconsistencies, you are welcome to contact medbo's data protection officer (point 2 of this data protection notice) with your feedback. The data you provide during a call will not be used for training purposes.

8 Cancellation and rights of data subjects

You have the right to withdraw (revoke) your consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. (Revocation with effect for the future). Please send your cancellation to the contact details under point 1 of this data protection notice. Furthermore, we would like to inform you about your rights under the GDPR (in particular Articles 15 to 21, 77 GDPR) in the event that you are affected:

- If your personal data is processed, you have the right to obtain information about the personal data stored about you.

- If incorrect personal data is processed, you have the right to rectification.

- If the legal requirements are met, you can request the deletion or restriction of processing.

You can exercise these rights at any time by contacting us using the contact details provided in point 1 of this data protection notice. You can also contact our data protection officer (point 2 of this data protection notice), in particular for suggestions and complaints regarding the processing of your personal data.

You also have the right to lodge a complaint with the Bavarian State Commissioner for Data Protection. You can reach him under the following contact details The Bavarian State Commissioner for Data Protection (BayLfD), Wagmüllerstraße 18, 80538 Munich, postal address: Postfach 22 12 19, 80502 Munich, phone +49 (0) 89/212672-0, fax +49 (0) 89/212672-50, e-mail: poststelle@datenschutz-bayern.de, Internet: www.datenschutz-bayern.de