DATA PRIVACY POLICY

Responsible for data processing

At Alpamax oÜ, we understand the significance of your personal data and respect your rights to privacy. As such, we are committed to collecting, storing, and processing all data received from users of our website in compliance with relevant data protection laws and regulations. To ensure transparency and accountability, we have outlined our data protection responsibilities, the types and uses of data collected on our website, the measures we take to safeguard your data, and your legal entitlements regarding your personal data.

1. Health Care Solutions and software:
   • The solutions we develop process the data of patients in accordance with Art. 6 para. 1 lit. b, Art. 9 para. 1, 2 lit. a, h DSGVO, § 22 para. 1 no. 1 b BDSG, in order to provide clients with our contractual services, including any pre-contractual communication. The data processed, the type, scope and purpose and the necessity of the processing, are determined by the underlying contractual relationship. The data that may be processed via our website generally includes client contact data (e.g. e-mail address, telephone, etc.), contract data (e.g., services used, products purchased, costs, names of contact persons) and payment data (e.g. bank details, payment history, etc.) may be collected through different avenue.
   • If required for the performance of the contract or by law, we transfer the data received from you via the website within the meaning of the previous paragraph to the necessary authority, in the manner necessary for the performance of the contract or typically involved third parties, such as comparable service providers, provided that for the provision of our services.
   • acc. to Art. 6 para. 1 lit b GDPR,
   • acc. to Art. 6 para. 1 lit c GDPR is required by law or
   • it acc. to Art. 6 para. 1 lit d, Art. 9 para. 2 lit. c GDPR is necessary to protect the vital interests of patients or another natural person or
   • if necessary, further on the basis of a separate consent.
   • The deletion of the data takes place when the data is no longer required for the fulfilment of contractual or legal obligations as well as for dealing with any warranty and comparable obligations, whereby the necessity of storing the data is reviewed every three years; in all other respects, the statutory retention periods shall apply.
2. Contact:
   • When contacting us, the information provided by the user is processed for the purpose of handling the contact request and its processing pursuant to Art. 6 (1) lit. b DSGVO.
   • We delete each request immediately if its storage is no longer necessary or any existing legal storage obligation has expired. We review the necessity on a rotational basis every two years.
3. Cookies:
   • Our website uses technically necessary cookies. Cookies are small text files that are transferred from a website server to your hard drive. Cookies cannot be used to launch programs or transfer viruses to a computer. Based on the information contained in the cookies, we can facilitate your navigation and enable the correct display of our web pages. Technically necessary cookies are not subject to the consent requirement according to § 25 para. 2 no. 2 TTDSG.
   • You can manually delete cookies in your browser. You can also set your browser to automatically reject cookies or to accept them only after confirmation.
   • Under no circumstances will the data we collect be passed on to third parties or linked to personal data without your consent.
   • It is possible to use our website even if you reject cookies. However, please note that components of our application may then no longer function or may no longer function without malfunction.
   • The technically not mandatory cookies on our website are only set after your consent according to § 25 para. 1 TTDSG, Art. 6 para. 1 p. 1 lit a, Art. 7 DSGVO.
4. Tracking procedure:
   • The use of tracking tools and the cookies set in this context is based on Art. 6 para. 1 p. 1 lit. a DSGVO / § 25 para. 1 TTDSG by your consent, which can be revoked at any time. In this way, we want to ensure a needs-oriented design and the ongoing optimisation of our website (through statistical evaluations).
      
5. Use of a Consent Management System (CMT):
   • Our website uses a Consent Management System (CMT).
   • We use this data to ensure the full functionality of our website as well as to inform the user about the use of cookies on our website and to obtain and record the user's consent in accordance with the law.

The following data is automatically transmitted to the provider/technical service provider of our CMT:

• Anonymised IP address of the user;
• Date, time of consent;
• User agent of the end user's browser;
• Website from which the access was made (referrer URL);
• Anonymous, random and encrypted key;
  
  The cookies allowed by the user (cookie status), which serves as proof of consent.
  An automated key created by the CMT for the management/proof of consent granted and the consent status are also stored in a cookie in the end user's browser. This allows the website to automatically read and comply with the end user's consent in all subsequent page requests and future end user sessions for up to 12 months.
  
  The legal basis for data processing is Art. 6 (1) lit. c DSGVO in conjunction with Section 25 (2) no. 2 TTDSG. Only with an appropriate mechanism for granting and managing consent can we comply with the legal requirements.
  
  You can prevent the collection as well as the processing of your data by our CMT by disabling the execution of script codes in the settings of your browser or by installing a script blocker in your browser.
• We keep personal data only for as long as necessary to fulfil its intended purpose, after which it will be securely deleted.

Individuals have the right to access, correct, delete or restrict the processing of their personal data, as well as the right to data portability and the right to object to the processing of their personal data. Any requests in this regard should be directed to our Data Protection Officer in writing.

We take any suspected data protection breaches seriously and will report such incidents to the relevant supervisory authority.

If you have any questions or concerns regarding our data protection practices, please contact our Data Protection Officer at data.protection@alpamax.eu