Data Protection Information

Dear users of our websites,

Thank you for your interests in our company. With the following data protection information, we would like to inform you how we process your personal data and what rights you are entitled to in this context.

NOTE: The following information does not relate to the use of our software. You will receive detailed information on all data protection aspects when using heartbeat ONE as part of your contract documents, in a data processing agreement. Please do not hesitate to contact us at any time.

A. Data protection information about the personal data processing of contractual partners and interested parties of HRTBT Medical Solutions GmbH

B. Data protection information for personal data processing when using the website of HRTBT Medical Solutions GmbH

A. Data protection information about the personal data processing of contractual partners and interested parties of HRTBT Medical Solutions GmbH in accordance with Art. 13, 14 and 21 GDPR (Status 10/2020)

This is a translated version of the HRTBT Data Protection Information, so please note that only the German version is legally binding.

I. Name and address of controller (means the responsible legal person)
We are the controller and responsible legal person within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations, and thus also the first point of contact, you can turn to for data protection issues:

HRTBT Medical Solutions GmbH
Managing Director Yannik Schreckenberger
Greifswalder Straße 212
10405 Berlin
Telefon: 030 364 285 390
E-Mail: hello@heartbeat-med.de

II. Name and address of our data protection officer
The data protection officer of our company is:
Webersohn/Christian Scholtz

WS-Datenschutz GmbH
Meinekestraße 13
10719 Berlin
Telefon: 030 88 72 07 88
E-Mail: hrbt@ws-datenschutz.de

III. Which personal data do we process?
In principle, we only process your personal data insofar as this is necessary for the agreed service, and for the provision of a functional website, and our content. 

The processing of personal data can also take place by giving your consent.

If we do not consider a declaration of consent, the processing of the data in our company is permitted by law. If you contact us or conclude a contract with us, we may collect the following information in a specific individual case:

Further details to the personal data processing can be found in the following information.

IV. What legal basis and purposes do we use for personal data processing?

1. Purposes for the execution of a contract or pre-contractual measures Art. 6 para. 1 sentence 1 lit. b GDPR
The processing of personal data takes place at your request up to the execution of our contracts with you (e.g. for the execution of a supplier contract) and the execution of your orders (e.g. according to our software usage contract) as well as for the execution of measures and activities of pre-contractual relationships by interested parties (e.g. in order to contact you as you are interested in doing business with us or when starting negotiating with you the aforementioned contracts). 

This data is essentially collected:

2. Purposes within the scope of your consent Art. 6 para. 1 sentence 1 lit. a GDPR
Your personal data can also be processed for specific purposes, such as using your e-mail address for marketing purposes, for profile evaluation, based on your consent. If we process data on the basis of a declaration of consent, you will receive separate data protection information. As a rule, you can revoke this at any time. You will be informed separately in the corresponding text of the consent about the purposes and the consequences of a revocation or failure to give consent.

In principle, the revocation of consent will only take effect in the future. Processing that took place before the revocation is not affected and remains lawful.

3. Purposes in the context of a legitimate interest of us or third parties Art. 6 Para. 1 S. 1 lit. f GDPR
In addition to the actual fulfillment of the contract or preliminary contract, we may process your data, if it is necessary to ensure our legitimate interests or those of third parties, in particular for purposes:

4. Purposes for the fulfillment of legal requirements Art. 6 Abs. 1 S. 1 lit. c GDPR or in the public interest Art. 6 Para. 1 S. 1 lit. e GDPR
Like everyone who is involved in economic activity, we are also subject to a large number of legal obligations. These are primarily legal requirements such as compliance with tax and regulatory requirements. In addition, the disclosure of personal data may become necessary in the context of official and / or judicial measures for the purpose of gathering evidence, prosecuting or enforcing claims under civil law.

V. What legal basis do we use and who are the recipients or categories of recipients of your data, if any?
Your personal data will only be transmitted to third parties if

VI. How long will your data be stored for?
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract as part of pre-contractual negotiations and the execution of a contract. 

The personal data collected by us for the contractual relationship, will be stored until the expiry of the statutory retention period for 3 years, after the end of the calendar year in which the (pre) contractual relationship was terminated, unless we are in accordance with Art. 6 para. 1 p. 1 lit. c GDPR and due to tax and commercial law retention and documentation obligations, obliged to store longer or you have given your consent of further storage in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR.

Furthermore, special legal regulations may require a longer retention period, such as the preservation of evidence within the framework of the statutory statute of limitations. According to §§ 195 ff. of the German Civil Code (BGB), the regular limitation period is three years; however, limitation periods of up to 30 years can also apply.

If the data are no longer required for the fulfillment of contractual or legal obligations and rights, they are regularly deleted, unless their further processing is necessary for the fulfillment of the purposes listed above due to an overriding legitimate interest in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR required. Such an overriding legitimate interest also exists, for example, if deletion is not possible or only possible with disproportionately high effort, or due to the special type of storage and processing for other purposes is excluded by suitable technical and organizational measures, as well as for the purpose of managing contractual partner data.

VII. Is your data processed in a third country or by an international organization?
Data is transferred to locations in countries outside the European Union (EU) or the European Economic Area (EEA), if it is necessary to execute a contract with you, if it is required by law, such as due to tax reporting obligations, or if you have given us your consent; Art. 49 GDPR.

Unless the EU Commission has decided on an adequate level of data protection for the country in question, we will pursue in accordance with EU data protection requirements through appropriate contracts and additional contractual, technical, organizational and other measures to protect your rights and freedoms.

VIII. What data protection rights do you have?
If your personal data is processed, you are a data subject within the meaning of the GDPR and you may have the following rights after a review of the specific individual case; so towards our company:

You have the right:

Your right of objection according to Art. 21 GDPR
If your personal data is based on legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR (data processing based on legitimate interests) or Art. 6 Para. 1 S. 1 lit. e GDPR (data processing in the public interest), you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided there are reasons for this that arise from your particular situation. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can prove compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
We may also process your personal data in order to operate direct marketing. 
If you do not want to receive marketing, you have the right to object to this at any time; this also applies to profiling insofar as it is associated with such direct marketing. We will consider this objection with effect for the future.
Your data will no longer be processed for direct marketing purposes, if you object to the processing for these purposes.
If you would like to exercise your right of revocation or objection, an informal email to hello@heartbeat-med.de is sufficient.

B. Data protection information for personal data processing when using the website of HRTBT Medical Solutions GmbH (Status 10/2020)

This is a translated version of the HRTBT Data Protection Information, so please note that only the German version is legally binding.

I. Provision of the website and creation of log files
Every time our website is accessed, our system or the system of our hosting provider automatically collects the following data and information from the computer system of the calling computer:

The data is saved in the server’s log files. The IP addresses of the users are stored anonymously so that they can no longer be assigned to the calling client. We do not use the data for the purpose of drawing conclusions about you personally.

The data mentioned are processed by our company for the following purposes:

The legal basis for the storage of the data is Art. 6 Para. 1 Clause 1 lit. f GDPR. Our legitimate interest in data processing in accordance with Art. 6 Paragraph 1 Clause 1 lit. f GDPR.

The data are temporarily stored and deleted as soon as they are no longer required to achieve the purpose for which they were collected. If the data is stored in log files, this is the case after 7 days at the latest.

The collection of the data for the provision of the website and the anonymous storage of the data in log files is essential for the operation of the website. There is consequently no option for the user to object.

II. Contact forms and email contact
Data processing for information on case studies, medical content or for software demos

Contact forms are available on our website that can be used to contact us electronically for information on case studies, medical content or for software demos. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored, in particular:

The contact forms provided are sent directly as an e-mail to customer service. Alternatively, you can contact us using the email address provided.
In both cases, the user’s personal data transmitted as an email will be saved.

The legal basis for processing the data that is transmitted in the course of sending an email is Art. 6 Para. 1 Clause 1 lit. f GDPR. The processing of personal data is used to process the contact. This is also the reason for the necessary legitimate interest in processing the data.

If the aim of the email contact is to carry out pre-contractual measures or to conclude a contract, the additional legal basis for processing is Art. 6 Para. 1 Clause 1 lit. b GDPR.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case when the respective conversation with the user has ended. The conversation is over when it can be inferred from the circumstances that the matter in question has been finally clarified. After the implementation of contractual measures without the conclusion of a contract or after the year of the end of the contract, the data will be deleted after 3 years of storage, unless there is a longer storage period due to the pursuit of legitimate interests, such as to assert and defend against legal claims or due to statutory retention requirements.

If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. We will then no longer process your personal data, unless there are compelling reasons to the contrary. The objection can be made at any time by email to hello@heartbeat-med.de or by telephone on 030 364 285 390.

III. Use of cookies

1. Cookie integration
We use cookies on our website. Cookies are small text files that are stored on your computer system by the internet browser. Temporary cookies, such as session cookies, are cookies that are deleted after you, the user, leave our website and close your browser. Permanent cookies are cookies that remain stored even after the browser has been closed. These cookies can store a log-in status or user interests for range measurement or marketing purposes. If the website is called up again from the same device, the cookie is sent back to the website that generated it (first-party cookie) or to another website to which it belongs (third-party cookie). The website can use a cookie to recognize that it has already been called up with the browser used and can improve your user experience when you visit the website again. Cookies can, for example, remember your preferences and adapt the website to your personal interests.

You can allow cookies in the system settings of your browser through your settings or not. Saved cookies can be deleted in the system settings of your browser. The functionality of websites can be restricted, if cookies are not allowed.

According to the law, we can store cookies on your device if they are absolutely necessary for the operation of this site. The other types of cookies require your declaration of consent.

This website uses different types of cookies. Some cookies are placed by third parties.

2. Cookies requiring consent
When you use our website for the first time, you will be informed about the use of cookies via a cookie consent technology (tool). If you click on Details, you will be shown which cookies we are using, and to which group this cookie belongs. If you do not want to agree to a specific cookie or a specific cookie group of cookies, uncheck the corresponding cookie group and click on Ok to confirm your setting. Note that you cannot influence the use of necessary cookies. Only after you have given you consent, the cookies will be used on the website.

If these cookies also process personal data, you will be informed about this below. You can find additional information, in our cookie consent tool.

Your consent applies to the following domain: heartbeat-medical.com

3. Use of functional cookies
We use function cookies so that you can visit our websites in a user-friendly way and so that they function technically (technically necessary cookies). Some technical elements of our website require that the browser with which you reached our site can technically identify you even after changing pages.

The following data is saved when function cookies are used:

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 Para. 1 Clause 1 lit. f GDPR.

4. Use of preference and statistics cookies
We also use preference and statistics cookies on our website to analyze your surfing behavior. When you visit our website, we will ask for your consent to process your following personal data.

The legal basis for the processing of personal data using analysis purposes is your consent, provided you have given this in our cookie consent tool. You can object to your declared consent to data processing at any time by changing the cookie consent tool settings.

We also see our legitimate interest in accordance with Art. 6 Paragraph 1 Clause 1 lit. f GDPR in the analysis, optimization and economic operation of our online service.

5. Use of Google Analytics
This website uses Google Analytics, a web analysis service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. (“Google”). Google Analytics uses so-called cookies, text files that are stored on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. If IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases. We use Google Analytics to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage.

This website uses Google Analytics with the extension “anonymizelp ()”. As a result, IP addresses are further processed in abbreviated form, so that personal references can be excluded. If the data collected about you can be linked to a person, this will be excluded immediately, and the personal data will be deleted immediately.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You can find further information on data usage by Google, settings and options to object here:

We pursue it in accordance with the EU data protection regulations through standard contracts and additional contractual, technical-organizantional and other measures to adequately protect your rights and freedoms.

The legal basis for the processing of the data is your consent, provided you have declared this in the cookie consent tool. You can object to your declared consent to data processing at any time by changing the cookie consent tool settings or by changing the settings in your browser. If you also download and install the browser plug-in, you can deactivate Google Analytics tools.google.com/dlpage/ gaoptout?hl=de.

6. Google Analytics advertising function
In addition to the standard functions, we also use the extended function of Google Analytics on this website. The Google Analytics advertising functions implemented on this website include:

In addition to the personal data processing by the analysis tool Google Analytics, personal data is collected via Google cookies for ad preferences and anonymous identifiers for access so that we can improve our website services.

The legal basis for the processing of the data is your consent, provided you have declared this in the cookie consent tool. You can object to your declared consent to data processing at any time by changing the cookie consent tool settings or by changing the settings in your browser. You can prevent the use of Google Analytics through your browser settings or through the Google ad settings www.google.com/ads/preferences/?hl=de or by deactivating it on the Network Advertising Initiative (NAI) website at www.networkadvertising.org.

7. Cookie consent with Usercentrics
This website uses the cookie consent technology from Usercentrics (tool) to obtain your consent to the storage of certain cookies on your end device or for the purpose of using certain technologies, for the purpose of data protection-compliant documentation in accordance with Art. 7 Paragraph 1 GDPR.

The provider of this technology is:
Usecercentrics GmbH
Rose Valley 4
80331 Munich
Website: usercentrics.com/de/ (hereinafter Usercentrics)

If you use our cookie consent tool, the following personal data will be transmitted to Usercentrics:

Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis is Art. 6 Paragraph 1 Clause 1 lit. c GDPR.

The legal basis for the use of certain technologies is your declaration of consent. You can revoke your declaration of consent to data processing at any time by changing the settings for your declaration in the cookie consent tool.

8. Use of HubSpot
We use “HubSpot” for our online marketing activities; by HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. This is an integrated software solution with which we cover various aspects of our online marketing.

These include:

Our registration service enables visitors to our website to find out more about our company, download content and provide their contact information and other demographic information. This information and the content of our website are stored on the servers of our software partner HubSpot. They can be used by us to get in contact with visitors to our website and to determine which services from our company are of interest to them. We use all information collected exclusively to optimize our marketing measures.

https://legal.hubspot.com/privacy-policy

The legal basis for the data processing is your consent, provided you have given your consent in our cookie consent tool. You can revoke your declaration of consent to data processing at any time by changing the settings for your declaration in the cookie consent tool.

9. Use of AdRoll
This website uses a retargeting technology from AdRoll Advertising Ltd “AdRoll”. This enables us to target you with personalized, interest-based advertising on other websites. The advertising material is displayed on the basis of a cookie-based analysis of previous usage behavior, but no personal data is stored. In the case of retargeting technology, a cookie is stored on your computer or mobile device in order to collect anonymized data about your interests and thus adapt the advertising individually to the stored information. These cookies are small text files that are stored on your computer or mobile device.

The legal basis for the data processing is your consent, provided you have given your consent in our cookie consent tool. You can revoke your declaration of consent to data processing at any time by changing the settings for your declaration in the cookie consent tool.

You can permanently object to the setting of cookies for advertising specifications by using the option of setting an opt-out cookie on the page linked below:
www.adroll.com/about/privacy

Further information and the data protection provisions regarding advertising and AdRoll Advertising Ltd (“AdRoll”) can be viewed here: www.adroll.com/about/ privacy

IV. HRTBT on LinkedIn
We have our own company page on the social network LinkedIn, because we want to communicate with our customers, interested parties and users, and want to inform you about our services.

The LinkedIn Ireland Unlimited Company (Ireland / EU- “LinkedIn”) is the provider of the social network LinkedIn. Further information on the processing of personal data by LinkedIn is available at www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

If you visit our LinkedIn company page, follow this page or deal with the page, LinkedIn processes personal data in order to provide us with statistics and insights in anonymous form, so that we can obtain information about the actions of people and when they visit our website, so-called insights.

LinkedIn processes the following data:

Through the insights, LinkedIn does not provide us with any personal data about you. We only have access to the summarized insights. In addition, it is not possible for us to find out about individual members from the information provided by the insights. The processing of personal data through the insights is carried out by LinkedIn and our company as joint controllers.

The processing is based on our legitimate interest according to Art. 6 Para. 1 Clause 1 lit. f GDPR, to evaluate the actions taken on our LinkedIn company page and to improve our company page based on this knowledge. We have concluded an agreement with LinkedIn on processing as jointly responsible at legal.linkedin.com/pages-joint-controller-addendum

The aforementioned agreement has the following content: