Privacy Policy of medilane

(Last updated: 27.04.2020)

General and mandatory information

Responsible body for the data processing on this website:

medilane

Brückenstr. 15,
10179 Berlin

The responsible person(s) decides alone or jointly with others on the purposes and means of processing personal data (e.g. names, contact details, etc.).

At medilane, accessible from https://medilane.io, one of our main priorities is the privacy of our visitors. This Privacy Policy document contains types of information that is collected and recorded by medilane.io and how we use it.

If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us.

The data protection officer of medilane may be contacted via the above mentioned address or [email protected]

This Privacy Policy applies only to our online activities and is valid for visitors to our website with regards to the information that they shared and/or collect in medilane.io. This policy is not applicable to any information collected offline or via channels other than this website.

Consent

By using our website, you hereby consent to our Privacy Policy and agree to its terms.

 

 

Information we collect

We use personal data to manage the website and to the extent that it is necessary to fulfill the contract.

If you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.

When you register for an Account, we may ask for your contact information, including items such as name, company name, address, email address, and telephone number.

 

 

How we use your information

We use the information we collect for providing our services, including to:

  • Provide, operate, and maintain our webste
  • Improve, personalize, and expand our webste
  • Understand and analyze how you use our webste
  • Develop new products, services, features, and functionality
  • Communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the webste, and for marketing and promotional purposes
  • Send you emails
  • Find and prevent fraud

Data processing for contract execution

If you decide to book an medical trip, we proposed, we will use your data on the basis of art. 6 (1) lit. b) using GDPR for contract fulfillment, especially to plan and prepare your treatment and other planned activities. The necessary data, such as:

    • First name and surname,

    • Address,

    • Date of birth,

    • Arrival and departure day,

    • Passport number

    • Phone number

      will be sent to the companies involved to the necessary extent, such as affiliated medical tourism agencies, airlines, hotels, tour operators on site, shuttle service etc. The transfer is required to carry out the individual activities and thus serves the smooth completion of the contract. Together with our partners, we have concluded a contract for the commission processing according to the GDPR, which is why your data is only processed according to instructions. We store this travel master data until the expiry of the statutory limitation period. After this period expires, we will retain the information required by commercial and tax law of the contractual relationship for the statutory periods. For this period (usually ten years from the conclusion of the contract), the data will be reprocessed in the event of a review by the tax authorities.

Sensitive personal data

We may ask you to provide sensitive personal data, such as:

– your ethnic origin;

– your physical or mental health or condition;

– your medical files;

– your sexual health,

for the purpose of providing you with treatment quotes from the medical practitioners.

We will process such sensitive personal data only when you expressly consent to such processing upon submitting the relevant request form on the website.

If you consent to processing of your sensitive personal data, we may transfer it to the correspondent medical practitioners.

You have the right to refuse consent to processing of your personal sensitive data, however the medical practitioners may not be able to provide treatment plan quotes.

Hosting

The hosting service we use provides the following services: infrastructure and platform services, memory space, storage and database services, security and maintenance services that we use to manage the website. Based on our legitimate interest in an effective and secure provision of our website to users in accordance with paragraph 1f of Article 6 of the GDPR in conjunction with Article 28 of the CDPR, we or our hosting provider process the inventory data, contact details, content data, contract data, website usage data, metadata and communication data of customers, stakeholders and visitors on this website.

Log Files

medilane.io follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and a part of hosting services’ analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, tracking users’ movement on the website, and gathering demographic information.

 

Cookies and Web Beacons

Like any other website, medilane.io uses ‘cookies’. These cookies are used to store information including visitors’ preferences, and the pages on the website that the visitor accessed or visited. The information is used to optimize the users’ experience by customizing our web page content based on visitors’ browser type and/or other information.

 

Google Tag Manager

We manage website tags (website code) with Google Tag Manager. These facilitate the administration and further development of our offer and shorten your loading time. The Google Tag Manager only implements website code. The Google Tag Manager does not set cookies and does not collect personally identifiable information. The tool merely integrates website code that we have stored elsewhere that may be used to collect data. The tool only serves to facilitate the modulation of the respective code, but does not itself access the data processed by the code. We will inform you about all integrated tags in this privacy policy. For more information about the Google Tag Manager and its usage policies, visit the Google Sites.

 

Google Adwords Conversion-Tracking

In order to control and improve our campaigns, we use on the basis of Art. 6 para. 1 lit. f) DSGVO the online advertising program “Google AdWords” as well as the analysis tool Conversion-Tracking, a service of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereafter: “Google”). When you click on an ad served by Google, a conversion tracking cookie will be placed on your machine. The information generated by the cookie:

    • Browser type / version,

    • Used operating system,

    • Location,

    • Referrer URL (the previously visited page),

    • Host name of the accessing computer (IP address),

    • Time of server request,

are transmitted to a Google server in the US and stored there. These cookies lose their validity after 30 days, contain no personal data and are thus not used for personal identification. If you visit certain web pages on our website and the cookie has not expired, Google and we may recognize that you clicked on the ad and were redirected to this page. Each Google AdWords customer receives a different cookie. Thus, there is no way that cookies can be tracked through the websites of advertisers. The information obtained through the cookie is used to generate conversion statistics for us as advertisers. This tells us the total number of users who clicked on our ad and were redirected to a conversion tracking tag page. However, we do not receive any information that personally identifies users. This processing for behavioral and interest-based advertising purposes is, according to recital 47 of the GDPR, to be regarded as our acknowledged legitimate interest.

You can prevent this processing in advance by generally preventing the installation of cookies by a browser setting of your browser (deactivation option) or by setting these cookies so that cookies from the domain googleleadservices.com. You can also opt out of processing by setting Sliders Off in Google Preferences.

 

Google Analytics

For the purpose of the needs-based design and continuous optimization of our websites, we use on the basis of Art. 6 para. 1 lit. f) GDPR Google Analytics Analysis Service, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). In this context, pseudonymised usage profiles are created and cookies are used. The information generated by the cookie about your use of this website such as:

    • Browser type / version,

    • Device Name

    • Used operating system,

    • Referrer URL (the previously visited page),

    • Keywords / specific query,

    • Service providers,

    • Host name of the accessing computer (IP address),

    • Time of server request,

are transmitted to a Google server in the US and stored there. The information is used to evaluate the use of the website, to compile reports on the activities and to provide other services related to the use of the website and the internet for the purposes of market research and the needs-based design of these websites. This information may also be transferred to third parties if required by law or if third parties process this data in the order. Under no circumstances will your IP address be merged with any other data provided by Google. The IP addresses are anonymized, so that an assignment is not possible (so-called IP masking).

You can prevent the installation of cookies by setting the browser software accordingly; however, we point out that in this case not all features of our website may be fully exploited. In addition, you may prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing this browser add-on. An opt-out cookie will be set which prevents the future collection of your data when visiting this website. Please note that the opt-out cookie applies only in the browser used and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. For more information about privacy in connection with Google Analytics, visit the website of Google Analytics.

 

Google Dynamic Remarketing

On the basis of Art. 6 para. 1 lit. f) GDPR the Remarketing or “Similar Audience” Tool of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereafter “Google”). This feature is for the purpose of analyzing visitor behavior and visitor interests. Google uses cookies to carry out the website usage analysis, which forms the basis for the creation of interest-based advertisements. The cookies are used to record site visits and anonymous data on the use of the website. There is no storage of personal data of visitors to the website. If you subsequently visit another website on the Google Network, you may see ads that are likely to reflect and may be similar to previously viewed product and information areas. If necessary, your data will be processed via the Google servers in the USA. Such processing for behavioral and interest-based advertising purposes is, according to recital 47 of the GDPR, to be regarded as our acknowledged legitimate interest.

 You can object to this data processing at any time by downloading and installing this browser add-on. You can also permanently disable the use of third-party cookies by configuring the Network Advertising Initiative opt-out page accordingly.

 

GA Audiences

For the purpose of facilitating interest-based management of our campaigns within the Google ad network, we use on the basis of Art. 6 para. 1 lit. f) GDPR GA Audiences Web Analytics Service, a service of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). In this context, pseudonymised usage profiles can be created and cookies used. The information generated by the cookie about your use of this website such as:

    • Browser type / version,

    • Device Name

    • used operating system,

    • Referrer URL (the previously visited page),

    • Keywords / specific query,

    • Service providers,

    • Host name of the accessing computer (IP address),

    • Time of server request,

are transmitted to a Google server in the US and stored there. The cookie makes it possible to recognize the visitor when he visits web pages that belong to the Google advertising network. On these pages, visitors can then be presented with ads that relate to content that the visitor previously visited on websites that use Google’s remarketing feature. Such processing for behavioral and interest-based advertising purposes is, according to recital 47 of the GDPR, to be regarded as our acknowledged legitimate interest. If you do not wish to receive interest-based advertising, you may disable Google’s use of cookies for these purposes by following the instructions on this link.

Advertising Partners Privacy Policies

You may consult this list to find the Privacy Policy for each of the advertising partners of medilane.io.

Third-party ad servers or ad networks uses technologies like cookies, JavaScript, or Web Beacons that are used in their respective advertisements and links that appear on medilane.io, which are sent directly to users’ browser. They automatically receive your IP address when this occurs. These technologies are used to measure the effectiveness of their advertising campaigns and/or to personalize the advertising content that you see on websites that you visit.

Note that medilane.io has no access to or control over these cookies that are used by third-party advertisers.

 

Third Party Privacy Policies

medilane.io’s Privacy Policy does not apply to other advertisers or websites. Thus, we are advising you to consult the respective Privacy Policies of these third-party ad servers for more detailed information. It may include their practices and instructions about how to opt-out of certain options.

You can choose to disable cookies through your individual browser options. To know more detailed information about cookie management with specific web browsers, it can be found at the browsers’ respective websites.

 

CCPA Privacy Rights (Do Not Sell My Personal Information)

Under the CCPA, among other rights, California consumers have the right to:

Request that a business that collects a consumer’s personal data disclose the categories and specific pieces of personal data that a business has collected about consumers.

Request that a business delete any personal data about the consumer that a business has collected.

Request that a business that sells a consumer’s personal data, not sell the consumer’s personal data.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

 

GDPR Data Protection Rights

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.

The right to rectification – You have the right to request that we correct any information about you that you believe is inaccurate. You also have the right to request that we complete the information about you that you believe is incomplete.

The right to erasure – You have the right to request that we erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

Children’s Information

Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.

medilane.io does not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.

Data security

We make every effort to ensure your data security under the applicable data protection legislation and our technical capabilities.

Your personal data will be transmitted in the coded form. We use the SSL (Secure Socket Layer) encoding system, but please note that data transfer via the Internet (for example, when communicating by email) can be vulnerable in terms of security. It is impossible to provide complete data protection from third-parties.

To protect your data, we support technical and organizational security measures in accordance with Article 32 of the CDPR, which we always adapt to the latest technologies.

We also do not guarantee that our offer will remain available at certain times: interference, interruptions or malfunctions can not be excluded. The servers we use are regularly backed up.

International transfers

Some of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

– We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.

– Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.

– Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.