Data Privacy Policy

1. Purpose & Scope

With this privacy policy we would like to inform you about how we process personal data in accordance with the General Data Protection Regulation (EU Regulation 2016/679). The protection of your privacy is of the utmost importance to us, so it goes without saying that we comply with the legal stipulations on data protection.

2. Legal Information

2.1. Person in Charge

The person in charge is any person or entity who, alone or jointly with others, decides on the purpose and means of processing personal data. (Art. 4 (7) GDPR).

Company name: northh medical GmbH

Address: Röntgentstr. 24, 22335 Hamburg

Company registration number: HRB147170 (Handelsregister Hamburg)

VAT identification number: DE312852095

Email address: info@northh.de

Website: www.northh.de

2.2. Data Protection Officer

No data protection officer is necessary as northh medical is a company with less than 20 employees working with personal data and none of the activities of Article 37, Section 1 GDPR applies.

If you have any questions about our data protection measures, the processing of your data or about the protection of your rights as a data subject, please contact privacy@northh.de.

2.3. Legal Representative of Management Board

Owners, board members, managing director or other managers appointed by law or the constitution of the company.

Name: Dr. Fabian Kording

Address: Röntgenstr. 24, 22335 Hamburg

Phone: +49 160 6644878

Email address: fk@northh.de

2.4. Responsible supervisory authority

Name: Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit

Address: Ludwig-Erhard-Str 22, 7. OG, 20459 Hamburg

Phone: 040 / 428 54 - 4040

Email address: mailbox@datenschutz.hamburg.de

Website: https://datenschutz-hamburg.de/

3. Personal Data

Personal data is all information about identified or identifiable person. This includes the following categories of personal data that we process:

Contact details (such as first and last name, address, e-mail address, phone number)
Correspondence with us
Log files with information about a visit to our website
Identification numbers (such as social security number, tax number, tax ID, passport or ID card number, insurance numbers)
Payment data (such as bank account number, credit card number, financial institution)
Online identifiers (such as cookie IDs, IP addresses, advertising IDs)
Customer data (such as invoice data, user profiles, address, order history, payment data)
Information about your ethnic and cultural background
Anonymized MRI and US data (only gestational week and the hospital that owns the data is known).
Pseudomized MRI and US data for case reports

4. Use of Cookies

General Information About Cookies:

A cookie is a text file containing an identification number which, when the website is used, is transmitted to the user's computer together with the other data actually requested and stored there. The file is kept there for later access and serves to authenticate the user. Since cookies are only simple files and not executable programs, they do not pose any danger to the computer.

Depending on the settings selected by the user in their internet browser, the latter automatically accepts cookies. However, this setting can be changed and the storage of cookies deactivated or set in such a way that the user is informed as soon as a cookie is set. If the use of cookies is deactivated, some functions of the website may not be available or may only be available to a limited extent. You can prevent the setting of cookies by our website at any time by means of a corresponding setting in the internet browser used and thus permanently object to the setting of cookies.

Cookies that are already active can be deleted at any time via the settings of your internet browser or other software programs. We may work together with advertising partners who help us to make our online offer more interesting for you. In this case, cookies from partner companies may also be stored on your hard drive when you visit our website (cookies from third parties).

We use a cookie consent banner with the following information: “We use cookies and similar technologies to enable services and functionality on our site and to understand your interaction with our service. By clicking on accept, you agree to our use of such technologies for marketing and analytics.”

5. Purpose of Processing

We process your data for the following purposes:

For corresponding with you
For processing contracts with you
For advertising purposes such as the dispatch of our newsletter
On quality assurance and statistics
In order to provide our service
For your participation in our events
For your participation in our surveys
To consider your application
In order to improve our service

6. Legal Basis

We base the processing of your data on the following legal bases:

Your consent, if you have given us such consent (Art. 6 para. 1 lit. a) GDPR),
The initiation or execution of a contract with you (Art. 6 para. 1 lit. b) GDPR),
The fulfilment of legal obligations (Art. 6 para. 1 lit. c) GDPR),
The implementation of our legitimate interests (Art. 6 para. 1 lit. f) GDPR)

6.1. Legitimate Interests

When processing your data, we pursue the following legitimate interests:

The improvement of our offer,
The production of statistics,
Marketing purposes,
The storage of our correspondence with you

6.2. Processing of Personal Data (No Special Categories)

Processing of personal data which do not belong to the special categories in accordance with Art. 9 (1) GDPR (and are legitimized in Art. 6 GDPR).

The identification of the relevant legal basis is necessary for accountability obligations and the guarantee of transparency obligations vis-à-vis the persons concerned.

6.3. Processing of Personal Data (Special Categories)

Processing of personal data corresponding to the special category according to Art. 9 GDPR.

The processing of personal data indicating racial and ethnic origin, political opinions, religious or ideological beliefs or trade union membership, as well as the processing of genetic data, biometric data for the unequivocal identification of a natural person, health data relating to the sexual orientation of a natural person, is permitted only under certain conditions. All these data are not processed by northh medical. Health data comprise only anonymized data which are stored for marketing and research purposes. The health data processes include MR images and heartbeat information.

7. Categories of data subjects and personal data

7.1. Categories of Affected Persons

Business Partners
Customers
Applicants
Supplier

7.2. Categories of Recipients and Personal Data

Marketing & Sales:

Purpose:

Marketing Management
Newsletter
Tracking information of website usage
Processing of statistical data on the website
Contact form
Performance of a contract

Categories of Personal Data:

Personal details (name, address, date of birth, religion, degree of disability)
Online related data (Login data, IP address, Cookies)

Legal Basis:

Consent according to Art. 6 (1) lit. (a) GDPR or anonymized data
Contractual obligations according to Art. 6 (1) lit. (b) GDPR

Customer Relations:

Purpose:

Customer support
Customer Relations Management
Recording and processing of orders in the CRM system

Categories of Personal Data:

Customer information (Customer number, Order history, Billing data, Payment data (bank details, credit card details))

Legal Basis:

Consent according to Art. 6 (1) lit. (a) GDPR or anonymized data

Human Resources:

Purpose:

Human Resources Management
Storage and processing of application / employee documents
Management of HR files

Categories of Personal Data:

Applicant data (Name, Address, contact details, Education, Qualification, Job that was applied for)

Legal Basis:

Legal obligations according to Art. 6 (1) lit. (c) GDPR

Operations:

Purpose:

Purchasing
Performance of a contract

Categories of Personal Data:

Supplier data (Email addresses of the supplier’s employees, Phone number of the supplier’s employees, Positions of the supplier’s employees

Legal Basis:

Contractual obligations according to Art. 6 (1) lit. (b) GDPR

Research & Development

Purpose:

Product Development

Categories of Personal Data:

Legal Basis:

Anonymized data, GDPR not applicable

8. Requirement or Obligation to Provide Data

Unless this is expressly stated, the provision of your data is not required or obligatory.

9. Storage Period

We store your data,

if you have consented to the processing, at most until you revoke your consent;
if we need the data for the execution of a contract, at most for as long as the contractual relationship with you exists;
if we use the data on the basis of a legitimate interest, at most for as long as your interest in deletion or anonymisation does not outweigh the data;
insofar as statutory storage obligations exist, until the end of the storage periods.

10. Data Recipient

When processing your data, we work together with the following service providers who have access to your data:

Greenlight Guru

Affected Persons: Customers

Description: Software from Greenlight.guru is used for document information

Data: Name, E-Mail, Information on offers, orders, complaints, returns

Affected Persons: Supplier

Description: Software from Greenlight.guru is used for document information

Data: Supplier evaluation, Contract information

Hubspot

Affected Persons: Customers

Description: Customer Relation Management and Newsletter, Sales Management; Ticket and customer support software provider

Data: Name, E-Mail, E-Mail correspondence, working address, E-Mail tracking information, Job description, employer

MS Sharepoint / Microsoft

Affected Persons: Bus. Partners, Customers, Applicants

Description: MS Sharepoint is used to store any documents. Patient data will be stored either with consent form or as anonymized data

Data: Any

Affected Persons: Patients

Description: Patient data will be stored either with consent form or as anonymized data

Data: Name, date of birth, gestational age, MR images

Wix

Affected Persons: Website visitors

Description: Website provider, Marketing and advertising

Data: Website tracking information

Google Analytics

Affected Persons: Website visitors

Description: Website tracking provider

Data: Advanced website tracking information

11. Transfer to Third Countries

Data is being transferred to countries outside the European Economic Area. We only transfer personal data to third countries where the EU Commission has confirmed an adequate level of protection or where we can ensure the careful handling of personal data by means of contractual agreements or other suitable guarantees, such as certifications or proven compliance with international security standards.

USA (Standard Contractual Clauses)
Israel (Standard Contractual Clauses)
Germany (Standard Contractual Clauses)

northh medical has concluded the necessary data processing agreements in accordance with Art. 28 GDPR with its service providers / customers who process personal data during the company's activities.

12. Your Rights

As a data subject, you have the following rights:

To request information about the processing of your data, as well as to receive a copy of your personal data. Among other things you may request information on the purposes of the processing, the categories of personal data processed, the recipients of the data (if a transfer is made), the duration of the storage or the criteria for determining the duration;
To receive personal data relating to you in a structured, common and machine-readable format or to transfer it to another person in charge;
To correct your data. If your personal data is incomplete, you have the right to complete the data, taking into account the purposes of the processing;
To have your data deleted or blocked;
To have the processing restricted;
To object to the processing of your data;
To revoke your consent to the processing of your data for the future and
To complain to the responsible supervisory authority about unauthorised data processing.

13. Version of the Privacy Policy

If our processes change, we adjust the information in this privacy policy.

Status of this privacy policy: September 09, 2021