Privacy for Business Partners

Mona Applications
- mona PDMS
  User-friendly, intuitive PDMS for the patient management at the bedside.
- mona TeleICU
  Secure and efficient telemedical consultation fully integrated in mona PDMS.
- mona WebICU
  Patient management app for all workflows outside of the ICU patient room.
- mona AppStore
  Dynamically adapt Mona to your needs with workflow, clinical and AI tools.
- mona Business Analytics
  Tailored analytics for the evidence-based management of your ICU.
Mona Platform
- mona OS
  Interoperability, standardization, automatization and structured data.
- mona HealthCloud
  Comprehensive cloud service (PaaS): secure, highly available, scalable, low-maintenance.
- mona Terminal
  Bedside terminal specially developed for mona applications
Resources
About Clinomic
Schedule meeting
Deutsch
English
Română

Data protection declaration for business partners

This data protection declaration applies to the processing of personal data of internal and external employees, temporary and contract staff, shareholders, bodies, managing directors, key account managers or other natural persons who act in the name and on behalf of our contractual or business partners, which we process within the framework of existing or impending contractual and business relationships. This includes in particular existing or potential suppliers, service providers, customers or consultants, press and media companies as well as existing or potential cooperation partners or other partner companies.

The additional data protection information that we provide there applies to the processing of personal data when you visit our websites. There you will also find information on the storage of or access to information in your terminal device (computer or mobile device) using cookies or similar technologies.

1 Responsible person/contact
The responsible person within the meaning of data protection laws is:
Clinomic Medical GmbH
Jülicher Straße 306
52070 Aachen
Telephone: 0241 – 89438737
Fax: 0241 – 92788997
Email: info@clinomic.ai
(hereinafter: “Clinomic Medical”, “we” or “us”).
If you have any questions or suggestions regarding data protection or this data protection notice or would like to contact us to assert your rights, please send your request to the contact details mentioned above.

2 Data protection officer
You can reach our data protection officer at datenschutzbeauftragter@clinomic.ai.

3 Subject of data protection
The subject of data protection is personal data. According to Art. 4 No. 1 GDPR, this is all information that relates to an identified or identifiable natural person; this includes, for example, names or identification numbers.

4 Sources and types of personal data
All personal data that we process is usually provided directly by you or the business partner you work for (usually your employer).
In addition, we may process personal data that we legitimately obtain from publicly accessible sources (such as commercial and transparency registers, the press, company websites or professional networks such as Xing or LinkedIn) or that is legitimately transmitted to us by partners (such as operators of press portals) and other third parties.
Relevant personal data includes in particular personal details (such as surname, first name, address, bank details, billing address, tax number/VAT ID) and other contact details (such as telephone number, email address). In addition, this can also include order data (e.g. sales data, contract data, planned quantities, data on the purchase of goods, customer number), data from the fulfillment of our contractual obligations, data on the personal situation (e.g. business interests, profession, industry), our correspondence or files exchanged as part of the business relationship and other data comparable to the categories mentioned.

5 Legal bases, processing purposes and legitimate interests
We process personal data for the following purposes or to pursue the following legitimate interests, each on the basis of the following legal bases:

5.1 Your consent (Art. 6 Para. 1 lit. a GDPR): In individual cases, we process data because you have expressly consented to this. In some cases, we obtain consent to data processing if none of the following legal bases apply, in particular to send you advertising by email and there is no business relationship between us yet. The scope of data processing is then determined by the content of the respective consent;
5.2 To fulfil contractual obligations (Art. 6 Para. 1 lit. b GDPR): the processing is carried out to fulfil our obligations from the contract concluded with you or to carry out pre-contractual measures;
5.3 Due to legal requirements (Art. 6 Para. 1 lit. c GDPR) or in the public interest (Art. 6 Para. 1 lit. e GDPR): for example on the basis of our obligations to fulfil tax control and reporting obligations, as well as audits by tax or other authorities and compliance with statutory retention periods;
5.4 Due to our legitimate interests (Art. 6 Para. 1 lit. f GDPR): where necessary, we process data to protect our legitimate interests or those of third parties. This is done to protect the following legitimate interests:
a. Preparation, implementation and processing of contracts with you or your employer;
b. Implementation of optimal customer service and relationships, also with regard to the employees of our business partners;
c. Optimization of our business processes such as maintaining a supplier or customer database, also as part of a “customer relationship management system”;
d. Reducing default risks in our procurement processes by consulting credit agencies;
e. Asserting and defending legal claims;
f. Measures to ensure operational, building and plant safety and to manage the business;
g. For the purposes of advertising communication about our own products and services: In connection with advertising communication about our own products and services, in particular by email, to business partners and their employees with whom we have an existing business relationship, data processing and advertising communication – without prejudice to processing based on consent (see section 5.1 above) – only takes place under the further conditions of Section 7 Paragraph 3 of the Act against Unfair Competition (UWG), i.e. if you provide us with your email address in connection with the purchase of a similar product or service and you do not object to the processing in accordance with section 9 of this data protection notice. However, we will inform you again separately of this right of objection and also every time your email address is used. The objection will not incur any costs for you other than the transmission costs according to the basic rates.

6 Disclosure of personal data
In certain circumstances (beyond the cases already mentioned), your personal data may be disclosed for the purposes mentioned above; in detail:
6.1 If it is necessary to investigate or prosecute illegal or abusive incidents, personal data will be passed on to our legal advisors, the law enforcement authorities and, if necessary, to injured third parties. However, this only happens if there is concrete evidence of illegal or abusive behavior. Data may also be disclosed if this serves to enforce contractual arrangements between us and our contractual and business partners.
6.2 We are also legally obliged to provide information to certain public bodies upon request. These are primarily law enforcement authorities, authorities that prosecute administrative offenses that are subject to fines and the tax authorities.
6.3 If it is necessary to process your request or to conclude or carry out a contractual or business relationship with you, as well as in the case of centralized or outsourced company functions, your data may be passed on to companies affiliated with us for the fulfillment of the above-mentioned purposes.
6.4 Occasionally, in order to fulfill the purposes described in this data protection declaration or to provide our services, we are dependent on contractually affiliated third-party companies or other cooperation partners, as well as external service providers, such as brokers, logistics companies, IT service providers, business consultants and financial institutions. In such cases, information is passed on to these companies or individuals in order to enable them to process the data further. If these are entities outside the EU or EEA, we ensure an appropriate level of data protection, for example by concluding appropriate contracts with the data recipient.
6.5 As part of the further development of our business, the structure of our company may change by changing the legal form, establishing, buying or selling subsidiaries, parts of the company or components. In such transactions, customer information will be passed on together with the part of the company to be transferred. Whenever personal data is passed on to third parties to the extent described above, we ensure that this is done in accordance with this data protection declaration and the relevant data protection laws.

7 Third country transfers

We also process personal data in so-called third countries or transmit this data to recipients in third countries. Third countries are all countries outside the European Economic Area (EEA). Please note that there is currently no adequacy decision by the EU Commission that these third countries generally have an adequate level of data protection.
If we transfer personal data to third countries, we ensure that one of the following requirements is met:
• There is an adequacy decision by the EU Commission in accordance with Art. 45 GDPR, according to which an adequate level of data protection exists in the third country.
• We have the standard data protection clauses approved by the EU Commission in accordance with Art 46 Para. 2 lit. c) GDPR and (where necessary) additional measures have been taken in accordance with the criteria of the European Court of Justice (Schrems II ruling).
• There are other suitable guarantees within the meaning of Art. 46 Para. 1 GDPR that are suitable for establishing an appropriate level of data protection.
• There is an exception pursuant to Art. 49 GDPR, e.g. if you have given your consent for the transmission (Art. 49 Para. 1 lit. a GDPR), the transmission is necessary for the performance of a contract with you (Art. 49 Para. 1 lit. b GDPR) or for the assertion, exercise or defense of legal claims (Art. 49 Para. 1 lit. e GDPR).
You can request further information using the contact details provided under point 1. There you can also request information about the appropriate safeguards we have put in place to protect your personal data, including a copy of any standard data protection clauses that may have been concluded.

8 Processing period

We delete your data as soon as it is no longer required for the purposes for which we collected it or further processed it in accordance with this data protection notice. As a rule, we store your personal data for the duration of the contractual or business relationship with you or with the business partner you work for.

For processing that we carry out on the basis of your consent, the data will be deleted if you revoke your consent or at an earlier point in time if the data is no longer required for the purpose for which we collected it. We store data to prove your consent for a period of three years.

Further storage only takes place if we are legally obliged to do so, Art. 6 Para. 1 lit. c GDPR. If we are legally obliged to store the data, we will store your data for the period prescribed by law. Legal requirements for storage can arise in particular from the retention periods of the German Commercial Code (HGB) or the German Tax Code (AO). The retention period according to these regulations is usually between 6 and 10 years from the end of the year in which the corresponding process was completed, e.g. we have finally processed your request,
• if we need the data for longer for criminal prosecution or to assert, exercise or defend legal claims. This is also our legitimate interest, Art. 6 Para. 1 lit. f GDPR. Storage then takes place until the corresponding process is completed, plus the statutory limitation period.
If data must be retained for legal reasons, processing will be restricted. The data will then no longer be available for further use.

9 Provision of your data
You are neither contractually nor legally obliged to provide your data. However, the provision of your personal data is necessary for the implementation of the contractual or business relationship with us. Without providing your data, it is not possible to initiate or conclude a contract.
In addition, the provision of your data is necessary so that we can receive and process your inquiries and efficiently manage and maintain the contractual or business relationship.
If it is necessary to provide your data, we will inform you of this. Providing further data is voluntary.
If data is required, failure to provide this data may mean that we are not able to initiate or carry out the contractual or business relationship with the respective business partner. In other cases, failure to provide this data may mean that we are not able to provide certain additional services or services or not to the usual extent and that we are not able to process your inquiries or can only process them to a limited extent.

10 Your rights as a data subject
With regard to the processing of your personal data, you are entitled to the rights described below. In addition to the options already mentioned, you can assert your rights by submitting a request by post or email to the address given in section 1 above.
10.1 Right to information
You have the right to request information from us at any time about the personal data concerning you that we process within the scope of Art. 15 GDPR and Section 34 BDSG.
10.2 Right to rectification
In accordance with Art. 16 GDPR, you have the right to request that we rectify the personal data concerning you if it is incorrect. In addition, you have the right to request that we complete incomplete personal data.
10.3 Right to deletion
You have the right to request that we delete the personal data concerning you under the conditions described in Art. 17 GDPR and Section 35 BDSG.
10.4 Right to restriction of processing
You have the right to request that we restrict processing in accordance with Art. 18 GDPR.
10.5 Right to data portability
You have the right to receive from us the personal data concerning you that you have made available to us in a structured, common, machine-readable format in accordance with Art. 20 GDPR.
10.6 Right of objection
You have the right to object at any time to the processing of personal data concerning you based on Art. 6 Para. 1 lit. f GDPR in accordance with Art. 21 GDPR for reasons arising from your particular situation. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for these purposes, including profiling. After you object, we will stop processing.
10.7 Right of withdrawal
According to Art. 7 Paragraph 3 Sentence 1 GDPR, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the legality of the processing carried out on the basis of your consent until the withdrawal.
10.8 Right to complain
You have the right to contact a supervisory authority of your choice if you believe that the processing of your personal data violates applicable data protection law.
10.9 Data processing when exercising your rights
Finally, we would like to point out that we process the personal data transmitted by you when exercising your rights in accordance with Art. 7 Para. 3 Sentence 1 GDPR and Art. 15 to 22 GDPR for the purpose of implementing these rights and in order to be able to provide evidence of this and, if necessary, to defend legal positions.
In this context, we store your data for three years from the time your data subject rights have been fully processed. Longer storage only takes place if we still need this data for legal defense. In this case, deletion takes place after completion of the procedure plus the statutory limitation periods.
This processing for the purpose of implementation and proof of legally compliant implementation is based on the legal basis of Art. 6 Para. 1 lit. c) GDPR in conjunction with Art. 7 Para. 3 Sentence 1 GDPR and Art. 15 to 22 GDPR and Section 34 Para. 2 BDSG. Insofar as we process the personal data for the purposes of legal defense, this is also our legitimate interest, Art. 6 Para. 1 lit. f) GDPR.
You are neither contractually nor legally obliged to provide your personal data, but we can refuse to fulfill your request to exercise your rights as a data subject in accordance with Art. 12 Para. 2 Sentence 2 GDPR if you do not provide us with the data required for your unambiguous identification, if requested.

11 Changes to this data protection declaration
We reserve the right to change the data protection information in accordance with the current legal requirements or to adapt the data processing.
The current version of this data protection declaration can be accessed at any time on the Clinomic homepage under the entry ‘Data protection and privacy’.

Status: August 2024