Privacy of Healthspot GmbH

How we handle your dat a and your rights information in accordance with Articles 13, 14 and 21 of the EU General Data Protection Regulation ( GDPR )

With the following information we would like to give you an overview of the processing of your personal data by us and your resulting rights. Which data is processed in detail and how it is used depends largely on the services requested or agreed in each case. Therefore, not all statements contained here may apply to you.
In addition, this data protection information can be updated from time to time.

Who is responsible for data processing and who can I contact?

The person responsible within the meaning of the GDPR is:
Healthspot GmbH
You can contact our company data protection officer at:
[email protected]

Type of personal data collected

We process the following personal data that we receive from you as part of our business relationship:
Company name with legal form and address
Title and name
Phone numbers
Email address
Results and results in dealing with tests for COVID-19 Payment data relating to online bookings for online appointment bookings

We process your data for the following purposes and on the following legal basis

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG):

To fulfill contractual obligations (Art. 6 Para. 1 Letter b GDPR)

The processing of data takes place in order to carry out:
of our contract with Swiss Exhibition for the Art Basel event.
of ancillary contractual services (e.g. warranty notifications or collection by the manufacturer)
Is the data managed by the company keyper, which has its own GDPR guidelines.

Due to legal requirements (Art. 6 Para. 1 Letter c GDPR)

We are subject to various legal obligations that result in data processing. These include .:
Tax laws as well as statutory accounting
the fulfillment of inquiries and requirements from supervisory or law enforcement authorities
the fulfillment of tax control and reporting obligations
FOPH guidelines in accordance with the Pandemic Act
In addition, it may be necessary to disclose personal data in the context of official / judicial measures for the purpose of gathering evidence, prosecuting or enforcing claims under civil law. As in the context of the Pandemic Act to the Federal Office of Public Health and the responsible laboratory Biolytix, which carry out the PCR tests.

As part of the balancing of interests (Art. 6 Para. 1 f GDPR)

If necessary, we process your data beyond the actual fulfillment of the contract to safeguard our legitimate interests or those of third parties. Examples of such cases are:
Assertion of legal claims and defense in legal disputes
Coordination with the laboratory for evaluations of tests and the associated reporting obligation to the Federal Office of Public Health (BAG).

Who will get my data?
Inside our home

Employees for contact with you and contractual cooperation (including the fulfillment of pre-contractual measures)

In the context of order processing

Your data may be passed on to service providers who act for us as processors:
Support or maintenance of EDP or IT applications
Data destruction
All service providers are contractually bound and in particular obliged to treat your data confidentially.

Other third parties

Data will only be passed on to recipients outside our company in compliance with the applicable data protection regulations. Recipients of personal data can be, for example: Public bodies and institutions (e.g. financial or law enforcement authorities) if there is a legal or official obligation, Federal Office of Public Health in the case of a positive PCR test. Swiss Pandemic Act)

Will data be transferred to a third country or to an international organization?

Your data will only be processed within the European Union and states within the European Economic Area (EEA).

How long will my data be stored?

We process and store your personal data as long as this is necessary for the fulfillment of our contractual and legal obligations. If the data are no longer required for the fulfillment of contractual or legal obligations, they are regularly deleted.
Exceptions arise
▪ as far as statutory retention requirements are to be fulfilled, e.g. Commercial Code (HGB) and Tax Code (AO) are required. The periods for storage and documentation specified there are usually six to ten years;
▪ to preserve evidence within the framework of the statutory statute of limitations. According to §§ 195 ff of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is 3 years.
▪ If necessary, more.

If the data processing takes place in the legitimate interest of us or a third party, the personal data will be deleted as soon as this interest no longer exists. The exceptions mentioned apply here.

What data protection rights do I have?

You have the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 DSGVO, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. Restrictions according to Sections 34 and 35 BDSG may apply to the right to information and the right to erasure.
In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG). The supervisory authority responsible for us is:

Is there an obligation to provide data?

As part of the contractual relationship, you must provide the personal data that are required for the establishment, implementation and termination of the contractual relationship and for the fulfillment of the related contractual obligations or that we are legally obliged to collect. Without this data, we will usually not be able to conclude or execute the contract with you.

Information about your right of objection in accordance with Article 21 of the General Data Protection Regulation (GDPR)
Right to object on a case-by-case basis

Sie haben das Recht, aus Gründen, die sich aus Ihrer besonderen Situation ergeben, jederzeit gegen die Verarbeitung Sie betreffender

You have the right, for reasons that arise from your particular situation, to object at any time to the processing of personal data relating to you, which is based on Article 6 (1) (f) GDPR (data processing based on a weighing of interests); This also applies to profiling based on this provision within the meaning of Article 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Recipient of an objection

The objection can be made informally with the subject “Objection” stating your name, address and date of birth and should be addressed to:
Healthspot GmbH