Last updated 1 September 2022
1. Purpose and Scope
This Privacy Policy concerns use of the samedi vaccination appointment booking system.
We process personal data (hereinafter generally referred to as “data”) only to the extent required and for the purpose of providing a functional and user-friendly website, including the contents and services offered therein.
In accordance with Article 4 No. 1. of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as “GDPR”), “processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
With the following Privacy Policy we inform you in particular about the type, scope, purpose, term and legal basis of the processing of personal data, insofar as we decide either independently or together with others on the purposes and means of processing. In addition, we inform you in the following about the third-party components we use for optimisation purposes and in order to increase the quality of use insofar as third parties process data in turn on their own responsibility.
2. We as the Controller
The responsible provider of this website within the meaning of data protection law is:
samedi GmbH
represented by Katrin Alscher, Prof. Dr. Alexander Alscher, Dr. Benedikt Simon
Rigaer Str. 44
10247 Berlin
Germany
Tel.: +49 (0)30 21230707-0
e-mail: info@samedi.de
The provider’s data protection officer is:
Oliver Guderjahn
External data protection officer / business lawyer (LL. M.)
Kedua GmbH
Eichhorster Weg 80
13435 Berlin
Managing director: Ralf Schulze
HRB 4691 AG Neuruppin
e-mail: datenschutz@samedi.de
3. Log Files
Data is transmitted to us for technical reasons via your Internet browser; particularly in order to provide a secure and stable website. Among other things, the type and version of your Internet browser, the operating system, the website from which you accessed our website (referrer URL), the page(s) of our website that you visit, the date and time of the respective access, as well as the IP address of the Internet connection from which use of our website takes place are collected using these so-called server log files.
The data collected in this manner is temporarily stored, but not together with any other data from you. The legal basis for such storage is provided by Article 6 Paragraph 1 lit. f) of the EU General Data Protection Regulation [GDPR]. Our legitimate interest lies in the improvement, stability, functionality and security of our website.
The data is deleted after seven days at the latest, unless further storage for the purpose of providing evidence is required. Otherwise, data shall be partially or entirely exempt from deletion until an issue has been finally clarified.
4. Cookies
We use cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.
You can manage the cookies via the cookie banner and configure your browser so that you are informed about the placement of cookies and only allow cookies in individual cases, while excluding the acceptance of cookies for certain cases or in general, and activate automatic deletion of cookies once your browser is closed. However, the steps and measures required to this end depend on your specific Internet browser. If you have any questions, please use the help function or documentation provided with your Internet browser or contact the manufacturer or support. Should you prevent or restrict the installation of cookies, then this may, however, result in the fact that not all of our website functions are fully available.
The use of cookies required for operation of the homepage is based on Section 12 et seq. of the German Tele-Media Law [TMG] in accordance with Article 5 Paragraph 3 Sentence 2 2. Var. ePrivacy-RL [European Regulation on Privacy and Electronic Communications]. Insofar as other cookies (e.g. cookies for the analysis of your surfing behaviour) are stored, these shall be treated separately in this Privacy Policy.
a) First-party cookies
Provider: samedi
Name: _vaccination_booking_session
Use: Session ID
Validity period: Session is deleted when the Internet browser is closed
Legal basis: Section 12 et seq. of the German Tele-Media Law [TMG] in accordance with Article 5 Paragraph 3 Sentence 2 2. Var. ePrivacy-RL [European Regulation on Privacy and Electronic Communications]
b) Third-party cookies
We do not use third-party cookies.
c) Removal Option
You may prevent or restrict the installation of cookies through the appropriate setting of your Internet browser. You may also delete cookies that have already been saved at any time. However, the steps and measures required to this end depend on your specific Internet browser. If you have any questions, please use the help function or documentation provided with your Internet browser or contact the manufacturer or support.
Should you prevent or restrict the installation of cookies, then this may, however, result in the fact that not all of our website functions are fully available.
5. Processing Your Personal Data
You have the possibility to book appointments for your vaccination against the novel coronavirus via the samedi COVID-19 vaccination appointment booking system. Personal data will be collected in the process:
- your gender
- your name and surname
- your address
- your date of birth
- your mobile phone number
- your e-mail address
This data is collected and processed on the basis of Article 6 Paragraph 1 lit. a. We use your e-mail address as well as your mobile phone number to send you e-mails or text messages via SMS with appointment confirmations and appointment reminders. Any personal data that you enter (with the exception of the e-mail address and mobile phone number) is encrypted end-to-end directly in your web browser, so that only the institution where you book the appointment is able to decrypt this data again.
6. Routine Erasure and Blocking of Personal Data
Unless otherwise stated in this Privacy Policy, personal data shall only be stored for the period of time required for the purpose of storage, unless otherwise required by law. After the purpose of storage has ceased to apply, personal data will be routinely blocked or erased in accordance with statutory provisions.
7. Other Processors
We share your data with service providers who support us in the operation of our websites and related processes within the scope processing in accordance with Article 28 of the EU General Data Protection Regulation [GDPR]. These are, for example, hosting service providers. Our service providers are strictly bound by our instructions and correspondingly obliged by way of agreement.
In the following, we name the processors with whom we work, if we have not already done so in the preceding text of the Privacy Policy. If data is transferred outside the EU or EEA in this context, then we provide information on the appropriate level of data protection.
- Filoo GmbH, Rhedaer Straße 25, 33330 Gütersloh: hosting services
Data security is regulated by a processing agreement. - retarus GmbH, Aschauer Straße 30, 81549 Munich: e-mail and SMS-dispatch
Data security is regulated by a processing agreement. - Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA: hosting services.
Data security is regulated via a standard contractual clause.
(NOTE: No personal data will be transferred to third countries within this scope) - FLOW.AI, Burgemeester Brokxlaan 12, 5041 SB Tilburg, The Netherlands: Chatbot (only when accessed via www.impfen-saarland.de)
Data security is regulated by a processing agreement.
8. Rights of Users and Data Subjects
With regard to the data processing described above, users and data subjects shall be entitled to
a) Right of access
You have the right of access to the personal data processed with regard to your person; that is, you have the right to obtain confirmation as to whether your personal data are processed or not. Insofar as this is the case, you have the right to access the personal data processed about you and certain additional information, as well as to receive a copy in a commonly used electronic format.
b) Right to rectification
You have the right to have inaccurate personal data concerning you corrected as well as the right to have incomplete personal data completed.
c) Right to erasure
You have the right to erasure of your personal data, subject to restrictions under applicable law. This is the case, for example, if the personal data are no longer necessary in relation to the purposes for which they are processed, you withdraw your consent and there is no other legal ground for the processing, or the processing of your personal data is not required for compliance with a legal obligation, or for the assertion, exercise or defence of legal claims.
d) Right to restriction of processing
You have the right to restrict your personal data, for example if you contest its accuracy or if you have objected to the processing as described above. In both cases, this right applies during the processing and verification of your request by us.
e) Right to withdraw your consent to data processing
If you have consented to a certain type of processing, then you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
f) Right to data portability
You have the right to have data that we automatically process on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a commonly used, machine-readable format. If you request direct transfer of the data to another controller, then this will only be done to the extent technically feasible.
g) Right to object
You have the right to object if the processing is based on the weighing of interests in accordance with Article 6 Paragraph 1 Sentence 1 lit. e) or f) EU GDPR in order to request a reassessment of interests or to object to direct marketing. We will then carry out a new assessment and continue processing your personal data, despite your objection, only if we can demonstrate compelling legitimate grounds that override your interests.
h) Right to lodge a complaint with the competent supervisory authority
You may file a complaint if you believe that we have violated applicable data protection provisions in the processing of your personal data.
In addition, the provider shall be obliged to inform all recipients to whom data has been disclosed by the provider about any correction or erasure of data or restriction of processing that takes place on the basis of Articles 16, 17 Paragraph 1, 18 of the EU General Data Protection Regulation. However, this obligation shall not obtain insofar as this notification is impossible or involves disproportionate effort. Notwithstanding the above, the user shall have a right to information about these recipients.