Status: August 19, 2022

This data protection declaration informs you about the processing of your personal data in the context of your use of our website clinomic.ai and the associated functions, as well as our social media presences.

1. Responsible body and contact
The person responsible for data processing is:
Clinomic Medical GmbH
Jülicher Straße 306
52070 Aachen
Telephone: +49 241 89430737
E-mail: apeine@clinomic.ai
If you have any questions or suggestions regarding data protection, or would like to assert your rights, please feel free to contact us using the contact details provided here.

2. Data protection officer
Clinomic Medical GmbH has appointed a data protection officer. You can reach the data protection officer by email at: datenschutzbeauftragter@clinomic.ai.

3. Subject of data protection
The subject of data protection is personal data (hereinafter also simply referred to as data). According to Art. 4 No. 1 of the General Data Protection Regulation (“GDPR”), this is all information that relates to an identified or identifiable natural person.

4. Automated data collection
By accessing this website, the accessing device automatically transmits data for technical reasons. This data is stored separately from other data that you may transmit to us:
• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address

The purpose of the collection and further processing is to deliver the content of our website to you and to make the functions of our website available to you. This is also our legitimate interest, Art. 6 Paragraph 1 Sentence 1 Letter f of GDPR.

The data is stored for the following purposes:
• Ensuring the security of IT systems
• Defending against attacks on our online offering and IT systems
• Ensuring the proper operation of this online offering
• In the event of specific indications of criminal offenses for criminal prosecution, threat prevention or legal action
The IP address is stored for a period of 90 days.

The processing is carried out on the basis of our predominantly legitimate interests mentioned above, Art. 6 Para. 1 lit. f GDPR.

5. Web hosting
We operate our website on servers of our web host RAIDBOXES GmbH, Friedrich-Ebert-Straße 7, 48153 Münster. RAIDBOXES processes your data for us on behalf of us (see Art. 4 No. 8, Art. 28 GDPR), i.e. exclusively in accordance with our instructions. The processing only takes place within the European Union.

6 Contacting us
6.1 Contacting us via our contact form
If you send us an inquiry via our contact form, you must provide
• your name,
• your email address and
• the subject of your inquiry.

We also process the time and date of your inquiry.

Optionally, you have the option of providing further information about your inquiry.

6.2 Inquiries via our contact details
If you send us an inquiry via our contact details (by telephone, fax, email or letter), we process
• your name and
• the type, subject and content of your inquiry
and, depending on the contact method you choose or the contact details you provide:
• your telephone number
• your fax number
• your email address
• your address and
• the time and date of your inquiry as well as the other information you provide us with in your inquiry

6.3 Purpose and legal basis of processing
We process your aforementioned personal data for the purpose of processing the inquiry and any follow-up questions.

Processing is based on Art. 6 (1) (f) GDPR. We have a legitimate interest in the effective processing of your request and, in the case of requests related to contracts, in enabling the initiation and implementation of the respective contractual relationship. If you are a (potential) contractual partner yourself, processing of requests for contracts is carried out for the initiation and implementation of the respective contractual relationship (Art. 6 (1) (b) GDPR).

6.4 Storage period
We store requests for contracts or requests of potentially legal relevance for the general limitation period, i.e. three years from the end of the year in which we received your requests. We store all other requests for a period of 90 days after your request has been fully processed.

Storage is based on our legitimate interest in the proper documentation of our business operations and the safeguarding of our legal positions (Art. 6 (1) (f) GDPR). In the case of inquiries regarding contracts, the data is stored for the purpose of initiating and implementing the respective contractual relationship (Art. 6 Para. 1 lit. b GDPR) or our corresponding legitimate interests (Art. 6 Para. 1 lit. f GDPR).

7. Cookies
We store so-called “cookies” in order to be able to offer certain functions of our website and to optimize the use of our website. Cookies are small files that are stored on your device with the help of your Internet browser.

We only use cookies on our website that are necessary for the operation and functionality of our website (so-called “strictly necessary cookies”). They help to make the website technically accessible and usable and offer essential and basic functionalities, such as navigation on the website or enable the correct display of the website in the Internet browser. Without these cookies, the website cannot function properly.

We use strictly necessary cookies without your consent in accordance with Section 25 Paragraph 2 No. 2 of the Law on Data Protection and the Protection of Privacy in Telecommunications and Telemedia (“TTDSG”). If personal data from these cookies is processed, the processing is carried out to ensure that our website and the functions provided are usable for you. This is also our legitimate interest, Art. 6 Paragraph 1 Sentence 1 Letter f of GDPR.

The strictly necessary cookies listed below are used:
• Name:
• Purpose: User cookies – records sessions
• Provider:
• Lifetime:

We generally store your personal data for the duration of your use of this website.

8 Our social media presences
8.1 Twitter
We maintain a Twitter presence. Our Twitter profile can be accessed at https://twitter.com/clinomicai.

For users outside the USA, Twitter is operated by Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland (“Twitter International”). For users in the USA, the operator is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Twitter International’s privacy policy can be found here: https://twitter.com/de/privacy. There you will also find information about the setting options for your Twitter account.

Please note that Twitter International also transfers personal data to the USA and other third countries outside the European Economic Area for which there is no adequacy decision by the EU Commission. In this case, Twitter International will use the standard contractual clauses approved by the EU Commission in accordance with Art. 46 Paragraph 2 Letter c of GDPR.

8.2 LinkedIn
Our LinkedIn presence can be accessed at https://www.linkedin.com/company/13038229/.

For users based in the European Economic Area and Switzerland, LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn Ireland”). For all other users, the operator is LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085, USA. You can find LinkedIn Ireland’s privacy policy here: https://de.linkedin.com/legal/privacy-policy?trk=organization-guest_footer-privacy-policy. There you will also find information about the setting options for your LinkedIn profile.

LinkedIn Ireland also transfers personal data to the USA and other third countries outside the European Economic Area for which there is no adequacy decision by the EU Commission. Relevant information can be found here: https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=de. Accordingly, LinkedIn regularly uses the standard contractual clauses approved by the EU Commission in accordance with Art. 46 Para. 2 lit. c GDPR.

We are also jointly responsible with LinkedIn Ireland for the processing of so-called Page Insights data when you visit our LinkedIn company page. For this purpose, we have concluded an agreement with LinkedIn Ireland on joint controllership for data processing, which can be viewed here: https://legal.linkedin.com/pages-joint-controller-addendum. LinkedIn Ireland undertakes, among other things, to assume primary responsibility under the GDPR for the processing of Page Insights data and to fulfil all obligations under the GDPR with regard to the processing of Page Insights data. The processing serves our legitimate economic interests in optimising and designing our LinkedIn company page to meet our needs, Art. 6 (1) lit. f GDPR.

We would also like to draw your attention to the following: As part of the so-called Page Insights, we receive non-personal information and analyses from LinkedIn Ireland about the use of our account or interactions with our posts. With this information, we can analyse and optimise the effectiveness of our LinkedIn activities. For this purpose, LinkedIn Ireland processes in particular data that you provide to LinkedIn Ireland about the information in your profile. This includes, for example, the following data:
• Function data,
• Country,
• Industry,
• Seniority,
• Company size and
• Employment status.

In addition, LinkedIn Ireland will process information about how you interact with our LinkedIn company page, e.g. whether you are a follower of our LinkedIn company page.

8.3 Community functions
When you visit our social media presences (Facebook fan page, Twitter, LinkedIn), we process certain data from you, e.g. when you interact with our page or account, like or comment on a post, reply or provide other content. The data processing in this regard is regularly carried out on the basis of our legitimate interest in providing you with the relevant functions on our social media presences (Art. 6 Para. 1 lit. f GDPR), as well as on your consent to the respective operators of the platforms (e.g. Facebook Ireland, Twitter International, LinkedIn Ireland), Art. 6 Para. 1 lit. a GDPR, or your contractual relationship with the operators of the relevant platforms (Art. 6 Para. 1 lit. b GDPR).

We would like to point out that these areas are publicly accessible and that all personal information that you post there or provide when registering can be viewed by others. We cannot control how other users use this information. In particular, we cannot prevent unwanted messages from being sent to you by third parties.

Content posted in community areas can be stored for an unlimited period of time. If you would like us to remove content you have posted, send us an email to the address provided in section 1 above.

9 Applications
9.1 Application by email
If you apply to us by email, we collect the data you provide, in particular
• your name,
• your email address,
• the information about your application that you provide to us and
• the time and date of your application.

9.2 Application via our GoHire page
If you apply to us via our GoHire page, you must provide the following data:
• your name
• your email address
• the job profile you are applying for
• your CV

We also collect the time and date of your application.

Optionally, you have the option of providing additional information and providing a cover letter for your application.

To process your data as part of the application process via our GoHire page, we use the GoHire service of GoHire Technologies LTD, 18 Lakeside Way, Malton, YO17 9PG, United Kingdom (“GoHire”). For the United Kingdom, there is an adequacy decision by the EU Commission in accordance with Art. 45 Para. 1 GDPR, according to which the United Kingdom offers an adequate level of protection. We have engaged GoHire as a processor (see Art. 4 No. 8, Art. 28 GDPR), which means that GoHire processes your data exclusively in accordance with our instructions.

9.3 Purpose and legal basis
We process your aforementioned personal data to receive and process your application or to decide on the establishment of an employment relationship.

The data processing is carried out on the legal basis of Section 26 Para. 1, 3 of the Federal Data Protection Act (“BDSG”).

9.4 Storage period
If we are unable to offer you a position, your application documents will generally be kept for up to 6 months after completion of the respective application process in order to be able to answer any queries related to your application. Further storage may take place if this is necessary for the purpose of providing evidence, in particular for the defence, assertion or enforcement of claims (Art. 6 Para. 1 lit. f GDPR).

In addition, we only store your applicant data if we offer you the option of consent and you have consented to this (Art. 6 Para. 1 lit. a GDPR). You can revoke your consent at any time with effect for the future. To do so, you can contact the contact details given in section 1.
In this case, we will also store your consent and the time at which you gave your consent in order to be able to prove your consent. This processing is based on Art. 6 Para. 1 Sentence 1 lit. c in conjunction with Art. 7 Para. 1 GDPR. We store this data for a period of one year.

10. Automated individual decisions or profiling measures
We do not use automated processing processes to make a decision or for profiling.

11. Transfer of data
In principle, your personal data will only be transferred without your prior consent in the following cases:
11.1 If it is necessary to clarify illegal use of our services or for legal prosecution, personal data will be passed on to external consultants (e.g. lawyers), law enforcement authorities and, if necessary, to injured third parties. However, this only happens if there is concrete evidence of illegal or abusive behavior. Data may also be passed on if this serves to enforce contracts or other agreements. We are also legally obliged to provide information to certain public bodies upon request. These are law enforcement authorities, authorities that prosecute administrative offenses that are subject to fines and the tax authorities. In addition, your personal data may also be passed on if we are exposed to other claims from third parties that may include information about your data. These can in particular be claims by those affected in the context of exercising their rights in accordance with Chapter III of the GDPR. This data is passed on based on our legitimate interest in combating misuse, prosecuting criminal offenses and asserting, exercising or defending claims, Art. 6 Para. 1 lit. f GDPR or on the basis of a legal obligation under Art. 6 Para. 1 lit. c GDPR.

11.2 We rely on contractually affiliated third-party companies and external service providers, so-called “processors” (cf. Art. 4 No. 8, 28 GDPR) to provide the services. In such cases, personal data is passed on to these processors in order to enable them to process the data further. We carefully select these processors and regularly check them to ensure that your rights and freedoms are protected. The processors may only use the data for the purposes specified by us and are also contractually obliged by us to treat your data exclusively in accordance with this data protection declaration and the applicable data protection laws.

In addition to the processors already mentioned in this data protection declaration, we also use the following categories of processors:
o IT service providers
o Cloud service providers
o Hosting service providers
o Software service providers

11.3 As part of administrative processes and the organization of our operations, financial accounting and compliance with legal obligations, such as archiving, we disclose or transmit the same data that we have received in the context of the provision of our contractual services or, if applicable, in connection with the assertion, exercise or defense of claims, to the tax authorities, consultants, such as tax consultants or auditors, as well as other fee offices and payment service providers.
The transfer of this data is based on our legitimate interest in maintaining our business activities, carrying out our tasks and providing our services, Art. 6 Para. 1 lit. f GDPR or on the basis of a legal obligation under Art. 6 Para. 1 lit. c GDPR.

11.4 As part of the further development of our business, the structure of Clinomic GmbH may change by changing the legal form, founding, buying or selling subsidiaries, parts of the company or components. In such transactions, data of our customers and contacts in particular will be passed on together with the part of the company to be transferred. Whenever personal data is passed on to third parties to the extent described above, we ensure that this is done in accordance with this data protection declaration and the relevant data protection laws.

Any passing on of personal data is justified by the fact that we have a legitimate interest in adapting our company structure to the economic and legal circumstances as required, Art. 6 Para. 1 lit. f GDPR.

12 Provision of your data
You are neither legally nor contractually obliged to provide your data, nor is the provision of your data necessary for the conclusion of the contract.

However, the provision of your data is necessary to a certain extent so that we can provide you with the functions on our website and our services. In particular, the provision of your data is necessary so that
• we can receive and process your inquiries,
• we can facilitate the initiation or execution of the contract,
• you can use the community functions in connection with our social media presences.
• so that we can receive and process your application.
If the provision of your data is necessary, we will instruct you when entering data, we will indicate this by marking it as a mandatory field. Providing further data is voluntary. If required data is not provided, this data will mean that we cannot provide the corresponding functions and services, in particular
• we cannot accept and process your inquiries,
• we cannot facilitate the initiation or execution of a contract,
• you cannot use the community functions of our social media presences,
• we cannot consider your application.

As far as voluntary information is concerned, failure to provide the information will mean that we cannot provide the corresponding functions and services or cannot provide them to the usual extent.

As far as we collect voluntary information in connection with your application, failure to provide this information will have no consequences for the application process or our selection decision.

13. Transfer to third countries
We also process data in countries outside the European Economic Area (“EEA”), in so-called third countries, or transfer data to recipients in these third countries. This also includes the USA. Please note that there is currently no adequacy decision by the EU Commission that these third countries generally have an adequate level of data protection. In particular, there is currently no corresponding adequacy decision by the EU Commission for the USA. When structuring contractual relationships with recipients in third countries, we therefore use the standard contractual clauses approved by the EU Commission in accordance with Art. 46 Paragraph 2 Letter c of GDPR. You can request a copy of these standard contractual clauses and information on the additional measures we have taken to ensure an adequate level of data protection using the contact details provided under Section 1.

14. Change of purpose
Your data will only be processed for purposes other than those described if a legal provision permits this or if you have consented to the changed purpose of the data processing. In the event of further processing for purposes other than those for which the data was originally collected, we will inform you of these other purposes before further processing and provide you with all other relevant information.

15. Deletion of your data
Unless otherwise stated in this data protection declaration, we delete or anonymize your data as soon as it is no longer required for the purposes for which we collected or used it in accordance with the above paragraphs. Further storage only takes place if we are legally obliged to do so, Art. 6 Para. 1 lit. c GDPR. If we are legally obliged to store data, we will store your data for the legally prescribed period. Legal requirements for storage can arise in particular from the retention periods of the German Commercial Code (HGB) or the German Tax Code (AO). The retention period according to these regulations is usually between 6 and 10 years from the end of the year in which the corresponding process was completed, e.g. we have finally processed your request or the contract has ended.
• If your data is relevant for the initiation or implementation of contracts, it will be stored for the initiation and implementation of the respective contractual relationship (Art. 6 Para. 1 lit. b GDPR).
• if the data is required for longer for criminal prosecution or to assert, exercise or defend legal claims. This is also our legitimate interest, Art. 6 Paragraph 1 Letter f of GDPR.
If data must be retained for legal reasons, processing will be restricted. The data will then no longer be available for further use.

16 Your rights as a data subject
With regard to the processing of your personal data, you have the rights described below. To assert your rights, you can submit a request by post or email to the address given in Section 1 above.

16.1 Your rights as a data subject Right to information

You have the right to receive information from us at any time upon request about the personal data concerning you that we process within the scope of Art. 15 GDPR and Section 34 BDSG.

16.2 Right to rectification of incorrect data
You have the right to request that we immediately rectify the personal data concerning you if it is incorrect.

16.3 Right to erasure
You have the right to request that we erase the personal data concerning you under the conditions described in Art. 17 GDPR and Section 35 BDSG.

16.4 Right to restriction of processing
You have the right to request that we erase the personal data concerning you in line with the restriction of processing in accordance with Art. 18 GDPR.

16.5 Right to data portability
You have the right to receive from us the personal data concerning you that you have made available to us in a structured, common, machine-readable format in accordance with Art. 20 GDPR.

16.6 Right of objection
You have the right to object at any time to the processing of personal data concerning you, which is carried out on the basis of Art. 6 Para. 1 lit. e or f GDPR, for reasons arising from your particular situation, in accordance with Art. 21 GDPR. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If we process personal data concerning you for the purposes of direct marketing, including profiling, you have the right to object to this processing. After your objection, we will stop processing.

16.7 Right to complain
You have the right to contact a competent supervisory authority if you have any complaints. The supervisory authority responsible for North Rhine-Westphalia is:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestr 2-4
40213 Düsseldorf
Telephone: 0211/38424-0
Fax: 0211/38424-10
E-mail: poststelle@ldi.nrw.de

17. Data processing when exercising your rights
Finally, we would like to point out that we process the personal data you provide when exercising your rights in accordance with Art. 7 Paragraph 3 Sentence 1 GDPR and Art. 15 to 22 GDPR for the purpose of implementing these rights and in order to be able to provide evidence of this and, if necessary, to defend legal positions. In this context, we store your data for three years from the full fulfillment of your rights as a data subject. This processing is based on the legal basis of Art. 6 Para. 1 lit. c GDPR in conjunction with Art. 7 Para. 3 Sentence 1 GDPR and Art. 15 to 22 GDPR and Section 34 Para. 2 BDSG. Insofar as we process the personal data for the purposes of legal defense, this is also our legitimate interest, Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

18. Processing of personal data of business partners
As part of the cooperation with business partners, Clinomic processes personal data of contact persons at customers, suppliers, sales partners and partners (“business partners”). Further information can be found in the Data protection declaration for business partners

You are neither contractually nor legally obliged to provide your personal data, but we can refuse to fulfill your request to exercise your rights as a data subject in accordance with Art. 12 Para. 2 Sentence 2 GDPR if you do not provide us with the data required for your unambiguous identification, if requested.

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.