Data protection is of a particularly high priority for Polytech Health & Aesthetics GmbH (hereinafter, “POLYTECH”). The use of our App requires the processing of personal data. The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the German data protection regulations applicable to Polytech Health & Aesthetics GmbH. By means of this data protection declaration, we would like to inform the general public and particularly the users of the nature, scope, and purpose of the personal data we collect, use and process in connection with the App. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.
The app is provided to the user with a free of charge license of use contract. As the Controller, Polytech Health & Aesthetics GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of the personal data processed through this App.
This app is destined exclusively to medical professionals with specific credentials, i.e., specialized doctors who are allowed to perform plastic surgery under the laws of their country, because it contains information about implantable medical devices Class III. As a consequence, among the personal data of the user, POLYTECH requests also such credentials, and stores this information.
The App can be downloaded for free, but may only be activated by using a specific token, in the form of an access code provided to POLYTECH’s customers. The Customers’ data is previously collected by POLYTECH through its sales network: upon request from the Customers, their data and professional credentials are entered into a prospective users list, and in turn a personal access token is provided to each Customer. The token is necessary to activate the App after download. In case no activation is completed, the Customer’s data will be erased in a reasonable time. Upon activation, the User may provide consent to the previous collection of personal data.
For a detailed description of these rights and their content and mode of exercise, please read the unabridged here.
1. Name and Address of the Controller
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
2. Name and Address of the Data Protection Officer
The Data Protection Officer of the Controller is contactable:
Polytech Health & Aesthetics GmbH
Altheimer Strasse 32
Any data subject may, at any time, contact our Data Protection Officer directly with all questions, requests and suggestions concerning data protection. In addition, you can always contact the regulator responsible for you with a complaint. The supervisory authority in charge will depend on your country of residence, your work, or the alleged violation. A list of the German non-public-sector supervisory authorities can be requested at:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
3. Collection of general data and information
The App collects a series of general data and information when a data subject is using it. When using these general data and information, Polytech Health & Aesthetics GmbH does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our App correctly, (2) optimize the App as well as its advertisement, (3) ensure the long-term viability of our information technology systems and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, Polytech Health & Aesthetics GmbH analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the log files are stored separately from all personal data provided by a data subject.
4. Routine erasure of personal data
The data Controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, which is to allow the user access and use of the App, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the Controller is subject to. If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely erased in accordance with legal requirements.
5. Rights of the data subject
The rights of the data subject are listed in the following paragraphs. If a data subject wishes to avail himself of any of these rights, he or she may, at any time, contact the Data Protection Officer of the Controller. An employee of Polytech Health & Aesthetics GmbH shall promptly ensure that the request is complied with. Requests concerning rights requiring an immediate action will be followed-up immediately.
a) Right of confirmation
b) Right of access
c) Right to rectification
d) Right to erasure (Right to be forgotten)
e) Right of restriction of processing
f) Right to data portability
g) Right to object
h) Automated individual decision-making, including profiling
i) Right to withdraw data protection consent
6. Legal basis for the processing
Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case with this free of charge license of use agreement, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. If POLYTECH is subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR. Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).
7. The legitimate interests pursued by the controller or by a third party
Where the processing of personal data is based on Article 6(1) lit. f GDPR our legitimate interest is to carry out our business in favor of the well-being of all our employees and the shareholders.