A. GENERAL PATIENT INFORMATION ON DATA PROTECTION
Dear Patients,
We, i.e., depending on where you are a patient either the Klinik Buchinger Wilhelmi GmbH clinic in Überlingen or the Clinica Buchinger Wilhelmi SA clinic in Marbella, process your personal data and also your medical data in various contexts. During this process, we respect your right to data protection, your privacy and your other rights and freedoms. On the basis of the General Data Protection Regulation (GDPR), we would like to inform you of the purposes for which our clinic collects, saves or shares data and what the legal basis applies for this. We would also like to inform you of what rights you have as a data subject in relation to your data.
1. For what purposes is my data processed?
1.1 Registration form
The following data is sent via the registration form:
- Master data, particularly your name, form of address, date of birth, gender, nationality
- Contact details, particularly your address, telephone number and email address
- General health information, particularly body size and weight, if applicable: allergies and intolerances (food/medications)
- Mandatory information on medical history, particularly medication, contraindicative illnesses for fasting
This data is required based on Art. 6 (1), sentence 1, (b) of the GDPR or, in the case of health data, based on Art. 9 (2) (h) of the GDPR for the purpose of preparing for, putting into effect and processing your stay in our clinics.
If you give us your consent, we will also collect other data, such as your title, your place of birth, your occupation, your name, your emergency contacts’ phone numbers and the reason for your stay. The legal basis for processing volunteered data is Art. 6 (1), sentence 1, (a) of the GDPR in the case of consent, or Art. 9 (2) (a) of the GDPR in the case of health data.
1.2 Medical treatment
The data processing is performed for the purpose of medical treatment. To this end, we process your personal data, particularly your health data. This includes medical histories, diagnoses, proposed treatments and findings that we or other doctors/psychotherapists collect. For these purposes, other doctors or psychotherapists who are treating you may also provide us with data (e.g. in doctor’s letters).
The collection of health data is essential for your treatment. If the necessary information is not provided, it is not possible to provide treatment with due care.
The legal basis for the processing of your data for the purposes of care (particularly treatment and therapy) is Art. 9 (2) (h), Art. 3 and Art. 6 (1), sentence 1, (b) GDPR in conjunction with the applicable national legal regulations.
If you are a patient at the Klinik Buchinger Wilhelmi GmbH clinic in Überlingen, these are particularly section 22 (1) no. 1 (b) and section 27 (1) of the German Data Protection Act (BDSG), sections 630 ff. of the German Civil Code (BGB) and section 295 of Book Five of the German Social Code (SGB V).
If you are a patient at the Clinica Buchinger Wilhelmi SA in Marbella, these are particularly Art. 16 of the Law of 41/2002 of 14 November 2002, the basic law governing patient autonomy and the rights and obligations relating to clinical information and documentation.
In other cases, we only process personal data if the processing is necessary to fulfil our legal and supervisory obligations or if you have consented to the processing of your personal data (Art. 6 (1), sentence 1, (a) and Art. 9 (2), sentence 1, (a) GDPR).
2. Who has access to my data?
The persons involved in the treatment have access to your data; this may also include doctors from other departments involved in cross-disciplinary treatment or – to a limited extent – administration, if this is necessary for billing your stay or for auditing reasons.
For the specified processing purposes, service providers and vicarious agents that we engage may also have access to personal data. We only transfer your personal data to third parties where this is permitted legally or if you have consented to this. Recipients of your personal data may above all be other doctors/psychotherapists, other healthcare professionals, health insurance companies, the Association of Statutory Health Insurance Physicians (KV), the Health Insurance Medical Service (MDK), laboratories and pathological institutes and private medical clearing houses. All persons are either subject to a statutory duty of confidentiality or contractually bound to maintain confidentiality to the degree required by law. Confidential handling of your data is guaranteed.
Ultimately, we may use and share your data with authorities and/or courts as necessary or appropriate to comply with our legal obligations (Art. 6 (1), sentence 1, (c) GDPR).
3. How long will my data be stored for?
We generally erase personal data when the purpose for storing the same ceases to apply. A continuing purpose may particularly exist if the data is still needed to provide contractual services or to be able to examine and grant or defend against claims asserted by patients. We will erase data processed based on your consent as soon as you revoke your consent, subject to legal or contractual obligations to retain data. We check at regular intervals whether the purpose of storage has ceased to apply or whether retention is still necessary.
In the case of statutory retention obligations, which in the case of health data may range from 10 to 30 years, erasure is only considered once the respective retention periods have elapsed.
In the case of processing and storage of data for scientific purposes, we erase personal data after 10 years in accordance with the recommendations set out by the German Research Foundation (DFG).
4. What rights do you have?
You have numerous rights vis-à-vis us under the GDPR. You will find them outlined in detail in the following description entitled ‘Your data protection rights’ (under C.). Automated decision-making, monitoring or evaluation systems are not used.
5. Who can I contact if I have any questions?
Controllers:
Überlingen site
Klinik Buchinger Wilhelmi GmbH
represented by Leonard Wilhelmi
Wilhelm-Beck-Str. 27
88662 Überlingen (Germany)
T +49 7551 807-0
info@buchinger-wilhelmi.com
Marbella site
Clinica Buchinger Wilhelmi SA
represented by Victor Wilhelmi
Avda. Buchinger 15
29602 Marbella (Spain)
T +34 952 76 43 00
clinica@buchinger-wilhelmi.es
Data Protection Officer(s):
Überlingen site
Herr RA Ulf Neumann, LL.M.
Lederstraße 134
72764 Reutlingen
Telefon: +49 7121 347654-0
Fax: +49 7121 347654-9
E-Mail: info@neumann.law
Marbella site
Ivan González
Privacidad Global S.L.
T +34 951 51 64 19
dpo@buchinger-wilhelmi.es
6. Update
We reserve the right to adapt the content of this privacy policy at any time. This usually takes place when we are further developing or adapting our services.
B. DATA PROTECTION INFORMATION FOR THE APP AND DATA WAREHOUSING
We – i.e. Buchinger Wilhelmi clinics and Buchinger Wilhelmi Development & Holding GmbH (hereinafter referred to as ‘Development Holding’) – further process your personal and also medical data in various contexts, particularly when you use our app. On the basis of the General Data Protection Regulation (GDPR), we would like to inform you of the purposes for which we collect, save or share your data for our app and data warehousing and what legal basis applies for this.
In principle, the Buchinger Wilhelmi clinic where you are staying (hereinafter referred to as the ‘clinic’) is responsible for processing your data. In Germany, this is the Klinik Buchinger Wilhelmi GmbH clinic in Überlingen and, in Spain, the Clinica Buchinger Wilhelmi SA clinic in Marbella. Insofar as data is processed for operating and developing the app or for research purposes, the clinic and Buchinger Wilhelmi Development & Holding GmbH (hereinafter jointly referred to as ‘we’) are jointly responsible for processing your data.
1. What personal data are processed?
With your consent, we collect and process your personal and health data (hereinafter collectively referred to as ‘data’). This data may include
- Master data, particularly your name, form of address and date of birth
- Contact details, particularly your address, telephone number and email address
- General health information, particularly your weight, BMI, height, blood pressure, temperature and pulse
- Dates of stay, particularly your arrival and departure dates, the length of your stay, your room category, dates of fasting and total number of stays
- Treatment data, particularly treatment recommendations, activities carried out, findings and, in each case, the date/time and duration of treatment
- Your medical history, particularly your medication, current medical complaints, previous illnesses and reasons for treatment
- Blood values, particularly erythrocyte sedimentation rate, erythrocytes, haematocrit, haemoglobin, leukocytes, thrombocytes, prothrombin time, glucose, HOMA index, alkaline phosphatase, gamma-GT, cholesterol values, triglycerides, calcium, potassium, magnesium, sodium, uric acid, urea, urine status and vitamin D-25
- Other treatment-related data, particularly your alcohol consumption, other consumption toxins, food intolerances and allergies
2. Why is my data processed?
We use your data for the following purposes:
2.1 Developing and using our app
Provided that we have your express consent in accordance with Art. 6 (1), sentence 1, (a) and Art. 9 (2) (a) of the GDPR, we will use your data for the development and use of our app, which is intended to facilitate the preparation of your stay with us, to increase the quality of your treatment with us and to optimise the follow-up to the course of treatment. To this end, the app offers the following functions in particular:
- Before your stay, you will be prepared for course of treatment in our clinics in the best possible way using the app by changing your diet and lifestyle habits, so that you can derive the greatest benefit from fasting.
- We use your data in particular to plan and implement a treatment process that is individually adapted to you. In addition to medical examinations, this particularly includes preparing treatment proposals, treatment by our medical specialists and monitoring of your health during fasting.
- During your stay with us, the app will be used to transfer knowledge, as well as to improve the quality of processes. For example, based on your health data, you may receive individually tailored recommendations with regard to physical activity and/or nutrition. In addition, it will be possible in the future to view the progress curves of your health data (e.g. weight, blood pressure) using the app and to track their progress during the course of fasting treatment yourself.
- After your stay in our clinics, the app will accompany you back into your everyday life, help to consolidate the success of the course of treatment with us and assist you with continuing to work on your goals with the likes of information from the fields of science and behavioural psychology, with cooking, meditation and physical activity videos, as well as daily explanations relating to healthy living.
2.2 Further developing and improving the services offered in our clinics
Provided that we have been granted separate consent in accordance with Art. 6 (1), sentence 1, (a) and Art. 9 (2) (a) of the GDPR, we evaluate the clinic visitors’ health data in pseudonymised form. The acquired data allows us to continuously improve our range of treatments, particularly the recommendations of the best treatments for each initial indication, with a view to making therapeutic fasting even more efficient and successful for patients in the future.
2.3 Scientific research purposes
Provided that we have received the relevant consent in accordance with Art. 6 (1), sentence 1, (a) and Art. 9 (2) (a) of the GDPR, we evaluate patient data to further explore the advantages and benefits of therapeutic fasting with the help of your data. Insofar as this analysis reveals important findings, we reserve the right to publish them anonymously to promote the common good. We have published several studies on the health effects of long-term fasting in the past and are world leaders in this field of research.
2.4 Ensuring the continuity of your individual treatment
If you have already been to one of our clinics in the past, we can access the historical data to improve the quality of your treatment and build on the successes already achieved. If you have been to one of our clinics at another site, this clinic may – provided you have given your consent in accordance with Art. 6 (1), sentence 1, (a) and Art. 9 (2) (a) of the GDPR – transfer the personal data collected from you to us for the purposes of preparing and implementing your fasting stay, with a view to ensuring the best possible quality of your course of treatment across clinics.
2.5 Sending our newsletter
Provided that you have expressly consented in accordance with Art. 6 (1), sentence 1, (a) of the GDPR, we collect your email address, name, gender and preferred language using the app so as to send you our newsletter with information about the services offered and news on a regular basis.
3. Where is my data collected from?
We collect the relevant data from you personally, based on the likes of the information you provide in the registration form and based on the data you enter yourself in the app. We also collect health data from doctors and medical specialists at our clinics.
4. Who has access to my data?
First of all, you have access to your data yourself. In particular, you will be able to view and track the progress of your health data, such as blood pressure, weight, lab values, etc., and track your activities in the future using a dashboard in the app.
Doctors and medical specialists at our clinics also have access to your data, including health data, insofar as they are involved in your treatment. Our staff are subject either to what is known as ‘professional secrecy’ or to a contractual duty to maintain confidentiality. Confidential handling of your data is guaranteed at all times.
For the development and operation of the app, as well as for internal and external research purposes, we transfer data to our parent company (Development Holding) subject to your consent. A limited number of Development Holding employees, who are also subject to a contractual duty to maintain confidentiality, have access to the data – to the extent necessary for this purpose – to ensure the development and operation of the app and to evaluate the data for the research purposes described.
For the specified processing purposes, service providers and vicarious agents that we engage (particularly IT service providers) may also have access to personal data; these service providers and vicarious agents are either subject to statutory duties to maintain confidentiality (in Germany pursuant to Section 203 (3) and (4) of the German Criminal Code (StGB)) or have contractually undertaken to maintain confidentiality to the extent required by law.
Any further (automatic) access to the data stored in our clinic systems does not take place. We may otherwise use and disclose your information only if you have given your consent.
5. Miscellaneous
With regard to how long your personal data is saved for, your rights regarding your data and contacts for data protection questions and the updating of this data protection information, the information provided in the general patient information on data protection under A. 3.–6. also applies for our app and our data warehousing accordingly.
C. YOUR DATA PROTECTION RIGHTS
You have various rights vis-à-vis us. We would like to inform you of them below. Details on your rights can also be found in Art. 15 to 21 of the General Data Protection Regulation (GDPR). The supplementary provisions of national law are given in sections 32 to 37 of the German Data Protection Act (BDSG) for the Klinik Buchinger Wilhelmi GmbH clinic in Überlingen and in Art. 18 of the Law of 41/2002 of 14 November 2002 governing patient autonomy and the rights and obligations relating to clinical information and documentation for the Clinica Buchinger Wilhelmi SA clinic in Marbella.
To assert your rights, please (informally) contact:
Überlingen site
Klinik Buchinger Wilhelmi GmbH
Wilhelm-Beck-Str. 27
88662 Überlingen (Germany)
T +49 7551 807-0
info@buchinger-wilhelmi.com
Marbella site
Clinica Buchinger Wilhelmi SA
Avda. Buchinger 15
29602 Marbella (Spain)
T +34 952 76 43 00
clinica@buchinger-wilhelmi.es
Right of access and right to a copy of data
You have the right to receive information from us about whether we process data about you, what data we process about you and what recipients or categories of recipients your data has been or will be disclosed to. We can also provide you with a copy of this data.
Right to rectification
You have the right to have us rectify without delay any information about you that is not or is no longer accurate. You have the right to request that your incomplete personal data be completed.
Right to erasure
You have the right to request that we erase your personal data without delay if one of the following grounds applies:
- Your data is no longer necessary for the purposes for which it was collected or otherwise processed or the purpose has been achieved;
- You revoke your consent and there is no other legal basis for processing;
- Your personal data has been processed unlawfully;
- The erasure of your personal data is necessary for compliance with a legal obligation under Union or national law that we are subject to.
Please note that your right of erasure may be restricted by law. This particularly includes the restrictions listed in Art. 17 of the GDPR and Section 35 of the German Federal Data Protection Act (BDSG).
Right to restriction of processing
You have the right to request that we restrict the processing of your personal data if one of the following conditions is met:
- You dispute the accuracy of your personal data for a period of time that allows us to verify the accuracy of the personal data;
- Processing is unlawful and you object to the erasure of the personal data and instead request that the use of your personal data be restricted;
- We no longer need your personal data for the purposes of processing, but you need the same to assert, exercise or defend legal claims; or
- You have objected to the processing as long as it has not yet been determined whether our legitimate interests take precedence over yours.
If you have obtained a restriction on processing in accordance with the above list, we will inform you before the restriction is lifted.
Right of revocation of consent
As a data subject under the GDPR, you may revoke the consent you gave to us at any time with effect for the future. If you revoke your consent, the lawfulness of the data processing carried out up until that point in time will not be affected.
Right to data portability
You have the right to receive your records in a commonly used, machine-readable format and to transfer the same to others. Details and restrictions can be found in Art. 20 of the GDPR. Exercising this right will not affect your right to erasure.
Rights to lodge a complaint with the supervisory authority
If you believe that our processing of your data violates the applicable data protection law, you have the right to lodge a complaint with one of the competent supervisory authorities, i.e. the respective supervisory authority in the member state of your place of residence, your place of work or the place of the alleged data protection violation. The supervisory authorities responsible for our clinics are:
Überlingen site
Baden-Württemberg State Commissioner for Data Protection and Freedom of Information
Königstr. 10a
70173 Stuttgart
Marbella site
Agencia Española de Protección de Datos
Calle Jorge Juan 6
28001 Madrid
If you have any questions, please feel free to contact us.
Your clinic team