V 2.0, Status 16.05.2022
A. GENERAL INFORMATION
we, i.e., depending on where you are a patient, either Klinik Buchinger Wilhelmi GmbH in Überlingen or Clinica Buchinger Wilhelmi SA in Marbella, process your personal and also medical data in different contexts. In doing so, we respect your right to data protection, your privacy and your other rights and freedoms. On the basis of the General Data Protection Regulation (GDPR), we would like to inform you about the purposes for which our clinic collects, stores or passes on data, as well as the legal basis on which this is done. We would also like to inform you about the rights you have as a data subject with regard to your data.
1. For what purposes will my data be processed?
1.1 Registration form
The following data will be transmitted via the registration form:
- Master data, in particular name, title, date of birth, gender, nationality
- Contact details, in particular: Address, telephone number, e-mail address
- General health information, especially height and weight, if available: Allergies and intolerances (food/medication).
- Mandatory information on medical history, especially medication, contraindicative diseases for fasting.
This data is required on the basis of Art. 6 (1) sentence 1 lit. b DSGVO or, in the case of health data, on the basis of Art. 9 (2) lit. h DSGVO for the preparation, implementation and processing of the stay in our clinics.
If you give us your consent, we also collect further data such as title, place of birth, occupation, name and telephone number of emergency contacts and your motivation for the stay. The legal basis for the processing of the voluntarily provided data is Art. 6 para. 1 p. 1 lit. a DSGVO in case of consent or Art. 9 para. 2 lit. a DSGVO in case of health data.
1.2 Curative treatment
Data processing is carried out for curative treatment. For this purpose, we process your personal data, in particular your health data. This includes medical histories, diagnoses, therapy suggestions and findings that we or other doctors/psychotherapists collect. For these purposes, other doctors or psychotherapists with whom you are receiving treatment may also provide us with data (e.g. in doctor’s letters).
The collection of health data is a prerequisite for your treatment. If the necessary information is not provided, careful treatment cannot take place.
The legal basis for processing your data for the purpose of care (in particular treatment and therapy) is Art. 9 (2) (h), (3) and Art. 6 (1) sentence 1 (b) of the GDPR in conjunction with the relevant national legislation.
Insofar as you are a patient of the Buchinger Wilhelmi GmbH Clinic in Überlingen, these are in particular § 22 para. 1 no. 1 b) and § 27 para. 1 of the Federal Data Protection Act (BDSG), §§ 630 ff. German Civil Code (BGB) and § 295 of the Fifth Book of the German Social Code (SGB V).
As far as you are a patient of Clinica Buchinger Wilhelmi SA in Marbella, this is in particular art. 16 of Law 41/2002, of November 14, the fundamental law regulating patient autonomy and rights and obligations regarding clinical information and documentation.
In other cases, we will only process your personal data if the processing is necessary to fulfill our legal and supervisory obligations or if you have consented to the processing of your personal data (Art. 6 para. 1 sentence 1 lit. a) and Art. 9 para. 2 lit. a) DSGVO).
2. Who has access to my data?
The persons involved in the treatment have access to your data, which may include, for example, physicians from other departments participating in interdisciplinary treatment or – to a limited extent – the administration, insofar as this is necessary for the billing of your stay or for reasons of auditing.
For the specified processing purposes, service providers and vicarious agents employed by us may also have access to personal data. We will only transfer your personal data to third parties if this is permitted by law or you have consented. Recipients of your personal data may primarily be other physicians / psychotherapists, members of other health care professions, health insurance companies, the Association of Statutory Health Insurance Physicians, the Medical Service of Health Insurance Companies, laboratories and pathology institutes as well as private medical clearing houses. In addition, Buchinger Wilhelmi Development & Holding GmbH supports the two clinics in various processing operations. All persons are either subject to a legal obligation to maintain confidentiality or have contractually agreed to maintain confidentiality to the extent required by law. The confidential handling of your data is guaranteed.
Finally, we may use and disclose your data to authorities and/or courts as necessary or appropriate to comply with our legal obligations (Art. 6 para. 1 p. 1 lit. c DSGVO).
3. How long will my data be stored?
We generally delete personal data when the purpose for storing it no longer applies. A continuing purpose may exist in particular if the data is still needed to provide contractual services or to be able to check and grant or defend against patient claims. We generally delete data processed on the basis of consent – subject to legal or contractual retention obligations – as soon as you revoke your consent. We check at regular intervals whether the purpose of storage no longer applies or whether storage is still necessary.
In the case of statutory retention obligations, which can range from 10 to 30 years for health data, deletion is only considered after the respective retention periods have expired.
In the case of processing and storage of data for scientific purposes, we delete personal data in accordance with the recommendations of the German Research Foundation (DFG) after 10 years.
4. What rights do i have?
You have numerous rights vis-à-vis us under the GDPR, which you can find in detail in the following presentation “Your rights under data protection” (under C.). Automated decision-making, monitoring or evaluation systems are not used.
5. Who can I contact if I have any questions?
Klinik Buchinger Wilhelmi GmbH
Represented by Leonard WilhelmiWilhelm-Beck-Str. 27
88662 Überlingen (Germany)
T +49 7551807-0
Clinica Buchinger Wilhelmi SA
Represented by Victor Wilhelmi
Avda. Buchinger 15
29602 Marbella (Spain)
T +34 952 76 4300
Data Protection Officer(s):
Mr. RA Ulf Neumann, LL.M.
Phone: +49 7121 347654-0
Fax: +49 7121 347654-9
Privacidad Global S.L.
T +34 951 51 6419
B. SPECIAL PROCESSING OPERATIONS
We, i.e. Buchinger Wilhelmi Kliniken and Buchinger Wilhelmi Development & Holding GmbH (hereinafter referred to as “Development Holding”), continue to process your personal and also medical data in various contexts, in particular when you use our app. On the basis of the General Data Protection Regulation (DSGVO), we would like to inform you about the purposes for which we collect, store or forward your data to support your medical treatment and your stay, as well as for other purposes, and the legal basis on which this is done.
In principle, the Buchinger Wilhelmi clinic where you are staying (hereinafter referred to as the “clinic”) is responsible for processing your data. In Germany, this is the Buchinger Wilhelmi GmbH clinic in Überlingen and in Spain the Clinica Buchinger Wilhelmi SA in Marbella. In addition, Buchinger Wilhelmi Development & Holding GmbH supports the two clinics in various processing operations. In part the clinics and Buchinger Wilhelmi Development & Holding GmbH are jointly responsible for the processing of your data (hereinafter jointly referred to as “we”).
1. What personal data is processed?
With your consent, we collect and process your personal and health data (collectively referred to as “data” below). This data may include
- Master data, in particular name, title, date of birth
- Contact details, in particular address, telephone number, e-mail address
- General health information, especially weight, BMI, height, blood pressure, temperature, pulse
- Dates of stay, especially arrival and departure dates, length of stay, room category, fasting dates, total stays
- Treatment data, in particular therapy recommendations, activities performed, findings, in each case date/time and duration of treatment
- Your medical history, especially medication, current medical complaints, previous illnesses, reasons for therapy
- Blood values, especially erythrocyte sedimentation rate, erythrocytes, hematocrit, hemoglobin, leukocytes, platelets, Quick, glucose, HOMA index, alkaline phosphatase, gamma-GT, cholesterol values, triglycerides, calcium, potassium, magnesium, sodium, uric acid, urea, urine status, vitamin D-25
- Other data relevant to treatment, in particular alcohol consumption, other consumption toxins, food intolerances, allergies
2. Why is my data being processed?
We use your data for the following purposes:
2.1 Development and operation of our app
Provided we have your express consent in accordance with Art. 6 (1) p. 1 lit. a) and Art. 9 (2) lit. a) DSGVO, we will use your data for the development and operation of our app, which is intended to facilitate the preparation of your stay with us, increase the quality of your treatment with us and optimize the follow-up of the cure. For this purpose, the app offers the following functions in particular:
- Before your stay, you will be prepared for the cure in our clinics in the best possible way via the app by changing your diet and lifestyle habits in order to get the most out of fasting.
- We use your data in particular for the planning and implementation of a treatment individually adapted to you. In addition to medical examinations, this includes in particular the preparation of therapy proposals, treatment by our medical staff and the monitoring of your health during fasting.
- During your stay with us, the app serves to impart knowledge and improve the quality of processes. For example, based on your health data, you can receive recommendations tailored to your individual needs with regard to sports and/or nutrition. In addition, it will be possible in the future to view the progress curves of your health data (e.g. weight, blood pressure) via the app and to track their progress during the fasting cure yourself.
- After your stay in our clinics, the app accompanies you back to your everyday life and, for example, with information from the fields of science and behavioral psychology, with cooking, meditation and sports videos, as well as daily explanations of healthy living, helps to consolidate the success of the cure with us and helps you to continue working on your goals.
2.2 Further development and improvement of the range of services in our clinics
As far as is permitted by law according to Art. 6 para. 1 p. 1 lit. b) and f ) and Art. 9 para. 2 lit. h), i) and j ) DSGVO , we evaluate the health data of the clinic visitors pseudonymized. With the data obtained, we can continuously improve our range of treatments and in particular the recommendations of the best therapies per initial indication, in order to make therapeutic fasting even more efficient and successful for patients in the future.
2.3 Scientific research purposes
As far as is allowed by law according to Art. 6 para. 1 p. 1 lit. b ) and f) and Art. 9 para. 2 lit. h ), i) and j) DSGVO , we analyze patient data in order to further explore the advantages and benefits of therapeutic fasting with the help of your data. To the extent that important findings emerge from this analysis, we reserve the right to publish them in anonymized form to promote the public good. We have published several studies on the health effects of long-term fasting in the past and are world leaders in this area of research.
2.4 Ensuring the continuity of your individual treatment
If you have already been to one of our clinics in the past, we can access the historical data in order to improve the quality of your treatment and build on the successes already achieved. If you have been to one of our clinics at another location, this clinic can – assuming your consent in accordance with Art. 6 (1) p. 1 lit. a) and Art. 9 (2) lit. a) DSGVO – transfer the personal data collected from you to us for the preparation and implementation of your fasting stay, in order to ensure the best possible quality of your cure across clinics.
If you have expressly consented in accordance with Art. 6 (1) p. 1 lit. a) DSGVO, we collect your email address, name, gender and preferred language via the app for the purpose of regularly sending you our newsletter with information on offers and news.
3. Where is my data obtained from?
We collect the relevant data from you ourselves, for example based on the information you provide in the registration form and on the data you enter yourself in the app. We also collect health data from physicians and medical professionals in our clinics.
4. Who has access to my data?
First, you have access to your data yourself. In particular, you will be able to view and track the progress of your health data, such as blood pressure, weight, lab values, etc., and track your activities in the future via a dashboard in the app.
Doctors and medical staff at our clinics also have access to your data, including health data, insofar as they are involved in your treatment. Our personnel are either subject to the so-called professional secrecy or to a contractual obligation of confidentiality. The confidential handling of your data is guaranteed at all times.
For the development and operation of the app as well as for internal and external research purposes, we transfer data – subject to your consent – to our parent company, Development Holding. A limited number of employees of Development Holding, who are also subject to a contractual duty of confidentiality, have access to the data – to the extent necessary for this purpose – in order to provide for the development and operation of the app and to evaluate the data for the research purposes described.
For the specified processing purposes, service providers and vicarious agents (in particular IT service providers) employed by us may also have access to personal data; these service providers and vicarious agents are either subject to statutory confidentiality obligations (in Germany pursuant to Section 203 (3) and (4) of the German Criminal Code (StGB)) or have contractually agreed to maintain confidentiality to the extent required by law.
There is no further (automatic) access to the data stored in our clinic systems. We can only use and disclose your information elsewhere if you have given your consent.
With regard to the duration of the storage of your personal data, your rights regarding your data and contact persons for data protection issues as well as the updating of this data protection notice, the information provided in the General Patient Information on Data Protection under A. 3. – 6. also applies accordingly to these special processing operations.
C. YOUR RIGHTS UNDER DATA PROTECTION
You have various rights vis-à-vis us, which we would like to inform you about in the following. You will also find details of your rights in Articles 15 to 21 of the General Data Protection Regulation (DSGVO). The supplementary provisions of national law can be found for the Klinik Buchinger Wilhelmi GmbH in Überlingen in Sections 32 to 37 of the Federal Data Protection Act (BDSG) and for the Clinica Buchinger Wilhelmi SA in Marbella in Article 18 of Law 41/2002 of November 14, 2002, which regulates patient autonomy and rights and obligations with regard to clinical information and documentation.
To assert your rights, please contact (informally):
Klinik Buchinger Wilhelmi GmbHWilhelm-Beck-Str. 27
88662 Überlingen (Germany)
T +49 7551 807-0
Clinica Buchinger Wilhelmi SA
Avda. Buchinger 15
29602 Marbella (Spain)
T +34 952 76 43 00
Right to information and right to copy data
You have the right to receive information from us about whether and which data we process about you and to which recipients or categories of recipients your data have been or will be disclosed. In addition, we may provide you with a copy of this data.
Right to rectification
You have the right to request that we correct information about you that is not or no longer accurate without undue delay. You have the right to request that we complete your incomplete personal data.
Right to deletion
You have the right to request that we delete your personal data without delay if one of the following reasons applies:
- Your data is no longer necessary for the purposes for which it was collected or otherwise processed, or the purpose has been achieved;
- You revoke your consent and there is no other legal basis for the processing;
- Your personal data have been processed unlawfully;
- the deletion of your personal data is necessary for compliance with a legal obligation under Union or national law to which we are subject.
Please note that your right to deletion may be restricted by legal provisions. These include in particular the restrictions listed in Art. 17 DSGVO and § 35 BDSG.
Right to restriction of processing
You have the right to request us to restrict the processing of your personal data if one of the following conditions is met:
- You dispute the accuracy of your personal data for a period of time that allows us to verify the accuracy of the personal data;
- the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of your personal data;
- we no longer need your personal data for the purposes of processing, but you need them for the assertion, exercise or defense of legal claims, or
- You have objected to the processing as long as it has not yet been determined whether our legitimate grounds outweigh yours.
If you have obtained a restriction on processing in accordance with the above list, we will inform you before the restriction is lifted.
Right of withdrawal for consents
As a data subject within the meaning of the GDPR, you may revoke your consent given to us at any time with effect for the future. If you revoke your consent, the lawfulness of the data processing carried out up to that point will not be affected.
Right to data portability
You have the right to receive your recordings in a common, machine-readable format and to transmit them to others. Details and restrictions can be found in Art. 20 DSGVO. The exercise of this right does not affect your right to erasure.
Rights to complain to the supervisory authority
If you believe that the processing of your data by us violates applicable data protection law, you have the right to lodge a complaint with one of the competent supervisory authorities, i.e. the respective supervisory authority in the member state of your place of residence, your place of work or the place of the alleged data protection violation. The respective competent supervisory authorities for our clinics are:
State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
70173 Stuttgart, Germany
Agencia Española de Protección de Datos
Calle Jorge Juan 6
If you have any questions, please feel free to contact us.
Your clinic team