We at ATGesundheit Institute, run by Rapo Yerape BH Ltd. (“us“, “we“, or “our“) recognize and respect the importance of maintaining the privacy of our customers. This Privacy Notice describes the types of information we collect from you when you visit our website (“Site“), contact us and/or use our consultation services (“Consultation Services“). This Privacy Notice also explains how we process, transfer, store and disclose the information collected, as well as your ability to control certain uses of the collected information. If not otherwise defined herein, capitalized terms have the meaning given to them in the Terms of Service, available at https://www.atgesundheitinstitute.com/terms-of-use/ (“Terms“). “You” means any adult user of the Site and/or Consultation Services, or any parent or guardian of any minor for whom you are using the Consultation Services, and for whom you will be held strictly responsible.
If you are an individual located in the European Union (“EU Individual“), some additional terms and rights may apply to you, as detailed herein. Rapo Yerape BH Ltd. is the data controller in respect of the processing activities outlined in this Privacy Notice. Our registered office is at Migdal Haeder 4, Alon Shevut, Israel 9043300 and our registration number is 515262525. Additional entities who may be serving as separate, independent controllers are listed below. If you have any questions about the processing of your data by us, you may also contact our representative in the European Union Maetzler Rechtsanwalts GmbH & Co KG, or our data protection officer [coming soon].
“Personal Data” means any information that refers, is related to, or is associated with an identified or identifiable individual or as otherwise may be defined by applicable law. This Privacy Notice details which Personal Data is collected by us in connection with provision of the Site and the Consultation Services.
Privacy Notice Key Points
The key points listed below are presented in further detail throughout this Privacy Notice. You can click on the headers in this section in order to find out more information about any topic. These key points do not substitute the full Privacy Notice.
- Personal Data We Collect on the Site and in the course of providing the Consultation Services, Uses and Legal Basis. We collect certain Personal Data that you provide to us, including contact information and any other information which you provide through the ‘patient’ form or general inquiry form voluntarily. We also collect certain Personal Data automatically when you use the Site. We use your Personal Data for various reasons, including to provide you with the Site and Consultation Services, improve our Consultation Services. These processing activities are based on different legal bases including performance of a contract and legitimate interests.
- Medical Data We Collect, Uses and Legal Basis. We collect the medical information you provide to us and to our co-controllers, including by way of filling out the forms we send you or by way of interview. We use such data in order to provide you with the Consultation Services. These processing activities are based on consent.
- Sharing the Personal Data We Collect. We share the Personal Data we collect with our service providers and subcontractors who assist us in the operation of the Site and Consulting Services and process the information on our behalf and under our instructions, as well as with our business partners and affiliates, who act as independent separate controllers of the data.
- International Transfer. Some of our service providers, subcontractors, business partners or affiliates who have access to your Personal Data are located in countries other than your own. We will ensure that we have agreements in place with such parties that ensure the same level of privacy and data protection as set forth in this Privacy Notice.
- Security. We implement measures aimed at protecting your Personal Data, but they do not provide absolute information security. Such measures include physical, electronic, and procedural safeguards (such as secure servers, firewalls, antivirus and SSL encryption), access control, and other internal security policies.
- Your Rights. Subject to applicable law and in addition to other rights as set forth below, you may have a right to access, update, delete, and/or obtain a copy of the Personal Data we have collected about you. You have the right to withdraw your consent to processing, if provided, at any time by contacting us at firstname.lastname@example.org.
- Data Retention. We retain Personal Data for as long as necessary for the purposes set forth in this Privacy Notice. We consider a number of different factors when determining the appropriate retention periods.
- Children. We do not knowingly collect Personal Data from children under the age of eighteen(18) without the consent of their guardian.
- Communications. We may send you e-mail or other messages about us or our Site and/or Consultation Services. You will have the opportunity to opt-out of receiving certain messages that are not service-related.
- Changes to the Privacy Notice. We may change this Privacy Notice from time to time and shall notify you of such changes by indicating on the Site that the Privacy Notice has been amended and by publishing an updated Privacy Notice on the Site.
- Comments and Questions. If you have any comments or questions about this Privacy Notice, or if you wish to exercise your legal rights with respect to your Personal Data, please contact us at email@example.com
Personal Data We Collect, Uses and Legal Basis
Depending on your usage, we collect different types of data and we and any of our third-party sub-contractors and service providers use the data we collect for different purposes, as specified below. It is your voluntary decision whether to provide us with certain Personal Data, including medical data, but if you refuse to provide such Personal Data we may not be able to provide you with the Consultation Services or part thereof.
Data from the Site
Contact Information – When you request information from us, or contact us for any other reason, we will collect any data you provide, such as your name, email address, area of interest and the content of your inquiry. Please note that if you choose to share personal medical information through the ‘patient’ form, we will collect such data as well.
How we use this data: To respond to your request or inquiry.
Legal Basis: We process this Personal Data based on performance of a contract when we respond to your inquiry, Art. 6 para. 1 S. 1 lit. b) GDPR. We process any special categories of data (such as medical data) based on your consent, Art. 9 para. 2 lit. a) GDPR.
Automatically Collected Data – When you visit the Site, we automatically collect information about your computer or mobile device, including non-Personal Data such as your operating system, and Personal Data such as IP address, device ID, client identifier and subject to your consent as may be required under applicable law, as well as your browsing history on our Site and any information regarding your viewing on our Site, such as how often any single user has visited the Site, what pages they visited, for how long they stayed and how they interacted with the Site. We use Google Analytics to collect this data. For more information about the cookies and similar technologies we use and how to adjust your preferences, please see the section “Cookies and Similar Technologies” below.
How we use this data: (1) to review usage and operations, including in an aggregated non-specific analytical manner, develop new products or services and improve current content, products, and services; and (2) to prevent fraud, protect the security of our Site and Consultation Services, and address any problems with the Site and/or Consultation Services.
Legal Basis: We process this Personal Data for our legitimate interests to develop and improve our products and services, review usage, perform analytics, prevent fraud, for our record keeping and protection of our legal rights, Art. 6 para. 1 S. 1 lit. f) GDPR. Our legitimate interest lies in the purposes described in the previous sentence.
Statistical Information and Analytics
Google Analytics: As far as you have given your consent, we use the component “Google Analytics” (with anonymisation function) on this Site.
Google Analytics is a web analytics service. Web analysis is the gathering, collection and analysis of data about the behavior of visitors to websites. Among other things, a web analysis service collects data on which website a data subject has come to a website from (so-called referrers), which subpages of the website were accessed or how often and for which period of time a subpage was viewed. A web analysis is mainly used to optimize a website and for the cost-benefit analysis of Internet advertising.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
As IP anonymization is activated on our website, your IP address will be shortened by Google within Member States of the European Union or other states in agreement with the European Economic Area. Only in exceptional cases, the full IP address is sent to and shortened by a Google server in the USA. On behalf of the operator of the website, Google will use this information to evaluate your use of the website, compile reports on website activity and to provide further services related to website and internet use to us. The IP address transferred through your browser to Google Analytics will not be combined with other data held by Google.
You can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible.
In addition, you may prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en
In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.
Further information and Google‘s applicable privacy regulations can be found at https://policies.google.com/privacy?hl=en
The following link provides a further explanation of Google Analytics https://marketingplatform.google.com/about/.
Our website also uses Google Analytics performance reports relating to demographics and interests and reports on Google Display Network impressions. You can disable Google Analytics for display advertising and customize the ads on the Google Display Network by visiting the ad settings at this link: https://adssettings.google.com.
Legal Basis: We process this Personal Data based on your consent, Art. 6 para. 1 S. 1 lit. a) GDPR. You may withdraw your consent by contacting us at firstname.lastname@example.org. We will process your request as soon as reasonably possible, however it may take a few days for us to update our records before any opt out is effective.
Personal Data Received in the Context of the Consultation Services and from Co-Controllers
Materials or Information You Provide – Any materials or information, including documents you may provide by filling in the patient form or otherwise in connection with the Consultation Services will be collected and processed by us. These materials and information may include: radiology documentation (such as CT scans, PET CT scans or x-rays), blood test or other lab work results, biopsy results, tumor images, contact details (address, phone number, email of the data subject and his/her contacts or family members), contact details of physicians (name, affiliation, phone, email), professional status, marital status, family history of diseases, previous medical history, current disease history (including symptoms, diagnostic work, treatment and current status).
How we use this data: To provide you with the Consultation Services.
Legal Basis: We process this Personal Data for the purpose of performance of a contract with you, Art. 6 para. 1 S. 1 lit. b) GDPR. We process any special categories of data (such as medical data) based on your consent, Art. 9 para. 2 lit. a) GDPR.
Special Categories of Data You Provide to Us or to our Co-Controllers – In the course of providing our Consultation Services to you, we also collect and process data relating to your medical condition and medical history, which is subject to special protections under the law (e.g. when you fill in the patient form on the website). All of the medical data that you provide to us may be shared by us with our co-controller(s) for purposes of consultation as indicated below. We will only collect such data if you provide your consent. You may also provide our co-controllers with medical data, which they may share with us. Please see the privacy information of our co-controller(s) for details in this regard as we are not responsible for the data sharing by out co-controller(s).
How we use this data: We use such data to provide you with our Consultation Services. In addition, we use the data collected without including your name for purposes of research, study and publications. Data is generally published only if a data subject goes through the entire consultation process. Such studies will generally include the age of the subjects, treatment results and a description of the medical procedures. Subject names are not published.
Legal Basis: We process this Personal Data based on your explicit consent, Art. 9 para. 2 lit. a) GDPR. You may withdraw your consent by contacting us at email@example.com. We will process your request as soon as reasonably possible, however it may take a few days for us to update our records before any opt out is effective.
Sharing the Personal Data We Collect
We share your information, including Personal Data, as follows:
Service Providers, and Subcontractors
We disclose information, including Personal Data we collect from and/or about you, in connection with the Consultation Services to our trusted service providers and subcontractors, who have agreed to contractual data processing clauses and confidentiality restrictions and who use such information solely on our behalf in order to: (1) help us provide you with the Site and/or Consultation Services; (2) aid in our understanding of how users are using our Site and/or Consultation Services.
Such service providers and subcontractors provide us with radiology services, IT and system administration services, data backup, security, storage and hosting services and data analysis services. Where such service providers are located outside the EEA or outside a country that has been recognized as providing an adequate level of data protection, we ensured such adequate level by suitable means, see “International Transfers” below.
Legal Basis: We process and share this Personal Data for our legitimate interests to develop and improve our products and services, review usage, perform analytics, prevent fraud, for our record keeping and protection of our legal rights, Art. 6 para. 1 S. 1 lit. f) GDPR. Our legitimate interest lies in the purposes described in the previous sentence. As far as the processing and sharing of Personal Data is necessary for the performance of the contract with you, the legal basis is Art. 6 para. 1 S.1 lit. b) GDPR.
When you use our Site and/or Consultation Services, we also disclose your Personal Data, ( data collected in connection with the Consultation Services, as well as contact information and medical data provided by you on the Site) to additional third parties, such as relevant health care providers which act as independent, separate controllers with respect to the collection of your Personal Data. The controller will also share some of your medical, Personal Data that they receive directly from you with us. Please consult the privacy information of such co-controllers as we are not responsible for the sharing of personal data by them. The details and contact information of such controllers as we currently use, are as set forth below.
Hüseyin Sahinbas, MD and persons working in his clinic.
Address: Pradus Medical Center at the Kaiserteich, Reichsstraße 59, 40217 Düsseldorf-Germany
Phone: +49 211 31600 422
Martin Lužbeták, MUDr., M.Sc, and persons working in his clinic.
Address: NextGen Oncology Group, Molekulare Medizin und Zelltherapie
Luise-Rainer-Str. 6-10, 40235 Düsseldorf
Phone: +49 211 44 77 4366
Legal Basis: We process this Personal Data based on performance of a contract with you, Art. 6 para. 1 S. 1 lit. b) GDPR. We process any special categories of data (such as medical data) based on your explicit consent, Art. 9 para. 2 lit. a) GDPR. You may withdraw your consent by contacting us at firstname.lastname@example.org. We will process your request as soon as reasonably possible, however it may take a few days for us to update our records before any opt out is effective.
All of your Personal Data may be disclosed as part of, or during negotiations of, any merger, sale of company assets or acquisition (including in cases of liquidation) in such case, your Personal Data shall continue being subject to the provisions of this Privacy Notice.
Legal Basis: We process this Personal Data based on our legitimate interest in the continuation of our consultation services, Art. 6 para. 1 S. 1 lit. f) GDPR.
Law Enforcement Related Disclosure
We may share your Personal Data with third parties: (i) if we believe in good faith that disclosure is appropriate to protect our or a third party’s rights, property or safety (including the enforcement of the Terms and this Privacy Notice); (ii) when required by law, regulation subpoena, court order or other law enforcement related issues, agencies and/or authorities; or (iii) as is necessary to comply with any legal and/or regulatory obligation. This may include data collected from the Site or from the Consultation Services.
Legal Basis: We process this Personal Data in order to comply with legal obligations to which we are subject to and for our legitimate interests of the protection of our legal rights, Art. 6 para. 1 S. 1 lit. c), f) GDPR.
We may use your Personal Data as required or permitted by any applicable law, for example, to comply with audit and other legal requirements. This may include data collected from the Site or from the Consultation Services.
Legal Basis: We process this Personal Data in order to comply with legal obligations to which we are subject to, Art. 6 para. 1 S. 1 lit. c) GDPR.
We use subcontractors and service providers who are located in countries other than your own, such as the case may be, US, India Israel and Germany and send them information we receive (including Personal Data). This may include data collected from the Site or from the Consultation Services. We currently use an Indian company, Image Core Labs, (imagecorelab.com), which is affiliated with the Teleradiology Solutions group (telradsol.com) for radiology services. We conduct such international transfers for the purposes described above. We will ensure that these third parties will be subject to written agreements ensuring the same level of privacy and data protection as set forth in this Privacy Notice, including appropriate remedies in the event of the violation of your data protection rights in such third country.
Whenever we transfer your Personal Data to third parties based outside of the European Economic Area (“EEA”), we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission.
- Where we use certain service providers not located in countries with an adequate level of protection as determined by the European Commission, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in the EEA.
- Where we use service providers based in the US, we may transfer Personal Data to them if they have been certified by the EU-US Privacy Shield, which requires them to provide similar protection to Personal Data shared between the EU and the US or any other arrangement which has been approved by the European Commission or other body having jurisdiction to approve such arrangement.
Please contact us at email@example.com if you would like further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.
We have implemented and maintain appropriate technical and organization security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorized disclosure or access to Personal Data appropriate to the nature of such data. The measures we take include:
Safeguards – The physical, electronic, and procedural safeguards we employ to protect your Personal Data include secure servers, firewalls, antivirus, and SSL encryption of data.
Access Control – We dedicate efforts for a proper management of system entries and limit access only to authorized personnel on a need to know basis of least privilege rules, review permissions quarterly, and revoke access immediately after employee termination.
Internal Policies – We maintain and regularly review and update our privacy related and information security policies.
Personnel – We require our employees to sign non-disclosure agreements according to applicable law and industry customary practice.
Encryption – We encrypt the data in transit using secure protocols.
Database Backup – Our databases are backed up on a periodic basis for certain data and are verified regularly. Backups are encrypted and stored within the production environment to preserve their confidentiality and integrity, are tested regularly to ensure availability, and are accessible only by authorized personnel.
However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect user IDs and passwords, please take appropriate measures to protect this information.
Your Rights – How to Access and Limit Our Use of Certain Personal Data
Subject to applicable law and certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to the Personal Data that we or other controller hold about you, as detailed below. For any requests to exercise such rights with respect to information held by other controllers, please contact the applicable controller directly. If you wish for us to notify all independent controllers, please specify that request when you contact us in order to exercise any of your rights. We will investigate and attempt to resolve complaints and disputes and make every reasonable effort to honour your wish to exercise your rights as quickly as possible and, in any event, within the timescales provided by applicable data protection laws. We reserve the right to ask for reasonable evidence to verify your identity before we provide you with any information and/or comply with any of your requests, as detailed below:
- Right of Access. You have a right to know what Personal Data we collect about you and, in some cases, to have such Personal Data communicated to you. Subject to applicable law, we may charge you with a fee. Please note that we may not be able to provide you with all the information you request, and, in such case, we will endeavor to explain to you why.
- Right to Data Portability. If the processing is based on your consent or performance of a contract with you and processing is being carried out by automated means, you may be entitled to (request that we) provide you or another party with a copy of the Personal Data you provided to us in a structured, commonly-used, and machine-readable format.
- Right to Correct Personal Data. Subject to the limitations in applicable law, you may request that we update, complete, correct or delete inaccurate, incomplete, or outdated Personal Data.
- Deletion of Personal Data (“Right to Be Forgotten”). If you are an EU Individual, you have a right to request that we delete your Personal Data if either: (i) it is no longer needed for the purpose for which it was collected, (ii) our processing was based on your consent and you have withdrawn your consent, (iii) you have successfully exercised your Right to Object (see below), (iv) processing was unlawful, or (iv) we are required to erase it for compliance with a legal obligation. We cannot restore information once it has been deleted. We may retain certain Personal Data (including following your request to delete) for audit and record-keeping purposes, or as otherwise permitted and/or required under applicable law.
- Right to Restrict Processing. If you are an EU Individual, you can ask us to limit the processing of your Personal Data if either: (i) you have contested its accuracy and wish us to limit processing until this is verified; (ii) the processing is unlawful, but you do not wish us to erase the Personal Data; (iii) it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise, or defend of a legal claim; (iv) you have exercised your Right to Object (below) and we are in the process of verifying our legitimate grounds for processing. We may continue to use your Personal Data after a restriction request under certain circumstances.
- Right to Object. If you are an EU Individual, you can object to any processing of your Personal Data which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
- Withdrawal of Consent. You may withdraw your consent in connection with any processing of your Personal Data based on a previously granted consent. This will not affect the lawfulness of any processing prior to such withdrawal.
- Right to Lodge a Complaint with Your Local Supervisory Authority. If you are an EU Individual, you may have the right to submit a complaint to the relevant supervisory data protection authority if you have any concerns about how we are processing your Personal Data, though we ask that as a courtesy you please attempt to resolve any issues with us first.
Subject to applicable law, we retain Personal Data as long as we are providing Consultation Services or as long as necessary for the purposes set forth above, whichever is longer. We may delete information from our systems without notice to you once we deem it is no longer necessary for these purposes. Retention by any of our processors may vary in accordance with the processor’s retention policy.
In some circumstances, we may store your Personal Data for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, audit, accounting requirements and so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your Personal Data or dealings. For example, the Israeli statute of limitations is generally 7 years and we would need to retain medical data for such period. Furthermore, the income tax laws in Israel require retention of accounting related documentation until the later of: 7 years from the end of the tax year or for 6 years from the date of the submission of the income report for that tax year. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data, and whether those purposes can be achieved through other means, as well as applicable legal requirements.
Please contact us at firstname.lastname@example.org if you would like details regarding the retention periods for different types of your Personal Data.
Legal Basis: We process this Personal Data in order to comply with legal obligations to which we are subject to, Art. 6 para. 1 S. 1 lit. c) GDPR.
Cookies and Similar Technologies
What are Cookies?
A cookie is a small piece of text that is sent to a user’s browser or device. The browser provides this piece of text to the device of the originating user when this user returns.
- A “session cookie” is temporary and will remain on your device until you leave the Site.
- A “persistent” cookie may be used to help save your settings and customizations across visits. It will remain on your device until you delete it.
- First-party cookies are placed by us, while third-party cookies may be placed by a third party. We use both first- and third-party cookies.
- We may use the terms “cookies” to refer to all technologies that we may use to store data in your browser or device or that collect information or help us identify you in the manner described above, such as web beacons or “pixel tags”.
The specific names and types of the cookies, web beacons, and other similar technologies we use may change from time to time. However, the cookies we use generally fall into one of the following categories:
Type of Cookie
Why We Use These Cookies
These cookies are necessary in order to allow the Site to work correctly. They enable you to access the Site, move around, and access different services, features, and tools. Examples include remembering previous actions (e.g. entered text) when navigating back to a page in the same session. These cookies cannot be disabled.
WordPress local and session storage and test
These cookies collect information regarding your activity on our Site to help us learn more about which features are popular with our users and how our Site can be improved.
By default, analytics.js uses a single, first-party cookie named _ga to store the Client ID, but the cookie’s name, domain, and expiration time can all be customized. Other cookies created by analytics.js include _gid, AMP_TOKEN and _gac_. These cookies store other randomly generated ids and campaign information about the user.
How to Adjust Your Preferences
Most Web browsers are initially configured to accept cookies, but you can change this setting so your browser either refuses all cookies or informs you when a cookie is being sent. In addition, you are free to delete any existing cookies at any time. Please note that some features of the Site may not function properly when cookies are disabled or removed. For example, if you delete cookies that store your account information or preferences, you will be required to input these each time you visit.
We reserve the right to send you service-related communications, including service announcements and administrative messages. Should you not wish to receive such communications, you may email us at email@example.com.
We do not knowingly collect Personal Data from children under the age of eighteen (18) without the consent of a guardian. In the event that you become aware that an individual under the age of eighteen (18) has enrolled without parental permission, please advise us immediately.
Changes to the Privacy Notice
We may update this Privacy Notice from time to time to keep it up to date with legal requirements and the way we operate our business, and we will place any updates on this webpage. Please come back to this page every now and then to make sure you are familiar with the latest version. If we make material changes to this Privacy Notice, we will seek to inform you by notice on our Site or per email.
Comments and Questions
If you have any comments or questions about this Privacy Notice or if you wish to exercise any of your legal rights as set out herein, please contact us at firstname.lastname@example.org
Last updated: October 2020