Data protection statement

Version 2.0 / 21.12.2018

Thank you for visiting our website. For the management of the cardio-scan GmbH the protection of your data has a special significance. The use of our websites is without any indication of personal data. If you want to take a special Service, the cardio scan GmbH on our website, could be the processing of personal data. For the case that the processing of personal data and for the processing of any legal basis exists, we will obtain the consent of the person Concerned.

The processing of personal data, such as name, address, E-Mail address or the phone number of the person in question, always in compliance with the European data protection regulation and the cardio-scan GmbH applicable country-specific data privacy laws. In this privacy policy, our company shall inform the Concerned about the type, scope and purpose of any processing of personal data. Further, the persons Concerned are informed about their rights.

For a comprehensive protection of the on this website processed data, the cardio-scan GmbH has implemented the responsible of the data processing, extensive technical and organisational measures. However, data transfers on the Internet can have security gaps and complete protection is not possible. Therefore, it is possible for every person Concerned, to disclose personal data in other Ways to us.


1.    Definitions

This privacy policy uses terms that have been defined at the time of adoption of the General data protection regulation (DSGVO). Thus, this privacy statement is easy to read and understandable, we explain you the terms used:

1.1.           personal data

Personal data are all data and information to an identified or identifiable natural Person (“data subject”). As identifiable an individual is considered to be open, the can, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, Online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural Person to be identified.

1.2.           Affected

Data subjects whose personal data are to be by the responsible processes.

1.3.           Processing

Processing the collection of any process or series in connection with personal data such as, Collecting, Organizing, Organize, Store, Adapt or Modify the reading, the queries, the Use, as Disclosed by Transmission, Dissemination or any other Form of Deploy the balance, or the link, the constraint, the Deletion or destruction.

1.4.           Restriction of processing

The restriction of the processing, the marking of stored personal data with the aim of limiting their processing in future.

1.5.           Pseudonymisation

Pseudonymisation is the processing of personal data, the personal data can not be assigned without the help of other information the Affected. This additional information must be stored separately, so that the personal data may not be Concerned associated with it.

1.6.           Responsible

Manager or controller, the company or the Person, public authority, Agency or other body, the other decides alone or jointly with concerning the processing of personal data.

1.7.           Processor

A processor is a company or a Person, authority, institution or other body which processes personal data on behalf of the person responsible.

1.8.           Receiver

The recipient is a company, Person, authority, institution or other body, were placed the personal data by Transmission open. Authorities, in the framework of a study contract may be personal data, it is not considered as a receiver.

1.9.           Third

A third party is a company, a Person, public authority, Agency or body other than the data subject, the controller, the processor and which are under the direct responsibility of the controller or of the processor, and the power to process personal data.

1.10.       Consent

Consent is each of the concerned Person on a voluntary basis for a particular case in an informed and unequivocal manner statement or other clear affirmative action, with the the affected Person to understand that it is with the processing of your personal data.


2.    The Name and address of the controller

Responsible in the sense of the General data protection regulation, any other in the member States of the European Union’s privacy laws, and other provisions of data protection law is:

cardioscan GmbH

Valentinskamp 30

20355 Hamburg


Tel.: +49 (0) 40 303 723 30




3.    The Name and address of the privacy officer

The data protection officer of the controller is:

Data protection officer of the cardioscan GmbH

Valentinskamp 30

20355 Hamburg


Tel.: +49 (0) 40 303 723 30



If you have questions and suggestions regarding data protection can turn to any party at any time to our privacy officer.


4.    Cookies

The websites of the cardio scan GmbH use Cookies. Cookies are text files that are stored on an Internet browser on a computer system.

Many of the Cookies contain a unique identifier, called a Cookie ID. Due to this Cookie ID, visited websites and servers can be assigned to the used Internet browser where the Cookie was stored. This allows the visited web pages to distinguish the Internet browser from other browsers that also contain other Cookies. Thus, a certain Internet browser, and so possibly an individual can be detected more open and identified.

Through the use of Cookies, the cardio scan GmbH is able to represent the information and offers on our website for the user is optimized. Cookies allow us, the users of our website to recognize. The purpose of this recognition is to assist users in the use of our website.

The person Concerned can prevent the storage of Cookies by our website at any time through the settings of the used Internet browser, and thus the storage of Cookies permanently. Already stored Cookies can be deleted at any time. This is available in all common Internet browsers. By disabling the Cookies by the Affected May not be able to use all of the functions of our website fully.


5.    Collection of General data and information

Our site collects for each call by an Affected person or an automated System, a number of General information. This General information is to be stored in the log files of our web server. Records the Browser type and versions, from the accessing System, operating system used, website from which an accessing System on our website, the web pages, which are controlled on our website, the date and time you access our website, Internet Protocol address (IP address), the Internet Service Provider of the accessing system, and other similar information that may serve to avert danger of attacks on our systems.

In the case of the use of this General data and information, the cardio scan GmbH draws no conclusions as to the Affected. Rather, this information is needed to the content to deliver our website correctly, as well as to optimize the advertising for this, to secure the permanent functionality of our systems and technology of our website, as well as to law enforcement authorities in the event of a cyber attack to law enforcement the necessary information. These anonymously collected information will be evaluated by the cardio-scan GmbH, a statistically.

This information is further analyzed to increase the data protection and data security and the protection for the personal data processed. The anonymous data from the log files be separated from the personal data entered by the Concerned, stored.

6.    Registration on our website

The person Concerned has the opportunity to register on our website to provide personal data. The personal data will be transmitted to the person responsible, resulting from the respective input mask, which is used for the registration. Affected by the personal data entered will only be charged for the registration and stored. The Responsible person can make the disclosure to one or more processors, Vera, uses the personal data exclusively for internal use. This use is attributable to the person responsible.

By registering on the website by the Internet Service Provider of the Affected assigned IP address, the date and time of registration is stored. The storage of this data is to prevent abuse of our services. This data can help offences to educate. A transfer of this data to third parties in principle, provided that there is no legal obligation to disclose or the disclosure of law enforcement.

The registration of the affected Person under the voluntary disclosure of personal data the responsible person, the affected Person content or services that are only offered to registered users. Registered persons have the possibility of free registration of personal data at any time to modify or completely from our stock of data to delete.

We provide the legal framework for every Affected person, at any time, to request information about which personal data are stored. Furthermore, the person Responsible for personal data at the request of or note of the person Concerned, insofar as no legal retention obligations, correct or delete.

The data protection Commissioner and all employees of our company are Concerned in this context as the point of contact.


7.    Contact via the website

The website of the cardio scan GmbH contains an E-Mail address, a Fax number and a telephone number, allowing a quick electronic contact and direct communication with our company. If an individual receives open by E-Mail or via a contact form the contact with the person in charge will be saved by the Person concerned, personal data communicated automatically. Such on a voluntary Basis by a Concerned to the person responsible for personal data transmitted will only be stored for the purposes of the processing or contact to the concerned Person. There is no disclosure of this personal data to third parties.


8.    Routine deletion and blocking of personal data

The Responsible processes and stores personal data was only provided for the period of time that is required to achieve the storage purpose or for as long as it is subject to laws or regulations, which the one Responsible.

The storage purpose is not applicable, or the by the relevant statutory storage period expires, will be blocked, personal data, routinely and in accordance with the legal regulations and / or deleted.


9.    Rights of the Person concerned


9.1.           Right to confirmation

Every person has the right to obtain from the controller confirmation of whether personal data relating to him are processed. A person would open this right, can this officer do this to our privacy, or other employees.

9.2.           Right to information

Each of the processing of personal data has Affected the right to obtain from the responsible free information about his stored personal data and a copy of this. Furthermore, the Affected has the right to be informed about the following information:

– the purposes of the processing

– the categories of personal data processed

– the recipients or categories of recipients to whom the personal data have been disclosed or will be disclosed, in particular recipients in third countries or international organisations

if possible, the planned duration, are stored for which the personal data or, if this is not possible, the criteria for the definition of this duration

– the Existence of the Right to rectification or Erasure of the personal data or restriction of processing by the controller or a right to object against the processing

– the right to Lodge a Complaint with a Supervisory authority

– if the personal data are not collected from the data subject: All the available information about the origin of the data

– the Existence of automated decision making including Profiling referred to in article 22 Para.1 and 4 DSGVO and — at least in these cases, — meaningful information about the involved logic as well as the significance and envisaged consequences of such processing for the data subject.

Furthermore, a request for information to the Concerned law on whether personal data has been transferred to a third country or an international Organisation. If this is the case, the law is Concerned, in Other to obtain information about the appropriate safeguards in connection with the Transfer.

A person would open this right to information in the claim, can this officer do this at any time to our privacy policy, or other employee of the responsible contact.

9.3.           Right to rectification

Each of the processing of personal data has Affected the right to rectification without delay of demand the subject of inaccurate personal data. Furthermore, the right of the person Concerned, taking into account the purposes of the processing, to obtain completion of incomplete personal data, also by means of a supplementary Declaration.

A person would open this correction right, can this officer do this at any time to our privacy policy, or other employee of the responsible contact.

9.4.           Right to Erasure (right to be Forgotten)

Each of the processing of personal data has Affected the right to claim from the responsible that the personal data will be immediately deleted, unless one of the following reasons applies and to the extent that the processing is not required:

– The personal data have been collected for such purposes, or otherwise processed, for which they are necessary.

– The data subject withdraws consent on which the processing according to art. 6, Para. 1 letter a DSGVO or art. 9, Para. 2 letter a DSGVO supported, and there is no other legal basis for the processing.

– The Person concerned shall, in accordance with art. 21, Para. 1 DSGVO opposition to the processing, and there are no overriding legitimate grounds for the processing are available, or the Person concerned shall, in accordance with art. 21, Para. 2 DSGVO opposition to the processing.

– The personal data has been unlawfully processed.

– The deletion of personal data is to fulfil a legal obligation under Union law or the law of the member States, to which the Controller is subject.

– The personal data of Abs in relation to offered services of the information society, in accordance with article 8. 1 DSGVO collected.

If any of the above reasons applies and an individual would like to open the Erasure of personal data, which are stored in the cardio scan GmbH, Vera, can this officer do this to our privacy, or other employee of the responsible contact. The data protection officer of the cardio scan GmbH or another staff member will arrange for the deletion request fulfilled immediately.

The personal data of the cardio-scan GmbH to the public and our company is responsible in accordance with art. 17, Para. 1 DSGVO to the deletion of the personal data required, the cardio scan GmbH shall, taking into account the available technology and the costs of implementation of adequate measures, including of a technical kind, to set the other data controllers that process the personal data published, thereof, that the Person concerned is not required by the other for the data controller the Erasure of all Links to these personal data, or copies or replications of that personal data insofar as such processing is required. The data protection officer of the cardio scan GmbH or of other employees will, in some cases, Necessary.

9.5.           Right to restriction of processing

Each of the processing of personal data has Affected the right to obtain from the controller the restriction of the processing, if one of the following conditions is met:

– The accuracy of the personal data is contested by the Person concerned, for a period enabling the controller to verify the accuracy of personal data.

– The processing is unlawful and the data subject opposes the Erasure of personal data and instead requires the restriction of the use of the personal data.

– The person in charge needs the personal data for the purposes of the processing are no longer, the Person will require, however, for the establishment, exercise or defense of legal claims.

– The Person concerned has gem object to the processing. Art. 21, Para. 1 DSGVO inserted and it is not yet certain whether the legitimate reasons of those responsible are compared to those of the affected Person.

If any of the above conditions is given and an individual would like to open require the restriction of personal data, which are stored in the cardio scan GmbH, it officer at any time to our privacy policy, or other employee of the responsible contact. The data protection officer of the cardio scan GmbH or another staff member will be the limitation of the processing.

9.6.           Right to data portability

Each of the processing of personal data has Affected the right to obtain the personal data concerning him, which have been provided to the person responsible, in a structured, consistent and machine-readable Format. He also has the right to forward this data to a responsible person without a disability, by the officer, the were provided the personal data, provided that the processing of the consent referred to in art. 6, Para. 1 letter a DSGVO or art. 9, Para. 2 letter a DSGVO or on a contract in accordance with art. 6, Para. 1 letter b DSGVO is based, and the processing using automated procedures is not performed unless the processing is necessary for the performance of a task required, which is in the public interest or in the exercise of public authority, which was transferred to the responsible person.

Furthermore, the Affected in the exercise of the Right to data portability, in accordance with article 20, Para. 1 DSGVO the right to obtain the personal data to be directly transmitted from a controller to a responsible, insofar as this is technically possible and provided that the rights and freedoms of other persons are affected.

For the assertion of the Right to data portability may be representative of the Affected at any time of the cardio scan GmbH ordered privacy, or other employees.

9.7.           The right to object

Each of the processing of personal data has the right to object, on grounds relating to their particular Situation, at any time to the processing of personal data concerning him, on the basis of article 6 Para. 1 letter e or f, DS-GMO is to be opposed. This also applies to a rules-based Profiling.

The cardio scan GmbH processes the personal data in the case of an objection, unless we can compelling legitimate grounds for the processing of evidence outweighs the interests, Rights and freedoms of the person Concerned, or the processing is used for the establishment, exercise or defense of legal claims.

The cardio scan GmbH processes personal data for direct marketing purposes, the data subject has the right, at any time, oppose the processing of personal data for the purposes of such advertisement to insert. This also applies to the Profiling, to the extent that it is with such direct advertising. Resist the person Concerned speaks to the cardio scan GmbH the processing for purposes of direct advertising, so the cardio scan GmbH will not process the personal data for these purposes.

In addition, the data subject has the right, for reasons that arise from its special Situation, against the processing of personal data, the cardio-scan GmbH for scientific or historical research purposes or statistical purposes, pursuant to article 89, Para. 1 DSGVO be, or not to appeal, unless such processing is necessary for compliance of a public interest task.

To exercise the Right to object the data subject can be directly to the privacy of the cardio scan GmbH or another staff officer. The Affected it is also, in connection with the use of information society services, regardless of the Directive 2002/58/EC, to exercise their right to object by means of automated procedures in which technical specifications are used.

9.8.           Right to withdrawal of a data protection law consent

Each of the processing of personal data subject has the right to withdraw consent to the processing of personal data at any time.

The person Concerned wishes to exercise his right to a revocation of a consent claim, he can officer at any time to our privacy policy, or other employee of the responsible contact.


10.          The legal basis of the processing

The Art. 6, Para. 1 a DSGVO is used for the cardio scan of GmbH as a legal basis for processing operations, in which we obtain consent for a specific processing purpose. The processing of personal data for performance of a contract, the Contracting party Concerned is required, as is, for example, in the case of processing operations of the case, the delivery of Goods or the provision of any other performance or counter-performance is necessary, the processing is based on article 6 Para. 1 b DSGVO. The same applies to such processing operations for the implementation of pre-contractual measures are required, such as in cases of requests for our products or services. Is subject to our company of a legal obligation by which a processing of personal data is required, such as, for example, to the fulfilment of fiscal obligations, the processing is based on article 6 Para. 1 c DSGVO. In rare cases, the processing of personal data could be required in order to protect the vital interests of the data subject or of another natural Person. This would be the case for example, when a visitor would be injured in our company and then his Name, his age, his health insurance would have to be passed data or other relevant information to a doctor, hospital or other third parties. Then the processing would be based on article 6, Para 1 d DSGVO. Ultimately, the processing of operations on article 6 Para. 1 f DSGVO based.


On this legal basis, the processing operations that are covered by none of the above-mentioned legal principles are based, when the processing is to protect a legitimate interest of our company or a third party is not required, provided that the interests, fundamental rights and freedoms of the data subject. Such processing operations are allowed, in particular, because they were mentioned by the law (recital 47 sentence 2 of the DSGVO).


11.          Legitimate interests in the processing, which will be followed by the person responsible or a third party

The processing of personal data based on article 6 Para. 1 f DSGVO is our legitimate interest in the conduct of our business activities for the benefit of the welfare of all our employees and our shareholders.


12.          Period for which the personal data will be stored

The criterion for the duration of the storage of personal data, the legal retention period. After the expiry of the deadline, the corresponding data is erased if they are to fulfill the contract or Contract negotiations is required.


13.          Legal or contractual requirements for the provision of the personal data

We clarify also that the provision of personal data is mandatory to the part of the law (e.g., tax rules) or from contractual arrangements (e.g. contract partner). Sometimes it can be a conclusion of contract requires that an Affected presents us with personal data, which must be processed by us. At the conclusion of a contract the data subject is obliged to provide us with personal data. If the Affected is not his / her personal data no contract with the person Concerned can be closed. Before providing personal data by the person Concerned, the person Concerned may contact our privacy officer.

Our privacy officer will inform the Affected individual about it, whether the provision of personal data is prescribed by law or by contract, or for the conclusion of the contract is necessary, whether or not an obligation exists, the personal data to provide, and what are the consequences of not providing the personal data.


14.          Google Analytics

This Website uses Google Analytics, a web Analytics service provided by Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). The use is carried out on the basis of article 6 Para. 1 p. 1 lit. f. DSGVO. Google Analytics uses “Cookies”, text files that are stored on your Computer and which enable an analysis of your use of the website by you. The information generated by the Cookie about your use of the website, such as

  • Browser Type/-Version,
  • the operating system used,
  • Referrer URL (the previously visited page),
  • Hostname of the accessing computer (IP address),
  • Time of server request,

are usually transmitted to a Google Server in the USA and stored there. In the framework of Google Analytics from your Browser transmitted IP address will not be merged with other data of Google. We have expanded Google Analytics on this website by the Code “anonymizeIP”. This guarantees the masking of your IP address, so that all data is collected anonymously. Only in exceptional cases will the full IP address transferred to a Google Server in the USA and shortened there.

On behalf of the operator of this Website Google will use this Information to evaluate your use of the website, compile Reports on website activities and to provide further with the website usage and Internet usage related services to the website operator. You can prevent the storage of Cookies by a corresponding setting of your Browser Software; we point out, however, that you can use in this case possibly not all functions of this website to their full extent.

You can also extend the coverage generated by the Cookie on your use of the website related data (incl. Your IP-address) to Google and the processing of these data by Google, by downloading available under the following Link Browser Plugin and install: Alternatively to the Browser Add-On, in particular, in the case of browsers on mobile devices, you can prevent the collection by Google Analytics by clicking on this Link. It will set an Opt-Out Cookie that prevents the future collection of your data when visiting this Website. The Opt-Out Cookie only applies in this Browser and only for our Website and is stored on your device. Delete the Cookies in this Browser, you must set the Opt-Out Cookie again. [Editor’s note. Instructions for integration of the Opt-Out Cookie, see:].

We use Google Analytics to evaluate data from the Double-Click Cookies, and also AdWords for statistical purposes. Should you not want this, you can disable this via the ads preferences Manager (

For more information about privacy in connection with Google Analytics you can find in the Google Analytics help center .

15.          Google Fonts

We use Google Fonts by Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA) on our website. Google Fonts are used without authentication and no cookies are sent to the Google Fonts API. Google collects your IP address exclusively for the use of CSS and the fonts used and stores this data securely. More on these and other questions can be found at

To see what data Google collects and how it uses this information, see

16.          Facebook

Our website uses Social Plugins (Plugins) of the social network of Facebook. This service is offered by Facebook Inc. (Facebook), 1601 S. California Ave, Palo Alto, CA 94304, USA is operated. The Plugins are in one of the Facebook Logos (a white “f” on blue tile or a “thumbs-up”sign) or are marked with the addition “Facebook Social Plugin”. The list and appearance of Facebook Social Plugins can be viewed here:

When a user visits a page of our website that contains such a Plugin, his Browser establishes a direct connection with the servers of Facebook. The content of the Plugin is transmitted by Facebook directly to your Browser and from that incorporated in the website. We therefore have no influence on the amount of data that Facebook with the help of this Plugin and inform the Affected state.

By integrating the Plugin, Facebook receives the Information that a user has accessed the corresponding page of the offer. The user is logged in to Facebook, Facebook to assign the visit to his Facebook account. When users interact with the Plugins, for example by clicking the Like Button or leave a comment, the corresponding Information is transmitted from your Browser directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook brings its IP address in experience and stores. According to Facebook is stored in Germany only an anonymous IP address.

The purpose and scope of data collection and the further processing and use of data by Facebook, as well as the related rights and setting possibilities for the protection of the privacy of users, can refer to the privacy Notices of Facebook:

If a user is Facebook member and does not want that Facebook collects data about this offer on him and with his in the case of Facebook stored member data, he must log out of Facebook before visiting the website on Facebook.


For more settings, and contradictions to the use of data for advertising purposes, within the Facebook-profile settings: or via the website The settings are platform-independent, i.e. for all devices, such as desktop computers or mobile devices.


17.          Instagram

On our sides functions of the service Instagram. These functions are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA integrated. If you are logged in to your Instagram Account, you can link to by Clicking on the Instagram button, and the contents of our pages with your Instagram profile. This allows Instagram to be able to assign the visit to our pages to your user account. We point out that we as providers of the sites no knowledge of the content of the transmitted data and use them through Instagram. For more information, please see the privacy policy of Instagram: