Version: 03.06.2019 – This page is only updated at irregular intervals. To ensure the optimum transparency, we therefore recommend that you frequently visit this page.

Welcome to the Doctor Film and/or Patient Film app from Thieme Compliance!

As the attending physician, you have recommended additional film material to your patient for a pending medical intervention via the Doctor Film app. As a patient, you were invited by your attending physician to view the footage with the Patient Film app.

In the following, we inform you, the physician (practitioner) and the patient (affected person), about the handling of your personal data when using our apps (hereinafter, this refers to both apps: The “Doctor Film app" and the “Patient Film app", unless otherwise noted) and your associated rights.

If you would like to contact for the safeguarding of your rights as a user, you can find the respective contact persons under point 5. You will not incur any costs other than the transmission costs according to the basic tariffs.
 

Table of contents

1. Responsibilities
2. Legal basis, purpose, method and scope of the data processing
3. Data recipients & possible recommendations
4. Safeguarding of your rights as a “data subject” in terms of the data protection law
5. Contact for further questions about the app 

Important: Questions concerning medical treatment are the sole responsibility of the practitioner. The same applies if a film cannot be activated on the Patient Film app.

1. Responsibilities

The practitioner is responsible for the processing of your personal and medical data (practice, clinic, other medical institution). As the user of the app (doctor or patient), you are responsible for ensuring that no unauthorised person has access to your device.

2. Legal basis, purpose, method and scope of the data processing

The videos provided especially for you in our free app highlight the information concerning the recommended procedure in the doctor's consultation as part of the treatment contract. This means it is possible to trace exactly what the planned treatment refers to at any time.

Our legal basis as the maker and operator of the app

As the maker and operator of the app, we, Thieme Compliance GmbH, pursue the basic data protection principle of data minimisation and avoid the processing of personal data as far as possible. We collect, store and use data relating to your person to the extent that this is permitted.

a) a contract or a relationship of trust similar to that created by a contract (according to article 6 para. (1b)  GDPR)

e.g. for the authentication of the customer (practitioner) and the authorised user of the ordered video material (affected person), for the provision of the films selected individually by the practitioner, for the allocation of the videos to the person and/or practitioner as well as for license administration (practitioner only);

b) the legitimate interest of our company (according to article 6 para. (1f) GDPR)

provided that your interests (fundamental rights and freedoms) do not outweigh our interests

e.g. to ensure the proper functioning of the app on different end devices, for the security of personal data within the app as well as on the transmission path and to optimise the usability of our app;

Scope of the personal data (1) and/or data attributable to an individual person in the app and on our server

Type of data	Practitioner	Affected person	Comment
Name of practitioner1	X	-	Name of institution
Name of person1	X	X	If derivable (name of practice, email address)
Free text field	X	-	Further information about the customer (departments, contractual numbers chosen by the customer, etc.)
Business partner ID	X	-	Identifier of the institution
Contract number	X	-	Identification of the contract partner in the institution
Password	X	-	Authentication of the Doctor Film app
Email address	X	X	As far as attributable to an individual person
Code	-	X	Authentication of the Patient Film app
Abbreviation of the film	X	X	Pseudonym
IP address	X	X	Normally, pseudonym as the minimum
Date, time	X	X	Protocol information concerning the contract
Download of the app	X	X	To arrange the time for the sending of the code
End of the film reached	X	X	Feedback to the practitioner & popularity of the video
End devices identification data	X	X	ISMS, type, manufacturer, operating system
Log File	X	X	Troubleshooting, technical analysis

This information is necessary to guarantee the operation of the app.

Contacting us as the maker of the app

If you contact us, by email or telephone, for instance, we will save and use your details in order to process your enquiry. We will not pass on your data to third parties without there being a legal basis to do so and we will not, of course, sell your data.

Authentication & assigning of used videos

To be able to provide the exact content available for a specific intervention, the practitioner selects the appropriate film material and assigns it to the patient via the Doctor Film app by entering an email address which is provided by the patient.

This email address will be transmitted to our server together with the business partner ID and contract number of the practitioner. It is there that the assignment of the respectively required video material takes place. Subsequently, the patient receives a link from our server which triggers the provision of the videos relevant to him or her on his or her end device. The videos can be saved locally in a memory area defined by the app, so that the films can be viewed even without a sufficient Internet connection.

Reports & evaluations

We only require a personal reference to ensure that you are an authorised purchaser and/or recipient of the medical film material (data of the app user). For this purpose, the Doctor Film app must connect regularly to our server. In addition, the app informs the practitioner when the affected person has played the film through to its ending.

The use of the app is free of charge. Licensed (fee-based) films are invoiced by the practitioner on the basis of an annual license. Therefore, we only require the usual compulsory information (name of the institution, address, reference period, contract number) for the invoicing (to the practitioner). With the exception of the contract number, this data is not used by the app, but only within the company.

We carry out evaluations to be able to optimise our offer for you. We therefore assess which customer number has viewed which films how many times and search for particularly popular film material. These evaluations are carried out purely on a commercial basis and without further personal reference.

Log files are provided in the app, but have not yet been used.

3. Data recipients & recommendation options

Subsequent recipients are able to receive and/or process data by using the app.

a) The organisation providing the treatment as the Controller (medical practice, clinic, other medical institution)

The practitioner receives the data required for the contractually agreed treatment from the affected person. The practitioner receives information via the app that the affected person has played the film through to its ending.

b) Thieme Compliance GmbH (maker of the app, provider of the films in the app)

The practitioner uses the app to forward the email address provided by the patient and the desired film title to us as the service provider of the practitioner for further processing

c) The affected person (patient)

The patient (affected person) receives an email from us. This contains the link to the App Store where the Patient Film app can be downloaded as well as an access code to unlock the films in the app. Only then are the corresponding videos transferred from the server.

d) Further contract processor for the completion of the order

The authentication of the practitioner and patient (affected person), the technical provision of the films as well as the retrieval of information concerning their usage status are carried out in the app via a special server with a separate email server. The operator is our contract processor Assense Software Solutions GmbH, Brandstwiete 46; 20457 Hamburg. They are also significantly involved in the development of the app.

We will not pass on your data to third parties and we will not, of course, sell your data.

Unless expressly described in the following for individual cases, no processing of personal information outside of the European Union (EU) and/or the European Economic Area (EEA) takes place and is not planned to take place either.

e) App store

As the maker of the app, we receive information from the store as to if our app has been evaluated. We dispose of the information visible in the App Store. It is very likely that the App Store will collect data regarding your person. We exert no influence over this. Details are available from the operator of the App Store.

f) Services on your end device

The vendor and/or manufacturer of your end device generally offers you the option of backing up in its cloud if this option is enabled on your end device. It is usually the case that elements of your operating system or third-party apps installed by you on your end device also collect data about you, your location, the apps used, search terms or even usage and communication data. This applies, in particular, to services with artificial intelligence such as language assistants. The same applies in the scope of the conditions of use of your respective telecommunication provider. We exert no influence over this, but we recommend that you check your data protection settings regularly.

g) Third party of your choice: Recommendation options

If our films have convinced you, you can recommend them by email: When you click on it, a draft email is created in your local email program which you can change, use and send as you wish.

4. Safeguarding of your rights as a “data subject” in terms of data protection law

Privacy is particularly important in the case of health-related impairments. We take this into account with our products and in terms of the way in which we work. Last but not least, we actively contribute to maintaining medical confidentiality.

Product data protection

In accordance with the requirements of the GDPR with respect to products and services that we market on the European (German) market, we are offering a wide range of different approaches for the corresponding technical design, as well as fundamentally data-protection-compliant pre-settings.

Other technical and organisational measures

We implement a wide range of technical and organisational measures to be able to protect your data properly when it is processed. This entails us pursuing the protection objectives of confidentiality, integrity (completeness and correctness of data), availability and imputability (authenticity). In the following are a few examples of our concept.

• The data transfer of our offering is encrypted in accordance with the current security standard.
   
• The access to and accessing of the data processing systems is realised by means of a dedicated authorisation procedure which is subject to regular checks.
  Evaluations in the form of the tracking of recorded data are usually only carried out at the content level and not at the user level, and only by authorised workers who are obliged to maintain data protection and who are regularly trained and informed with respect to the importance of compliance. No evaluation for billing purposes takes place.
   
• If business partners work on our behalf within the framework of the data processing (outsourcing), they are carefully selected and contractually obliged to maintain data protection in compliance with the legal provisions. The compliance with the agreement will be controlled should this be necessary.
   
• Retention of data and duration of storage: If you no longer wish to use the app, you can simply uninstall it. Assigned film material will be removed from the app as soon as the contract expires or the deadline set by the practitioner has expired. Enquiries to us as the maker of the app will be included in our ticket system to ensure that your request is dealt with promptly and to your satisfaction. These entries will be stored internally by us in the form of a knowledge database and will therefore not be erased. This enables us to quickly carry out troubleshooting and its correction and to therefore provide an effective service for the users of our app.
  The duration of the data storage takes place in accordance with the legal requirements. It is also in our interest not to store your data in our system for longer than is necessary. We determine the minimum duration of storage within the scope of the description of our processing activities. By means of suitable technical rules and/or processing techniques, the deadlines for erasure are determined and the destruction of required data is initiated, as far as technically possible.
   
• As the user, you have the right to receive information about the personal data saved about your person free of charge. You also have the right to have any incorrect data corrected, to the restriction of its use and/or to have your personal data erased to the extent that it is not required to fulfil the contract and where the erasure is not in contradiction of the legal storage obligations. No fees arise for you in this case except for the transmission fees in accordance with the base rates. The right to the transferability of your data does not apply in this case because you do not provide us with any information. If you are of the opinion that our data processing is not in compliance with the legal requirements, we will be grateful if you notify us of this accordingly. Your right to lodge a complaint with a supervisory authority naturally remains unaffected by this.
   
• To ensure the effectiveness and sustainability of implemented data protection measures, in addition to the company management (as the controller), the data protection and the compliance department (a standardised approach to continuous optimisation of our data protection level) and experienced external data protection experts are available.

5. Contact for further questions about the app

Important: The organisation that provides you with treatment and its Data Protection Officer are responsible for the processing of your patient data. Thieme Compliance is only responsible for the technical data of the app and is only able to provide you with information that regards such data.

Maker and operator of the app
Thieme Compliance GmbH, Am Weichselgarten 30a, 91058 Erlangen
Telephone: +49 9131 93406-40, email: service@thieme-compliance.de.

The responsible Data Protection Officer
You can contact our Data Protection Officer Ms. Blossey at any time should you have any data protection questions relating to the app. The best way to contact her is by email: datenschutz@thieme-compliance.de.

The competent supervisory authority
You can exercise your right to complain about data processing which fails to comply with the data protection regulations by your practitioner (medical institution) at any supervisory authority.

Here you can find the data protection information Video Apps as a download.