Airadoc GmbH, Am BioPark 13, 93053 Regensburg, including its subsidiaries (hereinafter collectively referred to as "the company," "we," or "us"), takes the protection of your personal data with the highest priority. With this privacy policy, we aim to inform you comprehensively about our data protection practices.
With the implementation of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter "GDPR"), we, as the data controller, have been assigned additional obligations to ensure the protection of personal data of affected individuals. In the following, we will refer to you as the affected person also as "user," "customer," "you," or "data subject."
In cases where we alone or jointly with others decide on the purposes and means of data processing, we are particularly obligated to inform you transparently about the type, scope, purpose, duration, and legal basis of the processing (in accordance with Art. 13 and 14 GDPR). With this declaration (hereinafter "Privacy Policy"), we inform you about how your personal data is processed by us.
Our privacy policy is modular and consists of:
For better orientation, please note the following structure:
In accordance with Art. 4 GDPR, the following definitions apply to this privacy policy:
"Personal data" (Art. 4 No. 1 GDPR) refers to all information relating to an identified or identifiable natural person ("data subject"). A person is considered identifiable if they can be directly or indirectly identified, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. Identifiability can also result from the combination of various pieces of information or additional knowledge. The form of the information (photos, videos, audio recordings, etc.) is irrelevant.
"Processing" (Art. 4 No. 2 GDPR) refers to any operation or set of operations performed on personal data, whether or not by automated means. This includes collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of data, as well as the modification of the original purpose.
"Controller" (Art. 4 No. 7 GDPR) refers to the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.
"Third party" (Art. 4 No. 10 GDPR) refers to a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data. This includes other affiliated legal entities.
"Processor" (Art. 4 No. 8 GDPR) refers to a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller, particularly following their instructions (e.g., IT service providers). In the context of data protection law, a processor is not considered a third party.
"Consent" (Art. 4 No. 11 GDPR) of the data subject refers to any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
The entity responsible for processing your personal data in accordance with Art. 4 No. 7 GDPR is:
Airadoc GmbH
Am BioPark 13
93053 Regensburg
Germany
Management: Prof. Dr. Thomas Bolz
Email: info@airadoc.com
For further information about our company, please refer to the legal notice on our website.
If you have any questions regarding data protection, our Data Protection Officer is Jonathan Bollig.
Email: info@airadoc.com
In principle, any processing of personal data is prohibited by law and is only permitted if one of the following legal justifications applies:
For the processing operations we carry out, we specify the applicable legal basis below. Processing may be based on multiple legal grounds.
For our processing operations, we specify below how long the data is stored and when it is deleted or blocked. If no explicit storage period is specified, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies. Your data is generally stored on our servers in Germany, subject to transfer in accordance with the provisions in A.(7) and A.(8).
Longer storage may be necessary in the case of (threatened) legal disputes or if storage is required by legal provisions (e.g., § 257 HGB, § 147 AO). After the statutory retention periods expire, the data will be blocked or deleted unless further storage is necessary and legally permissible.
We implement appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction, or unauthorized access (e.g., TLS encryption for our website). In doing so, we consider the state of the art, implementation costs, and the nature, scope, context, and purpose of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons. Our security measures are continuously adapted to technological progress.
Further information on this can be obtained upon request from our Data Protection Officer (see A.(3)).
Like any larger company, we also use external domestic and foreign service providers (e.g., in the areas of IT, logistics, telecommunications, marketing). These act solely according to our instructions and have been contractually obligated to comply with data protection regulations in accordance with Art. 28 GDPR.
If personal data is transferred to our subsidiaries or transmitted by them to us, this is done within the framework of existing data processing agreements.
In the course of our business relationships, your personal data may be transferred to third-party companies that may also be located outside the European Economic Area (EEA), i.e., in third countries. Such processing is carried out exclusively for the fulfillment of contractual and business obligations and for the maintenance of our business relationship. Details of the respective transfer are explained at the relevant points in this statement.
Some third countries are certified by the European Commission through so-called adequacy decisions as having a level of data protection comparable to the EEA (a list of these countries and copies of the decisions can be found at: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html). In other third countries to which personal data is transferred, there may not be a comparable level of data protection. In such cases, we ensure that data protection is adequately guaranteed, for example, through binding corporate rules, EU standard contractual clauses, certificates, or recognized codes of conduct. For more information, please contact our Data Protection Officer (see A.(3)).
If we use automated decision-making, including profiling, we will inform you separately about this, as well as about the underlying logic, scope, and intended effects.
In principle, we do not use your personal data for automated decision-making or profiling.
We do not make the conclusion of contracts dependent on you providing us with personal data in advance. There is generally no legal or contractual obligation to provide us with your personal data. However, it may be that we can only provide certain services to a limited extent or not at all.
Under certain circumstances, we may be subject to legal or regulatory obligations to provide lawfully processed personal data to third parties, particularly public authorities (in accordance with Art. 6 (1) sentence 1 lit. c GDPR).
As a data subject, you have the following rights regarding your processed personal data, which you can exercise at any time using the contact details provided under A.(2):
As data protection law, technology, and organizational changes evolve, we regularly review our privacy policy for necessary adjustments. Changes will be announced on our website at https://www.airadoc.com. This privacy policy is current as of 03/2025.
As data protection law, technology, and organizational changes evolve, we regularly review our privacy policy for necessary adjustments. Changes will be announced on our website at https://www.airadoc.com. This privacy policy is current as of 03/2025.
As data protection law, technology, and organizational changes evolve, we regularly review our privacy policy for necessary adjustments. Changes will be announced on our website at https://www.airadoc.com. This privacy policy is current as of 03/2025.
As data protection law, technology, and organizational changes evolve, we regularly review our privacy policy for necessary adjustments. Changes will be announced on our website at https://www.airadoc.com. This privacy policy is current as of 03/2025.
Information about our company and the services we offer can be found in particular at https://www.airadoc.de and its associated subpages (hereinafter collectively referred to as "websites"). When visiting our websites, your personal data may be processed.
Soweit die im Nachfolgenden genannte Verarbeitung auf Art. 6 Abs. 1 S. 1 lit. f DSGVO beruht, stellen die genannten Zwecke zugleich unsere berechtigten Interessen dar.
During the purely informational use of our websites, the following categories of personal data are collected, stored, and further processed:
"Log data": Each time you access our websites, a temporary and anonymized log data record (so-called server log files) is stored, which contains the following information:
Referrer URL (the page from which the request came)
"Contact form data": When using our contact forms (e.g., for communication about our services, appointment booking, or requesting findings, prescriptions, etc.), we process the data provided, such as name, first name, date of birth, email address, phone number, and time of submission. Additionally, optionally provided data such as gender, company, address, health data, or insurance status may be processed.
"Log data": Each time you access our websites, a temporary and anonymized log data record (so-called server log files) is stored, which contains the following information:
When registering for our newsletter, we collect, store, and process the following "newsletter data":
We would like to point out that we can evaluate your user behavior when sending the newsletter. The emails contain so-called web beacons or tracking pixels, which are linked to your email address and a unique ID. Newsletter links also contain this ID. The data is collected exclusively in pseudonymized form, i.e., the IDs are not linked to your other personal data.
When registering for the SMS notification service, we collect, store, and process the following "SMS data":
When creating a user account, we collect, store, and process the following "account data":
When creating a user account, we collect, store, and process the following "account data":
Rechtsgrundlage: Zertifizierung gemäß Art. 46 Abs. 2 S. 1 lit. f DSGVO im Rahmen des Data Privacy Frameworks. Nähere Informationen zur Zertifizierung auf Data Privacy Framework.
Rechtsgrundlage: Zertifizierung gemäß Art. 46 Abs. 2 S. 1 lit. f DSGVO im Rahmen des Data Privacy Frameworks. Nähere Informationen zur Zertifizierung auf Data Privacy Framework.
We process the aforementioned personal data in accordance with the GDPR and only to the extent necessary. If the processing is based on Art. 6 (1) sentence 1 lit. f GDPR, the stated purposes also represent our legitimate interests.
Log data processing serves statistical purposes and the improvement of our website, particularly its stability and security (legal basis: Art. 6 (1) sentence 1 lit. f GDPR).
Contact form data processing is carried out to handle inquiries, communication, appointment booking, or the provision of findings, prescriptions, etc. (legal basis: Art. 6 (1) sentence 1 lit. b or f GDPR). For optional information such as gender or health data, the processing is based on your consent (legal basis: Art. 9 (2) lit. a GDPR).
Newsletter data processing is based on your consent (legal basis: Art. 6 (1) lit. a GDPR). For registration, we use the double opt-in procedure, where we send you a confirmation email after registration. This serves as proof of your registration and prevents misuse. You can withdraw your consent at any time by clicking the unsubscribe link in the newsletter, by email to info@airadoc.de, or by contacting the contact details provided in the legal notice.
Account data processing is carried out for the purpose of contract initiation and execution or the use of our services based on your consent (legal basis: Art. 6 (1) lit. a GDPR). For optional data such as health data, the processing is based on your consent (legal basis: Art. 9 (2) lit. a GDPR). For account creation, we use the double opt-in procedure. You can delete your account at any time in your account area, by email to info@airadoc.de, or by contacting the contact details provided in the legal notice.
Your data will only be processed for as long as necessary for the stated purposes. For consent-based processing, your data will be processed until you withdraw your consent (legal basis: Art. 7 (3) GDPR).
Third parties commissioned by us will only store your data for as long as necessary to provide the service in accordance with the respective contract.
Further information on storage duration can be found under A.(5) and in the cookie policy.
If necessary for the delivery of ordered goods, we will transfer your data to the commissioned shipping company for contract fulfillment (legal basis: Art. 6 (1) sentence 1 lit. b GDPR).
For payment processing, we will transfer the necessary payment data to the commissioned bank or the selected payment service provider (legal basis: Art. 6 (1) sentence 1 lit. b GDPR). In some cases, this data is also collected directly by the payment service provider if you have an account there. In this case, the privacy policy of the respective payment service provider also applies.
With your explicit consent, we will transfer your email address and phone number to the shipping company so that they can contact you before delivery (legal basis: Art. 6 (1) sentence 1 lit. a GDPR). You can withdraw this consent at any time.
Our website uses the online payment service Stripe (Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Dublin, Ireland) for credit and debit card payments. By selecting Stripe as your payment method, you consent to the transmission of the data required for payment processing.
Transaction data (payment method, bank code, currency, amount, payment date) as well as, if applicable, name, address, IP address, email address, and telephone number are transmitted to Stripe. This is for payment processing and fraud prevention. Stripe may share data with credit agencies for identity and credit checks.
Stripe is used in the interest of contract fulfilment (legal basis: Art. 6 (1) (b) and (f) GDPR) or on the basis of your consent (legal basis: Art. 6 (1) (a) GDPR).
When processing data via Stripe, data may be transferred to the USA. According to the European Court of Justice, the USA currently does not have an adequate level of data protection. There is a risk that US authorities will process your data for surveillance purposes without you having effective legal remedies. Security is ensured by EU standard contractual clauses (SCCs) and binding corporate rules (BCRs). If these are not sufficient, Article 49 (1) (a) GDPR can serve as the legal basis.
Further information on data protection at Stripe can be found at: https://stripe.com/at/privacy.
The following categories of recipients may have access to your personal data:
As part of our website, we use cookies. Cookies are small text files that are stored on your device by the browser you use, linked to a specific string. This storage allows the issuing party to obtain certain information. Cookies are technically unable to execute programs or transmit malware to your device, so they pose no danger. Their use improves the usability and efficiency of our online offering.
Cookies may contain information that allows the identification of the device used. Other cookies only store non-personal configuration settings. Direct identification of the user by cookies is not possible.
Cookies are classified according to their storage duration (temporary session cookies vs. permanent cookies) and their functionality:
Any use of cookies that is not technically necessary constitutes a processing operation relevant to data protection law, which is only permitted with your express and active consent in accordance with Art. 6 (1) (a) GDPR. This particularly applies to advertising, targeting, and interaction cookies. Personal data processed by cookies will also only be transferred to third parties with your express consent in accordance with Art. 6 (1) (a) GDPR.
Below you will find detailed information about the cookies we use and instructions on managing your cookie settings:
Cookie: PHPSESSID
Domain: airadoc.com
Description: This cookie is an essential part of PHP applications and is used to store and identify the unique session ID of a user to manage their web session. It is a temporary cookie that is automatically deleted when all browser windows are closed.
Storage duration: Session duration
Category: Technically necessary
Cookie: airadoc_session_id
Domain: airadoc.de
Storage duration: Session duration
Category: Technically necessary
Cookie: airadoc_device_id
Domain: airadoc.de
Storage duration: Session duration
Category: Technically necessary
Cookie: airadoc_info
Domain: airadoc.de
Storage duration: Session duration
Category: Technically necessary
We do not implement direct social media plugins on our websites. If symbols of social media platforms (such as Facebook, Instagram, or similar services) appear on our website, they function solely as passive references to the respective provider pages.
Our website uses jQuery and jQueryUI technologies to improve loading times. For this purpose, we use locally stored program libraries originally developed by Google. When using these libraries, no connection to Google servers is established.
The use of jQuery and jQueryUI serves to provide an aesthetically pleasing and performant presentation of our digital offerings. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR.
For sending informational and notification emails, we use the Sendinblue service. The provider is Sendinblue GmbH, located at Köpenicker Str. 126, 10179 Berlin.
Sendinblue assists us in organizing and managing the sending of emails (e.g., for appointment confirmations, reminders, and similar notifications). If you provide us with your email address to receive such notifications, your data will be processed via Sendinblue's infrastructure.
You can withdraw your consent to receive informational or notification emails at any time by contacting the address provided under A.(2). Upon withdrawal, your data will be deleted both from us and Sendinblue. Data stored for other purposes will remain unaffected.
The processing of your data by Sendinblue is based on your consent in accordance with Art. 6 (1) lit. a GDPR. You can withdraw this consent at any time with effect for the future, without affecting the lawfulness of processing based on consent before its withdrawal.
Further data protection information about Sendinblue can be found at:
https://de.sendinblue.com/legal/privacypolicy/
and
https://de.sendinblue.com/informationen-newsletter-empfaenger/.
For sending informational and notification SMS, we use the Spryng service. The provider is Spryng B.V., located at Hannie Dankbaarpassage 20-B, 1053 RT Amsterdam.
Spryng enables us to efficiently manage and execute SMS sending. If you provide your mobile phone number to receive informational or notification SMS, this data will be processed via Spryng's technical infrastructure.
If you do not wish to have your data transferred to Spryng, you can withdraw your consent to receive informational or notification SMS at any time by contacting the address provided under A.(2). Upon withdrawal, your data will be deleted both frṅom us and Spryng. Data stored for other purposes will remain unaffected.
The processing of your data by Spryng is based on your consent in accordance with Art. 6 (1) lit. a GDPR. You can withdraw this consent at any time with effect for the future, without affecting the lawfulness of processing based on consent before its withdrawal.
Detailed information on data protection at Spryng can be found in the provider's privacy policy:
https://www.spryng.nl/en/privacy-policy/.
Our Medical Scribe System leverages cutting-edge AI to create editable, accurate, and reliable documentation for every patient visit. With voice and line-by-line editing capabilities, it empowers doctors to focus on their patients, not paperwork.
Airadoc connects exceptional healthcare professionals with their patients.
.svg)