Privacy statement
Basic information according to the GDPR
Controller (art. 4.7)
Dr. med. Rafael J. A. Cámara
medscoops - Health Sciences
Postfach 3114, DE-55021 Mainz
rc@medscoops.com
(+49) 017 666 333 017
Natural persons (art. 1)
My privacy statement concerns you as user of my web services and as acquirer of my scientific support. In addition to your own personal data (PD), those of the persons participating in your studies are also very important. For the latter you are the controller, and I am your processor who supports you.
Processed PD
Depending on your interests, I process some of your contact details, such as your name and your email address, as well as content data, such as the description of your research objectives. I improve your user experience by means of usage data, such as the popularity of pages, and communication data, such as your browser-engine. Contract data are part of our service contract. Due to my retention obligations I store payment details.
Purposes (art. 5 and 6)
I process your PD to put medscoops.com at your disposal, look after your orders, and adapt my services to your interests. Above all, I do it to help you accomplish your professional objectives more easily.
Definitions
Pseudonymized PD
While data are attributable to a person, they are personal (art. 4.1); which includes pseudonymized data where the conditions of an attribution are strictly controllable (art. 4.5). In this case, a direct attribution is impossible, because all information that potentially would permit identifying a person is kept separately. A sequence of characters called 'pseudonym' is necessary to connect identifying information with pseudonymized data.
If data are anonymized, nobody can attribute them to a person; neither alone nor with help of information kept by others. They are no risk for individual interests or the fundamental rights and freedoms and are outside of the objective of the GDPR, which serves to protect PD (art. 1).
Consent to the processing
«Processing» signifies collect, organise, store, transmit, modify, or erase PD (art. 4.2). Your consent of the data subject (art. 4.11) to the processing of your PD is, as that of the persons who participate in your studies, voluntary, unambiguous, and requires precise information on the purposes and risks (art. 6 and 13). You - and your participants - can withdraw it at any moment and without justifications (art. 7.3).
For certain services (online information, exchange & forums, concise solutions) your activity on medscoops.com is an act that shows clearly that you consent to our cookies and the parts of this statement that concern you (art. 4.11). For others we enter a service contract, and you consent by entrusting your PD personally to me. For the persons who participate in your studies (art. 4.13 to 15), a signed declaration of consent is required to process PD. My services include that I elaborate or correct such materials for you.
Processor
Like I process data of participants to your studies for you (art. 4.8 & 4.10), some of my service providers are my processors of your own data (art. 28). Independently of the fact that each needs an own privacy statement, this is the decisive one when I am the controller, and I am established in the European union (art. 3).
My processors include diverse internet providers (see «Communication by safety» and «Browsing on medscoops.com») and my accountant. My web host, who provides his server, processes few data that might concern you as «end-user». All services are always conform with the GDPR.
Cookies
Cookies are small files stored on your computer. The next time when you load contents from a server on your browser, the cookies inform how to present them. I other words, when you browse through several pages or refresh them, you can maintain your own individual configurations. These include removing the cookie banner, selecting your language, accessing your account, buying articles, etc. Cookies can contain any information that your browser reveals to the scripts that it loads; which includes identifying information such as your IP address and geolocation. However, a website can only read its own cookies because your browser blocks any access between domains.
Temporal (=session) cookies only exist while you use your browser. Persistent cookies remain stored afterwards, provided that its settings allow this. If so, you can for instance turn off your computer and still remain connected to your account and maintain your preferences. Most of the few cookies on medscoops.com are «third-party-cookies». You can erase and even avoid them.
Legal bases
My duties of information
In the following chapters, I inform you about your rights and my duties (art. 12). For my availability as controller and the purposes of the processing of your PD (art. 13) see «Basic information according to the GDPR». Art. 6.1 is a supplementary legal base for my processing of your PD. Letter a concerns us for services without and letter b for such with service contract.
Art. 28 is the legal base for the processing of your PD by my processors. As some are established outside of the European Union, chapter 5 is relevant, too. Under «Business secrets» and «Legal retention obligations» I name the duration of storage of your PD (art. 13).
You decide on your PD
You have the right that I inform you in detail on all your PD that I process or delegate to my processors (art. 15). You can expect at any moment that I complete and correct information (art. 16). With few exceptions I erase your PD immediately (art. 17) or limit their processing (art. 18) if desired.
Upon request, I put the PD that you entrusted me at your disposal in a structured and well legible way (art. 20). You can object against the future processing of your PD and prohibit that I direct new offers specifically to you after completing my mandate (art. 21). In case of violation, you can make a complaint to the control authority named in art. 51 (art. 77).
Reliable data protection
As controller, I provide my services in a way that your PD are safe (art. 24). My organizational and technical measures (art. 25) also include that I select very carefully among the services of my processors (art. 28). The higher the risk for your rights and freedoms - and of the persons participating in your studies, the more my measures are safe (art. 32):
See under «Information by confidentiality» how I classify the processed PD, under «Communication by safety» how I adapt my measures to the risk, and under «Processing by service» how my processing depends on your interests (art. 5 and 6). Mis services also include that I elaborate supplementary measures if necessary.
Legal retention obligations
I am legally obliged to retain some documents with your PD beyond the fulfilment of your order (art. 17.3 b), even if you withdraw your consent to the processing. Given those obligations, I retain my tax documents, foremost the invoices, which logically contain your name, your address, and a part of your payment details, during six years as of the end of the year in which I made them (Abgabenordnung, §147, Absatz 1, 3 und 4). I conserve them very safely and use them only for fiscal purposes.
Information by confidentiality
Opportune information
Services that favour your reputation are very practical. Particularly, if you want that your contributions to health and well-being are known. My support is a potential advertising medium because it represents quality in your research; which is also valid for the part of your work that concerns your academic titles. In accordance with the university regulations, such as the demonstration of your own performances, my quality controls testify that you take your duties very seriously. Hence the mayor part of your PD that I process honour you, and your individual rights and freedoms benefit from them.
Business secrets
Out of my legal information obligations (art. 23), I keep silence over all your intern comments, documents, and other business secrets. This is valid during and beyond our collaboration for ever. I retain them maximally until all points of my mandate are concluded; safe in the cases where legal retention obligations require a different duration. Afterwards I erase your electronic files and return your printed documents. These points are part of our service contract and are equally valid for services without contract. The concern also your PD.
Vulnerable persons
The data in your studies could contain embarrassing information. While it is personal, I apply all the care required by the GDPR to protect the PD that are entrusted to me against the access by thirds; unless these are authorised by the signed consent of your participants and your written approval. Between the end of the validation and the beginning of my analyses, I anonymise my copy.
Too risky
I distance myself from all information that could make persons who participate in your studies identifiable. If necessary, for example validating their data, we use pseudonyms in order to clarify and solve cases without confusion. Never do I need the pseudonymisation key. In other terms:
« ¡From your participants I solely accept pseudonymised or anonymous data! »
To guarantee it, we deliberate over your datasets before I receive them. In the worst case, I erase immediately the affected set and ask you for a safe version. Otherwise, the heath data would be too risky for the rights and freedoms of natural persons.
Communication by safety
Order forms
Only the data entry of your order occurs on medscoops.com. My scripts realise the major part of the processing, including the organisation and the storage, on a safe and secret server. The processed PD are part of what you normally want to publish promptly anyway. A button facilitates printing your form and sending it as electronic or regular mail. This is less safe but perhaps more familiar than the button that sends it directly to my scripts. You decide on the information in the forms. Only consider that they facilitate my task substantially, so that you appreciate my services even more.
Zoom, Skype, e-mail, and phone
Those auxiliary tools can be useful to complement concise solutions. In other cases, they serve to our interview and the inspection of our service contract. However, a Microsoft account on medscoops is a privileged channel through which I react even faster than to Zoom, Skype, e-mail, or phone calls. Certainly, you select between your options as you wish, and I am at your disposal.
Microsoft Teams
Even though you probably already have a Microsoft account, I instal you one on medscoops with own email address, to separate the information associated with my services from your remaining information. Instead of your true name I use a pseudonym adapted to your preferences. Thereby, our correspondence, our calendar, our video sessions, and our protocols function through an exclusive channel. It is also possible to edit files simultaneously with this tool, but in case of sensitive information we probably favour zero-knowledge encryption.
End to end encryption
My safest tool synchronises one of your electronic folders so that we always work on the same version, even though each saves it locally on her/his computer. It functions through a secure server and stays actual, because it exists as open-source version and as solution for enterprises of different size. With a password known only by us, it encrypts your files locally before synchronising them, so that even the operators of the server would be incapable to read them if they tried (zero knowledge). Whenever the data protection officer considers it necessary, I conclude an individual contract on the processing of PD with the provider of this important tool.
Processing by service
Browsing on medscoops.com
Your activity on medscoops.com also testifies that you appreciate quality. My webhost processes few data to improve your user experience. His privacy shield certifies that his level of protection satisfies the criteria of the GDPR by agreement between the European Union and the United States. The cookies serve to the good functioningName | Origin | Values | Activation | Function |
---|---|---|---|---|
crumb | squarespace.com | changing random sequence | load medscoops.com | prevents the requests of malicious sites (anti-forgery cookie) |
language | multilingualizer.com | 0 (English), 1 (German), 2 (French), 3 (Spanish) | load medscoops.com; starts with the choice in your browser | memorises your selection made on my homepage |
block | medscoops.com | true | click «Block counting» on «tools of your browser» | prevents «ss_cvr» and «ss_cvt» despite «ss_cookieAllowed» |
ss_cookieAllowed | squarespace.com | true | click «OK» on the cookie banner | maintains this one removed and permits the cookies «ss_cvr» and «ss_cvt» |
test | medscoops.com | 5 à 9 (Gecko browsers); 0 à 4 (others) | click «set/erase test cookie» on «tools of your browser» | illustrates the intention of cookies and how to control them |
With the tools of your browser, you can errase and even prohibit the cookies. The latter option may disturb the functioning of most websites, but medscoops.com depends little on cookies. Unless you navigate to my homepage, the selected language remains stable even without «language» cookie. «crumb» is only necessary if there are confidential cookies to protect. Ironically, the most uncomfortable aspect of prohibiting them is that the cookie banner reappears at each page change.
Concise solutions
The concise solutions are rapid services without contract, such as brief advice or simple programs. Ideally, you know precisely what you need; which signifies that you can easily put all the required information is in the order form. However, a short phone or virtual meeting in case of incertitude or confidentiality concerns is certainly possible.
I deposit the solution and the invoice on a secure cloud. After remuneration, I send your link and password through your favourite method. Like my banc (transfer) or PayPal (online payment), I store your payment details.
Research services & mentoring
In case of intensive collaborations, I process your order and payment details like for the concise solutions, but instead of sending you a link of short duration to a folder in the secure cloud, I install you an account in it. Thus you can process in it as many files as you wish and share those that you want. The other aspects function as previously described.
In addition to the GDPR, our service contract values the ethics committees, the International Committee of Medical Journal Editors and the academic rules. While the former serve the protection of PD, the latter promote the transparency as characteristic of quality in research. The success of your studies augments, if you disclose the mayor part of your materials on a register before starting and an anonymised dataset after publishing. For you, I harmonise transparency with data protection.