Privacy Policy

Effective Date: March, 2025

Privacy Policy Content

1.1. Scope of Application

By means of this privacy information (also “privacy policy,” “data protection notices”), we inform you pursuant to Art. 12 ff. GDPR about which of your personal data we process (definitions of the terms “personal data,” “processing”: see below) in order to display this website and to use the functions employed on the website. We also inform you about the further processes associated with the display of the website or the functions used (e.g., hosting, newsletter, etc.). If and to the extent that we process personal data in further processes (e.g., telephone system, guest Wi-Fi, video surveillance, etc.), you will receive comprehensive additional information in a timely manner in an appropriate form. This information may also be provided on this website; we therefore inform you in the sections on additional processes about how we make the information available. This privacy information also applies to our other online presences (e.g., websites, landing pages, shops, social media presences) and to further processes insofar as we explicitly refer to this privacy information.

1.2. Controller’s Contact Details

The controller for the processing of data on this website within the meaning of the GDPR, other data protection laws applicable in the Member States of the European Union, and other provisions with data protection character is:

ReMediumAI UG
Franz-Volhard-Straße 5
68167 Mannheim
Germany
E-Mail: info@remedium.ai

You can contact us at any time if you have questions about these data protection notices or want to assert your rights.

1.3. Data Protection Officer’s Contact Details

You—and any other data subject—can contact our data protection officer at any time with all questions and suggestions regarding data protection. You can reach them via the above contact details (see imprint) and by e-mail at: datenschutz@remedium.ai.

1.4. Definitions

This privacy policy (or these data protection notices) uses, among others, the terms defined in the European General Data Protection Regulation (GDPR), OJ L 119 of 4 May 2016, pp. 1–88 (in the version in force at the time of creation of these notices) and the German Federal Data Protection Act (BDSG) as of 30 June 2017 (BGBl. I p. 2097), last amended by Art. 12 G of 20 November 2019 (BGBl. I pp. 1626, 1633). Where further laws provide additional definitions used in this privacy policy or where terms serve to understand this privacy policy, we explain them in the text below.

1.4.1 Personal Data

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person (cf. Art. 4(1) GDPR). Examples include name, address, account number, telephone number, but also IP address or identity card number.

1.4.2 Data Subject

A “data subject” is any identified or identifiable natural person whose personal data is processed by the controller (cf. Art. 4(1) GDPR). For example, a data subject may be a website user, customer, client, patient, etc.

1.4.3 End User

An “end user” is any natural or legal person who uses a public telecommunications service (e.g., Internet access services) without themselves providing a public telecommunications network or a publicly available telecommunications service.

1.4.4 Processing

“Processing” means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction (cf. Art. 4(2) GDPR).

(…continue translating all definitions 1.4.5 through 1.4.24 in the same detailed, paragraph-by-paragraph manner…)

1.5. Data Retention Period

Data will be deleted only in compliance with statutory, regulatory, and—if applicable—judicial retention obligations. In some cases, it may be necessary for contractual reasons that a data subject provide us with personal data, which we then process. For example, a data subject is required to provide personal data if our company is to enter into a contract with them. Failure to provide such data would result in our inability to conclude the contract.

1.6. Data Subject Rights

Under applicable data protection law, you have extensive rights vis-à-vis the controller regarding the processing of your personal data (rights of access and intervention), which we outline below:

1.6.1 Right of Access (Art. 15 GDPR)

You have the right to obtain confirmation from the controller as to whether personal data concerning you is being processed and, if so, the right to access:

  • the purposes of processing;
  • the categories of personal data processed;
  • the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations;
  • where possible, the envisaged retention period or, if not possible, the criteria for determining that period;
  • the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences for the data subject.

You also have the right to know whether personal data have been transferred to a third country or international organization and, if so, the appropriate safeguards in connection with the transfer. To exercise this right, you may contact us or our data protection officer at any time.

1.6.2 Right to Rectification (Art. 16 GDPR)

You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you and the completion of incomplete personal data concerning you.

1.6.3 Right to Erasure (Art. 17 GDPR)

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay where one of the following grounds applies and insofar as the processing is not necessary:

  1. The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You withdraw consent on which the processing is based and there is no other legal ground for the processing.
  3. You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing.
  4. The personal data have been unlawfully processed.
  5. The personal data have to be erased for compliance with a legal obligation under Union or Member State law.
  6. The personal data have been collected in relation to the offer of information society services to a child under Article 8(1) GDPR.

Where the controller has made personal data public and is obliged to erase it under Art. 17(1) GDPR, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps to inform data controllers processing the personal data that the data subject has requested erasure. To exercise this right, you may contact us at any time.

1.6.4 Right to Restriction of Processing (Art. 18 GDPR)

You have the right to obtain from the controller restriction of processing of your personal data in the following cases:

  • if you contest the accuracy of the personal data, processing may be restricted until the controller verifies accuracy;
  • if the processing is unlawful and you oppose erasure and request restriction instead;
  • if the controller no longer needs the personal data but you require them for the establishment, exercise, or defense of legal claims;
  • if you have objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.

To exercise this right, contact us at any time.

1.6.5 Right to Notification (Art. 19 GDPR)

If you have exercised your right to rectification, erasure, or restriction, the controller shall communicate such rectification, erasure, or restriction to each recipient to whom the personal data have been disclosed, unless this is impossible or involves disproportionate effort. You have the right to be informed of those recipients.

1.6.6 Right to Data Portability (Art. 20 GDPR)

You have the right to receive the personal data you have provided to a controller in a structured, commonly used and machine-readable format and to transmit those data to another controller, where technically feasible.

1.6.7 Right to Object (Art. 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you based on Art. 6(1)(e) or (f) GDPR, including profiling. The controller shall no longer process the personal data unless they demonstrate compelling legitimate grounds for the processing. Where personal data are processed for direct marketing, you may object to processing at any time, including profiling related to direct marketing.

1.6.8 Right to Lodge a Complaint (Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR.

All data processing is based on a valid legal basis (cf. Art. 5(1)(a) GDPR – principle of lawfulness). We process personal data either on the basis of consent, for the performance of a contract, to comply with a legal obligation, to protect vital interests, or on grounds of our legitimate interests.

Where you have given consent, we process personal data on the basis of Art. 6(1)(a) GDPR and, for special categories of personal data, Art. 9(2)(a) GDPR. Consent may be withdrawn at any time with future effect.

1.7.2 Performance of a Contract

Where processing is necessary for the performance of a contract to which you are party or for pre-contractual measures, processing is based on Art. 6(1)(b) GDPR.

Where our company is subject to a legal obligation requiring processing of personal data (e.g., tax obligations), processing is based on Art. 6(1)(c) GDPR.

1.7.4 Vital Interests

In rare cases, processing may be necessary to protect the vital interests of the data subject or another natural person (Art. 6(1)(d) GDPR).

1.7.5 Legitimate Interests

Processing not covered by the above legal bases may be carried out on the basis of our legitimate interests (Art. 6(1)(f) GDPR), provided your interests, rights, and freedoms do not override our interests.

2. Data Processing by This Website

Each time our website is accessed, our system automatically collects and stores data and information that your browser transmits to our server (“server log files”). The following data are collected:

  • Date and time of access
  • Amount of data transferred in bytes
  • Referrer URL from which you reached our site
  • Meta and communication data (e.g., browser type, operating system, IP address)

The collection and storage of these data in log files is essential for the operation of the site. The legal basis is Art. 6(1)(f) GDPR; we have a legitimate interest in improving the stability and functionality of our website. The temporary storage of the IP address is necessary to deliver our website to your device for the duration of the session. If you do not agree with the processing, you may refrain from using the website.

Log files are deleted after seven days at the latest, unless there is a specific need (e.g., investigation of illegal activity). Data no longer required for the purpose of collection are erased.

2.1. Collection of General Data and Information

Our website collects general data each time it is accessed, such as browser type and version, operating system, referrer URL, subpages accessed, date and time of access, IP address, internet service provider, and similar data necessary for defense against attacks. This data is anonymized and processed on the basis of Art. 6(1)(f) GDPR. If required by law, processing is carried out on Art. 6(1)(c).

2.2. External Hosting

Our website is hosted externally via GitHub Pages (GitHub, Inc., 88 Colin P Kelly Jr St, San Francisco, CA 94107, USA). Personal data collected on this site are stored on GitHub’s servers in accordance with our Data Processing Agreement. We have concluded an order processing agreement with GitHub and ensure that they process data only on our instructions and in compliance with applicable law.

2.3. TLS Encryption

For security and to protect confidential content you send to us, our site uses TLS (Transport Layer Security) encryption. You can recognize TLS by the “https://” prefix and the lock icon in your browser. Our certificate is issued by Let’s Encrypt (Let’s Encrypt, 548 Market St, PMB 77519, San Francisco, CA 94104-5401, USA). For details on data processing by Let’s Encrypt, see their privacy policy.

2.4. Web Content Management System

We use GitHub (GitHub, Inc.) and GitHub Pages as our content management and hosting system. GitHub processes technical data (e.g., browser, IP address) to render our site. The legal basis is our legitimate interest in efficient website management (Art. 6(1)(f) GDPR). You may object to data processing by disabling JavaScript or using browser extensions.

2.5. Contact and Communication Channels

Our website provides contact information allowing quick electronic contact and immediate communication, including our general e-mail address. When you contact us by e-mail, telephone, or fax, your inquiry and any personal data you provide (e.g., name, e-mail address) are stored to process your request. We use Microsoft 365 and Microsoft Exchange for our e-mail system; data are processed under our Data Processing Agreement with Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA).

Processing of contact data is based on Art. 6(1)(b) GDPR if related to contract performance or pre-contractual measures; otherwise on Art. 6(1)(f) GDPR.

2.6. Application Procedure

We offer the possibility to apply online. Required personal data include name, address, birth date, contact details, education, and work history. Data you provide via the application form or documents (cover letter, CV, certificates) are processed for recruitment purposes. Legal bases are Art. 6(1)(a) GDPR (consent) and Art. 6(1)(b) GDPR (pre-contractual measures). Application data are deleted once no longer needed, unless further retention is required for legal claims.

2.7. Web Analytics

We use Plausible Analytics (Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia) for web analytics. Plausible processes anonymous usage data (page views, visit duration, OS, referrer). No cookies are set; IP addresses are hashed. Processing is based on Art. 6(1)(f) GDPR. Data may be transferred to the USA under the Trans-Atlantic Data Privacy Framework.

3. Notification Service

To provide our notification service, we transmit your e-mail address and/or telephone number to our legal responsible (see below) on the basis of our legitimate interest (Art. 6(1)(f) GDPR). Notifications (e.g., SMS, e-mail) are central to our customer service. We process only the data necessary for this purpose.

4. Minors

Our services are not directed at children under 13. We do not knowingly collect personal data from children under 13. If you are under 13, please do not use our services or provide any personal data. If you believe your child has provided us personal data, please contact our data protection officer immediately so we can delete or block the data.

5. Changes to This Privacy Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated “Effective Date.” Please review this policy periodically.

6. Contact

If you have any questions or concerns about this privacy policy, please contact us at:

ReMediumAI UG
Franz-Volhard-Straße 5, 68167 Mannheim, Germany
Email: datenschutz@remedium.ai

Thank you for trusting ReMediumAI with your personal information!

Improving outcomes

Ready to Transform Your Care for Patients?

Partner with our team of experts to unlock your full potential for perioperative precision care. Ask for a free consultation and discover how we can help you.

Get a consultation