Privacy Policy for the Medical Software OnctoDose

General Information

This Privacy Policy ("Policy") governs the processing of personal data related to the use of the medical software provided by ConnCons GmbH ("Provider"). The software enables physicians ("Users") to utilize patient data to calculate dosages for antineoplastic therapy.

The patient data processed by this software consists exclusively of information that does not allow the identification of individual patients or persons. Processed data includes, among others, height, weight, body surface area, and serum creatinine levels, which are used to calculate medication dosages for antineoplastic therapy. This data is neither stored nor does it include any personally identifiable information, such as names, addresses, or contact details.

Data Controller

The entity responsible for processing personal data is:

ConnCons GmbH
Blasewitzer Straße 9
01307 Dresden


Data Protection Officer for ConnCons GmbH

Melissa Kunze
Email: dataprotection@conncons.de
Phone: +49 0175 1800 673



Scope of Data Processing

The software processes the following categories of data:

Patient Data:

Medical data without personal identification, including:

  • Age, height, weight, gender, Body Mass Index (BMI), body surface area, Serum creatinine, glomerular filtration rate, Medication dosage

User Data:

  • The software does not store names or contact information of the treating physician.

  • The software can be used without access credentials.

Purpose of Data Processing

Data processing is carried out for the following purposes:

  • Calculating dosages for antineoplastic therapy based on individual patient data.

  • Ensuring the technical functionality and security of the software.

  • Fulfilling legal obligations, including compliance with medical and data protection regulations.

Legal Basis for Data Processing

The processing of personal data is based on the following legal grounds:

  • Article 6(1)(b) GDPR: Performance of a contract, specifically the provision of the software and its functionalities.

  • Article 6(1)(c) GDPR: Compliance with legal obligations, such as retention requirements in the medical context.

  • Article 9(2)(h) GDPR: Processing of special categories of personal data for purposes of health care and treatment.

User Responsibilities

Users are responsible for:

  • Ensuring that patient data is transmitted in compliance with legal requirements.

  • Proper use of the software in accordance with contractual and legal provisions.



Data Transfer and Storage

Data Transfer:

  • Patient data is entered manually and transferred to patient records manually after calculations. No data is stored.

  • Data is not shared with unauthorized third parties.

Storage:

  • Data is temporarily stored for calculation purposes exclusively on servers located within the European Economic Area (EEA).

  • Data is stored only for the period necessary to fulfill its purpose and in accordance with legal retention obligations.

Access:

  • Only authorized users and administrative personnel of the Provider have access to the data.

Data Security

The Provider commits to implementing appropriate technical and organizational measures in accordance with Article 32 GDPR to ensure an adequate level of protection for processed data. This includes:

  • OnctoDose does not implement access controls and relies solely on SSL/TLS for authentication.

  • Security updates are provided as needed.

Rights of Data Subjects

Patients and users have the following rights under GDPR:

  • Right of Access (Article 15 GDPR): Information about processed personal data.

  • Right to Rectification (Article 16 GDPR): Correction of inaccurate or incomplete data.

  • Right to Erasure (Article 17 GDPR): Deletion of personal data unless legal obligations prevent it.

  • Right to Restriction of Processing (Article 18 GDPR): Restriction of data processing under certain conditions.

  • Right to Object (Article 21 GDPR): Objection to processing for specific reasons.

Requests can be directed to the designated Data Protection Officer.

Data Transfers to Third Countries

No personal data is transferred to third countries outside the EEA without explicit consent or a legal basis in accordance with Articles 44–49 GDPR.

Changes to the Privacy Policy

The Provider reserves the right to amend this Policy to adapt to legal or technical developments. Changes will be communicated to users in a timely manner.

Contact and Complaints

For questions about data protection or complaints, please contact the Provider’s Data Protection Officer:

Melissa Kunze
Email: dataprotection@conncons.de
Phone: +49 0175 1800 673

Additionally, users have the right to lodge a complaint with a supervisory authority.

Last updated: January 20, 2025

Datenschutzerklärung für die medizinische Software OnctoDose

Allgemeine Hinweise

Diese Datenschutzvereinbarung ("Vereinbarung") regelt die Verarbeitung personenbezogener Daten im Zusammenhang mit der Nutzung der medizinischen Software, die von der ConnCons GmbH ("Anbieter") bereitgestellt wird und es Ärzten ("Nutzer") ermöglicht, Patientendaten zu verwenden, um Dosierungen für die antineoplastische Therapie zu berechnen.

Die von dieser Software verarbeiteten Patentiendaten bestehen ausschließlich aus Informationen, die keine Rückschlüsse auf individuelle Patienten oder Personen zulassen. Zu den verarbeiteten Daten gehören unter anderem Größe, Gewicht, Körperoberfläche und Serumkreatinin, die zur Berechnung der Medikamentendosis für eine antineoplastische Therapie verwendet werden. Diese Daten werden nicht gespeichert und es erfolgt keine Speicherung oder Verarbeitung von personenbezogenen Daten wie Namen, Adressen oder Kontaktdaten.

Verantwortliche Stelle

Verantwortlich für die Verarbeitung personenbezogener Daten ist:

ConnCons GmbH
Blasewitzer Straße 9
01307 Dresden


Datenschutzbeauftragter der ConnCons GmbH

Melissa Kunze

E-Mail: dataprotection@conncons.de
Telefon: +49 0175 1800 673

 

Gegenstand der Datenverarbeitung

Die Software verarbeitet folgende Kategorien personenbezogener Daten:

Patientendaten:

  • Medizinische Daten ohne Patientenbezug

    • Alter, Größe, Gewicht, Geschlecht, Body-Mass-Index, Körperoberfläche, Serumkreatinin, glomeruläre Filtrationsrate, Medikamentendosis

Nutzerdaten:

  • Die Software hat keine Information über den Namen und die Kontaktdaten des behandelnden Arztes.

  • Die Software ist ohne Zugangsdaten nutzbar.

Zweck der Datenverarbeitung

Die Datenverarbeitung erfolgt zu folgenden Zwecken:

  • Berechnung der Dosierung für die antineoplastische Therapie basierend auf individuellen Patientendaten

  • Sicherstellung der technischen Funktionalität und Sicherheit der Software

  • Erfüllung rechtlicher Verpflichtungen, einschließlich der Einhaltung medizinischer und datenschutzrechtlicher Vorschriften

 Rechtsgrundlage der Datenverarbeitung

Die Verarbeitung personenbezogener Daten erfolgt auf Grundlage von:

  • Art. 6 Abs. 1 lit. b DSGVO (Erfüllung eines Vertrags, nämlich der Bereitstellung der Software und ihrer Funktionalitäten).

  • Art. 6 Abs. 1 lit. c DSGVO (Erfüllung rechtlicher Verpflichtungen, z. B. Aufbewahrungspflichten im medizinischen Kontext).

  • Art. 9 Abs. 2 lit. h DSGVO (Verarbeitung besonderer Kategorien personenbezogener Daten zu Zwecken der Gesundheitsvorsorge und -behandlung).

 Verantwortlichkeiten des Nutzers

Der Nutzer ist verantwortlich für:

  • Die Sicherstellung, dass Patientendaten nur in Übereinstimmung mit den gesetzlichen Anforderungen übermittelt werden.

  • Die ordnungsgemäße Nutzung der Software gemäß den vertraglichen und gesetzlichen Vorgaben.

 


Datenübermittlung und -speicherung

Datenübermittlung:

  • Patientendaten werden manuell eingegeben und nach Kalkulation manuell in die Patientenakte überführt. Es erfolgt keine Speicherung der Daten.

  • Es erfolgt keine Weitergabe an unbefugte Dritte.

Speicherung:

  • Die Daten werden temporär für den Zeitraum der Berechnungen ausschließlich auf Servern innerhalb des Europäischen Wirtschaftsraums (EWR) gespeichert.

  • Die Speicherung erfolgt nur für den zur Erfüllung der Zwecke notwendigen Zeitraum und gemäß gesetzlicher Aufbewahrungspflichten.

Zugriff:

  • Nur berechtigte Nutzer und Administrationspersonal des Anbieters haben Zugriff auf die Daten.

Datensicherheit

Der Anbieter verpflichtet sich, geeignete technische und organisatorische Maßnahmen gemäß Art. 32 DSGVO zu ergreifen, um ein angemessenes Schutzniveau der verarbeiteten Daten sicherzustellen. Dies umfasst insbesondere:

  • OnctoDose implementiert keine Zugriffskontrollen und nutzt außer SSL/TLS keine Authentifizierungsverfahren

  • Sicherheitsupdates werden nach Notwendigkeit zur Verfügung gestellt.

Rechte der Betroffenen

Patienten und Nutzer haben folgende Rechte:

  • Auskunftsrecht (Art. 15 DSGVO): Auskunft über die verarbeiteten personenbezogenen Daten.

  • Berichtigungsrecht (Art. 16 DSGVO): Korrektur unrichtiger oder unvollständiger Daten.

  • Löschungsrecht (Art. 17 DSGVO): Löschung personenbezogener Daten, sofern keine rechtlichen Verpflichtungen entgegenstehen.

  • Recht auf Einschränkung der Verarbeitung (Art. 18 DSGVO): Einschränkung der Verarbeitung unter bestimmten Voraussetzungen.

  • Widerspruchsrecht (Art. 21 DSGVO): Widerspruch gegen die Verarbeitung aus besonderen Gründen.

Anfragen können an die benannte Datenschutzbeauftragte gerichtet werden. 

Drittlandübermittlung

Es erfolgt keine Übermittlung personenbezogener Daten in Drittländer außerhalb des EWR ohne ausdrückliche Einwilligung oder eine rechtliche Grundlage gemäß Art. 44 ff. DSGVO.

Änderungen der Datenschutzvereinbarung

Der Anbieter behält sich vor, diese Vereinbarung zu ändern, um sie an rechtliche oder technische Entwicklungen anzupassen. Änderungen werden Nutzern rechtzeitig mitgeteilt.

Ansprechpartner und Beschwerden

Bei Fragen zum Datenschutz oder Beschwerden können Sie sich an den Datenschutzbeauftragten des Anbieters wenden:

Melissa Kunze

E-Mail: dataprotection@conncons.de
Telefon: +49 0175 1800 673

Darüber hinaus besteht das Recht, eine Beschwerde bei einer Aufsichtsbehörde einzureichen.

Stand 20.01.2025

Legal Disclosure / Imprint

Information in accordance with section 5 TMG

Address ConnCons GmbH, Blasewitzer Str. 9, 01307 Dresden, Germany | Represented By Jochen Hampe, Marika Geißler, Nora Herzog | E-Mail hello@conncons.com | Register Court Amtsgericht Dresden | Register Number HRB 40037 Person responsible for content in accordance with §55 Abs. 2 RStV Jochen Hampe 

Disclaimer

1. Content Liability

The contents of our website have been created with the greatest possible care and in accordance with applicable regulations. However, we cannot guarantee the accuracy, completeness, or up-to-date nature of the information provided. All content is provided for informational purposes only and is not legally binding. We reserve the right to modify, supplement, or delete parts of the pages or the entire website without prior notice, or to cease publication temporarily or permanently.

2. External Links

Our website may contain links to external third-party websites. We have no influence over the content of these external websites and therefore cannot accept any liability for them. The responsibility for the content of the linked pages always rests with the respective provider or operator. We regularly review external links for possible legal violations. However, permanent control of the linked pages is unreasonable without concrete indications of legal violations. If we become aware of any such violations, we will remove the corresponding links immediately.

3. Images and Descriptions

All images, descriptions, and illustrations presented on this website are provided solely for informational purposes and do not constitute any claims, warranties, or representations under the Medical Device Regulation (MDR) (EU) 2017/745. They should not be interpreted as medical advice or as a claim regarding the performance, safety, or effectiveness of any medical products.

4. Data Collection, Processing, and Use (GDPR Compliance)

We collect, process, and store personal data only to the extent necessary to fulfill our contractual obligations or as required by law. The personal data collected may include:

  • Contact information (e.g., name, email address, phone number)

  • Payment details, where necessary

  • Data related to your visit to our website (such as IP address, browser type, operating system, referrer URL, and time of access)

We collect this data automatically through server log files, which are anonymized and cannot be associated with specific individuals. This data is not combined with other data sources and is deleted after statistical evaluation. We do not knowingly use cookies or third-party services that involve cookies unless explicitly mentioned in our cookie policy.

We store personal data only for as long as necessary to achieve the respective purpose (contract fulfillment) or as required by law (e.g., tax retention obligations). Personal data is processed in compliance with the GDPR and other applicable privacy laws. All processing activities are carried out by authorized personnel who are bound by data confidentiality obligations.

5. Contact Form

When you use our contact form, the personal data you provide (e.g., name, email address, message content) is processed exclusively for the purpose of responding to your inquiry. This data is stored only for the necessary period of time to address your query or as required by legal obligations. We do not share this data with third parties unless required by law or if you have given your explicit consent. The processing of contact form data is carried out in compliance with the GDPR.

6. Rights of Data Subjects

As a data subject, you have the following rights under the GDPR:

  • Right of Access: You can request information about the personal data we have stored about you.

  • Right to Rectification: You can request the correction of inaccurate or incomplete data.

  • Right to Erasure: You can request the deletion of your personal data, provided that legal retention obligations do not prevent this.

  • Right to Restriction of Processing: You can request the limitation of processing if you contest the accuracy of the data or if the processing is unlawful but you oppose the erasure.

  • Right to Data Portability: You can request that your personal data be provided to you in a structured, commonly used, and machine-readable format.

  • Right to Object: You can object to the processing of your personal data at any time, especially for purposes of direct marketing.

To exercise these rights, please contact us using the contact information provided on the website.

7. Data Security

We take appropriate technical and organizational measures to ensure the security of your personal data and to protect it against unauthorized access, misuse, loss, or destruction. These measures include encrypted communication and secure storage of data.

8. Use of Data Beyond Contractual Purposes

We do not share your personal data with third parties unless this is required by law or you have expressly consented to such data sharing. Your data will not be used for any purpose beyond fulfilling the contract unless legally permissible or expressly agreed upon by you.

9. Confidentiality of Documents and Information

All documents and communications, whether electronic or in paper form, that you provide as part of a business relationship or that are generated in connection with your order, are treated as confidential. These will only be used to the extent necessary to carry out the contract and in accordance with applicable data protection laws.

10. Forward-Looking Statements

This website may contain forward-looking statements, which are based on current assumptions and forecasts. These statements are subject to risks and uncertainties that could cause actual results to differ materially from those expressed in the forward-looking statements.

12. Jurisdiction and Applicable Law

The use of this website is subject to the laws of the Federal Republic of Germany. The exclusive place of jurisdiction for any legal disputes arising from the use of this website is Dresden, Germany, provided that the user is a merchant, a legal entity under public law, or a special fund under public law.

Legal Disclosure / Imprint

Information in accordance with section 5 TMG

Address ConnCons GmbH, Blasewitzer Str. 9, 01307 Dresden, Germany | Represented By Jochen Hampe, Marika Geißler, Nora Herzog | E-Mail hello@conncons.com | Register Court Amtsgericht Dresden | Register Number HRB 40037 Person responsible for content in accordance with §55 Abs. 2 RStV Jochen Hampe 

Disclaimer

1. Content Liability

The contents of our website have been created with the greatest possible care and in accordance with applicable regulations. However, we cannot guarantee the accuracy, completeness, or up-to-date nature of the information provided. All content is provided for informational purposes only and is not legally binding. We reserve the right to modify, supplement, or delete parts of the pages or the entire website without prior notice, or to cease publication temporarily or permanently.

2. External Links

Our website may contain links to external third-party websites. We have no influence over the content of these external websites and therefore cannot accept any liability for them. The responsibility for the content of the linked pages always rests with the respective provider or operator. We regularly review external links for possible legal violations. However, permanent control of the linked pages is unreasonable without concrete indications of legal violations. If we become aware of any such violations, we will remove the corresponding links immediately.

3. Images and Descriptions

All images, descriptions, and illustrations presented on this website are provided solely for informational purposes and do not constitute any claims, warranties, or representations under the Medical Device Regulation (MDR) (EU) 2017/745. They should not be interpreted as medical advice or as a claim regarding the performance, safety, or effectiveness of any medical products.

4. Data Collection, Processing, and Use (GDPR Compliance)

We collect, process, and store personal data only to the extent necessary to fulfill our contractual obligations or as required by law. The personal data collected may include:

  • Contact information (e.g., name, email address, phone number)

  • Payment details, where necessary

  • Data related to your visit to our website (such as IP address, browser type, operating system, referrer URL, and time of access)

We collect this data automatically through server log files, which are anonymized and cannot be associated with specific individuals. This data is not combined with other data sources and is deleted after statistical evaluation. We do not knowingly use cookies or third-party services that involve cookies unless explicitly mentioned in our cookie policy.

We store personal data only for as long as necessary to achieve the respective purpose (contract fulfillment) or as required by law (e.g., tax retention obligations). Personal data is processed in compliance with the GDPR and other applicable privacy laws. All processing activities are carried out by authorized personnel who are bound by data confidentiality obligations.

5. Contact Form

When you use our contact form, the personal data you provide (e.g., name, email address, message content) is processed exclusively for the purpose of responding to your inquiry. This data is stored only for the necessary period of time to address your query or as required by legal obligations. We do not share this data with third parties unless required by law or if you have given your explicit consent. The processing of contact form data is carried out in compliance with the GDPR.

6. Rights of Data Subjects

As a data subject, you have the following rights under the GDPR:

  • Right of Access: You can request information about the personal data we have stored about you.

  • Right to Rectification: You can request the correction of inaccurate or incomplete data.

  • Right to Erasure: You can request the deletion of your personal data, provided that legal retention obligations do not prevent this.

  • Right to Restriction of Processing: You can request the limitation of processing if you contest the accuracy of the data or if the processing is unlawful but you oppose the erasure.

  • Right to Data Portability: You can request that your personal data be provided to you in a structured, commonly used, and machine-readable format.

  • Right to Object: You can object to the processing of your personal data at any time, especially for purposes of direct marketing.

To exercise these rights, please contact us using the contact information provided on the website.

7. Data Security

We take appropriate technical and organizational measures to ensure the security of your personal data and to protect it against unauthorized access, misuse, loss, or destruction. These measures include encrypted communication and secure storage of data.

8. Use of Data Beyond Contractual Purposes

We do not share your personal data with third parties unless this is required by law or you have expressly consented to such data sharing. Your data will not be used for any purpose beyond fulfilling the contract unless legally permissible or expressly agreed upon by you.

9. Confidentiality of Documents and Information

All documents and communications, whether electronic or in paper form, that you provide as part of a business relationship or that are generated in connection with your order, are treated as confidential. These will only be used to the extent necessary to carry out the contract and in accordance with applicable data protection laws.

10. Forward-Looking Statements

This website may contain forward-looking statements, which are based on current assumptions and forecasts. These statements are subject to risks and uncertainties that could cause actual results to differ materially from those expressed in the forward-looking statements.

12. Jurisdiction and Applicable Law

The use of this website is subject to the laws of the Federal Republic of Germany. The exclusive place of jurisdiction for any legal disputes arising from the use of this website is Dresden, Germany, provided that the user is a merchant, a legal entity under public law, or a special fund under public law.

Legal Disclosure / Imprint

Information in accordance with section 5 TMG

Address ConnCons GmbH, Blasewitzer Str. 9, 01307 Dresden, Germany | Represented By Jochen Hampe, Marika Geißler, Nora Herzog | E-Mail hello@conncons.com | Register Court Amtsgericht Dresden | Register Number HRB 40037 Person responsible for content in accordance with §55 Abs. 2 RStV Jochen Hampe 

Disclaimer

1. Content Liability

The contents of our website have been created with the greatest possible care and in accordance with applicable regulations. However, we cannot guarantee the accuracy, completeness, or up-to-date nature of the information provided. All content is provided for informational purposes only and is not legally binding. We reserve the right to modify, supplement, or delete parts of the pages or the entire website without prior notice, or to cease publication temporarily or permanently.

2. External Links

Our website may contain links to external third-party websites. We have no influence over the content of these external websites and therefore cannot accept any liability for them. The responsibility for the content of the linked pages always rests with the respective provider or operator. We regularly review external links for possible legal violations. However, permanent control of the linked pages is unreasonable without concrete indications of legal violations. If we become aware of any such violations, we will remove the corresponding links immediately.

3. Images and Descriptions

All images, descriptions, and illustrations presented on this website are provided solely for informational purposes and do not constitute any claims, warranties, or representations under the Medical Device Regulation (MDR) (EU) 2017/745. They should not be interpreted as medical advice or as a claim regarding the performance, safety, or effectiveness of any medical products.

4. Data Collection, Processing, and Use (GDPR Compliance)

We collect, process, and store personal data only to the extent necessary to fulfill our contractual obligations or as required by law. The personal data collected may include:

  • Contact information (e.g., name, email address, phone number)

  • Payment details, where necessary

  • Data related to your visit to our website (such as IP address, browser type, operating system, referrer URL, and time of access)

We collect this data automatically through server log files, which are anonymized and cannot be associated with specific individuals. This data is not combined with other data sources and is deleted after statistical evaluation. We do not knowingly use cookies or third-party services that involve cookies unless explicitly mentioned in our cookie policy.

We store personal data only for as long as necessary to achieve the respective purpose (contract fulfillment) or as required by law (e.g., tax retention obligations). Personal data is processed in compliance with the GDPR and other applicable privacy laws. All processing activities are carried out by authorized personnel who are bound by data confidentiality obligations.

5. Contact Form

When you use our contact form, the personal data you provide (e.g., name, email address, message content) is processed exclusively for the purpose of responding to your inquiry. This data is stored only for the necessary period of time to address your query or as required by legal obligations. We do not share this data with third parties unless required by law or if you have given your explicit consent. The processing of contact form data is carried out in compliance with the GDPR.

6. Rights of Data Subjects

As a data subject, you have the following rights under the GDPR:

  • Right of Access: You can request information about the personal data we have stored about you.

  • Right to Rectification: You can request the correction of inaccurate or incomplete data.

  • Right to Erasure: You can request the deletion of your personal data, provided that legal retention obligations do not prevent this.

  • Right to Restriction of Processing: You can request the limitation of processing if you contest the accuracy of the data or if the processing is unlawful but you oppose the erasure.

  • Right to Data Portability: You can request that your personal data be provided to you in a structured, commonly used, and machine-readable format.

  • Right to Object: You can object to the processing of your personal data at any time, especially for purposes of direct marketing.

To exercise these rights, please contact us using the contact information provided on the website.

7. Data Security

We take appropriate technical and organizational measures to ensure the security of your personal data and to protect it against unauthorized access, misuse, loss, or destruction. These measures include encrypted communication and secure storage of data.

8. Use of Data Beyond Contractual Purposes

We do not share your personal data with third parties unless this is required by law or you have expressly consented to such data sharing. Your data will not be used for any purpose beyond fulfilling the contract unless legally permissible or expressly agreed upon by you.

9. Confidentiality of Documents and Information

All documents and communications, whether electronic or in paper form, that you provide as part of a business relationship or that are generated in connection with your order, are treated as confidential. These will only be used to the extent necessary to carry out the contract and in accordance with applicable data protection laws.

10. Forward-Looking Statements

This website may contain forward-looking statements, which are based on current assumptions and forecasts. These statements are subject to risks and uncertainties that could cause actual results to differ materially from those expressed in the forward-looking statements.

12. Jurisdiction and Applicable Law

The use of this website is subject to the laws of the Federal Republic of Germany. The exclusive place of jurisdiction for any legal disputes arising from the use of this website is Dresden, Germany, provided that the user is a merchant, a legal entity under public law, or a special fund under public law.