Privacy Notice for the eHealth Patient Portal App
Updated: 2024-01-09 

The app solely provides a view of the patient portal web application and does not persist any personal data. However, via the patient portal, when using the app, Siemens Healthineers may process the following categories of personal data about you and may request access or permission to certain features of your device: 

•  Identifiers and device data: Encrypted and signed authentication token for a specific user (0Auth token) 
•  Camera and Microphone: Remote visits via eHealth Virtual Visit 
• Push Notifications: Notifications for new documents and appointment reminders 
• Apple Health / Google Connect: Option to read data from device and store in eHealth Health Data Repository 
• Photo / File Access: Upload documents, download documents, upload images, download images, download appointments as ics, upload profile picture 

We may request access or permission to certain features of your device, including your device’s camera, microphone, storage (android 9 or lower), push notifications. If you wish to change our access or permissions, you may do so in your device’s settings. If you do not grant certain individual permissions some functions of the app may not be available to you. We will inform you about this in the respective request. When you download the app on your device, some data will automatically be transferred to the App Store you selected, e.g., your username, account number, payment information, the time of the download and your deviceID. The processing of this data is carried out by the App Store. Siemens Healthineers has no influence on this data processing. 

Siemens Healthineers processes your personal data for the purposes below. For the processing we may rely on your consent or the fact that the processing is necessary to fulfill the contract with you regarding the use of the app, or because we consider it to be in our legitimate interest, taking into consideration your interests, rights, and expectations.

App Functionality, meaning

• Operation of the app, such as to enable its features, display your settings, authenticate you as user, create an account, or verify your authorization to manage your account 
• Security, such as prevent fraud or misuse, implement security measures, enforce our terms of use 

The processing of your personal data is based on the fulfilment of the contract between you and us for the use of the app (Art. 6 (1) lit. b GDPR) or such processing is necessary for the purpose of safeguarding the legitimate business interests of Siemens Healthineers (Art. 6 (1) lit. f GDPR). We have a legitimate interest in ensuring the functionality, technical stability, security, and errorfree operation of the app. Where Siemens Healthineers relies on its legitimate interests for processing personal data, Siemens Healthineers has determined that, after a balancing of interests, its legitimate interests are not overridden by your interests and rights or freedoms. More information on the balancing of interests can be obtained by contacting the Siemens Healthineers Data Privacy Organization. 

Compliance with the law, meaning Siemens Healthineers processes your personal data to comply with a legal obligation that we are subject to specifically access patient’s health data. The eHealth Patient Portal empower patients by providing a safe mobile access to their personal health data. Giving patients the possibility for uploading health data, see who accessed their medical documents, schedule appointments and actively participate in their treatment process. (Art. 6 (1) lit. c GDPR) 

The activation of push notification services allows Siemens Healthineers to provide you with the following information: A new document is registered, an appointment has been created or updated, reminders for upcoming appointments. While using this function and after activation of the push-notification permission, a connection with the push notification service of your operating system provider is established and your device receives notifications over this connection. For this purpose, information on your device identifier is transferred to your operating system provider. You can disable the receipt of push notifications at any time via your devices’ operating system settings. 

Siemens Healthineers may share your personal data with the following recipients, if and to the extent such transfer is necessary: 

• Siemens Healthineers group companies which process personal data in connection with your use of the app as described in this Privacy Notice or to support in fulfilling our contractual or legal obligations or internal and administrative functions such as customer service. We consider it to be in our legitimate interest to share personal data for these purposes within our group of companies and determined that, after a balancing of interests, our legitimate interests are not overridden by your rights and interests (Art. 6 (1) lit. f GDPR). 
• Recipients such as business partners or (IT-) service providers which process personal data as part of their service provision for Siemens Healthineers (e.g., hosting or IT maintenance, ad services). These recipients have been carefully selected as processors within the scope of Art. 28 GDPR and are contractually obligated to process personal data in accordance with our instructions. 
• Third parties (e.g., courts, law enforcement authorities and regulators, attorneys and consultants) in connection with complying with legal obligations (Art. 6 (1) lit. c GDPR) or establishing, exercising, and defending rights or claims (e.g., regarding the unlawful use of the app or our terms of use) and in relation to corporate transactions, where we consider the transfer in our legitimate interest (Art. 6 (1) lit. f GDPR). 

Sometimes these recipients to whom Siemens Healthineers transfers personal data are in a country in which applicable laws do not provide the same level of data protection as the GDPR. In such cases and unless permitted otherwise by applicable law, Siemens Healthineers only transfers EU personal data if appropriate and suitable safeguards for the protection of personal data are implemented, in particular, if the recipient entered into the
EU Standard Contractual Clauses for the transfer of personal data to third countries with us or if the recipient has introduced approved Binding Corporate Rules in its organization. 

In case the transfer mechanisms mentioned above are not applicable, we ask you for your consent according to Art. 49 (1) (a) GDPR for the transfer of your personal data. Please be aware that in such countries there is a risk that your personal data will be processed by public authorities for control and monitoring purposes, possibly without you being able to appeal.

Further information on the safeguards in place is available under the links above or by contacting the Siemens Healthineers Data Privacy Organization.  

Siemens Healthineers will store your personal data as long as our app is installed, and the patient portal account is active. Unless legal obligations or the establishment, exercise or defense of legal claims make a longer retention necessary. You can delete all your user data by uninstalling the app. 

Please note that merely uninstalling the app from your device does not automatically delete your personal data from our user database. User accounts must be deleted in Patient Portal. 

This app is not directed to children under the age of eighteen. We will not knowingly collect personal data via this app from children under the age of eighteen without insisting that they seek prior parental consent if required by applicable law. We will only use or disclose personal data about a child to the extent permitted by law, to seek parental consent, pursuant to local law and regulations or to protect a child. 

To protect your personal data against accidental or unlawful destruction, loss, use, or alteration and against unauthorized disclosure or access, Siemens Healthineers uses reasonable physical, technical, and organizational security measures. 

Under the GDPR, you have specific rights in relation to your personal data. In particular, and subject to the statutory requirements, you may be entitled to: 

• obtain confirmation as to whether Siemens Healthineers processes personal data about you and, where that is the case, obtain access to your personal data processed by Siemens Healthineers as well as other information, 
• obtain the rectification of your inaccurate personal data processed by Siemens Healthineers, 
• obtain from Siemens Healthineers the erasure of your personal data processed by Siemens Healthineers, Siemens Healthineers Privacy Notice for the eHealth Patient Portal App | 09.01.2024 Page 5 of 5 
•  obtain from Siemens Healthineers restriction of processing of your personal data, 
• obtain a copy of your personal information that you have provided to Siemens Healthineers or request that your personal information be transmitted to another recipient, 
• object on grounds relating to your particular situation to the processing of your personal data by Siemens Healthineers as far as the processing of your personal data is based on legitimate interests. 

If you have given Siemens Healthineers your consent to process your personal data, you have the right to withdraw your consent at any time with effect for the future, i.e., your withdrawal does not affect the lawfulness of the processing based on consent before its withdrawal. 

To receive more information regarding these rights or to exercise any of your rights, please contact the Siemens Healthineers Data Privacy Organization. 

If you have any questions or comments about our handling of your personal data, or if you would like to exercise any of your data privacy related rights, you can contact the Siemens Healthineers Data Protection Officer at:
 dataprivacy.func@siemens-healthineers.com.
The Siemens Healthineers Data Privacy Officer will always use their best efforts to address and settle any requests or complaints brought to its attention. In addition, you may also contact a supervisory authority with requests or complaints. The lead supervisory authority for Siemens Healthineers is: Bayerisches Landesamt für Datenschutzaufsicht, Promenade 18, 91522 Ansbach, Germany, lda.bayern.de/en/index/html. 

It may become necessary to change this privacy notice, for example due to the further development of our app or due to changed legal or regulatory requirements. You can find the date of the last update at the beginning of the Privacy Notice and can access the current Privacy Notice at any time also within the app under “My Account (click on profile image) > Imprint / Privacy ”