The website at termin.teleclinic.com/by TeleClinic GmbH has been tested based on the internet privacy standards (ips) and received the seal of quality.
Thus, the company has subjected itself to the highest requirements, which on the one hand ensure compliance with data protection and consumer protection regulations and on the other hand include security precautions according to the current state of the art. The ips criteria catalogue is available at www.datenschutz-cert.de.
The internet privacy standards are recommended as a nationwide seal of quality for web portals by Initiative D21 of the German Federal Government and have been coordinated with numerous data protection officers of the federal states and the federal government in Germany. An ips seal of quality corresponds to a high standard of testing. As you can see, when it comes to data protection you are "in good hands" with the provider.
This seal of quality was issued under the number
The website was first audited in 2020 on the basis of the ips criteria catalogue in version 3.3.
Personal data is collected to varying degrees via the portal. For example, concerning the module “information offer” transparency and data minimisation must be observed within the scope of the information offered. Within the module “individual service”, the areas of registration processes, registrations and logging off are particularly relevant. The “data protection management” module regards the implemented data security measures with regard to the web portal and the provider. The module “video consultation” includes the special Requirements of § 5 of the Agreement on the Requirements for Technical Procedures for Video Consultations according to § 291g paragraph 4 SGB V (Annex 31b to the Federal Framework Agreement- Physicians) between the GKV-Spitzenverband and the Kassenärztliche Bundesvereinigung (KBV).
In contrast to data processing via the web portal, other data processing processes outside the web portal / front-end and the online video consultation like other web portal, f.e. patient.teleclinic.com/signup or med.teleclinic.com/register, which allow patients and physicians to register for the service, as well as the main web pages www.teleclinic.com or are not part of the audit subject. In particular, the customer data management (CRM) behind the portal, linked external websites or services outsourced to service providers (e.g. customer administration, financial and payroll accounting) were not audited.
The services provided by the physicians to the patients are not initiated by the web portal or the provider, but by the physicians themselves. The video consultation merely offers a communication solution for this. Accordingly, services provided by the Physicians are not subject to an audit by ips. Furthermore, apps for tablets or smartphones as well as any medical products of the provider are not subject to audit. Therefore, the "TeleClinic - Online Arzt” app also is not part of the scope and has not been tested.
This audit does not constitute a data protection certification or certificate of conformity in accordance with the Data Protection Basic Regulation (DSGVO).
A certificate of conformity or an award of a certificate pursuant to the DSGVO requires accreditation of the certification body (cf. Art. 42 DSGVO). The datenschutz cert GmbH has submitted an application for accreditation to the German Accreditation Body in April 2018, but at the time of the preparation of this expert opinion no accredition decision has been made. Therefore, until the accreditation, this expert opinion rather pursues the goal of obtaining the, since 2002, nationwide recognized and sustainable quality seal ips - internet privacy standards - for the web portal examined. In any case, the present expert opinion represents the results of a data protection and data security technical expert opinion by an independent body and independent auditors and, thus, supports the evaluations which have to be proven by the controller according to Art. 5 DSGVO.
Due to the different need for protection, the following weighting ratio was applied:
The offer is particularly characterised by the following framework conditions:
The provider implements the legal requirements in all areas.
The technical and organizational security measures taken by the provider guarantee the security of the data according to the current state of the art, e.g. by using current ssl standards. The user is informed comprehensibly about the different functions as well as about data collection and use; he receives an overview of contract-relevant data and data processing in his user account at any time. With regard to the collection of personal user data (e.g. IP address, which is anonymised), the service is set up entirely in accordance with the data minimisation principle.
The provider implements the requirements of the ips criteria catalogue in the tested online areas and, therefore, receives the seal of quality.