Home » General Data Protection Regulation (GDPR)


Dr. Tobias Schilling
Glockenheide 38
30916 Isernhagen

Represented by Dr. med. Tobias Schilling, MBA

General information

Following our legal obligation, we would like to inform you about the collection and use of your personal data.

When you use our website, personal data is collected about you. This can be done by you entering data such as your mail address. However, our system also collects data from you automatically, such as your visit to our website. This occurs regardless of the device or software you use to access our website.

At Hannover-Medical.Management, accessible at https://hannover-medical.management, one of our main priorities is the privacy of our visitors. This Privacy Policy document contains types of information that is collected and recorded by Hannover-Medical.Management and how we use it.

If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us through email at Email@Hannover-Medical.Management

Hannover-Medical.Management legal basis for collecting and using the personal information described in this privacy policy depends on the personal information we collect and the specific context in which we collect the information:
  • Hannover-Medical.Management needs to perform a contract with you
  • You have given Hannover-Medical.Management permission to do so
  • Processing your personal information is in Hannover-Medical.Management legitimate interests
  • Hannover-Medical.Management needs to comply with the law
Hannover-Medical.Management will retain your personal information only for as long as is necessary for the purposes set out in this privacy policy. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. If you wish to be informed what personal information we hold about you and if you want it to be removed from our systems, please contact us.

In certain circumstances, you have the following data protection rights:
  • The right to access, update or to delete the information we have on you.
  • The right of rectification.
  • The right to object.
  • The right of restriction
  • The right to data portability
  • The right to withdraw consent

Any data you enter on our website is voluntary; there are no disadvantages for you by not disclosing your data. However, we can’t provide services or conclude contracts without specific data. We will point out such mandatory data to you in each case.

On this website, the user’s personal data will only be collected within the applicable data protection law framework, in particular, the General Data Protection Regulation (GDPR). The technical terms used in the text are explained in more detail in Art. 4 of the GDPR.

Data processing is permitted under the GDPR in three cases in particular:

According to Art. 6 (1) lit. a and 7 GDPR, if you have consented to data processing by us; in each case, we will inform you in advance in this data protection declaration and on the occasion of the consent following Art. 4 No. 11 GDPR precisely for what purpose and under what circumstances we will process your data.

According to Art. 6 (1) lit. b GDPR, if the processing of your personal data is necessary for the initiation, conclusion, or execution of a contractual relationship;

According to Art. 6 (1) lit. f GDPR, if, after a balancing of interests, the processing is necessary to protect our legitimate interests; this includes, in particular, our interests in analyzing, optimizing and securing the offer on our website – this includes, in particular, an analysis of user behavior, the creation of profiles for advertising purposes and the storage of access data, as well as the use of third-party providers.

Inventory data

We collect inventory data insofar as it is necessary to establish, content, or modify a contractual relationship (also free of charge) between the user and us. This may include Customer data (e.g., name, address), contact data (e.g., e-mail address, telephone number), performance data (e.g., ordered service, term, fee).

When establishing the user relationship, we will request this data from you (e.g., name, address, and e-mail address) and inform you of the extent to which the information is required in each case to establish the user relationship.

Log files

Hannover-Medical.Management follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this, which is a part of hosting services’ analytics. The information collected by log files includes internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any personally identifiable information. The data’s purpose is to analyze trends, administer the site, track users’ movement on the website, and gather demographic information.

Usage data

We further collect usage data to enable the user’s use of the services on our website. This may include Usage data (e.g., web pages or areas accessed, duration of visit, interest in services), content data (e.g., data entered or uploaded by you, texts, images, sounds, videos), metadata (e.g., the identity of your device, location, IP address).

We will only aggregate usage data if and to the extent necessary for billing purposes. Otherwise, we will only create usage data pseudonymously if you have not objected to this. You can send this objection at any time to the address given in the imprint or to the responsible person named in this privacy policy.

The legal basis for this data processing is, on the one hand, our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR in the analysis of the website and its use, and, if applicable, also the legal permission to store data as part of the initiation of a contractual relationship pursuant to Art. 6 para. 1 lit. b GDPR.


Our website is made available for retrieval on the Internet by a service provider (provider or hoster).

We use the service of Raidboxes GmbH for this purpose.

Raidboxes GmbH
Hafenstrasse 32
48153 Münster

Phone: +49 251 1498 2000 E-Mail: support@raidboxes.io

VAT ID No.: DE 306895091, registered in the commercial register of the local court Münster commercial register number HRA 16184.

We have concluded an order processing contract with our provider. Accordingly, our provider is obliged to process your data only on our behalf and in accordance with our instructions. Further information on data processing by our provider can be found in their privacy policy at https://raidboxes.io/datenschutzerklaerung/. The legal basis for this data processing is, on the one hand, our legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR in the provision and use of our website on the Internet and, where relevant, the legal permission to store data as part of the initiation of a contractual relationship pursuant to Art. 6 Para. 1 lit. b GDPR. Each time you use this website, our provider processes information, the so-called server log files, automatically transmitted by your browser each time you call up websites on the Internet.

These are:
  • Your IP address
  • Type and version of your browser
  • Host name
  • time of visit
  • the website from which you visited our website
  • name of the website you visited
  • exact time of the call and the amount of data transferred
This data is only used for statistical purposes and does not allow us to identify you as a user.

Contact by electronic request

If you contact us electronically (e.g., e-mail, fax, telephone, messenger, etc.), we store and process the data you have provided us with (e.g., name, contact information, the content of the inquiry). The legal basis for this is our legitimate interest in effective customer communication pursuant to Art. 6 Para. 1 lit. a GDPR and, insofar as it concerns a request to enter into or fulfill a contract, also Art. 6 Para. 1 lit. b GDPR.

We will only pass on this data to third parties insofar as it is necessary (according to Art. 6 Para. 1 lit. b GDPR) for the fulfillment of the contract, this corresponds to the overriding interest in effective performance (according to Art. 6 Para. 1 lit. f GDPR) or your consent (according to Art. 6 Para. 1 lit. a GDPR) or another legal permission or obligation exists.

You can request information about the purpose of processing, origin, and, if applicable, recipients of your personal data from us free of charge at any time. Furthermore, you can assert the correction, deletion, and restriction of your personal data processing. You may object to the (further) processing of your data at any time and have a right to data portability as well as a right to lodge a complaint with the competent supervisory authority.

Request for callback

You can order a callback from one of our service staff on our service page. We request here
  • Your name, because we like to address you personally,
  • your telephone number, so that we can call you back, and
  • your e-mail address, because we will send you confirmations of your inquiries by e-mail.
Your data input is encrypted so that third parties cannot read your data during the input.

The basis for this storage is our legitimate interest in communication with users who are themselves interested in it, according to Art. 6 para. 1 lit. f GDPR and, in the case of contract inquiries, also the storage of contract data according to Art. 6 para. 1 lit. b GDPR.

Data collection during the writing of a commentary

When commenting on an article or a post, we collect your personal data (name, e-mail address, comment text) only to the extent you provide. The processing serves the purpose of enabling commenting and displaying comments. By sending the comment, you consent to process the transmitted data. With your consent, the processing is based on Art. 6 (1) lit. a GDPR. You can revoke your consent at any time by notifying us without affecting the lawfulness of the processing carried out based on the consent until the revocation. Your personal data will then be deleted.

The name and e-mail address you provided will be published when your comment is posted.


Where we ask for your consent to process your data, we will inform you in clear language and in an easily accessible way about the cases for which you give your consent. Any consent we ask for is voluntary; any benefit you wish to obtain by giving consent can be obtained without the consent.

For any consent, you have the right to revoke any consent given to us to process your personal data at any time. This can be done by an informal message, for example, via our contact form, an email to the email address provided in the imprint, or an unsubscribe link (if offered by us). Your revocation does not affect the lawfulness of the data processing carried out until then.

Storage period

In principle, your data will only be stored for as long as the purpose of the respective data processing requires. Further storage is mainly considered if this is still necessary for legal prosecution or for our other legitimate interests.

For your inventory data that was required for the fulfillment of a contractual relationship (also free of charge), this means that we store it until the complete fulfillment or termination of the contractual relationship plus the limitation period (which is generally 2 or 3 years) plus an appropriate surcharge for any interruption of the limitation period.

For your usage data collected on the occasion of your use of the website, this means that we will only store it for as long as this is still necessary for the proper functioning of our website and our legitimate interest is sufficient. We will only store statistical data in pseudonymized form in the first instance.

In addition, we still store your data insofar as we are legally obligated to do so. These are, in particular, the tax retention periods, which are generally 6 or even 10 years.

Rights of the person concerned

If the legal requirements are met, you have the following rights according to Art. 15 to 20 GDPR: the right to information, to correction, to deletion, to restriction of processing, to data portability. Here, identification of your person is required to prevent misuse.

In addition, according to Art. 21 (1) GDPR, you have the right to object to processing based on Art. 6 (1) f GDPR and to processing for direct marketing.

Contact us if you wish. You can find the contact details in our imprint.

Deletion, rectification, restriction

You can request us to correct (also by supplementing) incorrect data at any time, restrict its processing, or delete your data. This applies particularly if the purpose of processing has expired, a required consent has been revoked and no other legal basis exists or our data processing is unlawful. We will then immediately correct, block or even delete your personal data within the legal framework.


You may object at any time to any processing of your personal data that we base on a consideration of your interests pursuant to Art. 6 (1) lit. F DSGVO if there are grounds for doing so arising from your particular personal situation.

We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims on our part.


If you feel that our data processing has violated your rights, you can file a complaint with the competent supervisory authority.

Change of the privacy policy

If a change to the privacy policy becomes necessary for legal or factual reasons, we will update this page accordingly. In doing so, no changes will be made to the consent given by the user.


When you enter data on our website, whether on a contact form, on the occasion of registration, logging in or for payment purposes, the website on which you enter the data is encrypted. This prevents third parties from reading what data you enter. You can recognize the encryption by the lock symbol in your browser and that the address line begins with “https” instead of just “http.”

Evaluation portal: proven expert

We use the evaluation portal Proven Expert of Expert Systems AG, Quedlinburger Str. 1, 10589 Berlin, Germany, within the scope of our legitimate interest in a technically flawless online offer and its economically efficient design and optimization pursuant to Art.6 para. 1 lit.f GDPR. Thus, data about ratings of our services by third parties on the portal of Proven Expert are displayed on our website. Clicking on the Proven Expert representation on our website will take you to our reviews at Proven Expert with more information.

When you call our website, the widget records your IP address, the time of calling up the website and the browser used (access data), as with every call up on the Internet. This data is not evaluated, not merged with other data and later deleted. If you create a rating, Proven Expert also collects and stores your IP address, time of the call, and your e-mail address and other information that you provide to Proven Expert.

For more information about data processing at Proven Expert, please see the privacy policy of Expert Systems: https://www.provenexpert.com/de-de/datenschutzbestimmungen/.


Our website uses cookies. Cookies are small text files stored in the Internet browser or by the Internet browser on a user’s computer system. When a user calls up a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. We use cookies to make our offer more user-friendly, effective, and secure.

Furthermore, cookies enable our systems to recognize your browser even after a page change and offer you services. Some functions of our website cannot be provided without cookies. For these, the browser must be recognized even after a page change.

We also use cookies on our website to analyze the surfing behavior of our site visitors.

Furthermore, we use cookies to subsequently address site visitors on other websites with targeted, interest-related advertising.

Based on § 15 (3) TMG and Art. 6 (1) lit, the processing is carried out. f GDPR from the legitimate interest in the above purposes. Technical precautions pseudonymize the data collected from you in this way. An assignment of the data to your person is therefore no longer possible. The data will not be stored together with other personal data from you.

You have the right to object to this processing of your personal data based on Art. 6 (1) f GDPR at any time for reasons arising from your particular situation.

Cookies are stored on your computer. Therefore, you have complete control over the use of cookies. By selecting the appropriate technical settings in your Internet browser, you can prevent the storage of cookies and transmission of the data they contain. Cookies that have already been stored can be deleted at any time. However, we would like to point out that you may then not be able to use all the functions of this website to their full extent.

Under the links below, you can find out how to manage (including disabling) cookies in the main browsers:

Chrome Browser: https://support.google.com/accounts/answer/61416?hl=de

Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Wordfence security

On our website, we use Wordfence Security. Wordfence is a service provided by Defiant Inc, 800 5th Ave Ste 4100, Seattle, Washington 98104 USA, privacy@defiant.com.

Wordfence stores and analyzes several data sent by the browser to our website. This includes, for example, the IP address and browser version and operating system. Wordfence uses this data to try to detect and prevent unlawful login attempts to our system. Wordfence thus serves to protect our website.

The manufacturer Defiant Inc. assures the DSGVO compliant processing of the data. You can find more info here: https://www.wordfence.com/blog/2018/05/wordfence-is-gdpr-compliant/

Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Third party policies

Hannover-Medical.Management’s privacy policy does not apply to other advertisers or websites. Thus, we are advising you to consult the respective privacy policies of these third-party ad servers for more detailed information. It may include their practices and instructions about how to opt-out of certain options.

DoubleClick DART Cookie
Google is one of a third-party vendor on our site. It also uses cookies, known as DART cookies, to serve ads to our site visitors based upon their visit to www.website.com and other sites on the internet. However, visitors may choose to decline the use of DART cookies by visiting the Google ad and content network privacy policy at the following URL – https://policies.google.com/technologies/ads.

Cookies and other technology of our advertising partners
Some of advertisers on our site may use cookies and web beacons. Each of our advertising partners has their own privacy policy for their policies on user data.
Third-party ad servers or ad networks uses technologies like cookies, JavaScript, or web beacons that are used in their respective advertisements and links that appear on Hannover-Medical.Management, which are sent directly to users’ browser. They automatically receive your IP address when this occurs. These technologies are used to measure the effectiveness of their advertising campaigns and/or to personalize the advertising content that you see on websites that you visit.
Note that Hannover-Medical.Management has no access to or control over these cookies that are used by third-party advertisers.

Children`s information

Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.

Hannover-Medical.Management does not knowingly collect any personal identifiable information from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.

Online Privacy Policy Only

This privacy policy applies only to our online activities and is valid for visitors to our website with regards to the information that they shared and/or collect in Hannover-Medical.Management. This policy is not applicable to any information collected offline or via channels other than this website.