HCT Healthcare Transactions GmbH

HCT Healthcare Transactions
Datenschutz

Privacy Policy

This privacy policy informs you about the nature, scope and purpose of the processing of personal data in connection with visits to our website and contact via the communication channels provided. The legal basis is the General Data Protection Regulation (DSGVO) in conjunction with the Federal Data Protection Act (BDSG) and the Telecommunications-Telemedia Data Protection Act (TTDSG).

§ 1 Controller

The controller within the meaning of Art. 4 No. 7 DSGVO is: HCT Healthcare Transactions GmbH Sanddornweg 5 14624 Dallgow-Döberitz Germany

Telephone: +49 173 9020995 Email: info@hct.gmbh

Registered in the Commercial Register of the Amtsgericht Köln under HRB 98240. Authorized managing director: Liudmila Schriver.

The appointment of a company data protection officer is not legally required (§ 38 BDSG). For data protection matters, please contact us directly using the contact details provided above.

§ 2 Collection of General Information / Server Log Files

Each time our website is accessed, technically necessary data is recorded by the hosting service provider we use in so-called server log files. The following are collected: the IP address of the requesting device, date and time of access, the browser type used and its version (user agent), the operating system, the previously visited page (referer) and the specifically requested resource.

Processing serves the provision of the website, ensuring stable operation as well as the prevention and investigation of abusive access and attack attempts. The legal basis is Art. 6 para. 1 lit. f DSGVO. Our legitimate interest lies in the secure and uninterrupted operation of our website.

Server log files are stored for a period of approximately 14 days and then automatically deleted, unless they are exceptionally required further to clarify a specific security-related incident. These data are not merged with other data sources.

§ 3 Cookies

Our website does not use cookies for analysis, tracking or marketing purposes. We do not use cookies from our own or third-party providers to evaluate the behavior of visitors or to create profiles.

Insofar as technically necessary session cookies are used in connection with the use of the contact form, these serve exclusively to ensure functionality (in particular protection against cross-site request forgery). Storage is based on § 25 para. 2 no. 2 TTDSG, since these cookies are strictly necessary in order to provide the telemedia service expressly requested by the user. No consent is required in this respect. These cookies are automatically deleted at the end of the session.

The localization used for language selection (German, English, Russian) is carried out exclusively via the URL path. No cookies are set for this purpose.

§ 4 Contact Form

On our website we provide a contact form through which you can submit inquiries to us. In connection with the transmission, the following data is processed: name, email address, where applicable telephone number (voluntary information) as well as the content of your message.

Providing your name and email address is necessary in order to assign and respond to your inquiry. Further information is provided voluntarily. Mandatory fields are marked as such.

The legal basis of the processing is Art. 6 para. 1 lit. b DSGVO insofar as your inquiry is aimed at the conclusion or initiation of a contract. For other inquiries, we base the processing on Art. 6 para. 1 lit. f DSGVO; our legitimate interest lies in the appropriate handling of the matters addressed to us.

The transmitted data is forwarded to the email address info@hct.gmbh and also stored in our system in order to enable follow-up and correspondence relating to the inquiry. No further use or disclosure to third parties takes place.

§ 5 External Services / Hosting

Our website is operated on infrastructure of Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg (in particular AWS Amplify with the underlying content delivery layer Amazon CloudFront). The provider supplies the server and delivery infrastructure and in this context processes the technical connection data mentioned in § 2 on our behalf.

A contract on commissioned processing pursuant to Art. 28 DSGVO exists with Amazon Web Services EMEA SARL. Content is delivered primarily via edge locations within the European Union. Insofar as a transfer to third countries should take place in individual cases, this is safeguarded by the EU Standard Contractual Clauses as well as supplementary technical and organizational measures.

The fonts used on the website (Inter and Playfair Display) are delivered locally from our server. They are not integrated via external providers, in particular not via Google Fonts. When the website is accessed, no data is transmitted to Google in this respect.

§ 6 Recipients of Personal Data

Your personal data is generally not passed on to third parties. An exception is the hosting service provider mentioned in § 5, which provides the technical operation of the website on the basis of a commissioned processing agreement.

Personal data is transmitted to government authorities exclusively within the framework of mandatory legal requirements or on the basis of a court or official order.

§ 7 Storage Period

Personal data is only stored for as long as is necessary for the respective processing purposes or as prescribed by statutory retention periods.

Server log files are deleted after approximately 14 days, unless they are exceptionally required further to clarify a security-related incident.

Inquiries submitted via the contact form and the associated correspondence are stored until the matter has been conclusively dealt with and for a further period of twelve months in order to be able to appropriately answer any follow-up questions. Where commercial or tax retention obligations remain unaffected, in particular under § 257 HGB and § 147 AO, deletion takes place after expiration of the applicable statutory periods (generally six or ten years).

§ 8 Rights of Data Subjects

You have the following rights with regard to the personal data concerning you:

– Right of access (Art. 15 DSGVO) – Right to rectification of incorrect data or completion of incomplete data (Art. 16 DSGVO) – Right to erasure (Art. 17 DSGVO) – Right to restriction of processing (Art. 18 DSGVO) – Right to data portability (Art. 20 DSGVO) – Right to object to processing (Art. 21 DSGVO) – Right to withdraw a given consent with effect for the future (Art. 7 para. 3 DSGVO)

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO, you have the right, on grounds arising from your particular situation, to object to such processing at any time.

To assert your rights, an informal notification to the contact details given in § 1 is sufficient.

§ 9 Right to Lodge a Complaint with the Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority if you consider that the processing of personal data concerning you infringes the DSGVO.

The supervisory authority locally competent for us is: Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht Brandenburg Stahnsdorfer Damm 77 14532 Kleinmachnow Telephone: 033203 356-0 Email: poststelle@lda.brandenburg.de

§ 10 Data Security

To protect the data transmitted via our website, we use transport encryption according to the current state of the art (TLS/SSL). You can recognize an encrypted connection by the lock symbol in the address bar of your browser and by the prefix "https://".

In addition, we take appropriate technical and organizational measures pursuant to Art. 32 DSGVO to protect your data against accidental or intentional manipulation, loss, destruction and against access by unauthorized persons. Our security measures are continuously reviewed and adapted in line with technological developments.

§ 11 Changes to the Privacy Policy

We reserve the right to amend this privacy policy insofar as this becomes necessary due to changes in the legal situation or due to changes in our services and the processing of personal data. The version available at the time of your visit to our website shall be authoritative.

Version of this privacy policy: May 2026.