Medloop Technologies GmbH Privacy Policy

The information in this privacy policy applies to the processing of personal data on or via our website and is intended to inform you in particular about the scope of processing, the processing purposes, recipients, the legal basis, storage periods and your rights. Personal data is all information relating to an identified or identifiable natural person, i.e. a human being (hereinafter also referred to as “person concerned”), including for example your name, your address or your e-mail address. “Processing” of personal data means in particular the collection, storage, use and transmission of such data.

Name and address of the person responsible

The person responsible within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection provisions is:

Medloop Technologies GmbH
represented by the CEO
Mr. Shishir Singhee
Brunnenstraße 141a,
10115 Berlin
E-Mail: datenschutz@medloop.co

General information on data processing

Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, article 6 (1) (a) GDPR serves as the legal basis.

Article 6 (1) (b) GDPR serves as the legal basis for the processing of such personal data which is required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, article 6 (1) (c) GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the first-mentioned interest, article 6 (1) (f) GDPR serves as the legal basis.

Data erasure and storage duration
The personal data of the data subject shall be deleted or the processing restricted as soon as the purpose of the storage no longer applies. In addition, the data may be stored if the European or national legislator has provided for this in the applicable regulations, laws or other provisions to which the person responsible is subject.

Data collection in connection with the website

Description and scope of data processing
Every time you visit our website, our system automatically collects data and information from the computer system of the device used (computer, smartphone, tablet, etc.).

The following data is collected:

The IP address of the device used
browser type/ browser version
operating system used
referrer URL
Hostname of the accessing computer
Time of the server request

Legal basis for the data processing
The legal basis for the temporary collection and storage of the above data and log files is article 6 (1) (f) GDPR.

Purpose of data processing and duration of storage
The temporary storage of the IP address by the system is necessary to enable the delivery of the Internet presence to the user’s device. For this purpose, the IP address of the user must remain stored for the duration of the session. Our legitimate interest in data processing also lies in this purpose.

The data are deleted as soon as they are no longer required for the purpose of their collection. In the case of the collection of data for the provision of the Internet presence, this is the case when the respective browser session has ended.

Registration on our website

Description and scope of data processing
You have the opportunity to register as a patient or medical practitioner on our website in order to receive further information about our app or dashboard application.

As part of the registration process, we collect and store the information you provide in the respective input fields. When you register as a patient, these are the name, e-mail address and name of the medical practitioner you wish to be informed about. When you register as a medical practitioner, we record and store your name, e-mail address and name of your medical practice.

Purpose of data processing
We use the data you provide when registering as a patient for the following purposes:

We will send you information about our App Medloop by email.
We will inform you by email if the medical practitioner you have registered with us is also registered or has already registered with us.
We will inform the medical practitioner you have indicated during registration that a patient who has indicated his or her name is interested in Medloop if the medical practitioner has registered or is already registered with us. However, your personal data (name or e-mail address) will not be passed on to the medical practitioner.


We use the data that you provide when registering as a medical practitioner for the following purposes:

We will send you information about our app and the Medloop dashboard by email.
We will inform you by email if one or more patients who you have identified as your patients also register with us or have already registered with us.
We will inform patients who have indicated you as their medical practitioner at the time of registration or who do so in the future, that you are registered with us as a medical practitioner.


The purposes set out above reflect the intended use of the information, but we are under no obligation to use the information for any of these purposes.

Legal basis for data processing
The legal basis for the processing of data transmitted to us in the course of registration on our website is article 6 (1) (a) GDPR (consent). You can revoke your consent at any time.

Categories of recipients of personal data

For the provision of our internet presence and the contact possibilities offered, we make use of various service providers, including host providers and email providers, who, however, process the data stored with them exclusively on our behalf as processors according to article 28 GDPR in the European Union.

Rights of the data subject

If personal data is processed by you, you are the person concerned within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible (if applicable, in the event of the existence of other prerequisites regulated in the relevant regulations):

The right to access under article 15 GDPR
The right to rectification under article 16 GDPR
The right to erasure (“right to be forgotten”) pursuant to article 17 GDPR
The right to restriction of processing under article 18 GDPR
The right to notification pursuant to article 19 GDPR
The right to data portability under article 20 GDPR
The right to object according to article 21 GDPR
The right not to be subject to an automated decision pursuant to article 22 GDPR
The right to withdraw consent to the processing of personal data pursuant to article 7 (3) GDPR

To exercise these rights, please use the contact details provided at the beginning of this page.

Without prejudice to any other administrative or judicial remedy, you also have the right to appeal to the competent supervisory authority if you believe that the processing of your personal data violates the GDPR.

Objections and complaints

If you have a complaint about the way we have handled your information, if you believe it is inaccurate, has been held for too long or is not secure, you can contact our DPO (datenschutz@medloop.co) who will investigate the matter and provide feedback.

If you feel that our information is inadequate, you can contact the following:

In the United Kingdom, the Information Commissioner’s Office (ICO) is the relevant data protection regulator. Further information can be found on the ICO website: https://ico.org.uk/.

In Germany, please contact the Data Protection Officer in Berlin. Further information can be found on the website: https://www.datenschutz-berlin.de/