Support

Contact us via the form, find answers in our FAQs, or get in touch directly with our team. We process your inquiry within 24 hours.

Contact us via the form, find answers in our FAQs, or get in touch directly with our team. We process your inquiry within 24 hours.

In accordance with our Privacy Policy and our Terms and Conditions, we use subprocessors to provide our services. This page lists the essential subprocessors that potentially have access to personal data of our customers or operate systems on which such data may be processed or stored in the course of service delivery. We carefully select our subprocessors and ensure that they comply with appropriate data protection and security standards.


Subprocessors:

Google Cloud EMEA Limited (acting as Google Cloud Platform)

Purpose of processing / service:

  • Hosting our backend infrastructure for ClinicOS

  • Provision and operation of databases

  • General data center operations and cloud infrastructure

Location of data processing:

  • Primary: Germany (data center regions Frankfurt (europe-west3) and Berlin (europe-west10))

  • Important: All core application data and patient data of ClinicOS remain exclusively in Germany.

Transfer mechanisms (if relevant for other Google services):

  • For the core services listed above, no transfer of core application data takes place outside Germany. Google Cloud provides comprehensive safeguards for compliance with the GDPR.

Further information: https://cloud.google.com/terms/data-processing-addendum?hl=en


Vercel Inc.

Purpose of processing / service:

  • Hosting and delivery of our web frontend (ClinicOS user interface)

  • Provision of static content (e.g. images, scripts) via a global content delivery network (CDN) to optimize loading times and performance.

Location of data processing:

  • Global (CDN): Vercel uses a global network of servers (primarily based on AWS infrastructure) to deliver web content quickly and efficiently.

  • As part of CDN usage, personal data, in particular the IP addresses of users accessing the ClinicOS frontend, are processed worldwide in order to deliver content from the nearest server.

Transfer mechanisms and safeguards for data transfers outside the EU/EEA:

  • Data transfers to countries outside the EU/EEA (especially the USA) are protected by the following appropriate safeguards pursuant to Art. 46 GDPR:

    • Vercel is certified under the EU-U.S. Data Privacy Framework (DPF).

    • EU Standard Contractual Clauses (SCCs) apply.

Further information:‍ https://vercel.com/legal/dpa


Cloudflare, Inc.

Purpose of processing / service:

  • DNS services: resolution of our domain names (e.g. app.clinicos.de) to the corresponding IP addresses of the servers.

  • Reverse proxy services (CDN & security): optimization of loading times, protection against DDoS attacks and other online threats through Cloudflare's global network. Requests to our servers are routed via Cloudflare.

Location of data processing:

  • Global (edge network): Cloudflare operates a worldwide network of data centers (edge locations).

  • As part of DNS resolution and proxy services, personal data, in particular the IP addresses of users accessing ClinicOS, are processed worldwide in order to route requests via the nearest and most secure server.

Transfer mechanisms and safeguards for data transfers outside the EU/EEA:

  • Data transfers to countries outside the EU/EEA (especially the USA) are protected by the following appropriate safeguards pursuant to Art. 46 GDPR:

    • Cloudflare is certified under the EU-U.S. Data Privacy Framework (DPF).

    • EU Standard Contractual Clauses (SCCs) apply.

    • Cloudflare also offers Binding Corporate Rules (BCRs) approved by European data protection authorities.

Further information: https://www.cloudflare.com/cloudflare-customer-dpa/


Analytics & Error Monitoring

Functional Software, Inc. (d/b/a Sentry)

  • Purpose of processing: Collection and analysis of anonymized error reports and performance data from our application. This helps us proactively identify technical issues and improve the stability of ClinicOS. No personal health data or other sensitive customer data is transferred to Sentry.

  • Location of data processing: Primarily EU (Germany). We have configured Sentry so that all data transmitted to it is processed and stored in its EU data center.

  • Safeguards for data transfers outside the EU/EEA: As Sentry is a US company, any necessary data transfers (e.g. for support purposes) are protected by the EU-U.S. Data Privacy Framework (DPF) and EU Standard Contractual Clauses (SCCs).

  • Further information: Sentry DPA


Explanation of the data processing locations:

  • Core application data: All your primary application and customer data that you actively store and process in our web application (backend data) are hosted exclusively on the infrastructure of Google Cloud Platform in Germany.

  • Frontend delivery & technical data: To provide the user interface of our web application quickly and reliably (code, design, images), we use Vercel's global content delivery network (CDN). When you access our website, technical data such as your IP address may be processed by Vercel servers that are geographically close to your location. This serves to optimize loading times and security (e.g. DDoS protection). Since Vercel operates a global network, these technical data may also be processed outside the EU/EEA. Through appropriate measures (EU-U.S. DPF certification and standard contractual clauses), Vercel ensures compliance with the requirements of the GDPR.


Changes to this list:

We review this list regularly and update it as necessary. We will announce material changes to our subprocessors or the locations where your core application data is processed to our customers in advance in accordance with the contractual agreements (as a rule, at least thirty (30) days) via appropriate channels (e.g. by email or notice in the application).

Made in Germany