1. Data Controller and Contact
The responsible party for data processing under the GDPR is:
Dr. med. Christian Kirsch
Klinikum Lippstadt, Klosterstraße 31, 59555 Lippstadt, Germany
Email: support@echokardio.de
2. Data Processing and Legal Bases
- Account & Profile Data: We process your name, email, and course progress to fulfill our contract with you (Art. 6 (1) (b) GDPR).
- Payment (Stripe): Payment data is processed by Stripe to perform the contract. We have a Data Processing Agreement (DPA) with Stripe ensuring GDPR-compliant standards.
- Server Log Files: To ensure technical stability and security, our servers automatically log technical data (IP address, browser type, timestamp). Legal basis: Legitimate interest (Art. 6 (1) (f) GDPR).
3. EU Data Act Compliance (New for 2026)
In accordance with the EU Data Act, we ensure your right to data portability.
- Access: You have the right to access and download the non-personal technical data generated by your use of our service.
- Switching: We facilitate the switching of service providers by allowing you to export your data in a structured, machine-readable format within 30 days of a request.
4. Your Rights
Under the GDPR, you have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), and to object to processing (Art. 21). You may also lodge a complaint with your local Data Protection Authority.