Data Protection Notice

Thank you for your interest in our services and for visiting the Virtual Proctor website.

Virtual Proctor is an offer of MDA - Medical Decision Alliance GmbH (hereinafter also referred to as “MDA”, ‘we’ or “us”). MDA develops and distributes innovative digital products to improve and simplify medical research and teaching and to support medical practice in the context of routine operations.

The Virtual Proctor training platform is a video-based training application for surgeons, OR staff and medical technology professionals. If you belong to this professional audience and your employer has concluded a license agreement with MDA for the use of the Virtual Proctor in its institution and has also named you to us as an authorized user, you can use the Virtual Proctor to follow the procedure for the standard operations shown in self-study. The Virtual Proctor offers you video recordings of real standard operations, edited and commented on by medical professionals, and guides you step by step through the respective operations in journeys. The cases and operations shown have been prepared for this purpose in such a way that they are anonymous in relation to the patients.

When you use the Virtual Proctor services, certain information about your end devices or technical equipment is processed. Data protection and your privacy matter to us. We strictly adhere to the legal requirements of data protection law and in particular the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other legal data protection regulations. If it is necessary to process personal data and there is no legal basis for such processing, we will ask for your consent.

We would therefore like to take this opportunity to inform you which of your personal data we collect when you use the Vitrual Proctor service and for what purposes it is used. Information on all your rights and how to exercise them can be found in the following section “Your rights as a data subject” in this Data Protection Notice.

This Data Protection Notice can be accessed, saved and printed at any time at the URL https://virtual-proctor.com/privacy-policy. As changes in legislation or changes to our internal company processes may make it necessary to amend this data protection notice, we ask you to read this Data Protection Notice regularly.

1. Scope

This Data Protection Notice applies generally to the Virtual Proctor service (hereinafter also referred to as “our web service” or “our website”).

2. Name and Address of the controller

Generally responsible for the operation of the Virtual Proctor service is MDA - Medical Decision Alliance GmbH. Unless indicated otherwise, MDA is therefore also the controller for the processing of personal data within these websites within the meaning of Article 4 No. 7 GDPR.

For the full contact details of MDA, please refer to the imprint of this website at https://virtual-proctor.com/imprint.

3. Personal data

Personal data is information about personal or factual circumstances of a specific or identifiable natural person. This includes information such as your name, address, telephone number and date of birth, but also any further data, which can be assigned to a specific person with reasonable effort.

Information that is anonymized and not associated with your identity, however, is not personal data.

4. Purposes of the processing of personal data

Some of the personal data and further information we may collect from you is necessary to enable us to provide you with the services you request, to fulfil our contracts with you, to comply with legal requirements or if we have a legitimate interest in the use of your information, for example, when we use your personal data to be able to offer you an extensive and interesting offer via our websites and our web services and to constantly improve these.

When we collect data directly from you, we may ask you for your consent and clearly mark mandatory information (e.g. with an asterisk (*)). You voluntarily provide us with any other information that is not marked.

We will generally collect, process and use the personal data you provide online only within the legal bases provided for within the applicable data protection legislation or within the borders of your consent and as well only for the purposes disclosed to you.

5. General legal bases

The legal bases for the processing of your personal data may be the following:

Article 6 para. 1 s. 1 lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6 para 1 s. 1 lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services.

Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfilment of tax obligations, the processing is based on Article 6 para. 1 s. 1 lit. c GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Article 6 para. 1 s. 1 lit. d GDPR.

Finally, processing operations could be based on Article 6 para. 1 s. 1 lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

6. Which personal data is collected and processed?

You can generally browse our website without providing us with personal data (e.g. name, address, telephone number or e-mail address) that reveal your identity directly to us, unless you make them available to us voluntarily (e.g. for registrations for events, enquiries or surveys) or you have consented to the intended use or otherwise the corresponding legal provisions on the protection of your data permit the specific use of your personal data according to the aforementioned legal bases for specific purposes.

Particularly, your personal data may be used as follows:

6.1 Data processing when using Virtual Proctor

a) Registration/user account – mandatory information

If your employer has concluded a license agreement with MDA for the use of Virtual Proctor at its facility and has designated you as an authorized user, you can use the Virtual Proctor service. This requires you to register independently as a user and set up a user account.

All mandatory information required for registration is marked accordingly (*). The collection and processing of this information is necessary in order to provide the functions within the user account and to ensure your contractual use of Virtual Proctor. The legal basis for this is Art. 6 (1) lit. b GDPR.

All other information you provide is voluntary and will be used by us for the purposes described below - see point b) below.

As part of your independent registration, we collect the following mandatory information from you:

  • First name
  • Last name
  • Email address
  • Mobile phone number

We collect your full name in order to identify you as a user authorized by your employer and to ensure that you receive personalized support as our user.

Your email address is used as your username to identify your user account and to communicate with you (e.g., technical support and setup and maintenance of your member account).

The processing of your mobile phone number is necessary for the multi-factor authentication process. The mobile phone number collected during registration is used for additional user authentication (e.g., by means of two-factor authentication to log in to the protected user account or when resetting the password).

In addition to the above mandatory information, you must set a secure password during registration to protect your user account, taking into account the security requirements set out in our General Terms and Conditions. Your password is stored in encrypted form in our user database, so that we cannot read it and only you know it. If you forget your password, you can set a new one using the corresponding function when logging into the protected area of your user account.

The data you enter is transmitted via a secure SSL connection.

When you register, your IP address and the date and time of registration are stored. This is to prevent misuse of the services and to fulfill our accountability obligations under Art. 5 (2) GDPR. The data will not be passed on to third parties. An exception to this is when there is a legal obligation to pass on the data.

The registration of data is necessary for the provision of content or services.

In order to set up a user account, you must agree to the following statement during registration and, in particular, to comply with the General Terms and Conditions for Virtual Proctor:

Within the framework of the license agreement concluded between my employer and MDA – Medical Decision Alliance GmbH, I request the creation of a personal user account for the use of Virtual Proctor.
I expressly declare that I am authorized by my employer to use Virtual Proctor. I have read and accept the General Terms and Conditions.
I have read the Data Protection Notice and agree to the processing of my personal data for the above-mentioned purpose.

To complete and verify your registration, we use the double opt-in procedure, which means that we will only set up your user account once you have confirmed your registration by clicking on the link contained in a confirmation email sent to you for this purpose. This is to ensure that only you can register as the user of the email address provided and the other personal data collected during registration. You must confirm this promptly after receiving the confirmation email, otherwise the data you provided during registration will be automatically deleted from our database.

b) Registration/user account – voluntary information

You can optionally provide the following information when registering as a user:

  • Title
  • Country
  • Institution or hospital
  • Function
  • Medical specialty

We use this information to ensure that you receive personalized support as our user and to display a personalized appearance of the Virtual Proctor environment. Furthermore, we may show you content that we believe is relevant to your information and corresponds to your interests or area of responsibility. Finally, we use this data to compile anonymous statistics on the users of our service and to tailor our service as closely as possible to the areas of expertise and interests of our users. You can edit or delete the voluntary information in your user account at any time.

The legal basis for this is your consent, Art. 6 (1) lit. a GDPR.

All data you enter is transmitted via a secure SSL connection.

c) Usage data and evaluations

During your use of Virtual Proctor, the system records the following data about your use of the system. This usage data is available exclusively to you and you can view it within your user account:

  • Before using our Journeys and courses, you must actively subscribe to or follow them by clicking ‘Start Learning’ on the page of each journey or course. The respective content will indicate whether you are following it (“Journey Enrollment”).
  • Journey progress shows the user their progress in viewing the respective content as a percentage of the total length of the video or journey (lesson wise, a lesson is considered completed if the video it contains has been watched until the end).
  • As a user, you have the opportunity to answer questions in our Journeys to check what you have learned. The answers are stored and evaluated. All answers and evaluations can be viewed by you at any time within your user account.
  • In some of our journeys and courses, users may have the opportunity to earn certificates upon completing the respective journey. The certificates earned are also stored and displayed within the user account under ‘Certificates’.

The legal basis for this is Art. 6 (1) lit. b GDPR, i.e. the contractual design of our offer or our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in designing the content of the Virtual Proctor as a training and learning platform in line with requirements.

d) Discussions, questions and evaluations of our journeys and courses

As a user of Virtual Proctor, you can ask questions about the content and subject matter of each journey or course and discuss the content with other users. If you would like to do so, you can click on ‘New Question’ on the page of the respective journey or course, enter your question together with a headline, and publish it. Your questions will then be displayed to all users of the journey or course together with your name and the answers of other users and will be visible to other users in the Virtual Proctor alongside the evaluated content.

Finally, you also have the option of submitting an evaluation for completed journeys and courses. Together with the star rating you submit, your evaluation text and your name as the author of the evaluation will then be displayed to other users in the Virtual Proctor alongside the evaluated content.

The legal basis for this is your consent, Art. 6 para. 1 lit. a GDPR, or our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to design the content of Virtual Proctor as a training and learning platform in line with requirements.

6.2 Contact

a) If you are interested in using Virtual Proctor for your hospital or institution, please contact us directly using our contact form at Virtual-proctor.

In this case, we collect your full name, mobile phone number and email address as mandatory information via our contact form. You must also confirm that you agree to us contacting you by clicking the checkbox so that we can provide you with an offer to use Virtual Proctor. All mandatory information required is marked accordingly (*). The collection and processing of this information is necessary in order to provide you with a contract offer for use of Virtual Proctor at your request. The legal basis for this is Art. 6 (1) lit. b GDPR.

Further, you can optionally provide the following information to us, which we will use to examine your particular interests for the requested use of Virtual Proctor and to tailor our offer to your hospital or institution accordingly. Hence, the legal basis for this is your consent, Art. 6 (1) lit. a GDPR:

  • Title
  • Country
  • Institution or hospital
  • Function
  • Medical specialty

All data you enter is transmitted via a secure SSL connection.

To complete and verify your request, we use the double opt-in procedure, which means that we will only store your data and get in touch with you once you have confirmed your request by clicking on the link contained in a confirmation email sent to you for this purpose. This is necessary to ensure that the email address provided and the other personal data collected are correct. You must confirm this promptly after receiving the confirmation email, otherwise the data you provided with your request will be automatically deleted from our database.

b) For other and general inquiries and contact requests, please send us an e-mail at info@decision-alliance.com.

When you contact us via e-mail, we use your personal data exclusively to answer your inquiries according to your requests and to your satisfaction. To do so, we generally process your full name (name and last name) and also e-mail address to reply to your individual inquiry. Further, it is generally your free decision which data you provide to us. However, we may not be able to fulfil your contact request without certain details required in individual cases.

The legal basis for this data processing is that of Article 6 para. 1 s. 1 lit. b GDPR (which permits the processing of data to fulfil a contract or pre-contractual measures), Article 6 para. 1 s. 1 lit. f GDPR (which permits the processing of data to safeguard the data controller's legitimate interests). Our legitimate interest within the meaning of the GDPR is the optimization and fulfilment of our online offers and our web services.

6.3 Server-Log files

Your visit to our websites is automatically logged by our web servers. In connection with the retrieval of the information you requested from our web services, data is collected for the provision of our various services or for evaluation and security purposes and, if necessary, stored in anonymized form (without personal reference). The web servers we use automatically store data about the retrieval of our web services in so-called server log files. These are the following data:

  • Your IP address
  • The URLs you accesss on our web pages
  • Referrer URL (the page from which you visit us)
  • Time of the server request
  • Host name of the accessing terminal (the name of your Internet service provider)
  • Browser type and browser version
  • Operating system used and its settings

The processing of the above data is done for security purposes, for general fraud prevention and as a precaution against attacks on our web services. An automated combination of this data with data from other data sources does not take place.

If we also automatically log your IP address, this is automatically deleted after 30 days at the latest.

Furthermore, we store the URL accessed with the associated page title and optional information on the page content; information on the terminal device used, operating system and browser. This information is generally transmitted with each individual page request when using the Internet. However, unlike Cookies and similar technologies, no information is read from the memory of the user's terminal device and no information is stored on this terminal device.

Since the privacy of our users is important to us, this data is processed without being merged with other data provided by you, such as your contact details, and furthermore, data that may allow a reference to an individual person, such as the IP address, login or device identifiers, are anonymized or pseudonymized immediately after collection by deleting the last number block. No other use, combination with other data or disclosure to third parties takes place.

This data processing is based on the legal basis of Article 6 para.1 s. 1 lit. f GDPR, which allows data processing based on our legitimate interest. Our legitimate interest within the meaning of the GDPR is the optimization and technical security of our online offers and our web services.

Apart from that, only general information is recorded, e.g. when which content from our offer is called up or which pages are visited most frequently, the names of the requested files as well as their call-up date and time. These data are evaluated to improve our offer and do not allow any conclusions about your person. We will not use this information for any other purpose.

The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f GDPR, which allows the processing of data to protect the legitimate interests of the data controller.

7. Anonymous usage evaluations

We do not create personalized user profiles. In connection with the viewing of the information you have requested within our web service, data is only stored on our servers in anonymized form for the provision of our various services or for evaluation purposes. In this context, general information in accordance with section 6.3 of this Data Protection Notice is also logged in order to determine the frequency of use and the number of users of our web pages. In this way, we learn which area of our websites our users have visited.

However, this usage data does not contain personal data and does not allow any conclusions to be drawn about the identity of the individual user. All of this anonymized usage data is not combined with your personal data and is deleted immediately after the end of the statistical evaluation.

The legal basis for this data processing is that of Art. 6 para. 1 s. 1 lit. f GDPR (which permits the processing of data to protect the legitimate interests of the data controller).

8. Cookies and similar technologies

Within our website and with your consent, we also may use cookies as well as other similar technologies (hereinafter collectively referred to as "cookies").

The use of cookies helps us make it more convenient for you to use our website. For example, we use session cookies to detect whether you have already visited individual pages on our website. These are erased automatically when you leave our website.

Other Cookies help us to collect information about how you behave as a user on our website and how you interact with the features we offer. We do this to better understand how our website is used and to enable improved navigation and features. Cookies that we use will not allow to identify you personally. However, with the help of these cookies we can - with your consent - re-identify the device you use or your web browser when you repeatedly access our web offer and thus optimise your experience as a user of our website and make it more comfortable by adapting the presentation of the content to your particular interests or your preferences and designing it individually and according to your needs. Cookies therefore also allow us to recognise whether you have visited our website before or whether you are a new visitor.

Detailed information on cookies in general, the types of cookies and their intended use, as well as on the relevant legal basis for the use of cookies and on your selection and control options for the cookies used in detail within our websites can be found in our detailed instructions within our PRIVACY PREFERENCES MANAGER, which generally also opens automatically when you access our websites for the first time and within which you can adapt the use of Cookies and similar technologies to your wishes and needs. With the help of our PRIVACY PREFERENCES MANAGER, you can adjust your settings to your wishes and needs at any time with effect for the future.

When you click here, you can change your cookie preferences or revoke your previously given consent at any time with effect for the future or without this resulting in any legal disadvantages for you.

You also may refuse the use of cookies (at all) by selecting the appropriate settings of your browser, however, please note that if you do this you may not be able to use the full functionality of our websites.

9. Period for which the personal data will be stored

We only store personal data that you provide to us for as long as they are needed to fulfil the purposes for which these data were provided or as long as this is required by law:

  • If you conclude contracts with us, we store and process your personal data for the duration of your contractual relationship with us and also for the fulfilment of legal post-contractual archiving obligations and for the duration of the statutory retention periods (maximum 10 years).
  • If you send us an inquiry, we process your personal data for the duration of processing your inquiry and for the period we may need to document the inquiry process and our answers.

Generally, we delete or anonymize your personal data from our systems and records, so that you can no longer be identified, when they are no longer needed. We may retain certain personal data in order to comply with our legal and regulatory obligations and to enable us to administer our rights (e.g. to enforce our claims in court), or for statistical purposes (in anonymous form).

10. With whom do we share Personal Data?

If these cases are not listed in this Data Protection Notice, we will not sell or market your personal data to third parties or forward them on for any other reason.

In addition to the other cases mentioned in this Data Protection Notice, your personal data will only be passed on without your express prior consent in the following cases:

  • If it is necessary for the clarification of an illegal or abusive of our web services or for the prosecution, personal data are passed on to the prosecution authorities as well as if necessary, to damaged third parties. However, this only happens if there are concrete indications of illegal or abusive behavior. A disclosure to third parties bound to professional secrecy can take place if this is necessary to enforce the contractual conditions or other agreements as well as our claims arising from contracts that you have concluded with us. The legal basis for data transmission is Article 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data in order to fulfil a contract or pre-contractual measures and Article 6 para. 1 s. 1 lit. f GDPR, which permits the processing of data in order to safeguard the data controller's legitimate interests.
  • Further, we may also be legally obliged to provide information to certain public authorities upon request. These are law enforcement authorities, authorities that prosecute fined offences and the tax authorities.
  • As our business develops, the structure of our company may change as its legal form changes, subsidiaries, parts of companies or components are established, purchased or sold. In such transactions, customer information will be shared with the part of the company to be transferred with your consent. Whenever personal data is passed on to third parties to the extent described above, we will ensure that it is used in accordance with this data protection declaration and the relevant data protection laws and ask you for your consent.

11. Who is involved in processing your Personal Data?

We process your personal data collected through the website and may also engage third parties to assist us according to our instructions and therefore, your personal data can also be processed on our behalf by our reliable, external service providers ("contract processors"). We solely rely on trusted and reliable contract processors who conduct a number of business processes on our behalf and only provide them with the information they need to provide their services to us. We make every effort to ensure that all contract providers with whom we work strictly protect your personal data and use them only for the purposes to which we assign them and on our behalf. For example, we can commission the following services for which the processing of your personal data is necessary to our contract processors or our contract processors may be:

  • Third parties who support and help us to provide digital and e-commerce services, including CRM, web analytics and search engine and user content maintenance tools.
  • Advertising, marketing, digital and social media agencies to assist us with advertising, marketing and campaign activities, to analyze their effectiveness and to manage your contact requests and questions.
  • Third parties who assist us in providing IT services, including platform providers, hosting services, maintenance and support for our databases, and our software and applications that contain information about you (in some cases, such services simply include access to your data to perform the desired task).

The legal basis for data transmission is Article 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data in order to fulfil a contract or pre-contractual measures and Article 6 para. 1 s. 1 lit. f GDPR, which permits the processing of data in order to safeguard the data controller's legitimate interests.

We have concluded a contract with all our contract processors on the commissioned data processing on our behalf in accordance with Article 28 GDPR and fully implement the strict requirements of the German data protection authorities when using their services.

12. Data transfers to “Third Countries”

If we process data in a Third Country (i.e., outside the European Union (EU), the European Economic Area (EEA), where the privacy laws may not be as protective as those in your location) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, entities or companies, this is only done in accordance with the strict legal requirements of the EU and we ensure that your data is treated in accordance with the provisions of this Data Protection Notice.

Subject to express consent or contractually or legally required transfer, we only process or have the data processed in third countries with a recognized level of data protection, contractual obligation through the so-called standard protection clauses of the EU Commission (SCC), in the presence of certifications or binding internal data protection regulations according to Articles 44 to 49 GDPR; further information can be found on the websites of the EU Commission under the URL https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en. Where necessary, we and our contract processors will, where applicable, also take supplementary measures to ensure the protection of your privacy rights, the confidentiality of your personal data and compliance with the applicable laws and regulations of the EU.

13. Data Security

We make every effort to take extensive technical and organizational security measures to protect your personal data against unintentional or unlawful deletion, alteration or loss and against unauthorized disclosure or access. All our employees are accordingly bound to secrecy and data protection. Insofar as it is within our sphere of influence, we use modern encryption techniques and a large number of other measures in particular to prevent unauthorized access by third parties. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption exists, the data you exchange with us cannot be read by third parties.

Further, our security precautions are regularly checked and adapted to technological progress.

However, we would like to point out that due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions for which we are not responsible. In particular, unencrypted data can be accessed by third parties - particularly if this is done by e-mail. We have no technical influence on this. In such cases, it is the responsibility of the user to protect the data provided by him against misuse by encryption or in any other way.

14. Your rights as a data subject

If we process personal data as the data controller, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and purpose of the processing, in particular the right of access (Article 15 GDPR), the right to rectification (Article 16 GDPR), the right to erasure (‘right to be forgotten’) (Article 17 GDPR), the right to restriction of processing (Article 18 GDPR), the right to data portability (Article 20 GDPR), the right to object (Article 21 GDPR). If the processing of personal data is based on your consent, you have the right to revoke this data protection consent in accordance with Article 7 para. 3 GDPR.

If you wish to exercise your above rights, please contact us using the contact details given above in section 2 or please refer to the contact data as stated in our imprint of this website at https://virtual-proctor.com/imprint.

Please note that we may require proof of identity and full details of your request before we can process your request.

15. Right to lodge a complaint with the competent supervisory authorities

In the event of data protection violations on our part, you have a right of appeal to the responsible supervisory authority.

The supervisory authority responsible in data protection issues for the activities of MDA - Medical Decision Alliance GmbH is The State Commissioner for Data Protection and Freedom of Information in North Rhine-Westphalia (LDI NRW), whose contact data can be found under the following URL: https://www.ldi.nrw.de/metanavi_Kontakt/index.php.

16. Name and Address of the Data Protection Officer

Within our company, everyone is responsible for privacy and data protection issues. In addition, we have decided to appoint a Data Protection Officer. To ensure the independence of the Data Protection Officer, we have appointed an external Data Protection Officer:

Mr Stephan Krämer, LL.M. (Attorney at law, Germany) KINAST Rechtsanwaltsgesellschaft mbH, Nordstr. 17a, 50733 Cologne, Germany

You can contact our Data Protection Officer via his website at https://www.kinast.eu.

17. Hyperlinks to other websites

Our websites contain so-called hyperlinks to websites of other providers. When these hyperlinks are activated, you are redirected from our website directly to the websites of other providers. Despite careful control we assume no liability for the content of external links. The operators of the sites we link to are solely responsible for the content of linked pages and any processing of personal data on these websites.

Last updated: October 2025