Last Updated: October 2025
The following Terms of Use apply between
AMBOSS SE
Torstrasse 19
10119 Berlin
("AMBOSS")
and the respective user who registers via the website www.amboss.com/int ("Authorized User").
2.1. AMBOSS is, as between the Parties, the rights holder, provider and operator of the online knowledge and learning Program "AMBOSS", which AMBOSS makes available via next.amboss.com/us/ and the AMBOSS iOS app and Android app on a monthly basis ("AMBOSS Program"). The AMBOSS Program generally consists of AMBOSS Membership and AMBOSS Courses. Depending on the offer selected, the subject matter of the contract may be AMBOSS Membership, AMBOSS Courses, or both
2.2. AMBOSS Membership is a digital companion for medical students, doctors, nurses and other professionals working in the healthcare sector or related educational fields. It is designed for education, professional training and continuous medical development. For this purpose, AMBOSS Membership includes study plans, practice questions, practice exercises, performance evaluations, study recommendations, AI exam simulations and learning assistants/chatbots as well as clinical resources such as medical articles, medical calculators, drug databases, and AI assistants/chatbots.
2.3. AMBOSS Courses can be booked with or without an existing AMBOSS Membership. They are not included in AMBOSS Membership. AMBOSS Courses are aimed at doctors, healthcare professionals, and others working in the healthcare sector, and serve to deepen, refresh, and expand medical knowledge. They may include structured live seminars, case discussions, interactive courses, and practice-oriented knowledge content based on current scientific evidence and legal requirements. Participation in live seminars allows direct interaction with instructors. Booked AMBOSS Courses are always activated for a period of at least two months within the AMBOSS Program. Details on the respective course duration can be found in the offer description. AMBOSS Courses are designed to be completed within this course duration. Users who also have access to the AMBOSS Program through a separate AMBOSS Membership may continue to access the course content for an additional ten months for reference purposes without additional fees.
2.4. All information provided in the AMBOSS Program refers to the medical standard in the United Sates of America, including without limitation standards for diagnostic and/or therapeutic procedures, even though they may differ in other countries. Similarly, all information provided in the AMBOSS Program with regard to the use of commercial medical products refers to the regulatory approval status of the respective medical product in the United States of America. In other countries, the respective regulatory approval status may differ.
2.5. The professional editorial team of AMBOSS consists of numerous medical professionals from different medical specialties. This editorial team adds new and/or updated content to the AMBOSS Program in a structured, collaborative process. However, the parties understand and acknowledge that the AMBOSS Program cannot contain a comprehensive, up-to-date presentation of all medical information.
2.6. The information contained in the AMBOSS Program does not constitute binding diagnostic, treatment and therapy suggestions. Diagnostic, treatment and therapy decisions as well as other patient care decisions derived from the use of the AMBOSS Program are the sole responsibility of the respective user. The use of the AMBOSS Program does not release the user from his obligation to make decisions on his own responsibility on the basis of the current state of science and research. In this respect, the information contained in the AMBOSS Program must be reviewed in relation to the specific individual case, taking into account the individual patient’s characteristics.
2.7. The use of AI-supported functions provided within the AMBOSS Program (“AMBOSS AI Features”) is permitted exclusively for informational and educational purposes. They are in no way intended to serve as diagnostic or treatment tools. The user assumes full and sole responsibility for evaluating the information provided. For more information see Section 9 of the AMBOSS Terms of Use.
2.8. If users display a translation of the AMBOSS content in a language other than English within the AMBOSS Program, this is an automated machine translation using an interface to an AI-supported translator. The translated content is not part of the AMBOSS Program. The user understands and agrees that AMBOSS itself does not perform the translation and cannot check the translated content. In particular, AMBOSS does not carry out any medical review. The machine-translated content does not meet the due diligence and quality standards of AMBOSS. Translation errors cannot be expressly excluded. The machine-translated content does not replace a translation by a linguistically competent specialist, which is recommended.
2.9. These Terms of Use ("AMBOSS Terms of Use") apply exclusively to the use of the AMBOSS Program. Deviating terms and conditions shall not be recognized unless explicitly confirmed by AMBOSS in writing. If special terms of use apply to individual use cases of the AMBOSS Program, this will be indicated at the appropriate place on the website. In this case, the special terms of use shall then apply in addition.
2.10. AMBOSS does not guarantee that the AMBOSS Program can be used via the public transmission lines used by the Authorized User and on the Authorized User's own data communication devices.
2.11. AS BETWEEN THE PARTIES, AMBOSS SHALL AT ALL TIMES RETAIN ALL RIGHT, TITLE, AND INTEREST IN AND TO THE SERVICES, INCLUDING ALL RELATED PATENT, TRADEMARK, COPYRIGHT, MORAL RIGHTS, AND ANY AND ALL OTHER INTELLECTUAL PROPERTY RIGHTS ASSOCIATED WITH THE AMBOSS PROGRAM AND THE SERVICES.
3.1. Registration via www.amboss.com/int is free of charge. By registering, the Authorized User submits its data for later use of the AMBOSS Program. This alone does not give the Authorized User permanent access to the AMBOSS Program.
3.2. Registration is carried out by opening a personal user account. All mandatory fields must be filled in during registration. The Authorized User warrants that all data provided during registration is true and complete. Furthermore, the Authorized User is obliged to keep the data provided up to date at all times. The Authorized User is solely responsible for keeping the chosen password secret and for all activities carried out with the user account. Passing on the password is not permitted. The settings for the user account are adjustable. Before submitting the registration request, the Authorized User has the opportunity to view and correct the information on an overview page. By confirming the registration button, the Authorized User confirms the accuracy of the information provided and agrees to the AMBOSS Terms of Use, which can be viewed and archived at www.amboss.com/int/int-legal/terms. By completing the registration process, the Authorized User submits an offer to conclude a contract for the storage of his/her data for later use. AMBOSS will confirm receipt of the offer to the Authorized User electronically (registration confirmation). AMBOSS accepts this offer by activating the user account. The language available for the conclusion of the contract is English.
3.3 There is no entitlement to registration. AMBOSS expressly reserves the right to refuse registration requests by not activating the corresponding user account. In addition, AMBOSS is entitled to revoke access to the user account at any time by blocking the access data. There is no obligation to inform the person concerned of the reasons for the rejection or revocation of the user account access authorization.
3.4. Upon registration, the Authorized User may choose to access the AMBOSS Program. The Authorized User can activate a time-limited, free trial access to the AMBOSS Program (see Section 6 of the AMBOSS Terms of Use) or use the AMBOSS Program on the basis of an Institutional License Agreement (see Section 4 of the AMBOSS Terms of Use) or on the basis of an Individual License Agreement (see Section 5 of the AMBOSS Terms of Use). In these cases, AMBOSS provides Authorized Users with access to the English-language AMBOSS Program and its content via the Internet in accordance with the respective usage agreement concluded and the AMBOSS Terms of Use.
3.5. There is no entitlement to registration. AMBOSS expressly reserves the right to reject registration requests by not activating the corresponding user account. In addition, AMBOSS is entitled at any time to revoke access to the user account by blocking the access data. There is no obligation to inform the person concerned of the reasons for the rejection or revocation of user account access authorization.
3.6. The Authorized User can request the deletion of his user account and thus his registration at any time in writing, e.g. via the corresponding function within the user account. In this case, AMBOSS will delete all usage data relating to the Authorized User and all other stored personal data of the Authorized User as soon as they are no longer required.
4.1. Authorized Users have the option of activating a so-called clinic or campus license and use the AMBOSS Program on the basis of the AMBOSS Terms of Use. AMBOSS concludes paid contracts with universities, clinics or other institutions in the healthcare sector ("Institutional Partners") who desire to provide their students and educators, or their doctors and other healthcare professionals, with free access to the AMBOSS Program through clinic or campus licenses ("Institutional License Agreement"). This is not a contract for the benefit of third parties, but a contract that contains the authorization of AMBOSS to provide the contractual service to the Authorized Users with discharging effect vis-à-vis the Institutional Partner. The prerequisite for an Authorized User to be able to activate a clinic or campus license to use the AMBOSS Program is that the respective Institutional Partner has provided (possibly personalized) access for this Authorized User in the Institutional License Agreement. The Authorized User can only activate and use the AMBOSS Program if and as long as he or she is authorized and authenticated to do so.
4.2. Before submitting the activation request, the Authorized User has the opportunity to view and correct the information provided on an overview page. By confirming the button marked accordingly, the Authorized User confirms the accuracy of the information provided and agrees to the AMBOSS Terms of Use, which can be viewed and archived at www.amboss.com/int/int-legal/terms. By completing the activation process, the Authorized User submits an offer to conclude a contract for the use of the AMBOSS Program. AMBOSS will confirm receipt of the offer to the Authorized User electronically (activation confirmation). AMBOSS accepts this offer by activating access to the AMBOSS Program.
4.3. If the Authorized User makes a paid upgrade in the "Shop" section that is not covered by the Institutional License Agreement, the Authorized User undertakes to pay the relevant usage fee. Section 5 of the AMBOSS Terms of Use applies.
4.4. If the Institutional License Agreement ends without a new Institutional License Agreement having been concluded with the same Institutional Partner, or if the Institutional License Agreement is amended so that it no longer provides for access for the Authorized User concerned, the use of the AMBOSS Program for the Authorized User concerned is terminated upon termination or amendment of the Institutional License Agreement. By way of exception, AMBOSS Courses that were activated by the Authorized User during the term of the Institutional License Agreement are always available for a minimum period of two months, regardless of when the Institutional License Agreement has been terminated. If such an AMBOSS Course includes a live event scheduled after termination, the Authorized User shall retain access to the course at least until the live event has taken place.
4.5. Authorized Users who use the AMBOSS Program on the basis of an Institutional License Agreement and who are not themselves parties to a paid agreement concluded with AMBOSS for the use of the AMBOSS Program have no claim whatsoever against AMBOSS for the use of the AMBOSS Program. There is no entitlement to a warranty in the event of defects or failures. In all other respects, liability is subject to the limitations set out in Section 16 of the AMBOSS Terms of Use.
5.1. Authorized Users have the option of using the AMBOSS Program or individual components of the AMBOSS Program, such as an AMBOSS Course, an AMBOSS Membership, or add-ons to an AMBOSS Membership, against payment of a usage fee ("Individual License Agreement"). In this case, the Authorized User is the contractual partner of the license agreement.
5.2. Conclusion of Contract
5.2.1. Before concluding an Individual License Agreement, the Authorized User will be informed about the content of the selected service, the usage fees and the payment modalities. Before completing the order process, AMBOSS will display the entries made by the Authorized User in a confirmation window and give the opportunity to check and, if necessary, correct the entries.
5.2.2. By confirming the correspondingly marked button, the Authorized User declares that he or she desires to conclude a contract for the services selected. In addition, the Authorized User agrees to the AMBOSS Terms of Use. The confirmation of the button constitutes an offer by the Authorized User to conclude a contract. This is binding for a period of 7 working days. AMBOSS expressly reserves the right to accept or reject the contract offer of the Authorized User within this period. There is no entitlement to the conclusion of the contract. AMBOSS will confirm receipt of the offer to the Authorized User electronically (order confirmation).
5.2.3. AMBOSS sends the Authorized User the order data with a confirmation e-mail, which constitutes the acceptance of the contract. The language available for the conclusion of the contract is English.
5.3. Scope of Service
The scope of service that AMBOSS provides on a monthly basis depends on the service selected by the Authorized User and the corresponding offer model. Details on the offer models can be found on the AMBOSS website.
5.4. Usage Fee
5.4.1. Access to the AMBOSS Program is provided at the usage fee corresponding to the selected offer model. The usage fees stated in the offer model may be subject to applicable taxes that AMBOSS may charge. AMBOSS collects the usage fee, plus any applicable taxes, via the selected payment method. AMBOSS reserves the right to change usage fees in the event of printing errors and mistakes.
5.4.2. The usage fee to be paid by the Authorized User must be paid in advance. For an AMBOSS Membership, the recurring usage fee must be paid no later than three (3) working days after the start of each service period. For an AMBOSS Course, the one-time course fee must be paid no later than three (3) working days after conclusion of the course contract. For reasons of simplification, the Authorized User is free to pay the total usage fee for the entire service period or for future service periods in advance.
5.4.3. The usage fee is due regardless of whether and how the Authorized User uses the service. Access to the AMBOSS Program is conditionally activated until payment is received. A delay in payment by the Authorized User entitles AMBOSS to exclude the Authorized User concerned from use until due claims have been settled. In the case of AMBOSS Memberships, AMBOSS is furthermore entitled, after repeated requests for payment, to terminate the contract at the end of the current service period.
5.5. Payment Modalities
5.5.1. By providing the information required for the selected payment method, the Authorized User authorizes the collection of the respective usage fee (plus any applicable taxes). If the Authorized User opts for the SEPA direct debit procedure, he or she issues a SEPA mandate as part of the payment process. The direct debit is collected 1 day after the invoice date (order date). The period for pre-notification is shortened to 1 day. The Authorized User guarantees to ensure that the account is covered. There is no entitlement to the use of a specific means of payment.
5.5.2. The Authorized User shall bear any costs incurred as a result of a chargeback of a payment transaction due to insufficient funds in the account or due to incorrect data provided, plus a processing fee of EUR 5.00.
5.5.3. The Authorized User only has a right of set-off if the claims have been legally established by a court or are undisputed or have been acknowledged in writing by AMBOSS.
5.5.4. The Authorized User may only exercise a right of retention insofar as the claims result from the same contractual relationship.
5.5.5. AMBOSS is responsible for payment transactions via the website and carries out transactions exclusively via SSL-secured connections.
5.6. Changes to the Usage Fee
5.6.1. AMBOSS may increase or decrease the usage fee for Individual License Agreements for AMBOSS Membership at its reasonable discretion in relation to general increases or decreases in external costs incurred by AMBOSS for the provision of its services at the location of the Authorized User. These general cost increases or decreases may be based on legal or regulatory changes, the application of government-imposed fees, taxes, levies or contributions, inflation or deflation, technology and software costs for the services or industry-wide changes. In the event of a change in the amount of the usage fee, AMBOSS will notify the Authorized User by email or other communication in text form at least 30 days prior to the effective date of the fee change. The notification must (i) state which cost factors have increased or decreased and how this affects the increase or decrease in the total price, (ii) the date on which the fee change comes into effect, and (iii) inform the Authorized User of his extraordinary right of termination in accordance with Section 5.6.2. If the Authorized User does not reject the change before it becomes effective for the Authorized User by terminating the Individual License Agreement, AMBOSS will assume that the Authorized User agrees to the change and the change in the usage fee will become effective for the Authorized User on the date specified in the notice to the Authorized User, but in any case not before the next payment cycle.
5.6.2. The Authorized User may terminate the Individual License Agreement without notice within 30 days of receiving notification of the change in the usage fee. The usage fee shall then remain unchanged until the expiry of the notice period.
5.6.3. If the total costs specified in Section 5.6.1. sentences 1 and 2 fall, the Authorized User may demand a reduction in the usage fee in accordance with the requirements of Section 5.6.1. In this case, AMBOSS may terminate the contract extraordinarily in accordance with Section 5.6.2.
5.7. Contract Term and Termination
5.7.1. The term of the Individual License Agreement for AMBOSS Membership depends on the offer model of the selected service. It begins with the activation of the AMBOSS Membership and ends after the expiry of the service period provided for in the offer model, unless the individual license agreement for AMBOSS Membership is extended. The authorization to use the AMBOSS Program ends at the end of the contract term. The user account remains valid after expiry of the contract term.
5.7.2 Authorized Users can terminate their Individual License Agreement for AMBOSS Membership at any time with effect from the next possible termination date via their user account or AMBOSS customer service. The next possible termination date is determined by the respective offer model. Any usage fees paid will not be refunded, even if the Authorized User has not used the AMBOSS Program.
5.7.3. IF THE AUTHORIZED USER DOES NOT INFORM AMBOSS BEFORE THE END OF THE SERVCE PERIOD PROVIDED FOR IN THE OFFER MODEL THAT HE OR SHE DOES NOT WISH TO EXTEND THE CONTRACT, THE AUTHORIZED USER IS AWARE THAT HIS INDIVIDUAL LICENSE AGREEMENT FOR AMBOSS MEMBERSHIP WILL CONTINUE TO RUN AUTOMATICALLY AND AUTHORIZES AMBOSS TO COLLECT THE APPLICABLE USAGE FEE USING THE PAYMENT METHOD PROVIDED BY THE AUTHORIZED USER.
5.7.4. The term of an Individual License Agreement for AMBOSS Courses begins upon activation of the AMBOSS Course within the AMBOSS Program and generally ends automatically after the course duration specified in the offer description has expired. If an Authorized User has, in addition to the AMBOSS Course, an AMBOSS Membership that extends beyond the term of the Individual License Agreement for the AMBOSS Course, the Authorized User may continue to access the on-demand content of the AMBOSS Course for at least ten additional months for reference purposes.
5.7.5. During the term of the Individual License Agreement for AMBOSS Courses, ordinary termination without cause is excluded.
5.7.6. Both the Authorized User and AMBOSS have the right to extraordinary termination for good cause. Such a reason exists in particular if one party materially violates obligations arising from the AMBOSS Terms of Use and thereby significantly damages the interests of the other party. On the part of AMBOSS, a reason for extraordinary termination exists in particular if (i) the Authorized User is in arrears with a due payment for more than 10 working days after receipt of a payment reminder, (ii) AMBOSS permanently ceases operations or discontinues the contractual service, (iii) the licensing of the AMBOSS Program or AMBOSS itself are subject to restrictions under trade law due, or (iv) there are concrete indications that the Authorized User is on an official sanctions list.
5.7.7. Extraordinary termination is possible without notice. Notice of termination may only be given in text form, for example by email or letter. In the event of extraordinary termination, there is no entitlement to reimbursement of the usage fees already paid.
5.8. Right of Withdrawal
5.8.1. If the Authorized User is a consumer, i.e. a natural person who enters into a legal transaction for purposes that can be attributed primarily neither to their commercial nor their independent professional activity, and located in the European Union, the United Kingdom, or Brazil. the Authorized User has the right to withdraw from the Individual License Agreement within fourteen days from the date of conclusion of the agreement without giving reasons if the Authorized User is located
5.8.2. In order to exercise the right of withdrawal, the Authorized User must inform AMBOSS (Torstraße 19, 10119 Berlin, telephone number: +49 30 57702210, e-mail: hello@amboss.com) by means of a clear statement of his decision to withdraw from the Agreement. In order to comply with the withdrawal period, it is sufficient to send the notification of the exercise of the right of withdrawal before the expiry of the withdrawal period. If the Authorized User effectively withdraws the agreement, AMBOSS will send a confirmation of receipt of such withdrawal (e.g. by e-mail).
5.8.3. If the Authorized User withdraws from anIndividual License Agreement, AMBOSS must refund all payments that AMBOSS has received from him under such contract within fourteen days of the day on which AMBOSS receives notification of the withdrawal. For this repayment, AMBOSS will use the same means of payment that the Authorized User used for the original transaction, unless expressly agreed otherwise with the Authorized User; in no case will the Authorized User be charged any fees for this repayment.
5.8.4. If the Authorized User explicitly agrees that AMBOSS may begin providing the services before the expiration of the withdrawal period and simultaneously acknowledges that by giving this consent the right of withdrawal is waived, the right of withdrawal shall expire upon commencement of performance of the contract by AMBOSS.
5.9 Availability of the AMBOSS Program
5.9.1. AMBOSS will use commercially reasonable efforts to make the AMBOSS Program available and accessible for use via the Internet for Authorized Users.
5.9.2. AMBOSS provides the AMBOSS Program with an availability of at least 99.1% in relation to the calendar year. This percentage refers to the period outside of planned unavailabilities. Planned unavailabilities are the daily update and maintenance times regulated in Section 5.9.3 and the further maintenance times regulated in Section 5.9.4. Such restrictions shall not be taken into account when determining availability.
5.9.3. Update and maintenance work may be carried out between 6 and 10pm Eastern Time. During this time, the AMBOSS Program may be temporarily unavailable or only available to a limited extent.
5.9.4. AMBOSS will indicate further foreseeable maintenance work at least 24 hours in advance by means of a notice on the website. Maintenance times notified in good time are not deemed to be unavailability in accordance with Section 5.9.2, provided they do not last longer than 120 minutes.
6.1. In cases where AMBOSS initially makes the AMBOSS Membership available free of charge as a trial access or as part of a special offer for a limited period of time, only a limited range of functions may be available. In these cases, there is no entitlement to permanent use. AMBOSS also reserves the right to limit the scope of functions at any time or to terminate the use of the AMBOSS Program completely. The AMBOSS Terms of Use apply, in particular the limitations of liability in Section 16 of the AMBOSS Terms of Use.
6.2. Before submitting the activation request, the Authorized User has the opportunity to view and correct the information provided on an overview page. By confirming the button marked accordingly, the Authorized User confirms the accuracy of the information provided and agrees to the AMBOSS Terms of Use, which can be viewed and archived at www.amboss.com/int/int-legal/terms. By completing the activation process, the Authorized User submits an offer to conclude a contract for the use of the AMBOSS Program. AMBOSS will confirm receipt of the offer to the Authorized User electronically (activation confirmation). AMBOSS accepts this offer by activating access to the AMBOSS Program.
6.3. Upon expiry of the trial period or special offer, the free-of-charge usage agreement automatically converts into a paid Individual License Agreement for AMBOSS Membership unless the Authorized User cancels beforehand. If the Authorized User does not cancel before the end of the trial or special offer, the Authorized User is aware that the usage agreement will continue under the applicable license fee for an Individual License Agreement for AMBOSS Membership and authorizes AMBOSS to collect the applicable fee using the payment method provided. Authorized Users may cancel their Individual License Agreement for AMBOSS Membership at any time with effect from the earliest possible termination date via their user account or AMBOSS customer service. The earliest possible termination date depends on the respective offer model. For any trials or special offers converted to an Individual License Agreements, Section 5 of the AMBOSS Terms of Use applies.
6.4. In case of free usage, both AMBOSS and the Authorized User are entitled to terminate the contractual relationship with immediate effect without giving reasons.
The AMBOSS Program is no longer available after the free usage period has expired. The mere user account remains.
7.1. AMBOSS may offer Authorized Users the option to purchase digital voucher codes with a fixed monetary value ("Voucher Codes"). A Voucher Code may be redeemed within its validity period in accordance with the AMBOSS Terms of Use.
7.2. The purchase of a Voucher Code constitutes a contract between AMBOSS and the purchaser of the Voucher Code ("Voucher Purchase Agreement"). Redemption of a Voucher Code ("Redemption")—either by the purchaser or by another person designated by the purchaser ("Redeeming Person")—creates a claim to a credit with AMBOSS, which can be used for the acquisition of eligible Individual License Agreements in accordance with the AMBOSS Terms of Use ("AMBOSS Credit"). The Redeeming Person acquires no rights under the Voucher Purchase Agreement. Each time AMBOSS Credit is applied to use the AMBOSS Program, an Individual License Agreement between AMBOSS and the Redeeming Person is concluded in accordance with Section 5 of the AMBOSS Terms of Use.
7.3. Voucher Codes are purchased through a third-party payment provider and represent a fixed monetary value. Redemption of a Voucher Code is a single, complete transaction that transfers the full value of the Voucher Code to an account linked to the Redeeming Person’s user account ("AMBOSS Credit Account"). After the transfer, AMBOSS holds the resulting AMBOSS Credit, which may subsequently be used, in whole or in part, for eligible Individual License Agreements in the AMBOSS Shop under the AMBOSS Terms of Use.
7.4. Voucher Codes may only be purchased through the purchasing and payment methods provided by AMBOSS and its third-party payment providers. Section 5.5 of the AMBOSS Terms of Use applies accordingly to the purchase process and payment methods.
7.5. Voucher Codes are valid for three years from the date of purchase. The exact expiration date will be communicated to the purchaser in writing. After expiration, the Voucher Code becomes void without replacement. Redemption in cash or conversion into other services is excluded.
7.6. Once a Voucher Code has been redeemed and the resulting AMBOSS Credit fully transferred to the Redeeming Person’s AMBOSS Credit Account, the Voucher Code itself becomes invalid.
7.7. Redemptions of Voucher Codes are irrevocable. Withdrawal, reversal, or exchange of the redeemed amount is excluded, regardless of whether the Redeeming Person is the purchaser or a designated third party. Corrections of erroneous or accidental redemptions are not possible.
7.8. If the value of the AMBOSS Credit exceeds the usage fee of a selected Individual License Agreement, the remaining balance stays in the Redeeming Person’s AMBOSS Credit Account for future purchases. If the value of the AMBOSS Credit is lower than the purchase price, the difference must be paid using the payment methods provided by AMBOSS. Transfer of redeemed AMBOSS Credit between different user accounts is excluded.
7.9. AMBOSS Credit may only be used for AMBOSS Memberships or combined purchases of an AMBOSS Membership with corresponding add-ons and/or AMBOSS Courses. Orders consisting solely of AMBOSS Courses cannot be paid with AMBOSS Credit.
7.10. A Voucher Code is considered delivered and active from the moment of purchase. The right of withdrawal under Section 5.8 of the AMBOSS Terms of Use applies accordingly; the start of the withdrawal period is the date of purchase, not the date of redemption.
7.11. The purchaser of a Voucher Code is not entitled to resell or otherwise transfer the Voucher Code to third parties for consideration without prior written consent from AMBOSS. Unauthorized transfers may be sanctioned by AMBOSS through blocking the Voucher Code or refusing redemption. AMBOSS’s statutory claims, including claims for injunctive relief and damages, remain unaffected.
7.12. Refunds related to a Voucher Purchase Agreement may only be made to the original purchaser and exclusively through the payment method used for the purchase via the third-party payment provider. Once the Voucher Code has been redeemed and the AMBOSS Credit transferred to the Redeeming Person’s AMBOSS Credit Account, neither the purchaser nor the Redeeming Person has any right to a refund of the Voucher Code. Refunds for Individual License Agreements purchased with redeemed AMBOSS Credit are governed by Section 5.8 of the AMBOSS Terms of Use.
7.13. If a Redeeming Person deletes their AMBOSS account, any remaining AMBOSS Credit from redeemed Voucher Codes is forfeited. The Redeeming Person has no right to reclaim, transfer, or reuse this credit. AMBOSS has no obligation to compensate for lost credit in such cases.
7.14. In the event of a chargeback, cancellation, or other reversal of the original transaction used to purchase a Voucher Code or load AMBOSS Credit, AMBOSS reserves the right to remove the corresponding AMBOSS Credit from the AMBOSS Credit Account. If the AMBOSS Credit has already been partially or fully used for Individual License Agreements, AMBOSS may cancel access to these Individual License Agreements and/or demand repayment of the outstanding amount. All other claims of AMBOSS remain unaffected.
In order to enable an optimal learning experience as well as the evaluation and monitoring of learning and examination performance of Authorized Users, AMBOSS offers Institutional Partners the function that learning achievements (usage data) can be viewed by educators and their staff via different dashboards (“Insights Dashboards”). This allows students to be individually supported in their learning achievements via the AMBOSS Program and educators to obtain an overall picture of the students' learning performance. If Insights Dashboards are agreed, AMBOSS provided educators of the respective institution and their staff with usage data of their participating students via the Insights Dashboards. The data provided may only be used by educators and their staff for the purposes stated above. The concerned Authorized Users will be informed in advance about the activation of this additional function. Further details can be found in the data protection information at www.amboss.com/int/int-legal/privacy.
9.1. AMBOSS AI Features such as the Literature Search Agent (LiSA), AMBOSS GPT and AMBOSS Assistants are provided for informational and educational purposes only. In any case, AMBOSS AI Features are in no way intended to serve as diagnostic or treatment tools, to provide certainty with respect to a diagnosis, to recommend a particular product or therapy or to otherwise substitute for the clinical judgment of a qualified healthcare professional. The user agrees that the user will not use AMBOSS AI Features with the intention of creating any kind of physician/patient relationship, e.g., to diagnose or treat users. The user is solely responsible for evaluating the information obtained from the AMBOSS AI Features and for the use or misuse of such information in connection with treatment decisions or otherwise. The user must not rely primarily on recommendations generated by AMBOSS AI Features to make any clinical diagnosis or treatment decisions. The user is aware that all artificial intelligence tools, including AMBOSS AI Features, may contain errors. The user agrees that the user assumes full and sole responsibility for evaluating the information provided and for its clinical application in any and all treatment decisions.
9.2. AMBOSS AI Features must not be used in time-sensitive or emergency situations.
9.3. AMBOSS AI Features that are provided for clinical practice (e.g. the Literature Search Agent LiSA) are intended for use by physicians and other healthcare professionals only. They are not intended for use by healthcare professionals located in the European Union, Switzerland or the United Kingdom as they are not cleared, authorized, or otherwise approved for use within those territories. By using such AMBOSS AI Features, the user represents and warrants to be a healthcare professional outside of the EU, Switzerland or the UK, and to have understood that the respective AMBOSS AI Features are not designed or intended to meet EU, Swiss, UK or other non-U.S. regulatory requirements for medical devices.
9.4. The user hereby represents, warrants and covenants to AMBOSS that the user has removed and will remove any and all personal information and/or protected health information of any patient or other third party (“Protected Information”) from any data or information that the user inputs into or otherwise provides to the AMBOSS AI Features.
10.1. AMBOSS provides Authorized Users with the opportunity to present themselves with their user profile and their activities in the AMBOSS network and to make contact with other Authorized Users and interact, for example, via shared notes. It is possible to make various information (e.g. name, institution, department, subject area, etc.) accessible and findable for other Authorized Users. The Authorized User can activate or deactivate this function in the user account by making all or individual information accessible and findable for all or only certain Authorized Users by making the appropriate settings.
10.2. If the Authorized User wishes to network with another Authorized User on AMBOSS, he or she can submit a contact request, which will be sent to the requested Authorized User’s user account and/or by e-mail by AMBOSS. The requested Authorized User has the option of accepting or rejecting the request.
10.3. By activating the AMBOSS network function, the Authorized User agrees that AMBOSS will inform him a) by message through the user account and/or b) by e-mail about contact requests from other Authorized Users and forward messages from accepted contacts.
11.1. The AMBOSS Program includes features that allow Authorized Users to upload their own content (e.g., notes, documents, or teaching materials) and store it in their user account for individual use or share it with other users.
11.2. AMBOSS may review user-generated content, but is generally not obligated to do so. AMBOSS reserves the right to take measures regarding the availability, presentation, and accessibility of user-generated content if there are justified reasons. Justified reasons may include, without limitation:
Dangerous, misleading, and illegal content are hereinafter collectively referred to as “Violating Content”.
11.3. AMBOSS may take various measures regarding Violating Content, taking into account multiple factors such as the context of the subject matter, the severity, and the frequency of violations. Measures may include, without limitation, removing content, restricting discoverability, blocking specific functions (e.g., uploading or sharing), and—in the case of repeated and/or severe violations—suspending or terminating user accounts.
11.4. Any person may report content they consider hazardous, misleading, or illegal using the AMBOSS reporting form in the website footer or via email to notification@amboss.com. The owner of the content will not be informed of the reporter’s identity, except as required by law. AMBOSS reviews incoming reports promptly in accordance with the AMBOSS Terms of Use and applicable law and informs the affected person of the decision regarding the reported content.
11.5. Abuse of the reporting procedure may result in the reporter being prohibited from submitting further reports; repeated violations may also lead to the blocking or deletion of the reporter’s user account.
11.6. If AMBOSS removes content, restricts discoverability, blocks functions, or suspends or terminates user accounts due to Violating Content, the affected person will receive a justification for the action via the contact details provided in their profile.
11.7. In cases of severe violations, AMBOSS may terminate the contract with the affected person with immediate effect. Suspension or termination does not release the user from existing obligations to pay already due Usage Fees.
11.8. AMBOSS does not use automated systems for content moderation or filtering.
11.9. For use of the AMBOSS Program under an Institutional License Agreement, additional guidelines of the respective institution may apply.
11.10. The competent national judicial or administrative authorities may contact AMBOSS for the purposes of the EU Digital Services Act at notification@amboss.com.
12.1 In order to enable uploads, Authorized Users must grant AMBOSS certain rights to the content they upload. This applies in particular to content protected by copyright or other intellectual property rights.
12.2. For this purpose, the Authorized User grants AMBOSS a non-exclusive, royalty-free, worldwide right to use, reproduce, and modify the user-generated content to the extent necessary to enable the provision, storage, processing, or use of the content requested by the respective user. To the extent necessary, AMBOSS may sublicense these rights to affiliated companies of the AMBOSS Group or to third-party service providers connected to the AMBOSS Program. All other rights, including intellectual property rights, remain with the Authorized User.
12.3. The Authorized User may revoke this license at any time by terminating their usage contract with AMBOSS. However, for system stability reasons, AMBOSS may retain backups in which deleted user-generated content may remain for a limited period.
13.1. AMBOSS grants Authorized Users a simple, non-transferable right to use the contents of the AMBOSS Program covered by the license agreement for the duration of the term of the respective Individual License Agreement or Institutional License Agreement or the test access or special offer. Sublicensing is not permitted.
13.2. Use includes loading, saving, displaying and visualizing the AMBOSS Program via the AMBOSS desktop version as well as the AMBOSS iOs app and Android app.
13.3. Any use beyond the aforementioned use for your own purposes or for use by third parties is excluded, in particular
13.4. The transfer of access to the AMBOSS Program to other persons is not permitted. This does not apply to the granting of access to the AMBOSS Program by Institutional Partners to the extent agreed in Institutional License Agreement with AMBOSS. If the Authorized User violates this provision, AMBOSS may, after prior warning to the Authorized User, block the respective access to the AMBOSS Program. If the blocked access to the AMBOSS Program falls under an Institutional License Agreement, AMBOSS will provide alternative access for another Authorized User at the request of the Institutional Partner.
13.5. If access to the AMBOSS Program is based on an Institutional License Agreement, the right to use the AMBOSS Program ends not only upon termination of the Institutional License Agreement or if the Institutional License Agreement is amended so that it no longer provides for access for the Authorized User concerned, but also if the Authorized User is no longer authorized to use the AMBOSS Program due to a change in circumstances, i.e. in the case of students due to the student's exmatriculation, in the case of educators due to termination of teaching activities with the Institutional Partner, in the case of doctors or other clinical staff due to termination of employment with the Institutional Partner.
13.6. AMBOSS reserves the right to use all contents of the AMBOSS Program for text and data mining. Using the contents of the AMBOSS Program for text and data mining or the training, validation or improvement of artificial intelligence models, machine learning systems or other automated decision-making technologies is therefore unlawful without the consent of AMBOSS.
Unless otherwise stated, the AMBOSS Program is protected by copyright and may only be used outside the scope of use specified in these AMBOSS Terms of Use with the written permission of AMBOSS. The Authorized User is obliged to observe the existing copyrights and undertakes not to infringe them. The Authorized User may only access, save and use the content for their own educational purposes.
Data protection notices with information on the processing of personal data when using the AMBOSS Program can be found at www.amboss.com/int/int-legal/privacy.
16.1. The release of new content is subject to a multi-stage quality control process. However, AMBOSS assumes no liability for the topicality, correctness, completeness or quality of the information provided, including information on procedures (in particular diagnostic and therapeutic algorithms), applications, forms of application and dosages. The same applies to the question of whether commercial medical products specified in the context of therapy information may be used in the respective indication according to their regulatory approval status.
16.2. AMBOSS takes no responsibility and assumes no liability for any user-generated content. Users that upload or enter user-generated content within the AMBOSS Program indemnify AMBOSS for all claims resulting from the content they supply.
16.3. Third party sites and content are not the responsibility of AMBOSS. AMBOSS assumes no liability whatsoever for the content of third-party sites and their availability. The operators of third-party sites are solely responsible for their content and availability, even if they are linked to or embedded in www.amboss.com and/or their subpages and/or subdomains.
16.4. Where AMBOSS provides calculators for determining clinical measures, these are licensed from third parties. Despite careful testing, AMBOSS cannot accept any liability for the results. The calculators are for learning and training purposes only.
16.5. THE AMBOSS PROGRAM AND ALL ITS CONTENT IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, UNLESS OTHERWISE SPECIFIED IN WRITING. EXCEPT AS EXPRESSLY STATED IN THESE AMBOSS TERMS OF USE, AMBOSS MAKES NO WARRANTY, EXPRESS OR IMPLIED, REGARDING ANY MATTER WHATSOEVER. TO THE EXTENT PERMISSIBLE BY LAW, AMBOSS SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, ACCURACY OF DATA, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE, AND ANY IMPLIED WARRANTY ARISING FROM A COURSE OF DEALING OR PERFORMANCE OR FROM USAGE OF TRADE. THE AUTHORIZED USER EXPRESSLY AGREES TOUSE OF THE AMBOSS PROGRAM AT HIS/HER SOLE RISK.
16.6. TO THE FULL EXTENT PERMISSIBLE BY LAW, AMBOSS WILL NOT BE LIABLE FOR ANY DAMAGES OF ANY KIND ARISING OUT OF OR CAUSED, IN WHOLE OR IN PART, FROM THE USE OF THE AMBOSS PROGRAM, OR FROM ITS CONTENT, IN PARTICULAR ANY ERRORS OR OMISSIONS IN ANY DATA, CONTENT, OR OTHER INFORMATION PROVIDED THROUGH AMBOSS OR BY DELAYS IN OR INTERRUPTIONS OF ACCESS TO THE AMBOSS PROGRAM. IN NO EVENT SHALL AMBOSS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOST PROFITS, LOST REVENUE, OR LOST SAVINGS, INCURRED BY CLIENT OR ANY THIRD PARTY, EVEN IF AMBOSS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
16.7. Any and all claims against AMBOSS under this Agreement shall be brought within twelve (12) months from the date that the circumstances giving rise to such claim became known to the Authorized User or should have become known to the Authorized User by exercise of ordinary diligence.
To the extent permissible by applicable law, these Terms of Use and any claim arising out of them shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of laws rules.
18.1. Amendments to the AMBOSS Terms of Use or declarations based on the AMBOSS Terms of Use AMBOSS require a written declaration, which may be by email.
18.2. Amendments to the AMBOSS Terms of Use will be offered with a reasonable period of notice before the proposed date of entry into force. The Authorized User shall be deemed to have given his consent if he or she has not indicated his refusal before the proposed date of entry into force of the changes. The Authorized User will be specifically informed of this approval effect in the offer.
18.3. If any term or provision of this Institutional License Agreement is invalid, illegal, or unenforceable in any jurisdiction, such invalidity, illegality, or unenforceability shall not affect any other term or provision of this Agreement or invalidate or render unenforceable such term or provision in any other jurisdiction. Upon such determination that any term or other provision is invalid, illegal, or unenforceable, the Parties shall negotiate in good faith to modify this Institutional License Agreement to reflect the original intent of the Parties as closely as possible in a mutually acceptable manner in order that the transactions contemplated hereby be consummated as originally contemplated to the greatest extent possible.
18.4. The failure of a party to act upon any right, remedy, or breach of these AMBOSS Terms of Use shall not constitute a waiver of that or any other right, remedy, or breach. No waiver shall be effective unless made in writing and signed by an authorized representative of the waiving party.
Information about the accessibility of AMBOSS services can be found here.
AMBOSS SE
Torstrasse 19
10119 Berlin, Germany
E-mail: hello@amboss.com
Phone: +1 (347) 835-5441
Managing Directors: Dr. med. Madjid Salimi, Dr. med. Nawid Salimi, Benedikt Hochkirchen
Local Court Berlin (Charlottenburg), HRB 270315 B
Contact details data protection officer:
AMBOSS SE
Sophia Ampatziadis
Torstrasse 19
10119 Berlin, Germany
privacy@amboss.com
Privacy Policy Last Update Date: November 2025
AMBOSS is the rights holder, provider and operator of the online knowledge and learning program "AMBOSS" for students of medicine, doctors and other healthcare professionals. We want you, as a user of our services, to understand how we use information and what options you have to protect your data. We are aware of the importance and sensitivity of your personal data and thank you for your trust. Handling it responsibly is a major concern for us. If you have any questions about this, please do not hesitate to contact us.
If you use AMBOSS as part of an institutional license, we may process certain personal data on the AMBOSS Program as a data processor for or, alternatively, in joint control with your institution. More information is available in section 3.4.
1.1. This privacy policy informs users about the nature, scope and purposes of the processing of personal data by the responsible provider, AMBOSS SE (“AMBOSS” or “we”). It applies to data processing in the following areas:
We inform separately about data processing in the following areas:
1.2. We process users’ personal data exclusively in compliance with the relevant provisions of data protection law. In accordance with Art. 13 EU General Data Protection Regulation (GDPR), we inform you about the legal basis of our data processing. If the respective legal basis is not mentioned in this privacy policy, the following applies: Legal basis for the processing of personal data with separate consent is Art. 6 para. 1 lit. a GDPR, legal basis for the processing of data for the performance of a contract and for the implementation of pre-contractual measures is Art. 6 para. 1 lit. b GDPR, legal basis for the processing of personal data to meet our legal obligations is Art. 6 para. 1 lit. c GDPR and legal basis for the processing of personal data to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR.
2.1. Generally, only our employees who are involved in technical, commercial and editorial support receive knowledge of your personal data. If you use the AMBOSS Program via an institutional license that was concluded with the support of a local channel partner of AMBOSS, this channel partner may also process your personal data in its own responsibility insofar as this is necessary to give you access to the AMBOSS Program. In addition, we use external service providers within the scope of the data processing explained in this privacy policy or, if necessary, commission them with certain services. We list the categories of external recipients in detail below:
2.2. Personal data is only passed on to third parties on the basis of legal permits and within the framework of the legal requirements. If we commission service providers with the processing of data within the framework of a so-called “Data Processing Agreement (DPA)”, this is done on the basis of Art. 28 GDPR.
2.3. Personal data may also be transferred to servers outside the EU or to trusted third parties based outside the EU. If there is no EU Commission decision on an adequate level of data protection for the country in question, the transfer will take place on the basis of so-called EU standard contractual clauses, which aim to ensure that your rights and freedoms are adequately protected and guaranteed. You should be aware that many countries do not provide the same level of legal protection for personal data that you enjoy in the EU. While your personal data is located in another country, it may be accessed by courts, law enforcement and national security authorities of that country in accordance with its laws.
During the informational use of the website, we collect the personal data that the browser transmits to our server in order to ensure the stability and security of our website. This is our legitimate interest, so that the legal basis is Art. 6 para. 1 lit. f GDPR.
This data is: IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request came, browser, operating system and its interface, language and version of the browser software.
This data is also stored in log files. They are deleted when their storage is no longer necessary, at the latest after 14 days.
We use AWS to host our website. The provider is Amazon Web Services EMEA Sàrl, Avenue John F. Kennedy 38, 1855 Luxembourg. The provider thereby processes the personal data transmitted via the website, e.g. content, usage, meta/communication data or contact data, on servers in the EU. Further information can be found in the provider’s privacy policy at https://aws.amazon.com/de/privacy/?nc1=f_pr.
We also use the following content delivery networks:
The hosting as well as the use of a content delivery network are technically necessary to provide images and other website resources. The legal basis of the processing is Art. 6 para. 1 lit. b GDPR.
3.3.1. We process inventory data (e.g. names, addresses and other contact data), contract data (e.g. payment information, service used) for the fulfillment of our contractual obligations and services pursuant to Art. 6 (1) lit. b GDPR as well as for the fulfillment of a legal obligation to which we are subject pursuant to Art. 6 (1) lit. c GDPR in connection with commercial, trade or tax law, insofar as we are obliged to record and store your data.
3.3.2. In order to be able to use our offer to the full extent, registration is required. As part of setting up a corresponding user account, you must provide a password in addition to your e-mail address. This information is used for login and secure identification on our site. If the registration and/or login takes place via a single sign-on procedure (SSO) of an institution (e.g. university or clinic), we will forward you to the respective website of the institution for the purpose of logging in and will transmit the e-mail address entered by you on our website for this purpose to the institution. After a successful login, information about you, namely your first and last name, affiliation with the institution and e-mail address, will be transmitted to us by the institution for the purpose of identification and processed by us for the provision and use of our offer on the basis of Art. 6 para. 1 lit. b GDPR. This data is linked to the AMBOSS user account.
3.3.3. We may also ask you for additional personal data such as first and last name, intended specialty, university, address or gender, e.g. as part of a survey or within your user account. Unless this information is necessary to provide our services, it is always voluntary. We use this information on the basis of Art. 6 para. 1 lit. f GDPR to tailor our services to you.
3.3.4. During registration and each login of your user account as well as the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests and the interest of users in protection against misuse and unauthorized use in accordance with Art. 6 para. 1 lit. f GDPR.
3.3.5. If you have created a user account with us and use our online knowledge and learning program “AMBOSS”, we automatically collect usage statistics regarding the exam/learn results of our online knowledge and learning program and the pages visited within our platform. This information is used for statistical evaluation of your personal learning needs. Anonymized overall statistics are created for this purpose.
3.4.1. We support medical faculties, clinics, and other institutions in the healthcare sector in improving medical education and professional development. If you use AMBOSS through an institutional license (campus or clinic license), i.e., through an access whose complete or partial costs are covered by an institution or which was provided by your institution, we will provide usage data to this institution upon request.
3.4.2. For one, anonymized usage data from selected user cohorts can be made available. This data can be compared with the aggregated usage data of other institutions. The anonymization of your usage data for statistical analysis purposes is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in offering institutions an optimized service for their educational and professional development requirements.
3.4.3. Furthermore, personal usage data can be shared with authorized lecturers/faculty members and the evaluations made accessible to them via dashboards provided by us. In this way, particularly with regard to assignments created by lecturers/faculty members within AMBOSS, it can be viewed whether the assignments have been completed and what percentage of the practice questions were answered correctly. The purpose is to enable understanding of your learning progress and effective long-term support. With regard to AMBOSS Courses, the course booking and course completion can be viewed. Your personal data will be displayed in the dashboards for the duration of the institutional license and will be deleted or anonymized at the latest after the institutional license expires. The legal basis for sharing usage data in connection with the AMBOSS membership (compiled exercises or general use of AMBOSS) are the Terms of Use which you have agreed to in order to enable offers from your institution for study and examination-accompanying measures (Art. 6 para. 1 lit. b GDPR). The legal basis for sharing usage data in connection with AMBOSS Courses is the legitimate interest of your institution in compliance, quality, and cost control (Art. 6 para. 1 lit. f GDPR). Especially if your institution is located outside the EU/EEA, this data transfer may involve a third-country transfer according to section 2.3.
3.4.4. Depending on the agreement with your institution, we process your personal data according to section 3.4.3 under our own responsibility or under joint responsibility with your institution (Art. 26 GDPR). It will be displayed to you upon activation of the institutional license if the "Insights-Dashboards" function is activated and in which capacity we process usage data. If your personal data is processed under joint responsibility according to an agreement with the institution, we are your central point of contact for questions and the exercise of your data protection rights as a data subject. Naturally, you can also contact your institution regarding this.
For questions of any kind, we offer you the possibility to contact us via a provided form. In doing so, it is necessary to provide a valid e-mail address so that we know from whom the inquiry originates and so that we can answer it. Further information can be provided voluntarily. The data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 lit. b and f GDPR for the appropriate response to your request.
3.6.1. If you have expressly consented in accordance with Art. 6 (1) a GDPR, we will use your e-mail address to send you our newsletter on a regular basis. Insofar as the contents of the newsletter are specifically described within the scope of the registration for the receipt of the newsletter, this information is decisive for the consent of the user. In addition, our newsletters contain information about our services, offers, promotions and our company. The provision of a valid e-mail address is sufficient for the receipt of the newsletter.
3.6.2. For newsletter registration, we use the so-called double opt-in procedure, i.e. we will only send you a newsletter by e-mail if you have previously expressly confirmed that you want us to activate the newsletter service. For this purpose, we will send you a notification e-mail and ask you to confirm that you would like to receive our newsletter by clicking on a link contained in this e-mail.
3.6.3. With the registration for the newsletter we store your IP address and the date of registration. This storage serves as proof of your registration for our newsletter.
3.6.4. You can revoke your consent to receive the newsletter at any time. The revocation can be done via a link in the newsletter itself, in your user account or by sending a message to the contact options above.
3.6.5. If you have already used our services, we may send you information about our own similar goods and services by e-mail. The legal basis for the processing is our legitimate interest of direct advertising according to Art. 6 para. 1 lit. f GDPR. You can object to this use of your e-mail address at any time with effect for the future free of charge via a link in the e-mail itself, in your user account or by sending a message to the contact options above.
3.7.1 We process users' User ID and IP address as well as inputs and associated meta/communication data when using AMBOSS AI Features in order to provide the various AI functions. The scope of functionality also includes that we create automated learning suggestions based on the inputs in order to improve the user's learning experience. The legal basis for the processing activities is the performance of our contract with you (Art. 6(1)(b) GDPR).
3.7.2 Input data from AMBOSS AI Features is stored for product optimization. It will at the latest be deleted after the respective user account has been deleted. During the beta phase, users do not have the ability to delete individual interactions.
3.7.3. To document the user's interaction with any pop-ups related to the use of AMBOSS AI Features, we use so-called local storage technology. The preference is stored on the user's device and the pop-up window is therefore not displayed again each time AMBOSS is opened.
3.7.4 AMBOSS AI Features are not intended for the entry of patient data or other personal data. Users agree not to enter patient data or other personal data.
3.8.1. You have the option of making individual personal data entered in your user profile (e.g. first name, last name, e-mail address, university, clinic) and other information (e.g. your own additions) retrievable and findable for other users. It may be possible to restrict the accessibility and retrievability of individual or all data and information to certain user groups and to release it only for them.
3.8.2. The release of your personal data and information to other users is always on a voluntary basis, i.e. with your express consent pursuant to Art. 6 (1) a GDPR. You can (partially) deactivate or activate this service in your user profile by making all, none or individual data and information retrievable and discoverable for all, none or, if applicable, only certain users by making the appropriate settings.
3.8.3. If you (partially) activate your profile for the AMBOSS network and can thus be found by other users under the released data, we will inform you by e-mail or via the user account in case of a contact request by another user.
The AMBOSS Score Predictor gives you the option of submitting your practice exam scores to us so that we can provide you with your expected USMLE score. The release of your practice exam scores and other related personal data is always on a voluntary basis. We use this data to predict your USMLE score. We may also use this data to improve our score prediction algorithm. In both cases, the legal basis for the processing is our legitimate interest of providing you the score prediction service according to Art. 6 para. 1 lit. f GDPR.
When users enter comments or other contributions, their IP addresses are stored on the basis of our legitimate interests according to Art. 6 (1) lit. f GDPR. This is done for our security, in case someone posts illegal content.
3.11.1. We use cookies on our site. Cookies are pieces of information that are transmitted from our web server or third-party web servers to users’ web browsers, where they are stored for later retrieval. Cookies may be small files or other types of information storage. In addition, we use comparable storage and access technologies, such as local storage and web beacons, among others (hereinafter collectively referred to as “cookies”).
3.11.2. The use of cookies serves the purpose to make the use of our offer attractive for you. We use so-called session cookies to recognize that you have already visited individual pages of our website/apps. These are automatically deleted after you leave our website/app. In addition, to optimize user-friendliness, we use temporary cookies that are stored on your end device for a certain specified period of time. If you visit our website/apps again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again.
3.11.3. We offer you the option to decide for yourself which cookies you would like to allow. The privacy settings feature ensures that only technically necessary cookies are set when you first visit the website/app. In the cookie banner, you can then either allow the use of cookies that require consent, reject them or call up the advanced cookie settings. In the cookie settings, you can select which cookies you want to allow. It is not possible to block the technically necessary cookies, these are always set. Other cookies are only set when you click on “Accept all” in the cookie banner or activate them in the cookie settings.
3.11.4. We process your personal data for cookie management of our website/apps to fulfill a legal obligation to which we are subject as the controller pursuant to Art. 6 (1) lit. c GDPR. There is a legal obligation to obtain and document your consent to access your terminal device and to process data based on this consent.
3.11.5. Insofar as the processing of information on your terminal device is absolutely necessary to enable the use of our website or apps expressly requested by you, the storage or access is carried out on the basis of Section 25 (2) No. 2 TDDDG (New German Telecommunications-Telemedia Data Protection Act) or the corresponding European Union member state implementation regulation for Article 5 (3) Sentence 1 of the ePrivacy Directive (2002/58/EC, amended by 2009/136/EC). Any further processing of information on your terminal device will be based on your consent in accordance with Section 25 (1) of the TDDDG (New German Telecommunications-Telemedia Data Protection Act) or the corresponding European Union member state implementing provision for Article 5 (3) sentence 2 of the ePrivacy Directive (2002/58/EC, as amended by 2009/136/EC). The aforementioned legal bases of the GDPR then apply to the further processing of the personal data obtained through this. Companies located in third countries are also involved in the processing of your data in accordance with section 2.4. Insofar as companies located in the EU or companies located in third countries are also involved in the provision of services in the case of data hosted in the EU, this will also take place in accordance with section 2.4. You can revoke your consent in the data protection settings in the footer of this website at any time. The revocation does not affect the lawfulness of the processing until the revocation.
We use various third-party technologies on our website, in the registered area and in our apps, which we list below. You can find further information, in particular on the legal basis, the storage period of the cookies and the personal data obtained via them, in the privacy settings in the footer of this website. There you also have the option to revoke any consent given for these technologies with effect for the future. Further general information on consent management can be found in section 3.8.
Alchemer
We use Alchemer from the company Widgix, LLC dba Alchemer, 168 Centennial Parkway Unit #250 Louisville, CO 80027, USA.The provider processes meta/communication data (e.g. device information, IP addresses) as well as the information provided by the participant in the survey form.
We use Alchemer to create online forms for customer surveys.
There is a data transfer to third countries (United States of America),
Further information can be found in the provider's privacy policy at https://www.alchemer.com/privacy.
Auth0
We use Auth0 from the company Auth0, Inc., 10800 NE 8th Street, Suite 600, Bellevue, WA 98004, USA. The provider processes contact data (e.g., email addresses, full names), authentication data (e.g., encrypted passwords, login credentials), and meta/communication data (e.g., IP addresses, device information, client application information) on behalf of AMBOSS and not for its own purposes.
We use Auth0 as our identity and access management service to provide secure user authentication, login functionality, and account management for our platform. Auth0 processes this data exclusively to enable user authentication and secure access to AMBOSS services in accordance with our instructions under a Data Processing Agreement pursuant to Art. 28 GDPR.
Data processing occurs on servers located in the European Union and the United States of America. Auth0 implements appropriate technical and organizational security measures including encryption in transit and at rest, multi-factor authentication, and regular security audits to protect personal data in accordance with industry standards.
There is a data transfer to third countries (United States of America). This transfer is conducted in accordance with Section 2.3 of this Privacy Policy using standard contractual clauses to ensure adequate protection of your personal data.
Further information is available in the provider's privacy policy at https://auth0.com/privacy.
Braze
We use Braze from the company of the same name Braze, Inc, 330 W 34th St 18th floor, New York, NY 10001, USA. The provider processes contact data (e.g. email addresses, phone numbers) and meta/communication data (e.g. device information, IP addresses) on servers in the EU.
We use Braze to send important messages relevant to the contract as well as to display notifications in the registered area of the website. Furthermore, we use Braze to communicate offers and relevant information about the use of the services.
There is a data transfer to third countries (United States of America).
Further information is available in the provider’s privacy policy at https://www.braze.com/company/legal/privacy.
Cloudflare
We use Cloudflare from the company of the same name, Cloudflare, Inc, 101 Townsend St., San Francisco, CA 94107, USA. The provider processes the personal data transmitted via the website, e.g. content, usage, meta/communication or contact data.
We use Cloudflare to deliver content such as images faster to the user in the respective geographical region, to ensure the accessibility of our website and to provide security functions to protect our website from attacks.
There is a data transfer to third countries (United States of America).
Further information can be found in the provider's privacy policy at https://www.cloudflare.com/privacypolicy/.
CloudFront
We use CloudFront from Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg. The provider thereby processes the personal data transmitted via the website or other offers, e.g. content, usage, meta/communication data or contact data.
We use Cloudfront to deliver content such as images more quickly to users in the relevant geographic region, to ensure the accessibility of our service, and to provide security features to protect our website from attack.
There is a data transfer to third countries (United States of America)
Further information is available in the provider’s privacy policy at https://aws.amazon.com/de/privacy/.
Cloudinary
We use Cloudinary from Cloudinary Ltd, 3400 Central Expy #110, CA Santa Clara, USA. The provider processes the personal data transmitted via the website or other offers, e.g. content, usage, meta/communication data or contact data.
We use Cloudinary to deliver content such as images faster to the user in the respective geographical region, to ensure the accessibility of our offer and to provide security functions to protect our website from attacks.
Data is transferred to third countries (United States of America).
Further information can be found in the provider's privacy policy at https://cloudinary.com/privacy.
Datadog
On our website, we use the service Datadog of the company of the same name Datadog, Inc., 620 8th Avenue, Floor 45, New York, NY 10018, USA.
We use Datadog to collect client- and server-side log files and performance information and present them in an analyzable form. The analyses help us to optimize the performance of our server infrastructure. So-called bottlenecks can be viewed and analyzed separately for application logic, external interfaces from third parties or database calls. In addition, any problems that occur (slow requests, failed requests) are pointed out. Furthermore, the technical functionality of the cookie banner is ensured through Datadog monitoring.
There is a data transfer to third countries (United States of America).
Further information is available in the provider’s privacy policy at https://www.datadoghq.com/legal/privacy/.
Google Webfonts
We use Google Webfonts for fonts on the website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. However, the processing only takes place on our servers.
We process meta/communication data (e.g. device information, IP addresses).The legal basis for the processing is Art. 6 para. 1 s. 1 lit. f GDPR. We have a legitimate interest to use affordable and easy-to-display fonts.
Further information is available in the provider’s privacy policy at https://policies.google.com/privacy?hl=en-US.
Hubspot
We use Hubspot from the company of the same name HubSpot, Inc, 25 1st Street Cambridge, MA 0214, USA. The provider processes contact data (e.g. email addresses, phone numbers) and meta/communication data (e.g. device information, IP addresses).
We use Hubspot as follows
There is a data transfer to third countries (United States of America).
Further information is available in the provider’s privacy policy at https://legal.hubspot.com/privacy-policy.
Jotform
We use Jotform from the company of the same name, Jotform, Inc, 4 Embarcadero Center, Suite 780, San Francisco CA 94111 USA, to create online forms for data collection or customer surveys.
The provider does not further process the collected data nor does Jotform perform analyses.
There is a data transfer to third countries (United States of America).
Further information is available in the Provider’s privacy policy at https://www.jotform.com/privacy.
MongoDB Cloud Services
We use MongoDB Cloud Services for the storage and management of databases necessary for the operation of AMBOSS AI Features. The provider is MongoDB Ltd, located at Building 2, Number 1 Ballsbridge Shellbourne Road, Ballsbridge, D04 Y3X9, Dublin, Ireland.
The provider processes the data transmitted via AMBOSS AI Features, such as the user's User ID and IP address as well as content, usage, meta/communication data.
Data is transferred outside the EU. Where no decision by the EU Commission on an adequate level of data protection in the relevant country should exist, the transfer is based on so-called EU Standard Contractual Clauses, which aim to ensure that the rights and freedoms of data subjects are adequately protected and guaranteed. The data is stored on servers in the United States of America. The data recipient MongoDB, Inc. is certified under the so-called EU-US Data Privacy Framework, the UK extension and the Swiss-US Data Privacy Framework. The EU, Switzerland and UK recognize that companies certified under these legal frameworks provide an adequate level of data protection in the USA.
Further information is available in the Provider’s privacy policy at https://www.mongodb.com/legal/privacy-policy.
Podigee
We use the podcast hosting service Podigee of the provider Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany. The podcasts are thereby loaded by Podigee or transmitted via Podigee. Podigee processes IP addresses and device information to enable podcast downloads/playbacks and to determine statistical data, such as retrieval figures. This data is anonymized or pseudonymized before being stored in Podigee’s database, unless it is necessary for the provision of the podcasts.
Further information is available in the provider’s privacy policy at https://www.podigee.com/en/about/privacy.
ProductFruits
We use ProductFruits from the company Product Fruits s.r.o., Rozdělovská 1999/7, Břevnov, 169 00 Praha 6, Czech Republic.
The legal basis for the processing is Art. 6 para. 1 s. 1 lit. f GDPR. Users cannot use the platform reliably without this functionality.
The provider processes user data (email address, full name and role) on servers in the EU.
We use ProductFruits as an onboarding service which supports the onboarding journey with platform tours, tooltips and checklists.
Further information can be found in the provider's privacy policy at https://productfruits.com/policies/privacy.
Segment
We use Segment from the company of the same name Segment.io, Inc, 100 California Street Suite 700 San Francisco, CA 94111, USA. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA.
We use Segment to store and validate user interactions in our own data environment. Segment does not perform any analysis or profiling.
There is a data transfer to third countries (United States of America).
Further information is available in the provider’s privacy policy at https://segment.com/legal/privacy/.
Sentry
On our website we use the service Sentry of Functional Software,Inc. dba Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105.
We use Sentry to display client-side log files and error messages in an analyzable form. The evaluations help us to improve the error-free functioning of our software and to accelerate error analysis.
There is a data transfer to third countries (United States of America).
Further information is available in the provider’s privacy policy at https://sentry.io/privacy/.
Verisoul
On our website we use the service Verisoul of Verisoul Inc.,1401 Lavaca St. #989, Austin,TX 78701, United States. The provider processes Email addresses, device information and IP addresses in the USA.
We use Verisoul for fraud detection and prevention, and to verify the authenticity of users.
There is a data transfer to third countries (United States of America).
Further information is available in the provider's privacy policy at
https://policies.verisoul.ai/privacy.html.
Zendesk
We use Zendesk from the company of the same name Zendesk, Inc., 1019 Market St., San Francisco, CA 94103, USA. The provider processes content data (e.g. entries in online forms), contact data (e.g. email addresses, telephone numbers), meta/communication data (e.g. device information, IP addresses) and master data (e.g. names, addresses) on servers in the EU.
We use Zendesk as a service center software to allow our visitors and customers to contact us via live chat, phone and form or to provide customer support.
There is a data transfer to third countries (United States of America).
Further information is available in the provider’s privacy policy at https://www.zendesk.de/company/agreements-and-terms/privacy-policy/.
Unless expressly stated below, the third-party providers specified in this section also use the data processed by you for their own purposes. Details on this can be found in the privacy statements of the providers.
Amplitude
We use Amplitude from the company of the same name Amplitude Inc., 201 3rd Street, Suite 200, San Francisco, CA 94103, USA. The provider is an analytics service with which we aim to improve AMBOSS’ web and mobile products by performing statistical analysis and visualization of usage data (e.g. page visits, feature usage, access times) and meta/communication data (e.g. device information, IP addresses).
Data processing happens in European data processing centers that are based in Frankfurt, Germany. Data is protected with Amplitude’s secure software development practices, native SOC 2 Type II certification, and advanced encryption for data in transit and at rest.
Further information is available in the provider's privacy policy at https://amplitude.com/privacy.
Bunchbox
We use Bunchbox of the company of the same name Bunchbox GmbH, Raboisen 30, 20095 Hamburg. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the EU on our behalf and not for its own purposes.
Further information is available in the provider’s privacy policy at https://bunchbox.co/datenschutz.
Facebook Pixel and Conversions API
We use Facebook Pixel and Conversions API for analysis. The provider is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (e.g. websites visited, interest in content, access times) in the USA.
We use Facebook Pixel on our website to analyze the success of promotions we run through Twitter.
There is a data transfer to third countries (United States of America).
Further information is available in the provider’s privacy policy at https://www.facebook.com/policy.php.
Facebook Social Plugins
Our website integrates social plugins of Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). Facebook processes the IP address of the visitor to display the content or perform the functions. Furthermore, usage data and meta and communication data may be processed.
The social plugins allow users to easily share content.
There is a data transfer to third countries (United States of America).
Further information is available in the provider’s privacy policy at https://www.facebook.com/privacy/policy.
Google Ads, Google Analytics and Google Tag Manager
We use marketing and remarketing services on our website in the Google Marketing Platform of Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland (“Google”). These services allow us to display advertisements in a more targeted manner in order to present page visitors with ads that are tailored to their interests. Through remarketing, page visitors are shown ads and products for which interest has been identified on other websites in the Google network.
For these purposes, code is executed by Google when our website is called up and so-called (re)marketing tags are integrated into the website. With their help, an individual cookie or comparable technology is stored on the device of the site visitor. The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites page visitors have visited, what content they are interested in and which offers they have clicked on. In addition, technical information on the browser and operating system, referring websites, time of visit and other details on the use of the website are stored. All data of the site visitors are processed only as pseudonymous data. Google thus does not store any names or e-mail addresses. All ads displayed are thus not targeted to a person, but to the owner of the cookie.
We use Google Tag Manager to integrate Google Analytics in a data-saving way and to shorten the IP address, for example.
There is a data transfer to third countries (United States of America).
Further information is available in the provider’s privacy policy at https://policies.google.com/privacy.
Google Translate
We use the translation service Google Translate on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google processes the IP address of the visitor to save the language settings and preferences.
There is a data transfer to third countries (United States of America).
Further information is available in the provider's privacy policy at https://policies.google.com/privacy.
Hotjar
We use the web analytics service Hotjar provided by Hotjar Ltd, Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta (hereinafter “Hotjar”). The provider processes on our behalf and not for its own purposes the activity of the site visitor (e.g., which pages he visited and on which elements he clicked), device and browser information (especially the IP address and operating system) and a tracking code in the form of a pseudonymized user ID. The information collected in this way is transmitted by Hotjar to a server in Ireland and stored there anonymously.
Further information is available in the provider’s privacy policy at https://www.hotjar.com/legal/policies/privacy.
LinkedIn Insight-Tag
We use the LinkedIn Insight tag on our website, a marketing product of LinkedIn Ireland Unlimited Company (LinkedIn Ireland/EU).
The LinkedIn Insight tag is a JavaScript tracking code that is triggered by LinkedIn when you visit our website and saves a cookie on the device you are using. The LinkedIn conversion tracking used by this is an analysis function that is supported by the LinkedIn Insight tag. The LinkedIn Insight tag enables the collection of data about visits to our website, including URL, referrer URL, IP address, device, and browser properties (user agent), and timestamp.
This processing is done for the purpose of obtaining information about our website audience and a report on the effectiveness of LinkedIn campaigns.
There is a data transfer to third countries (United States of America).
Further information is available in the provider’s privacy policy at https://www.linkedin.com/legal/privacy-policy.
Microsoft Ads
We use the Microsoft Advertising service of the provider Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (formerly Bing Ads) on our website. Microsoft Advertising is an online marketing service that uses the Universal Event Tracking (UET) tool to help us serve targeted ads through the Microsoft Bing search engine.
Microsoft Advertising uses cookies for these purposes. This involves processing personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about device and browser settings.
Microsoft Advertising is used for the purpose of optimising the placement of advertisements.
Data is transferred to third countries (United States of America).
Further information is available in the provider’s privacy policy at https://privacy.microsoft.com/en-gb/privacystatement.
Mixpanel
We use Mixpanel from the company of the same name Mixpanel, Inc, 1 Front Street, 28th Floor, San Francisco, CA 94111, USA. The provider is an analytics service with which we aim to improve AMBOSS’ web and mobile products by performing statistical analysis and visualization of usage data (e.g. page visits, feature usage, access times) and meta/communication data (e.g. device information, IP addresses).
Data processing happens in European data processing centers that are based in the Netherlands. Data is protected with Mixpanel’s secure software development practices, native SOC 2 Type II certification, and advanced encryption for data in transit and at rest.
Further information is available in the provider's privacy policy at https://mixpanel.com/legal/privacy-policy.
Optimizely
For the optimization of our website we use the tool Optimizely from the company Episerver GmbH, Wallstraße 16, 10179 Berlin. The tool helps to perform simple tests on the design and content of the website. Personal data can be stored and evaluated as a result. This includes the activity of the site visitor (e.g., which pages they visited and which elements they clicked on), device and browser information (especially the IP address and operating system) and a tracking code in the form of a pseudonymized user ID, which are processed on our behalf and not for the provider’s purposes.
Further information is available in the provider’s privacy policy at https://www.optimizely.com/legal/privacy-policy/.
TikTok Advertisement
We use TikTok Advertisement, the provider is TikTok Technology Ltd., 10 Earlsfort Terrace, Dublin, D02, T380 Ireland. The provider processes usage data (e.g. websites visited, interest in content, access times) in the USA.
We use TikTok Advertisement on our website to analyze the success of marketing campaigns we run through TikTok.
There is a data transfer to third countries (United States of America).
Further information is available in the provider’s privacy policy at https://www.tiktok.com/legal/page/eea/privacy-policy/en#section-1.
Twitter Advertisement
We use Twitter advertising, the provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, IrelandThe provider processes usage data (e.g. websites visited, interest in content, access times) in the USA.
We use Twitter on our website to analyze the success of promotions we run through Twitter.
There is a data transfer to third countries (United States of America).
Further information is available in the provider’s privacy policy at https://twitter.com/en/privacy.
YouTube
We embed videos from YouTube on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The data processed includes usage data and communication data. We use YouTube’s Privacy Enhanced Mode on our website to embed videos in a data-saving manner.
There is a data transfer to third countries (United States of America).
Further information is available in the provider’s privacy policy at https://policies.google.com/privacy.
In addition to the technologies presented below, native mobile applications also use the following technologies, which are already described in Section 4.1:
Adjust
We use Adjust for analysis. The provider is Adjust GmbH, Saarbrücker Str. 37A, 10405 Berlin. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the EU.
We use Adjust to analyze the success of marketing activities for our mobile applications. The data is not used by Adjust for its own purposes.
Further information is available in the provider’s privacy policy at
https://www.adjust.com/terms/privacy-policy/ available.
Usercentrics
We use Usercentrics to manage consent on our native mobile apps. The provider is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich. The provider processes meta/communication data (e.g. device information, IP addresses) in the EU.
Further information is available in the provider’s privacy policy at https://usercentrics.com/privacy-policy/.
Google Firebase Analytics/Crashlytics/Performance
In our apps, we use Firebase, a framework from Google Ireland Limited, through which we track and manage the following real-time features in the app:
Firebase Analytics enables the technical analysis of the use of our offer. For this purpose, we have integrated an SDK (“Software Development Kit”) with which information about the use of our app is collected and transmitted to Google using the IDFA/AAID and stored there. Google will use the aforementioned information to anonymously evaluate the technical use of our app and to provide us with further services related to the technical use of apps.
Firebase Crashlytics and Firebase Performance are used to improve the stability and performance of the app. This involves collecting information about the device used and how our app is used (for example, the timestamp, when the app was launched, and when the crash occurred), which allows us to diagnose and resolve problems.
This information is usually transferred to a Google server in the USA and stored there.
There is a data transfer to third countries (United States of America).
Further information is available in the provider’s privacy policy at https://firebase.google.com/support/privacy.
Based on our legitimate interests according to Art. 6 para. 1 lit. f GDPR (interest in the analysis, optimization and economic operation of our online offer), as well as partly for the fulfillment of our contractual obligations according to Art. 6 para. 1 lit. b GDPR, we also use various third-party content or services that do not access your terminal device or set cookies. This nevertheless has the consequence that the providers of these contents and services receive your IP address, as they cannot send the contents to the browser without the IP address.
We use content and services from the following providers:
All communication of your browser with our services is done via an encrypted TLS connection to protect your information from unauthorized access by third parties. Only selected administrators have insight into the data and only to the extent necessary to maintain the services.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
Unless expressly stated within the scope of this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If your data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.
You have the right:
You only need to provide the personal data that is required for the establishment, implementation and termination of the business relationship or other relationships, or which we are required to collect by law. Without this data, we will usually have to refuse to conclude a contract or provide a service or will no longer be able to perform an existing contract or other relationship. Mandatory data are marked as such.
As a matter of principle, we do not use fully automated decision-making pursuant to Art. 22 GDPR. Should we use these procedures in individual cases, we will inform about this separately.
We collect the following categories of personal data.
We collect the above categories of personal data from various sources, including directly from you, from our service providers, from third parties such as your educational institution, and from the social media platforms and networks that we use, which may also be governed by our Social Media Privacy Policy.
We have collected these categories of personal data to fulfill our business and commercial purposes, including to provide services you requested; audit relating to counting ad impressions to unique visitors, verify positioning and quality of ad impressions, and audit compliance with applicable standards; helping to ensure security and integrity to the extent the use of the personal data is reasonably necessary and proportionate for these purposes; debugging to identify and repair errors that impair existing intended functionality; perform services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying your information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services;, undertaking internal research for technological development and demonstration; undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured for, or controlled by us; and for any other business purpose permitted by law.
We may disclose the categories of personal data as described in section 9.1 for our business purposes as described in section 9.3 to the following categories of third parties: internet service providers.
We may share the following categories of personal data for purposes of targeted advertising to our advertising networks, internet service providers, data analytics providers, and social networks: internet or other electronic network activity.
Under applicable law of your United States state of residence, you may have the right to:
We have not sold or shared your personal data in the past 12 months, and we have not knowingly sold or shared the personal data of anyone under 16 years of age. You will not receive discriminatory treatment or be retaliated against for the exercise of your rights.
These rights may be subject to certain exceptions under applicable law.
To exercise any of your data rights, you may email us at privacy@amboss.com. To exercise your right to opt out of the sharing of personal data for purposes of targeted advertising, visit “Privacy Settings” in the footer of our website. We currently do not respond to “Do Not Track” or opt-out preference signals. When making a request to exercise your data rights, please include your name, and your account email address.
You may also exercise your rights through an authorized agent. To do so, please provide written authorization signed by you and your designated agent and email us at privacy@amboss.com.
To protect your identity, we will take steps to reasonably verify your identity before fulfilling your request. This may include asking you to provide sufficient information such as your name and address, which we will match against our business records.
If you have questions or concerns about our response to your request, you may appeal a decision by emailing us at privacy@amboss.com. Virginia residents may contact the Attorney General by filing a complaint, here.
We reserve the right to change this privacy policy from time to time to reflect changes in the law or expansion of the functionality of our services. We will post any updates to this privacy policy on our website or provide you with notice of such changes as required by applicable law. You should therefore read the privacy policy regularly to be informed about the protection of your data.
AMBOSS is the rights holder, provider and operator of the online knowledge and learning program "AMBOSS" for students of medicine, doctors and other healthcare professionals. We want you, as a user of our services, to understand how we use information and what options you have to protect your data. We are aware of the importance and sensitivity of your personal data and thank you for your trust. Handling it responsibly is a major concern for us. If you have any questions about this, please do not hesitate to contact us.
This data protection declaration informs applicants about the nature, scope and purpose of the processing of personal data by AMBOSS. It applies to applications that you send to us via our application portal. In addition, you can find information about data processing on the website operated by us in our general data protection information. You can find them here.
AMBOSS SE
Torstrasse 19
10119 Berlin, Germany
E-mail: hello@amboss.com
Phone: +1 (347) 835-5441
Managing Directors: Dr. med. Madjid Salimi, Dr. med. Nawid Salimi, Benedikt Hochkirchen
Local Court Berlin (Charlottenburg), HRB 270315 B
Our representative and wholly-owned subsidiary in the US:
AMBOSS MD Inc.
234 5th Avenue, 2nd Floor
New York, NY, 10001
Phone: 347-835-5441
AMBOSS SE
Sophia Ampatziadis
Torstrasse 19
10119 Berlin, Germany
privacy@amboss.com
Last Update Date: August 2023
1.1 With regard to the terms used, such as “personal data”, “user” or “processing”, we refer to Art. 4 of the EU General Data Protection Regulation (GDPR).
1.2 We process users’ personal data exclusively in compliance with the relevant provisions of data protection law. In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not stated in this privacy policy, the following applies: Legal basis for the processing of personal data with separate consent is Art. 6 para. 1 lit. a GDPR, legal basis for the processing of data for the performance of a contract and for the implementation of pre-contractual measures is Art. 6 para. 1 lit. b GDPR, legal basis for the processing of personal data to comply with our legal obligations is Art. 6 para. 1 lit. c GDPR and legal basis for the processing of personal data to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR.
2.1 You have the option of applying directly for a vacant position with us via our application portal. To process your online application and to carry out the application process, we collect, process and use the personal data that you have provided to us via our application portal. The data is used for the purpose of the application process. This also includes contacting you.
2.2 For our application portal, we use the services of Ashby Inc. 548 Market St, San Francisco, CA, United States. For this purpose, the data you provide to us as part of the application process is stored and processed on Ashby’s servers in the United States. This is done under an existing data processing agreement with Ashby.
2.3 The processing of your data is based on your consent according to Art. 6 para. 1 lit a GDPR, if you have given it, and on pre-contractual measures according to Art. 6 para. 1 lit b GDPR and Section 26 para. 1 of the German Federal Data Protection Act (BDSG).
3.1 First of all, only our employees who are involved in the application process receive knowledge of your personal data. In addition, we use external service providers within the framework of the data processing explained in this data protection declaration or, if necessary, commission them with certain services. In addition to the aforementioned providers of the applicant management programs, data may in individual cases be passed on to legal advisors when asserting our claims.
3.2 Personal data is only passed on to third parties on the basis of legal permits and within the framework of legal requirements. If we commission service providers with the processing of data within the framework of a so-called “data processing agreement”, this is done on the basis of Art. 28 GDPR.
3.3 Personal data may also be transferred to servers outside the EU or to trusted third parties based outside the EU. If you apply for employment with our subsidiary AMBOSS MD Inc. 234 5th Avenue, 2nd Floor, New York, NY, 10001, your data will be transferred to them. If there is no EU Commission decision on an adequate level of data protection in the country in question, the transfer will take place on the basis of so-called EU standard contractual clauses, which aim to ensure that your rights and freedoms are adequately protected. You should be aware that many countries do not offer the same legal protection for personal data as in the EU. While your personal data is located in another country, it may be accessed by courts, law enforcement and national security authorities of that country in accordance with its laws.
You only need to provide the personal data that is required for the application process or whose provision is required by law or contract. Without this data, we will not consider you for the application process or be able to fulfill individual contractual obligations.
We do not use fully automated decision-making including profiling in accordance with Art. 22 GDPR as part of the application process.
5.1 To the extent applicable under the GDPR, you have the right:
6.1 If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.
6.2 If you wish to exercise your right of revocation or objection, it is sufficient to send an e-mail to our above-mentioned e-mail address. You may also call us at the above-mentioned phone number.
7.1 We collect the following categories of personal data:
We collect the above categories of personal data from you, our service providers, and other third parties.
7.2 We use this personal data for a variety of business purposes, including to conduct our business and to manage our relationship with you. This may include to manage our relationship with you; helping to ensure security and integrity to the extent the use of the personal data is reasonably necessary and proportionate for these purposes; debugging to identify and repair errors that impair existing intended functionality; perform services, including maintaining or servicing accounts, verifying your information, or providing any other services; undertaking internal research for technological development and demonstration; undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured for, or controlled by us; and for any other business purpose permitted by law.
We do not sell or share your personal data, and we have not knowingly sold or shared the personal data of anyone under 16 years of age.
We limit the use and disclosure of your sensitive personal data to those business purposes permitted under applicable law, and we do not use it to infer characteristics about you.
We will not use personal data collected for additional purposes that are incompatible with the disclosed purpose in this Job Applicant Privacy Notice without providing you with notice.
Your data will be stored by us for as long as is necessary to process your application. In the event that the application process is terminated, your data will be deleted after 6 months at the latest. If you have agreed to further storage of your data in our talent pool, your data will be stored in our talent pool for a further 12 months and then automatically deleted. In the event that your application leads to an employment relationship with us, your data will be forwarded from our application software Ashby to our HR management software BambooHR and then deleted from Ashby.
We reserve the right to change this Job Applicant Privacy Notice from time to time to reflect changes in the law or expansion of the functionality of our services. You should therefore read the Job Applicant Privacy Notice regularly to be informed about the protection of your data.
In addition, you can inform yourself about data processing on the website operated by us in our general data protection information. You can find them here.
AMBOSS SE
Torstrasse 19
10119 Berlin, Germany
E-mail: hello@amboss.com
Phone: +1 (347) 835-5441
Managing Directors: Dr. med. Madjid Salimi, Dr. med. Nawid Salimi, Benedikt Hochkirchen
Local Court Berlin (Charlottenburg), HRB 270315 B
Our representative and wholly-owned subsidiary in the US:
AMBOSS MD Inc.
234 5th Avenue, 2nd Floor
New York, NY, 10001
Phone: 347-835-5441
AMBOSS SE
Sophia Ampatziadis
Torstrasse 19
10119 Berlin, Germany
privacy@amboss.com
Last Update Date: August 2023
AMBOSS SE (hereinafter also referred to as “AMBOSS” or “we”) is a young company providing high quality services for physicians and medical students as well as learning materials. We want you, as a user of our services, to understand how we use information and what options you have to protect your data. We are aware of the importance and sensitivity of your personal data and thank you for your trust. Handling it responsibly is a major concern for us. We process personal data of visitors to our social media presences in compliance with the relevant data protection regulations, in particular the EU General Data Protection Regulation (GDPR). If you have any questions about this, please do not hesitate to contact us.
The respective platform providers listed below are primarily responsible for processing your personal data within the social media platforms. If data is collected on our social media presences that both the respective platform provider and we process and use for joint purposes (e.g., in the context of analysis or advertising), there is a joint responsibility of the provider and us. Often, this function cannot be deactivated by us. You can therefore contact both the respective provider and us with your concern.This Social Media Privacy Policy is in addition to and supplements our General Privacy Policy.
2.1. Facebook
Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
AMBOSS presences: https://www.facebook.com/AMBOSS.Med/,
https://www.facebook.com/amboss.int/
We have entered into a shared responsibility agreement with Meta Platforms Ireland Limited pursuant to Art. 26 GDPR (available here: https://de-de.facebook.com/legal/terms/page_controller_addendum).
2.2 Instagram
Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
AMBOSS presence: https://www.instagram.com/amboss_med/
2.3 Linkedin
Provider: LinkedIn Ireland Unlimited Company, 2, Dublin, Ireland (for users in the EU,EEA or Switzerland) or LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085 (for users outside the EU, EEA, Switzerland).
AMBOSS presence: https://www.linkedin.com/company/amboss-md
We have concluded a joint responsibility agreement with LinkedIn Ireland Unlimited Company in accordance with Art. 26 GDPR (available here: https://legal.linkedin.com/pages-joint-controller-addendum).
2.4. YouTube
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (for users in the EEA or Switzerland) or Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (for users outside the EEA or Switzerland).
AMBOSS Presence:
https://www.youtube.com/channel/UC8xEQrU6VhJU6pDZd-GkJWg
2.5 Twitter
Provider: Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (for users in the EU, EFTA countries or UK) or Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 (for users outside the EU, EFTA countries or UK).
AMBOSS presence: https://twitter.com/ambossmed
In the following, we describe for which purposes and on which legal basis we process your personal data.
The processing of your data by the social media platform providers may be based on different legal grounds. We have no influence on the data processing procedures of the platform providers and we do not know in detail how the social media platforms use the data from your visit to our social media presences and interaction with our posts for their own purposes, how long this data is stored and whether data is passed on to third parties. We also have no information on the deletion of the collected data by the providers of the platforms.
Data processing may differ depending on whether you are registered and logged in to the social media platform or visit the site as a non-registered and/or non-logged-in user. When you access a post or the social media presence, the IP address assigned to your terminal device is transmitted to the provider of the social media platform. If you are currently logged in as a user, it may be possible to track how you have moved around the network via cookies on your end device. Buttons embedded in websites enable the platforms to record your visits to these websites and assign them to your respective profile. Based on this data, content or advertising can be offered tailored to you. If you want to avoid this, you should log out or deactivate the “stay logged in” function, delete the cookies present on your device and restart your browser.
Which data the social media platform providers receive and how they are used is described by the providers in their privacy statements. There you will also find information on contact options as well as on the settings options for advertisements. In detail:
3.1 Informational use of our social media presences
You can visit our websites without providing any personal information. If you only use our websites for information purposes, i.e. if you do not register or otherwise provide us with personal information, we do not process any personal data, with the exception of the data that the respective provider transmits to us. When you visit our social media presences, the providers of the social media platforms collect, among other things, your IP address and other information that is collected as part of cookies on your terminal device. This information is used to provide us, as the operator of the site, with statistical information about the interaction with us (see section 3.2).
3.2 Analysis and tracking
For the purpose of analyzing and tracking the use of their social media platform and our presence, the providers use cookies that enable an evaluation of your surfing behavior. This allows us to improve the quality of the platform and our site and its content. We learn how our site is used and can thus constantly optimize our offer, but do not gain access to the personal data behind it. We can only influence statistics provided to us by the platform providers to a limited extent and cannot switch them off.
We process your personal data on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR, which you have given to the provider upon registration or within the Cookie Consent Manager of the respective social media platform.
3.3 Active use of social media presences
We, as the operator of the respective social media presence, also process data from your active use of the site. In addition to the processing of your personal data described above, we then process further data from you that we need, for example, to process your inquiry or to interact with you on our own initiative.
You can comment, share or otherwise interact (like, recommend, review, etc.) with posts, photos, videos, etc. created by us on the provider’s platform and on our site. Where applicable, we will share your content on our Site if this is a feature of the Platform and communicate with you through the Platform. If necessary, we reserve the right to delete content.
In addition, you can send us inquiries via the platforms. Depending on the required response, we may also refer you to other secure communication channels that ensure confidentiality. You always have the option of sending us confidential inquiries to our address stated in this privacy policy.
We process your personal data on the basis of our legitimate interest in providing an interaction and information offer, analyzing and optimizing the same and interacting with you pursuant to Art. 6 (1) lit. f GDPR or to initiate a contract with you pursuant to Art. 6 (1) lit. b GDPR.
3.4 Further data processing in individual cases
We also process your personal data in individual cases in order to fulfill legal obligations. These include, in particular, commercial, trade or tax law retention obligations. We process your personal data in accordance with Art. 6 para. 1 lit. c GDPR in connection with commercial, trade or tax law, insofar as we are obliged to record and store your data. In addition, it may be necessary in individual cases to process your data in order to assert our rights and enforce our legal claims or insofar as this is necessary for the defense or prosecution of criminal offenses. We process your personal data for these purposes to protect our legitimate interests pursuant to Art. 6 (1) lit. f GDPR.
Initially, only our employees who are involved in the technical or editorial support of the social media presences receive knowledge of your personal data. Your data will only be passed on to third parties if this is permitted or required by law or if you have given your consent.
In addition, within the scope of the data processing described above, we may use external service providers or commission them to provide the corresponding services. If service providers receive your personal data as processors, they are strictly bound by our instructions when handling your personal data. We list the categories of external recipients in detail below:
You have the right:
However, we recommend that you first contact the data protection contact of the respective platform operator if you have any questions about data processing on the social media platforms.
We ourselves store your personal data – if at all – only for the duration for which the respective purpose of use requires corresponding storage. In addition, we may store your personal data until the statute of limitations expires for any legal claims arising from the relationship with you, in order to be able to use them for evidence purposes. The limitation period is usually between 12 and 36 months, but can also be up to 30 years. When the statute of limitations expires, we delete your personal data, unless there is a legal obligation to retain it. These retention obligations can be up to ten years.
In principle, you are not obliged to provide us with personal data when you visit our social media sites. As a rule, you can also visit them without being registered with the respective social media platform. However, if you wish to use certain functionalities (e.g. interactive functions such as commenting, sharing, rating) or contact us in the social media, it is regularly necessary that you register for this on the respective platform and in any case disclose your profile name. However, if you do not do this, the operator of a social media platform cannot, among other things, make the platform and our presence available to you, and we cannot answer your inquiries to us, send you information, etc., or enter into a contract with you.
As a matter of principle, we do not use fully automated decision-making pursuant to Art. 22 GDPR. Should we use these procedures in individual cases, we will inform about this separately.
However, it is possible that the provider of a social media platform processes your data automatically with the aim of evaluating certain personal aspects (profiling). This may be done in order to inform and advise you in a targeted manner about products and services. For the data processing for which the platform providers are primarily responsible, please refer to their data protection declarations (see section 3).
We reserve the right to change this privacy policy from time to time to reflect changes in the law or expansion of the functionality of our services. You should therefore read the privacy policy regularly to be informed about the protection of your data.
AMBOSS SE (“AMBOSS”) operates the online knowledge and learning program AMBOSS, a network-based learning concept specifically for medical students, physicians, and other healthcare professionals. We are aware of the importance and sensitivity of your data and thank you for your trust. Handling it responsibly is of paramount importance to us. Please do not hesitate to contact us if you have any questions.
AMBOSS regularly conducts surveys to even better understand the daily challenges of medical students and physicians and/or to obtain their feedback on current or future AMBOSS products, services, or initiatives. This privacy policy informs participants in surveys created by AMBOSS about the nature, scope, and purposes of the processing of personal data by AMBOSS in this context. It applies to all surveys created by AMBOSS, regardless of the method or medium through which participation occurs (via the website, email, personal conversation, etc.). You can also find further information about data processing by AMBOSS in our general privacy policy, which is available here.
Data Controller:
AMBOSS SE
Torstrasse 19
10119 Berlin, Germany
E-mail: hello@amboss.com
Phone: +1 (347) 835-5441
Management: Dr. med. Madjid Salimi, Dr. med. Nawid Salimi, Benedikt Hochkirchen
District Court Berlin (Charlottenburg), HRB 2 70315
Contact details of the Data Protection Officer:
AMBOSS SE
Sophia Ampatziadis
Torstrasse 19
10119 Berlin, Germany
privacy@amboss.com
1.1. Regarding the terms used, such as “personal data”, “user” or “processing”, we refer to Article 4 of the General Data Protection Regulation (“GDPR”).
1.2. We process personal data of users exclusively in compliance with the applicable data protection regulations. In accordance with Article 13 of the GDPR, we inform you of the legal basis for our data processing. Unless otherwise stated in this Privacy Policy, the following applies: The legal basis for processing personal data with separate consent is Article 6(1) ( a) GDPR; the legal basis for processing data for the performance of a contract and for taking steps prior to entering into a contract is Article 6(1) (b) GDPR; the legal basis for processing personal data to comply with our legal obligations is Article 6(1) (c) GDPR; and the legal basis for processing personal data to protect our legitimate interests is Article 6(1) (f) GDPR.
2.1. You have the option to participate in surveys created by AMBOSS. The data you provide may be associated with your AMBOSS user ID. Unless we have informed you otherwise before the survey, we will process and use the personal data you provide in the survey only for the purpose of evaluating the survey and optimizing products. This also includes contacting you.
2.2. Your data will be stored by us for as long as this is necessary for the intended purpose. As soon as storage is no longer necessary for the intended purpose and there are no legal retention obligations preventing deletion, we will delete the data.
2. 3. Your data will be processed on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR, insofar as you have given this consent.
3.1. Generally, only our employees involved in evaluating the survey will have access to your personal data. Furthermore, we use external IT service providers for the data processing described in this Privacy Policy and may commission them to perform certain services. These include the following IT services:
3.2. Personal data will only be disclosed to third parties on the basis of legal permissions and within the framework of legal requirements. If we commission service providers to process data within the framework of a so-called "Data Processing Agreement", this is done on the basis of Article 28 GDPR.
3.3. Personal data may also be transferred to servers outside the EU or to trusted third parties located outside the EU. If the EU Commission has not issued an adequacy decision for the country in question, the transfer will be based on so-called EU Standard Contractual Clauses, which aim to ensure that your rights and freedoms are adequately protected. You should be aware that many countries do not offer the same level of legal protection for personal data as the EU. While your personal data is located in another country, courts, law enforcement agencies, and national security authorities of that country may be able to access it in accordance with its laws.
We use various third-party technologies on our website, in the registered area, in our apps, and in our interactions with survey participants to conduct surveys. These technologies are listed below. Further information, particularly regarding the legal basis, the storage duration of cookies, and the personal data obtained through them, can be found in the privacy settings in the footer of this website. There, you also have the option to revoke any consent you may have given for these technologies with effect for the future. Further general information on consent management can be found in our general privacy policy.
Alchemist
We use Alchemer , a service of Alchemer LLC, 168 Centennial Parkway Unit #250 Louisville, CO 80027, USA, to create online forms for customer surveys. The provider processes meta/communication data (e.g., device information, IP addresses) and the information provided by participants in the survey form on our behalf.
Data is transferred to third countries (United States of America).
Further information can be found in the provider's privacy policy at https://www.alchemer.com/privacy.
Calendly
We use Calendly from the company of the same name, Calendly LLC, 115 E Main St Ste A1B Buford, GA. We use a service for easy, quick, and straightforward appointment scheduling with survey participants. The provider processes contact data (e.g., email addresses, phone numbers) and meta/communication data (e.g., device information, IP addresses) on our behalf for this purpose.
Data is transferred to third countries (United States of America).
Further information can be found in the provider's privacy policy at https://calendly.com/legal/privacy-notice.
Google Forms
We use the survey management software Google Form from Google LLC, 1600 Amphitheatre Pkwy Mountain View, CA, 94043-1351 United States, to obtain consent for participation in surveys. The provider processes, on our behalf, the name, email address, declaration of consent, and meta/communication data (e.g., device information, IP addresses) for these purposes.
Data is transferred to third countries (United States of America).
Further information can be found in the provider's privacy policy at https://policies.google.com/privacy?hl=de.
Hubspot
We use HubSpot from the company of the same name, HubSpot , Inc., 25 1st Street, Cambridge, MA 0214, USA. The provider processes contact data (e.g., email addresses, telephone numbers) and meta/communication data (e.g., device information, IP addresses) on our behalf.
We use HubSpot as follows
Data is transferred to third countries (United States of America).
Further information can be found in the provider's privacy policy at https://legal.hubspot.com/de/privacy-policy.
Unless explicitly stated below, the third-party providers listed in this section also use the data they process from you for their own purposes. Details can be found in the providers' privacy policies.
Hotjar
We use the web analytics service Hotjar from Hotjar Ltd., Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta (“Hotjar”).
The provider processes, on our behalf and not for its own purposes, the activity of the website visitor (e.g., which pages they visited and which elements they clicked on), device and browser information (especially the IP address and operating system), and a tracking code in the form of a pseudonymized user ID. The information collected in this way is transmitted by Hotjar to a server in Ireland and stored there anonymously.
Further information can be found in the provider's privacy policy at https://www.hotjar.com/legal/policies/privacy.
Based on our legitimate interests pursuant to Art. 6(1) (f) GDPR (interest in conducting and evaluating surveys and providing rewards for participation), we also use various third-party content or services that do not access your device or set cookies. However, this means that the providers of this content and these services will receive
your contact details (name and email address), as they cannot provide the requested service without this data.
You only need to provide the personal data that is necessary for participation in the survey or whose provision is required by law or contract. Without this data, we will generally not be able to conduct the survey.
We generally do not use fully automated decision-making in accordance with Article 22 GDPR. Should we use these procedures in individual cases, we will provide separate notification.
You have the right:
7.1. If your personal data is processed on the basis of legitimate interests pursuant to Article 6(1) (f) GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 GDPR, provided there are grounds relating to your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which we will implement without requiring you to specify a particular situation.
7.2 . If you wish to exercise your right of withdrawal or objection, simply send an email to our email address mentioned above.
We reserve the right to amend this privacy policy from time to time to reflect changes in legislation or the expansion of our services. You should therefore review the privacy policy regularly to stay informed about how we protect your data.
In addition, you can find information about data processing on our website in our general privacy policy. You can find it here.
Last updated: October 2025
© 2025 AMBOSS. All rights reserved.
