Privacy & Security

Trust begins with transparency

We take the protection of your data seriously. On this page, you can find out how Hasomed GmbH and RehaCom® secure your data—transparently, comprehensively, and in compliance with the GDPR.

Two women working on a computer in a bright office with large windows.
ISO/IEC 27001 Zertifizierungszeichen für zertifiziertes ISMS.
Logo mit Text ‚Hosted in Germany‘, Symbol für deutsches Datenhosting.
ISO 13485 Zertifizierungszeichen von DNV MEDCERT für Medizinprodukte.
Logo mit Text ‚DSGVO konform‘, Hinweis auf Datenschutz gemäß EU-Verordnung.
Logo mit Hinweis auf C5-Testat nach BSI-Kriterien für Cloud-Sicherheit.
ISO/IEC 27001 Zertifizierungszeichen für zertifiziertes ISMS.
Logo mit Text ‚Hosted in Germany‘, Symbol für deutsches Datenhosting.
ISO 13485 Zertifizierungszeichen von DNV MEDCERT für Medizinprodukte.
Logo mit Text ‚DSGVO konform‘, Hinweis auf Datenschutz gemäß EU-Verordnung.
Logo mit Hinweis auf C5-Testat nach BSI-Kriterien für Cloud-Sicherheit.
ISO/IEC 27001 Zertifizierungszeichen für zertifiziertes ISMS.
Logo mit Text ‚Hosted in Germany‘, Symbol für deutsches Datenhosting.
ISO 13485 Zertifizierungszeichen von DNV MEDCERT für Medizinprodukte.
Logo mit Text ‚DSGVO konform‘, Hinweis auf Datenschutz gemäß EU-Verordnung.
Logo mit Hinweis auf C5-Testat nach BSI-Kriterien für Cloud-Sicherheit.

Who we are – Hasomed GmbH

Security and data protection are firmly anchored in our DNA at RehaCom®. We act transparently, responsibly, and with an awareness of the special protection requirements for sensitive health data.

Safety is standard.

Our security principles accompany every product—from the first line of code to operation in certified data centers.

Security is understandable.

Data protection must be transparent. We explain clearly, comprehensively, and transparently how and why we process data—without using technical jargon.

Health data requires special care.

Health data deserves the utmost care. We treat it as we would want it to be treated for ourselves.

What data do we process and why?

RehaCom® only processes data that is necessary for safe operation and therapeutic use—no more, no less. We have summarized exactly what data this is, what it is needed for, and how we protect it in a transparent and understandable way in our privacy policy:

Privacy policy

How we protect your data

Our security measures have a clear goal: to protect your practice data in the best possible way—technically, organizationally, and transparently. We deliberately distinguish between locally installed software and cloud components. Both worlds are secure—in their own way.

ISO 27001-certified security management

ISO 27001-certified data centers in Germany for our hosted products. And: We, Hasomed GmbH, are of course also ISO 27001 certified.

Transparent security documents and processes

Our processes clearly document how we implement security—from encryption and access control to clearly defined responsibilities within our company. We provide you with all relevant documents.

Encryption of data

Our encryption concepts (storage & transmission) are state-of-the-art. They have been tested by independent experts.

Awareness raising and training

Regular security checks and training for our employees

C5 certification according to BSI criteria

RehaCom® has been successfully tested in accordance with the Cloud Computing Compliance Controls Catalogue (C5) of the German Federal Office for Information Security (BSI).

Learn more...

You decide what happens to your data

As a RehaCom® user, you have the right to know what personal data we process at any time—and to influence this. Whether you want information, want to request deletion, or want to object to use: your rights are comprehensively protected by the GDPR, and we ensure that you can exercise them easily and transparently.

Information

You can find out what data we have stored about you at any time.

Deletion

You can have your data completely deleted (“right to be forgotten”).

Objection

You may object to the processing of your data.

Transferability

You can receive your data in a machine-readable format.

Our partners for data protection & IT security

Data security is a team effort. That's why we work with experienced experts who provide us with strategic, technical, and legal support—continuously and independently audited. This ensures that RehaCom® complies with current standards and regulatory requirements at all times.

Specializing in information security & IT compliance

Specialist in holistic cybersecurity – from technical infrastructure and risk analysis to strategic security architecture. CISOIQ supports us as a long-term partner in the further development of our security strategy, in internal reviews, and in the preparation and implementation of external audits (e.g., ISO 27001, C5).

Visit website
Logo der Firma BEHTA Management GmbH

Partner for data protection consulting & technical risk assessments

Specializing in data protection in sensitive industries such as healthcare and education. Behta supports us as external data protection consultants—from analyzing technical and organizational measures to implementing specific processes within the company.

Visit website

Resources & Documents

For us, transparency does not end with promises—it is demonstrated by providing access to all relevant documents. Here you will find legal principles, evidence, and supplementary information on information security and data protection at RehaCom®—directly accessible and available for download.

Privacy policy for our website

Privacy Policy RehaCom® Online

General Terms and Conditions of Use for Patients/Clients

General Terms and Conditions for Medical Practices/Clinics

ISO 27001 Certificate (PDF)

ISO 13485 Certificate (PDF)