Privacy Policy

Collection and storage of personal data, as well as the type and purpose of their use

When you access our website, the browser used on your device automatically sends information to our website server. This information is temporarily stored in a so-called log file.

The following information is collected without your intervention and stored until it is automatically deleted:

• IP address of the requesting computer
• Date and time of access
• Name and URL of the retrieved file
• Website from which access is made (referrer URL)
• Browser used and, if applicable, the operating system of your computer
• Name of your access provider

We process this data for the following purposes:

• Ensuring a smooth connection to the website
• Ensuring comfortable use of our website
• Evaluation of system security and stability
• For other administrative purposes
• The legal basis for data processing is Art. 6 (1) (f) GDPR.

Our legitimate interest arises from the purposes for data collection listed above. Under no circumstances will we use the collected data to draw conclusions about you personally. Furthermore, we use cookies and analysis services when you visit our website. Further information can be found in sections 4 and 5 of this privacy policy.

Hosting

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services, which we use to operate this online offering. We, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, metadata, and communication data of customers, interested parties, and visitors to this website based on our legitimate interests in the efficient and secure provision of this website in accordance with Art. 6 (1) (f) GDPR in conjunction with Art. 28 GDPR.

Collection of access data and log files

We, or rather our hosting provider, collect data about every access to the server on which this service is located (so-called server log files) based on our legitimate interests within the meaning of Art. 6 (1) (f) GDPR. This access data includes the name of the website accessed, the file, the date and time of access, the amount of data transferred, the notification of successful access, the browser type and version, the user's operating system, the referrer URL (the previously visited page), the IP address, and the requesting provider.

Log file information is stored for security reasons (e.g., to investigate misuse or fraud) for a maximum of 7 days and then deleted. Data whose further retention is necessary for evidentiary purposes is exempt from deletion until the respective incident has been finally resolved.

Purpose of data processing

Data processing is carried out in accordance with legal requirements in order to fulfill the treatment contract between you and your doctor and the associated obligations. For this purpose, we process your personal data, in particular your health data. This includes medical histories, diagnoses, treatment suggestions, and findings that we or other physicians collect. Other physicians or psychotherapists with whom you are undergoing treatment may also provide us with data for these purposes (e.g., in medical letters). The collection of health data is a prerequisite for your treatment. If the necessary information is not provided, careful treatment cannot be provided.

Storage of your data

We only retain your personal data for as long as necessary to carry out the treatment. Due to legal requirements, we are obligated to retain this data for at least 10 years after the end of treatment. Other regulations may stipulate longer retention periods, for example, 30 years for X-ray records according to Section 28, Paragraph 3 of the X-ray Ordinance.

Sharing of data, recipients of your data, and purposes of data transfer

We only transfer your personal data to third parties if this is permitted by law or if you have given your consent. Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only disclose your personal data to third parties:

• If you have given your express consent in accordance with Art. 6 (1) (a) GDPR
• If the disclosure is necessary for the establishment, exercise, or defense of legal claims in accordance with Art. 6 (1) (f) GDPR and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data
• If there is a legal obligation to disclose data in accordance with Art. 6 (1) (c) GDPR
• If this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 (1) (b) GDPR.

Recipients of your personal data may primarily include other physicians, psychotherapists, statutory health insurance associations, health insurance companies, the Medical Service of the Health Insurance, medical associations, and private medical billing offices.

The transfer is primarily for the purpose of billing for the services provided to you and to clarify medical questions and questions arising from your insurance relationship. In individual cases, data may be transferred to other authorized recipients.

Your rights

You have the right:

• To request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected from us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information on its details.
• In accordance with Art. 16 GDPR, you have the right to immediately request the correction of any inaccurate or incomplete personal data stored by us.
• In accordance with Art. 17 GDPR, you have the right to request the erasure of your personal data stored by us, unless processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or to assert, exercise, or defend legal claims.
• In accordance with Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims, or you have objected to the processing in accordance with Art. 21 GDPR.
• In accordance with Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another controller.
• In accordance with Art. 7 (3) GDPR, you have the right to revoke your consent at any time. This means that we may no longer continue the data processing based on this consent in the future.
• In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters.

The address of the supervisory authority responsible for us

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf

Phone: 0211-38424-0
Fax: 0211-38424-10
E-mail: poststelle@ldi.nrw.de

Right of Objection

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) (f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided there are reasons for doing so that arise from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation. If you wish to exercise your right of withdrawal or objection, please contact us.

Data Security

We use the widespread SSL (Secure Socket Layer) method during your website visit in conjunction with the highest level of encryption supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is being transmitted encrypted by the closed key or lock symbol in the lower status bar of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

Legal basis for the processing of your data, your rights

The legal basis for the processing of your data is Article 9 (2) (h) GDPR in conjunction with Section 22 (1) No. 1 (b) of the Federal Data Protection Act. If you have any questions, please feel free to contact us.

Currentness and changes to this privacy policy

This privacy policy is currently valid.

Due to the further development of our website and the services it provides, or due to changes in legal or regulatory requirements, it may become necessary to change this privacy policy. You can access and print the current privacy policy on our website at any time.