This Regulation lays down rules relating to the protection of natural persons regarding the processing of personal data and rules relating to the free movement of personal data when using our website. Personal data is all data which refer to you in person (e.g. name, address, e-mail address, user behaviour, IP address).
Name and contact data of the processor as well as the operative data protection officer according to article 4 paragraph 7 GDPR
This data protection information is valid for the data processing by:
You may reach the responsible data protection officer via:
Safety and protection of your personal data
It is our foremost aim and duty to protect your personal data with which you entrusted us and to protect you from unauthorized access. Therefore, we are very careful and use the most modern safety standards in order to guarantee maximal protection of your personal data.
As a private-law company, we are subject to the regulations of the European GDPR and the regulations of the federal data protection law (BDSG). We have applied technical and organizational measures which ensure that the data protection regulations are observed by us and also by our external service providers.
Our Legislature demands that personal data is processed according to law, in good faith and in a comprehensible manner for the person in question („lawfulness, processing in good faith, transparency“). In order to guarantee this, we inform you of the single legal terminologies that are also used in this GDPR:
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
restriction of processing
‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future.
‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
‘pseudonymization’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
‘filing system’ means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Lawfulness of processing
Processing shall be lawful only if there is a legal basis for processing and to the extent that at least one of the following applies (according to article 6 1 lit a-f GDPR):
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which the controller is subject;
- processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Information on the collection of personal data
(1) In the following, we inform you of the collection of personal data when using our website. We collect, store, use, transfer or delete the following personal data:
- Persons interested in our website and patients of our practice, who are natural persons
- all other natural persons who are in contact with our practice (e.g. agents of patients, legal guardians of patients, employees of legal entities, visitors of our website)
Personal data are e.g. name, address, e-mail address, user behaviour. We process personal data only if this is necessary for the allocation of this website as well as that of the contents and services we offer.
(2) If you contact us by telephone, e-mail or contact form, we store the provided data (your e-mail address, if necessary name and telephone number) in order to answer your questions. Data in this connection is deleted when storing is no longer necessary or processing is limited if there are legal record retentions. For third parties, this data is not made accessible.
(3) Data of children is only collected if these children are presented in our practice by their legal guardians.
(4) If we intend to revert to assigned service provider for single functions on our website or if we intend to use your data for marketing purposes, we will inform you of the procedure in detailed manner below.
Collection of personal data when visiting our website
If you just visit our website in order get information (if you do not register or transfer information in any other way), we only collect the data that is transferred to our server by your browser. If you just want to have a look at our website, we only collect the data that are technically necessary in order for us to show you our website and to guarantee stability and safety (legal basis article 6, paragraph 1. p 1 lit f GDPR)
- IP address
- Date and time of query
- Time zone difference to Greenwich Mean Time (GMT)
- Contents of query (specific webpage)
- Status of access / HTTP status code
- Data quantity transferred
- Website from which the query comes from
- System software and its surface
- Language and browser software version
You have the following rights with regard to your data stored by us:
- Right to rectification and erasure
- Right to information
- Right to restriction of processing
- Right to data portability
- Right to object to processing
You have the ability to file a complaint in connection with data processing to the data protection authority responsible for us:
Die Landesbeauftragte für den Datenschutz Niedersachsen
P.O. Box 2 21
Rights of the data subject
(1) The data subject shall have the right to obtain confirmation as to whether or not personal data concerning him or her are being processed, and further information and a copy of the data according to Art. 15 GDPR
(2) The data subject shall have the right according to Art. 16 GDPR to completion of the personal data concerning him or her or the rectification of inaccurate personal data concerning him or her
(3) The data subject shall have the right according to Art 17 to erasure of the data concerning him or her without delay and/or to demand restriction of processing the data according to Art. 18 GDPR
(4) The data subject shall have the right to access the data concerning him or her disclosed to us according to Art. 20 GDPR and to demand transfer thereof to other controllers.
(5) The data subject shall have the right to file a complaint with the responsible supervising authority
Right of cancellation
The data subject shall have the right to cancel his or her consent according to Art 7 GDPR, effective for the future
Right of objection
According to Art. 21 GDPR, the data subject shall have the right to object to future processing data concerning him or her at any time. This objection may be carried out particularly against processing for direct marketing purposes.
(1) In addition to the data mentioned above, cookies are also stored on your computer when using our website. Cookies are little text data files that are stored on your hard disk attributed to the browser you use and by which the place which set the cookie is provided with certain information. Cookies cannot execute programmes or transfer virus onto your computer. They are simply for making the internet offer more user-friendly and more efficient as a whole.
(2) This website uses the following kinds of cookies which are explained by extent and functioning as follows:
- transient cookies (see 1.)
- persistent cookies (see 2.)
- transient cookies are automatically deleted if you shut the browser. Here, these are so-called session cookies in particular. These store a so-called session ID with which various queries of your browser may be assigned to the common session. By this, your computer may be recognized when you return to our website. Session cookies are deleted when you log out or shut the browser.
- persistent cookies are automatically deleted after a given period of time, which may vary from cookie to cookie. You may delete the cookies in the security settings of your browser any time.
You may configure your browser settings according to your requirements and, e. g., deny the acceptance of third party cookies or all cookies. So-called “third party cookies” are those which were set by a third party, so not by the actual website that you are currently on. We inform you that by deactivating cookies, you may not be able to make full use of this website’s functions.
Server log files
The provider of the website automatically collects and stores information in so-called server log files which your browser automatically transfers to us. These are the following:
- browser type and version
- operating system used
- referrer URL
- host name of the accessing computer
- time of server query
This data cannot be assigned to certain persons. This data will not be connected with other data sources. We reserve the right to check this data later, if we have concrete indication for an illegal use.
This website uses SSL for security reasons and for the protection of confident content transfer, such as queries you send us as website provider. You may recognize an SSL connection that the address line of the browser changes from http:// to https:// and from the lock symbol in your browser line.
If SSL is activated, third parties cannot read data that you send us.
Our patients have the possibility to book an appointment online at our practice via our website and the portal www.dr-flex.de. For this, we use the service of the company Dr. Flex (Dr. Flex GmbH, Neumarkt 2a, D-59320 Ennigerloh).
The system shows available appointment times in our schedule.
In order to make use of this service, it is necessary that you enter personal data and agree to the current data protection declaration of Dr. Flex in the course of the appointment arrangement.
Important note: Your data entered into the system is only transferred to Dr. Flex, processed and automatically transferred to us for arranging an appointment and for the transfer of data relevant for this (e.g. reminder of appointment).
On the basis of our justified interests (i.e. interest on analysis, optimization and economical operation of our online offer according to Art. 6 paragraph 1 lit. f GDPR), we use marketing and re-marketing services (in short “Google Marketing Services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”)
Google is certified according to the Privacy Shield Agreement, by which it guarantees strict compliance to the European data protection regulations (https://www.privacyshield.gov/)
Google Marketing Services allow us to show advertisements for and on our website more selectively, in order to present advertisements that may match users’ interests. If e.g. a user sees an advertisement for products for which he showed interest on other websites, we call this “re-marketing”. For this purpose, when calling on our and other websites where Google Marketing is active, a Google code is conducted and so-called (re-)marketing tags (invisible graphics or codes, also called “web beacons” ) are integrated in the website, with which an individual cookie, i. e. a small file”, is stored on the user’s computer (instead of cookies, similar technologies may be used). Cookies may also be set by various domains, among others by google.com, doublecklick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. Within this data is stored which websites the user is visiting, in which contents he is interested, which offers he has clicked, furthermore technical information on the browser and operating system, referring websites, time of visit as well as other information on the use of the online offer. Moreover, the user’s IP address is collected, within Google Analytics we inform that the IP address within EU member states or other contractual states of the EEA is condensed. Only in exceptional cases is it transferred to a US server and condensed there. The IP address is not connected with the user’s data within other Google offers. Afore-mentioned information may also be connected to other sources by Google. If the user visits other websites afterwards, he may see advertisements corresponding his interests.
User data is processed in pseudonymous manner by Google Marketing Services, i. e. Google does not store or process e.g. name or e-mail address but processes relevant data concerning cookies within pseudonymous user profiles. This means, that from Google’s point of view, advertisements are not administrated and shown for a concrete identified person, but for the cookie owner, regardless of who he is. This does not apply if a user allows Google to process data without pseudonymization. Information on the user collected by Google Marketing Services is transferred to Google and stored on Google servers in the US.
Google Adwords Conversion Tracking
Among others, we use the online programme “GoogleAdWords” within Google marketing Services. Google Adwords puts a cookie (see fig 4) on your computer if you came to our website via a Google advertisement.
These cookies lose their validity after 30 days and do not serve personal identification. If the user uses certain websites of the Adwords customer and the cookies are still valid, Google and the customer may recognize that the user has clicked on the ad and has been directed to this site.
Each Adword customer receives a different cookie. So cookies cannot be traced via Adwords customers‘ websites. The information collected by using conversion cookies is used to create conversion statistics for Adwords customers that opted for conversion tracking. Adwords customers learn about the complete number of users that clicked on their ads and that were directed to a site tagged with conversion tracking. However, they do not receive information with which the user may be identified personally.
We may also use the service “Google Optimizer”. Google Optimizer allows us within the framework of so-called “A/B testings” to track the impacts of a website’s amendment. (e.g. amendment of input fields, designs etc.) For these test purposes, cookies are placed on the users’ computers. Here, only pseudonymous data of users is processed.
If you intend to object to Google Marketing Services ads referring to certain spheres of interest, you may use Google’s opt-out options: http://adssettings.google.com/.
(1) This website uses Google Analytics, a web analyst service of Google Inc. (“Goggle”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and that enable analysis of your use of the website. Information on your use of this website obtained via this cookie are usually transferred to a Google server in the US and stored. In case IP anonymization is activated on this website, your IP address is condensed within the Member States of the EU and other contractual States of the European Economic Area by Google. Only in exceptional cases is the full IP address transferred to a Google server in the US and condensed there. By order of the operator of this website, Google uses this information in order to assess your use of the website, to compose reports on the website activities and to offer further services in connection with the website and internet use concerning the website operator.
(2) The IP address transferred by your browser from Google Analytics is not connected to other Google data.
(3) You may prevent storage of cookies by corresponding settings of your browser software; however, we inform you that in this case, you may not be able to make full use of all functions of this website. Moreover, you may prevent Google’s collection of data created by cookies and referring to your use of the website (incl. your IP address) as well as Google’s processing thereof by downloading and installing the following browser plug-in link: http://tools.google.com/.
(4) This website uses Google Analytics with the extensions “_anonymizelp()”, by which IP addresses are processed in condensed form, any personal reference is excluded. So if there is a personal reference by data collected from you, it is immediately removed and the personal data is deleted without delay.
(5) We use Google Analytics in order to analyze and improve the use of our website regularly. By these statistics, we are able to improve our offer and to design it in a more interesting manner for you as user. In exceptional cases in which personal data is transferred to the US, Google is subject to EU-US privacy shield https://www.privacyshield.gov/. Legal basis for the use of Google Analytics is Art. 6 paragraph 1 lit f GDPR.
(6) Information on third party provider: Google Dublin, Google Ireland Ltd. Gordon House, Barrow Street, Dublin 4, Ireland, Fax +353 1 436 1001.
Overview on data protection:
As well as the data privacy declaration: http://www.google.de/.
(7) We have concluded a contract with Google on the processing of order data
(8) In addition, this website uses Google Analytics for a comprehensive analysis of visitor streams which is conducted by a user ID. You may deactivate this analysis of your use in your customer account “my data”, “personal data”.
Integration of Google Maps
(1) On our website, we use Google maps offer. By this, we are able to show interactive maps directly on our website and enable comfortable use of the map function.
(2) By visiting our website, Google receives the information that you called on a corresponding sub page of our website. Furthermore, the data mentioned in §3 of this declaration is transferred, regardless of whether Google allocates a user account by which you are logged in or if there is no user account. If you are logged in with Google, your data is directly assigned to your account. If you do not wish this, you have to log out before activating the button. Google stores your data as user profile and uses it for marketing purposes. Such an assessment is particularly conducted (even for users that are not logged in) for contributing tailor-made marketing and in order to inform other users of the social network on your activities on our website. You have the right to object to the formation of these user profiles, however, for this, you have to address to Google.
(3) Further information on the purpose and extent of collecting data and processing thereof by the plug-in-provider may be obtained from the GDPR of the provider. There, you may also obtain further information on your respective rights and setting possibilities concerning the protection your privacy: http://google.de/. Google also processes your data in the US and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/.
Google Tag Manager
On our website, we use “Google Tag Manager”, a service of Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: “Google”) Google Tag Manager allows us – as marketing operator – to administer website tags via a surface. The tool Google Tag Manager which implements the tags is a domain without cookies and collects no personal data itself. Google Tag Manager provides for triggering other tags which, in turn, possibly collect data. Google Tag Manager does not access this data. When there is a deactivation on domain or cookie level, this continues to exist for all tracking tags which are implemented by Google Tag Manager.
Google is subject to The Privacy Shield Agreement between the EU and the US and is certified, by which Google is obliged to comply with standards and regulations of the European data protection law. Further information can be obtained here:
Information on the third party provider: Google Dublin, Google Ireland Ltd. Gordon House, Barrow Street, Dublin 4, Ireland, Fax +353 (1) 436 1001. Further information on the data protection can be obtained from the following Google websites:
- Data protection declaration: http://www.google.de/
- FAQ Google Tag Manager: https://www.google.com/
- User requirements Google Tag Manager: https://www.google.com/
Our website uses plug-ins of Jameda GmbH, St.-Cajetan-Str. 41, D-81669 Munich.
If you visit one of our sites furnished with a Jameda plug-in, a connection to the Jameda servers is created. The Jameda server is informed of the sites you have visited.
Jameda collects information on the use of www.jameda.de from single computers. By collecting this information, Jameda intends to individualize its online offer. If you interact with a plug-in, e.g. by pushing the “recommend” button or leave a comment, the corresponding information is directly transferred to Jameda and stored there.
Purpose and extent of collecting data and processing and use of data by Jameda as well as your rights and setting options for the protection of your privacy sphere may be obtained from Jameda’s data privacy declaration https://www.jameda.de/.
If you send your appointment wishes or queries via contact form, this data (e-mail address, name, telephone number) is stored in order to answer your questions. This data is deleted as soon as it is no longer needed and if there are no legal record retentions. This data is not made accessible to third parties.
Our website uses the service of Matelso GmbH, Stuttgart. If you call a number operated by Matelso for us, information on the telephone conversation is transferred to a web analytic service used by us (e.g. Google Analytics). Furthermore, Matelso reads out cookies set by our analytic service or other parameter of your internet visits, e. g. referrer, document path, remote user agent. The corresponding information is processed by Matelso in line with our instructions and is stored on servers in the EU. Further information may be obtained here: https://www.matelso.de/privacy.
You may prevent cookies to be stored by corresponding browser software settings. However, we inform you that, in this case, you might not be able to make full use of our website’s functions as a whole.
Social Media Plug-ins
On our website, we use social plug-ins of social networks Facebook and Instagram according to Art. 6 paragraph 1 p. 1 lit f GDPR in order to popularize our practice even more. Marketing purposes behind this incorporate justified interest in line with GDPR.
The responsibility for the data conformance must be guaranteed by the respective operator. We insert plug-ins by using the so-called 2-click method in order to protect our website’s visitors as best as we can.
On our website, we use the social media plug-ins of Facebook in order to design their use in a more personal manner. Here, we use the button “like” or “share”. This is an offer of Facebook.
If you call on a page of our website that contains such a plug-in, your browser directly connects with Facebook servers. The contents of the plug-ins are directly transferred by Facebook to your browser, which directly embeds them in the website
By the embedding plug-ins, Facebook receives the information that your browser has called on the corresponding page of our website, even if you do not have a Facebook account or if you are currently not logged in at Facebook. This information (including your IP address) is directly transferred from your browser to a Facebook server in the US and stored there.
If you are logged in at Facebook, Facebook can directly assign the visit of our website to your Facebook account. If you interact with plug-ins, e.g. pushing the buttons “like” or “share”, the corresponding information is also transferred directly to a Facebook server and stored there. Furthermore, the information is published on Facebook and is visible for your friends.
Facebook may use this information for marketing, market research and tailor-made design of Facebook sites purposes. Here, Facebook user, interest and relation profiles are created, e.g. in order to assess your use of our website with regard to the ads on your Facebook site, to inform other Facebook users on your activities on our website and to collect further services in connection with use of Facebook.
If you do not want Facebook to assign your data collected by our website to your Facebook account, you must log-out at Facebook before you visit our website.
Purpose and extent of collecting data and processing and use of data by Facebook as well as your rights and setting options for the protection of your privacy sphere may be obtained from Facebook’s data privacy declaration https://www.facebook.com/.
On our website, we also use so-called social plug-ins (“plug-ins”) of Instagram, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”).
Plug-ins are characterized with an Instagram Logo, e.g. in the form of an “Instagram camera”.
If you call on a page of our website that contains such a plug-in, a direct connection between your browser and the Instagram servers is created. The contents of the plug-in are directly transferred by Instagram to your browser and embedded in the site. By this embedding, Instagram receives the information that your browser has called on the corresponding page of our website, even if you do not have an Instagram profile or are currently not logged in at Instagram.
This information (including your IP address) is directly transferred from your browser to an Instagram server in the US and stored there. If you are logged in at Instagram, Instagram can directly assign the visit of our website to your Instagram account. If you interact with plug-ins, e.g. by pushing the button “Instagram”, this information is also directly transferred to an Instagram server and stored there.
Furthermore, information is published in your Instagram account and visible for your contacts.
If you do not want Instagram to assign your data collected by our website, you must log-out from your Instagram account.
Further information may be obtained from Instagram’s data privacy declaration https://help.instagram.com/ .
Our website uses contents (video player and videos) of the Google-operated site YouTube. Operator of this site is YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.
If you visit one of our sites furnished with a YouTube plug-in, a connection to the YouTube servers is created. The YouTube server is informed on which sites you have visited.
Currentness of data and amendment of this data protection declaration
This data protection declaration is currently valid, as of June 2018.
By further processing our website and our offers or requirements due to amendments in legislation and/or requirements by authorities, it may be necessary to change this data protection declaration. You may call on and print the respective up-to-date data protection declaration at any time here: https://podbi344.de/privacy-policy-podbi344/