Privacy policy

With this privacy policy, we would like to inform you about the type, scope and purpose of the processing of personal data (hereinafter also referred to as "data"). Personal data is all data that has a personal reference to you, e.g. name, address, email address or your user behaviour. The privacy policy applies to all data processing operations carried out by us, both in the context of our core activities and for the online media we provide.

Responsible for data processing is:

Kinderarzt Frohnau
Davide Neri
Ludolfingerplatz 1b
13465 Berlin
Deutschland
0304110303
info[at]kinderarzt-frohnau.de
https://kinderarzt-frohnau.de/en/legal-notice

Processing of your data in the context of the healthcare services we provide

If you are our patient or business partner or are interested in our services, the type, scope and purpose of the processing of your data depends on the contractual or pre-contractual relationship existing between us. In this sense, the data processed by us includes all data that is or was provided by you for the purpose of utilising the contractual or pre-contractual services and that is required to process your enquiry or the contract concluded between us. Unless otherwise stated in the further information in this privacy policy, the processing of your data and its disclosure to third parties is limited to the data that is necessary and expedient to answer your enquiries and/or to fulfil the contract concluded between you and us, to protect our rights and to fulfil legal obligations. We will inform you which data is required for this before or during data collection. Insofar as we use third-party providers to provide our services, the data protection notices of the respective third-party providers apply.

Special categories of data

If you are a patient with us or make an enquiry with us because you are interested in the healthcare services we offer, so-called special categories of data may also be affected by the data processing. This includes, in particular, information about your health, possibly with reference to your sex life or sexual orientation, genetic and biometric data, as well as data revealing your racial or ethnic origin (Art. 9 para. 1 GDPR). We process this data exclusively for the purposes of your health care or to protect your vital interests. If we need the aforementioned data for purposes other than those mentioned above (preventive healthcare, protection of vital interests), we will inform you in detail before processing this data and then obtain your express consent.

If it is necessary to fulfil the contract concluded between us, to protect your vital interests or due to legal requirements, we will transfer your data to third parties, such as authorities, medical institutions, laboratories, billing offices and tax consultants, in compliance with our professional confidentiality requirements.

Data concerned:

Inventory data (e.g. names, addresses)

Payment data (e.g. bank details, invoices)

Contact data (e.g. email address, telephone number, postal address)

Contract data (e.g. subject matter of the contract, duration of the contract)

Special categories of personal data:

Health data
Genetic data
Biometric data
Data relating to sexual life or sexual orientation
Data revealing racial and ethnic origin

People concerned: Patients, interested parties, business and contractual partners

Processing purpose: Processing contractual services, communication and answering contact enquiries, office and organisational procedures

Legal basis: Contract fulfilment and pre-contractual enquiries, Art. 6 para. 1 lit. b GDPR, legal obligation, Art. 6 para. 1 lit. c GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR

Deletion: See the point: "When do we delete your data?". We would also like to draw your attention to the fact that we are legally obliged to keep patient files for a period of 10 years, § 630 f BGB. We must keep blood transfusions for 15 years and X-ray images for 30 years. Here you will find an overview of our obligations to retain your health data. In addition, potential liability for damages may make it necessary to retain your data until the 30-year limitation period has expired.

Your rights under the GDPR

According to the GDPR, you are entitled to the rights listed below, which you can assert at any time with the controller named in section 1 of this privacy policy:

Right to information: You have the right to request information from us as to whether and which of your data we process.

Right to rectification: You have the right to request the rectification of inaccurate data or the completion of incomplete data.

Right to erasure: You have the right to request the erasure of your data.

Right to restriction: In certain cases, you have the right to request that we only process your data to a limited extent.

Right to data portability: You have the right to request that we transfer your data to you or another controller in a structured, commonly used and machine-readable format.

Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. The supervisory authority of your usual place of residence, your workplace or our company headquarters is responsible.

Right of cancellation

You have the right to withdraw your consent to data processing at any time.

Right of objection

You have the right to object at any time to the processing of your data, which we base on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. If you exercise your right to object, we ask you to explain the reasons. We will then no longer process your personal data unless we can prove to you that there are compelling legitimate grounds for data processing that outweigh your interests and rights.

Irrespective of the above, you have the right to object to the processing of your personal data for advertising and data analysis purposes at any time.

Please address your objection to the contact address of the controller given above.

When do we delete your data?

We delete your data when we no longer need it or when you instruct us to do so. This means that - unless otherwise stated in the individual data protection notices in this privacy policy - we will delete your data,

if the purpose of the data processing has ceased to exist and thus the respective legal basis stated in the individual data protection notices no longer exists, e.g.

after termination of the contractual or membership relationship between us (Art. 6 para. 1 lit. a GDPR) or

after our legitimate interest in the further processing or storage of your data ceases to apply (Art. 6 para. 1 lit. f GDPR),

if you exercise your right of cancellation and no other legal basis for processing within the meaning of Art. 6 para. 1 lit. b-f GDPR applies,

if you make use of your right to object and there are no compelling legitimate grounds for erasure.

However, if we still need to retain (certain parts of) your data for other purposes, for example because tax retention periods (usually 6 years for business correspondence or 10 years for accounting documents) or the assertion, exercise or defence of legal claims arising from contractual relationships (up to four years) make this necessary or the data is needed to protect the rights of another natural or legal person, we will only delete (that part of) your data after these periods have expired. Until the expiry of these periods, however, we restrict the processing of this data to these purposes (fulfilment of retention obligations).

Cloud services

We use cloud services in particular

for storing and editing documents,

for sending documents by e-mail or exchanging files of any kind,

for our calendar appointment management,

for the preparation and execution of presentations and spreadsheets,

for the publication of files of any kind,

for internal and external communication via chats, audio and video conferences.

The software applications that we use for these purposes are made available to us by the provider(s) named below on their servers. We access these servers via the Internet. If you transmit your data to us in the context of communication with us or in other processes explained by us in this privacy policy, we process this data in the cloud service we use. This means that your data is stored on the servers of the third-party cloud service provider. The third-party providers process usage and metadata to secure their servers and optimise their services. In particular, we process and store your contact, customer and contract data.

If we make files of any kind publicly available via our internet presence using the cloud service we use, the respective third-party provider of the cloud service may store cookies on your computer system if you access these files. The service provider may process the data collected in this way in order to analyse your usage behaviour or your browser settings.

Please note that, depending on the country in which the service provider named below is based, the data specified below may be transferred to and processed on servers outside the European Union. In this case, there is a risk that the level of data protection prescribed by the GDPR will not be complied with and that the enforcement of your rights will be difficult or impossible. If the service provider we use offers data processing exclusively within the EU, we intend to process your data exclusively there, unless this has already been implemented.

Data concerned:

Inventory data (e.g. names, addresses),
Contact data (e.g. email addresses, telephone and mobile phone numbers)
Content data (e.g. photos, videos, texts),
Usage data (e.g. times of access, websites visited, interest in content),
Metadata (e.g. IP address, computer system information)

People concerned: Interested parties, communication partners, customers, employees (e.g. applicants, current and former employees)

Purpose of processing: Organisation of office and administrative tasks

Legal basis: Consent, Art. 6 para. 1 lit. a GDPR, contract fulfilment and pre-contractual enquiries, Art. 6 para. 1 lit. b GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR

Cloud service providers used:

Tomedo.CloudBackup
Service provider: zollsoft GmbH, Ernst-Haeckel-Platz 5/6, 07745 Jena, Germany
Website:
https://tomedo.de/cloud-backup/
Privacy policy:
https://tomedo.de/datenschutz/

ImpfpassDE
Service provider: GZIM – Gesellschaft zur Förderung der Impfmedizin mbH, Hufelandstr. 19, D-10407 Berlin – Germany
Website:
https://impfpass.de
Privacy policy:
https://impfpass.de/datenschutzerklaerung/

Arzt-Direkt App
Service provider: zollsoft GmbH, Ernst-Haeckel-Platz 5/6, 07745 Jena, Germany

Website:
https://arzt-direkt.de/arzt-direkt-app/

Privacy policy:
https://arzt-direkt.de/datenschutz/

Cookies

Our website uses cookies. Cookies are small text files consisting of a series of numbers and letters that are stored on the device you are using. Cookies are primarily used to exchange information between the device you are using and our website. This includes, for example, the language settings on a website, the login status or the location where a video was watched.

Two types of cookies are used when you visit our website:

Temporary cookies (session cookies): These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. The session cookies are deleted when you log out or close your browser.

Permanent cookies: Permanent cookies remain stored even after the browser is closed. This allows our website to recognise your computer when you return to our website. Information on language settings or log-in information, for example, is stored in these cookies. These cookies can also be used to document and store your surfing behaviour. This data can be used for statistical, marketing and personalisation purposes.

In addition to the above categorisation, cookies can also be differentiated according to their purpose:

Necessary cookies: These are cookies that are absolutely necessary for the operation of our website in order to save logins or shopping baskets for the duration of your session or cookies that are set for security reasons.

Statistics, marketing and personalisation cookies: These are cookies that are used for analysis purposes or to measure reach. Such "tracking" cookies can be used in particular to store information on search terms entered or the frequency of page views. In addition, the surfing behaviour of an individual user (e.g. viewing certain content, use of functions, etc.) can also be stored in a user profile. Such profiles are used to display content to users that corresponds to their potential interests. If we use services that store cookies on your end device for statistical, marketing and personalisation purposes, we will inform you about this separately in the following sections of our privacy policy or when obtaining your consent.

Data concerned:

Usage data (e.g. access times, websites clicked on)
Communication data (e.g. information about the device used, IP address).

People concerned: Users of our online services

Purpose of processing: Displaying our website, ensuring the operation of our website, improving our website, communication and marketing

Legal basis:

Legitimate interest, Art. 6 para. 1 lit. f GDPR

If we do not obtain your consent to the setting of cookies, we base the processing of your data on our legitimate interest in improving the quality and user-friendliness of our website, in particular the content and functions. You can use the security settings of your browser to object to the use of cookies set by us within the scope of our legitimate interest. There you can specify whether you do not accept cookies from the outset or only accept them on request, or whether you want cookies to be deleted every time you close your browser. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

Consent, Art. 6 para. 1 lit. a GDPR

If we ask you to allow us to place certain cookies on your end device before you visit our website and you consent to this, the legal basis is to be seen in the consent you have given. As part of your consent, we will inform you which cookies we set in detail. If you do not give this consent, only the so-called technically necessary cookies that are required for the proper operation of our website and its display in your browser will be set. If you have consented to the setting of cookies, you have the option to withdraw your consent at any time.

Webhosting

To maintain our website, we use a provider on whose server our website is stored and made available for retrieval on the Internet (hosting). The provider may process all data transmitted via the browser you use that is generated when you use our website. This includes in particular your IP address, which the provider requires in order to be able to deliver our online offer to the browser you are using, as well as all entries you make via our website. In addition, the provider we use can collect

the date and time of access to our website

Time zone difference to Greenwich Mean Time (GMT)

Access status (HTTP status)

the amount of data transferred

the Internet service provider of the accessing system

the type of browser you are using and its version

the operating system you are using

the website from which you may have reached our website

the pages or sub-pages that you visit on our website.

The aforementioned data is stored as log files on the servers of our provider. This is necessary to ensure the stability and security of the operation of our website.

Data concerned:

Content data (e.g. posts, photos, videos)
Usage data (e.g. access times, websites clicked on)
Communication data (e.g. information about the device used, IP address)

People concerned: Users of our website

Purpose of processing: Displaying our website, ensuring the operation of our website

Legal basis: Legitimate interest, Art. 6 para. 1 lit. f GDPR

Web host(s) commissioned by us:

Hetzner Online
Service provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen
Website:
https://www.hetzner.de/
Privacy policy:
https://www.hetzner.de/rechtliches/daten...

Contact

If you contact us via e-mail, social media, telephone, fax, post, our contact form or in any other way and provide us with personal data such as your name, telephone number or e-mail address or provide further information about yourself or your request, we will process this data to answer your enquiry within the framework of the pre-contractual or contractual relationship existing between us.

Data concerned:

Inventory data (e.g. names, addresses)
Contact data (e.g. e-mail address, telephone number, postal address)
Content data (texts, photos, videos)
Contract data (e.g. subject matter of the contract, duration of the contract)

People concerned: Interested parties, customers, business and contractual partners

Purpose of processing: Communication and answering contact enquiries, office and organisational procedures

Legal basis: Contract fulfilment and pre-contractual enquiries, Art. 6 para. 1 lit. b GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR

Details of the third-party provider we use:

Arzt-Direkt App
Service provider: zollsoft GmbH, Ernst-Haeckel-Platz 5/6, 07745 Jena, Germany

Website:
https://arzt-direkt.de/arzt-direkt-app/

Privacy policy:
https://arzt-direkt.de/datenschutz/

The handling of your data in the application process

If you apply to us, we process the personal data you provide to us in the application process, such as your name, address, place of residence, age, application photo, e-mail and telephone number, professional background including schools, training, studies. If you send the data by e-mail or via a contact form on our online presence, it will be processed electronically. If you send your application via the contact form, the transmission of your data is encrypted according to the state of the art. If you send your data by e-mail, we would like to point out that the transmission is usually unencrypted. If an employment contract is concluded following the application process, we will store your data for the purpose of processing the employment relationship in compliance with the statutory provisions.

Data concerned:

Inventory data (e.g. names, addresses)
Payment data (e.g. bank details, invoices)
Contact data (e.g. email address, telephone number, postal address)
Contract data (e.g. subject matter of the contract, duration of the contract)

People concerned: Applicants and candidates

Processing purpose: Processing of the application procedure

Legal basis: Contract fulfilment and pre-contractual enquiries, Art. 6 para. 1 lit. b GDPR, legal obligation, Art. 6 para. 1 lit. c GDPR

Deletion: If no employment contract is concluded, your data will be deleted after completion of the application process or at the latest 2 months after its completion. This does not apply if legal provisions prevent the deletion or if the further storage of your data is necessary for the purpose of providing evidence, for example in proceedings under the General Equal Treatment Act (AGG). The application process is deemed to be completed when the rejection is sent to you.

Rating seal

To give you an initial impression of the quality of our offers and services, we use the rating seal (also known as the rating widget) integrated on our website to display a selection of ratings from our customers and the overall score calculated from all the ratings. If you click on the widget, you will be redirected to the website of the respective provider. There you can call up all the reviews of our offer. You also have the opportunity to rate us there.

The provider's seal integrated on our website is played via an interface from the respective provider's server. For this purpose, a data connection to the provider's server is established when you visit our website. This provides the provider with certain data that is required to display the content of the widget to your browser. This includes the IP address assigned to you and other access data.

Data concerned:

Usage data (e.g. access times, websites clicked on)
Communication data (e.g. information about the device used, IP address).

People concerned: Customers, users of our website

Processing purpose: Obtaining customer feedback and marketing based on interests and behaviour

Legal basis: Consent, Art. 6 para. 1 lit. a GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR

We use the following rating seals:

Jameda
Service provider: jameda GmbH, St.-Cajetan-Str. 41, 81669 München
Website:
https://www.jameda.de/
Privacy policy:
https://www.jameda.de/jameda/datens...

Our online presence on social networks

We operate online presences within the social networks listed below. If you visit one of these presences, the data listed below will be collected and processed by the respective provider. As a rule, this data is collected for advertising and market research purposes and user profiles are created. Data can be stored in the user profiles regardless of the device you use. This is particularly the case if you are a member of the respective platform and are logged in to it. The user profiles can be used by the providers to display interest-based advertising to you. You have a right of cancellation against the creation of user profiles. To exercise this right, you must contact the respective provider.

If you have an account with one of the providers listed below and are logged in there when you visit our website, the respective provider may collect data about your usage behaviour on our website. To prevent your data from being linked in this way, you can log out of the provider's service before visiting our site.

You can find out for what purpose and to what extent data is collected by the provider in the respective data protection declarations of the providers provided below.

We would like to point out that, depending on the country of domicile of the provider named below, the data collected via its platform may be transferred and processed outside the European Union. In this case, there is a risk that the level of data protection prescribed by the GDPR will not be complied with and that the enforcement of your rights will be difficult or impossible.

Data concerned:

Inventory and contact data (e.g. name, address, telephone number, email address)
Content data (e.g. posts, photos, videos)
Usage data (e.g. access times, websites clicked on)
Communication data (e.g. information about the device used, IP address).

Processing purpose: Communication and marketing, tracking and analysis of user behaviour

Legal basis: Consent, Art. 6 para. 1 lit. a GDPR, legitimate interests Art. 6 para. 1 lit. f GDPR

Opposition options: We refer to the following linked information from the providers regarding the respective options for objection (opt-out).

We maintain online presences on the following social networks:

Facebook
Service provider: Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA
Registered office in the EU: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Website:
https://www.facebook.com/
Privacy policy:
https://www.facebook.com/about/privacy/
Privacy policy for Facebook pages:
https://www.facebook.com/legal/terms/infor...

Instagram
Service provider: Instagram Inc, 1601 Willow Road, Menlo Park CA 94025, USA
Parent company: Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA
Registered office in the EU: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Website:
https://www.instagram.com/
Privacy policy:
http://instagram.com/about/legal/privacy

LinkedIn
Service provider: LinkedIn Corporation, 1000 W Maude, Sunnyvale, CA 94085, USA
Registered office in Germany: LinkedIn, Hofstatt 4th Floor, Sendlinger Str. 12, 80331 Munich, Germany
Website:
https://www.linkedin.com/?trk=nav_logo
Privacy policy:
https://www.linkedin.com/legal/privacy....

Online meetings, video conferences and screen sharing

We use third-party services to facilitate online meetings, video and/or audio conference calls and online seminars between employees and with interested parties or customers. If you communicate with us via such a service, the data collected in this communication process will be processed both by us and by the third-party provider. The data that may arise in such a communication process includes, in particular, your login and contact details, contributions in the chat window, your video and audio contributions and shared screen content. The data processed by the third-party providers we use primarily includes user data and metadata (e.g. IP address, computer system information). As a rule, the third-party providers process this data in order to check and guarantee the security of the service. In addition, findings from data processing are used to optimise the third-party provider's offering and to carry out corresponding marketing measures. Please refer to the data protection information of the third-party provider in this regard.

We would like to point out that, depending on the country of domicile of the service provider named below, the data collected via the service may be transferred and processed outside the European Union. In this case, there is a risk that the level of data protection prescribed by the GDPR will not be complied with and that the enforcement of your rights will be difficult or impossible.

Data concerned:

Inventory data (e.g. names, addresses)
Contact details (e.g. e-mail address, telephone number)
Shared content (e.g. photos, videos, texts, audio recordings)
User data (e.g. times of access, websites visited, interest in content)
Meta and communication data (e.g. IP address, computer system information)

People concerned: Interested parties, customers, communication partners

Purpose of processing: Processing of contact enquiries, internal and external communication with employees as well as interested parties and customers, fulfilment of our contractual services, service offering

Legal basis: Consent, Art. 6 para. 1 lit. a GDPR, contract fulfilment and pre-contractual enquiries, Art. 6 para. 1 lit. b GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR

Services we use:

Arzt-Direkt App
Service provider: zollsoft GmbH, Ernst-Haeckel-Platz 5/6, 07745 Jena, Germany

Website:
https://arzt-direkt.de/arzt-direkt-app/

Privacy policy:
https://arzt-direkt.de/datenschutz/

Safety measures

We also take state-of-the-art technical and organisational security measures to comply with the provisions of data protection laws and to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties.

Up-to-dateness and amendment of this privacy policy

This privacy policy is currently valid and is dated April 2024. Due to changes in legal or regulatory requirements, it may be necessary to adapt this privacy policy.

This privacy policy was created with the help of the SOS Recht data protection generator. SOS Recht is a service provided by Mueller.legal Rechtsanwälte Partnerschaft based in Berlin.