Data protection

In accordance with the statutory provisions of data protection law (in particular the Federal Data Protection Act (BDSG) as amended and the European General Data Protection Regulation (GDPR, German law: ‘DS-GVO’), we would like to inform you about the nature, scope and purpose of the processing of personal data by our practice. This data protection declaration applies to our websites, online and app appointments and video consultations. Concerning the definition of terms such as “personal data” or “processing”, we refer to Art. 4 DS-GVO.

Our responsible party (hereinafter “Responsible Party”) within the meaning of Art. 4 no. 7 DS-GVO is:

Dr. med. Christiane Handrick
Marienstrasse 25
10117 Berlin
Germany

Phone: +49 (0) 30 24 11 03 1

In the following, we inform you about the type, scope and purpose of the collection, processing and use of personal data.

1. Types of data we process
   Usage data (access times, websites visited etc.), inventory data (name, address etc.), contact data (telephone number, e-mail, fax etc.), communication data (IP address etc.).
2. Purposes of processing per Art. 13 para. 1 c) DS-GVO
   Technical and economic optimisation of the website; providing easy access to the website; complying with statutory storage obligations; improving the user experience; providing the website with functions and content; security measures; uninterrupted and secure operation of our website.
3. Categories of data subjects per Art. 13 para. 1 e) DS-GVO
   Visitors/users of the website, patients, interested parties. The persons concerned are collectively referred to as “users”.

In the following, we inform you about the legal basis for the processing of personal data:

1. If we have obtained your consent to process personal data, Art. 6 para. 1 s. 1 lit. a) DS-GVO is the legal basis.
2. If the processing is necessary for the performance of a contract or the implementation of pre-contractual measures taken in response to your request, Article 6 para. 1 s. 1 lit. b) DS-GVO is the legal basis.
3. If the processing is necessary for the fulfilment of a legal obligation to which we are subject (e.g. statutory storage obligations), Art. 6 para. 1 s. 1 lit. c) DS-GVO is the legal basis.
4. If the processing is necessary to protect the vital interests of the data subject or another natural person, Article 6 para. 1 s. 1 lit. d) of the DS-GVO is the legal basis.
5. If the processing is necessary to safeguard our interests or the legitimate interests of a third party and your interests or fundamental rights and freedoms do not prevail in this respect, Art. 6 para. 1 s. 1 lit. f) DS-GVO is the legal basis.

As a matter of principle, we do not pass on any data to third parties without your consent. Should this be the case, however, the transfer will be made on the basis of the aforementioned legal bases, e.g. when data is transferred due to a court order, or due to a legal obligation to release the data for the purpose of criminal prosecution, danger prevention or to enforce intellectual property rights.

We also use contract processors (external service providers, e.g. for web hosting of our website and databases) to process your data. If data is passed on to the processors as part of an agreement for order processing, this is always done in accordance with Art. 28 DS-GVO. We select our contract processors carefully, check them regularly and have been granted the right to issue instructions regarding the data. Also, the processors must have taken suitable technical and organisational measures and must comply with the data protection regulations in accordance with BDSG and DS-GVO.

The adoption of the European General Data Protection Regulation (GDPR/DS-GVO) has created a uniform basis for data protection in Europe. Your data will therefore be processed mainly by companies to which the DS-GVO applies. If, however, the processing is carried out by services of third parties outside the European Union or the European Economic Area, they must comply with the particular requirements of Art. 44 ff. DS-GVO. Hence, the processing is carried out based on certain guarantees, such as the EU Commission’s officially recognised determination of a level of data protection corresponding to that of the EU or compliance with officially recognised outstanding contractual obligations, the so-called “standard contractual clauses”.

Insofar as we obtain your express consent to the transfer of data to the USA due to the invalidity of the so-called “Privacy Shield” in accordance with Art. 49 para. 1 s. 1 lit. a) DS-GVO, we draw your attention to the risk of secret access by US authorities and the use of the data for monitoring purposes, if necessary without any legal remedies for EU citizens.

Unless expressly stated in this data protection declaration, your personal data will be deleted or blocked as soon as the consent granted for processing is revoked by you or the purpose for storing the data no longer applies or the data is no longer required for the purpose; unless further storage of the data is required for evidence purposes or this is contrary to statutory storage obligations. It includes, for example, commercial law obligations to retain business letters in accordance with § 257 para. 1 of the German Commercial Code (6 years) and tax law obligations to retain documents in accordance with § 147 para. 1 of the German Tax Code (10 years). When the prescribed retention period expires, your data will be blocked or deleted; unless storage is still required for the conclusion or fulfilment of a contract.

We do not use automatic decision making or profiling.

1. If you use our website for informational purposes only (i.e. without registering or otherwise transmitting information), we only collect the personal data that your browser sends to our server. If you wish to view our website, we collect the following data:
   • Referrer (previously visited website);
   • Requested web page or file;
   • Browser type and version;
   • Operating system used;
   • Type of device used;
   • Time of access;
   • The IP address in an anonymous form (used only to determine the location of access).

   This data will not be stored together with other personal data about you.

2. These data serve the purpose of user-friendly, functional and secure delivery of our website to you with functions and contents as well as their optimisation and statistical evaluation.
3. The legal basis for this is our justified interest in data processing in accordance with Art. 6 para. 1 s.1 lit. f) DS-GVO, which is also based on the purposes as mentioned above.
4. For security reasons, we store this data in server log files for a storage period of 8 weeks. After this period has elapsed, they are automatically deleted, unless we require their storage for evidence purposes in the event of attacks on the server infrastructure or other legal infringements.

This information is taken from the details provided by our hosting service provider IONOS, which collects this data as standard (IONOS data protection information on web hosting and web analysis).

List of cookies used on this site, updated daily by the Cookie Consent Crawler of ConsentManager.net:

1. We use so-called cookies when you visit our website. Cookies are small text files that your internet browser places and saves on your computer. When you revisit our website, these cookies provide information to automatically recognise you. Cookies also include the so-called “user IDs”, whereby user details are stored using pseudonymised profiles. When you call up our website, we will inform you about the use of cookies for the purposes as mentioned above and how you can object to or prevent their storage (“opt-out”) by referring to our data protection declaration.
   The following types of cookies are distinguished:
   • Necessary, essential cookies: Essential cookies are cookies that are absolutely necessary for the operation of the website in order to save certain functions of the website such as logins, shopping cart or user entries, e.g. regarding the language of the website.
   • Session-Cookies: Session-Cookies are needed to recognise multiple uses of an offer by the same user (e.g. if you have logged in to determine your login status). When you revisit our site, these cookies provide information to automatically recognise you. The information obtained in this way is used to optimise our offers and make it easier for you to access our site. When you close the browser or log out, the session cookies are deleted.
   • Persistent cookies: These cookies remain stored even after the browser is closed. They are used to save the login, to measure reach and for marketing purposes. They are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
   • Third-party cookies (especially from advertisers): You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. However, we would like to point out at this point that you may then not be able to use all functions of this website. You can read more about these cookies in the respective data protection declarations of the third-party providers.
2. Categories of data: User data, cookie, user ID (including the pages visited, device information, access times and IP addresses).
3. Purposes of processing: The information obtained in this way serves the purpose of optimising our web offers both technically and economically and of enabling you to access our website more easily and securely.
4. Legal basis: If we process your personal data with the aid of cookies based on your consent (“opt-in”), the legal basis is Article 6 para. 1 s. 1 lit. a) DS-GVO. Otherwise, we have a legitimate interest in the effective functionality, improvement and economic operation of the website, so that in this case, Art. 6 para. 1 s. 1 lit. f) DS-GVO is the legal basis. The legal basis is also Art. 6 para. 1 s. 1 lit. b) DS-GVO if the cookies are set to initiate a contract, e.g. when orders are placed.
5. Duration of storage/deletion: Data are deleted as soon as they are no longer necessary for the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the session in question has ended; otherwise, cookies are stored on your computer and transmitted by it to our site. Therefore, you, as a user, also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies for our website are deactivated, it may not be possible to use all the functions of the website to their full extent.
   Here you will find information on the deletion of cookies by browser:

   Chrome:https://support.google.com/chrome/answer/95647
   Safari: https://support.apple.com/de-at/guide/safari/sfri11471/mac
   Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen
   Internet Explorer: https://support.microsoft.com/de-at/help/17442/windows-internet-explorer-delete-manage-cookies
   Microsoft Edge: https://support.microsoft.com/de-at/help/4027947/windows-delete-cookies

6. Objection and “Opt-Out”: You can generally prevent cookies from being saved on your hard drive, regardless of consent or legal permission, by selecting “do not accept cookies” in your browser settings. However, this can result in a functional restriction of our offers. You can object to the use of third-party cookies for advertising purposes employing a so-called “opt-out” via this American website (https://optout.aboutads.info) or this European website (http://www.youronlinechoices.com/de/praferenzmanagement/).
   Edit or reject cookie settings:

   https://www.praxis-handrick.de/#

1. If you contact us by fax, post or e-mail, your data will be used to process your contact request.
2. The legal basis for the processing of the data is Art. 6 para. 1 s. 1 lit. a) DS-GVO if you have given your consent. The legal basis for the processing of data transmitted in the course of a contact enquiry or e-mail, letter or fax is Art. 6 para. 1 s. 1 lit. f) DS-GVO. The person responsible has a legitimate interest in the processing and storage of the data in order to be able to answer users’ enquiries, to secure evidence for liability reasons and, if necessary, to be able to comply with his legal obligations to retain business letters. If the contact aims at the conclusion of a contract, an additional legal basis for processing is Art. 6 para. 1 s. 1 lit. b) DS-GVO.
3. We may store your details and contact request in our Customer Relationship Management System (“CRM System”) or similar system.
4. The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. For personal data sent by e-mail, this is the case when the respective conversation with you has ended. The conversation ends when it is clear from the circumstances that the matter in question has been finally clarified. In the case of legal archiving obligations, deletion takes place after their expiry: end of commercial (6 years) and tax (10 years) retention obligation.
5. You have the option of withdrawing your consent to the processing of personal data at any time in accordance with Art. 6 para. 1 s. 1 lit. a) DS-GVO. If you contact us by e-mail, you can object to the storage of your personal data at any time.

1. When you contact us by phone, your phone number is processed for the purpose of processing the contact request and its handling and is temporarily stored or displayed in the RAM/cache of the telephone set/display. The storage serves for liability and security reasons in order to be able to provide proof of the call as well as for economic reasons to enable a callback. In the case of unauthorised advertising calls, we block the phone numbers.
2. The legal basis for the processing of the telephone number is Art. 6 para. 1 s. 1 lit. f) DS-GVO. If the contact is aimed at the conclusion of a contract, the additional legal basis for processing is Article 6 para. 1 lit. b) DS-GVO.
3. The device cache saves the calls and successively overwrites or deletes old data. When the device is disposed of, all data is deleted, and the memory is destroyed if necessary. Locked telephone numbers are checked annually to determine whether they need to be locked.
4. You can prevent the phone number from being displayed by calling with the phone number suppressed.

1. The two services we use, “Appointment online” and “Appointment with app” (see following sections) require the creation of a “CGM LIFE Account”. (Provider: CompuGroup Medical Deutschland AG, Amtsgericht Koblenz HRB 22901, Maria Trost 21, 56070 Koblenz, Germany).
2. Data category and description of data processing: personal data (title, full name, date of birth, health insurance data, telephone number, e-mail address), usage data (appointments). The use of the CGM LIFE account is optional concerning our services and is carried out independently of our website on the servers of CompuGroup Medical Deutschland AG. If you use the “Appointments online” or the “CLICKDOC App”, you use the CGM LIFE account after your registration there. All data entries in this context are made on the servers of CompuGroup Medical Deutschland AG. The data listed above are transmitted to us from the servers of CompuGroup Medical Deutschland AG if you, as our patient, wish to make use of our services.
   We would like to point out that CompuGroup Medical Deutschland AG collects, stores and uses other data that is not available to us. For further information, please refer to the documents linked under 8) of the data protection declaration and the user agreements of CompuGroup Medical Deutschland AG.
3. Purpose of the processing: Fulfilment of the service (making appointments), user-friendly service design through integration into our website.
4. Legal basis: If you have given your consent for the processing of your personal data in the course of registering your “CGM LIFE Account” with the third-party provider, then Art. 6 para. 1 s. 1 lit. a) DS-GVO is the legal basis. In addition, the legal basis is our justified interest in data processing in accordance with Art. 6 para. 1 s.1 lit. b) DS-GVO, which lies in the purposes as mentioned above.
5. Data transmission/recipient category: Third-party providers in Germany.
6. Storage duration: Cookies are stored until you delete them. Data for technical operation is only stored for as long as it is technically necessary, but at the latest after the termination of your contract with CompuGroup Medical Deutschland AG. Data collected during the use of the online services will be deleted within 30 days at the latest. IP addresses are generally not stored. These data are locally encrypted and decrypted with the CGM LIFE ID, transmitted in encrypted form and stored in encrypted form on servers of CompuGroup Medical Deutschland AG in Germany.
7. Possibility of objection and rectification: You have the right to revoke all consents granted to CompuGroup Medical Deutschland AG. Therefore, please address yourself directly to the data protection officer named in the data protection declaration of CompuGroup Medical Deutschland AG.
8. For details, please refer to the CGM-LIFE Account Privacy Policy and User Agreement:
   Privacy policy: https://de.cgmlife.com/AWS/eu-inventory/Datenschutzerklaerung-CGM_3_0_2.pdf
   User agreement: https://de.cgmlife.com/AWS/eu-inventory/Nutzungsvereinbarung-CGM-LIFE-Konto_April_2018.pdf

1. We have integrated CGM LIFE eServices on our website via iFrame on the following page: https://www.praxis-handrick.de/en/appointments/online/ (Provider: CompuGroup Medical Deutschland AG, Amtsgericht Koblenz HRB 22901, Maria Trost 21, 56070 Koblenz, Germany).
2. Data category and description of data processing: personal data (full name, date of birth, health insurance data, telephone number, e-mail address), usage data (appointments). The use of CGM LIFE eServices is optional and takes place independently of our website on the servers of CompuGroup Medical Deutschland AG. If you fill in forms within the iFrames, pass on data or move within the iFrames, you are no longer on our site. All data entries are made on the servers of CompuGroup Medical Deutschland AG. The data listed above are transmitted to us from the servers of CompuGroup Medical Deutschland AG.
   We would like to point out that CompuGroup Medical Deutschland AG collects, stores and uses other data that is not available to us. For further information, please refer to the documents linked under 8) of the data protection declaration and the user agreements of CompuGroup Medical Deutschland AG.
3. Purpose of the processing: Fulfilment of the service (making appointments), user-friendly service design through integration into our website.
4. Legal basis: If you have given your consent for the processing of your personal data in the course of registering your “CGM LIFE Account” with the third-party provider, then Art. 6 para. 1 s. 1 lit. a) DS-GVO is the legal basis. In addition, the legal basis is our justified interest in data processing in accordance with Art. 6 para. 1 s.1 lit. b) DS-GVO, which lies in the purposes as mentioned above.
5. Data transmission/recipient category: Third-party providers in Germany.
6. Storage duration: Cookies are stored until you delete them. Data for technical operation is only stored for as long as it is technically necessary, but at the latest after the termination of your contract with CompuGroup Medical Deutschland AG. Data collected during the use of the online services will be deleted within 30 days at the latest. IP addresses are generally not stored. These data are locally encrypted and decrypted with the CGM LIFE ID, transmitted in encrypted form and stored in encrypted form on servers of CompuGroup Medical Deutschland AG in Germany.
7. Possibility of objection and rectification: You have the right to revoke all consents granted to CompuGroup Medical Deutschland AG. Therefore, please address yourself directly to the data protection officer named in the data protection declaration of CompuGroup Medical Deutschland AG.
8. Details can be found in the CLICKDOC App Privacy Policy and User Agreement:
   Privacy policy: https://de.cgmlife.com/AWS/eu-inventory/20-06-16_Datenschutzerklaerung_CLICKDOC.pdf
   User agreement: https://de.cgmlife.com/AWS/eu-inventory/19-05-05_Nutzungsvereinbarung_CLICKDOC.pdf

1. We recommend downloading and installing the “CLICKDOC” app on our website on the following page: https://www.praxis-handrick.de/en/appointments/app/ (Provider: CGM Mobile Services GmbH, Amtsgericht Koblenz HRB 25321, Maria Trost 21, 56070 Koblenz, Germany).
2. Data category and description of data processing: personal data (full name, date of birth, health insurance data, telephone number, e-mail address), usage data (appointments). With the CLICKDOC app, patients can use mobile devices (smartphones and tablets) to make appointments with us independent of time. The use of the app is optional and is independent of our website. If you use the CLICKDOC App, the data mentioned above will be transmitted to us from the servers of CGM Mobile Services GmbH.
   We point out that CGM Mobile Services GmbH collects, stores and uses further data which are not available to us. For further information, please refer to the 8) linked documents of the data protection declaration and the user agreements of CompuGroup Medical Deutschland AG.
3. Purpose of the processing: Fulfilment of the service (making appointments), user-friendly service design.
4. Legal basis: If you have given your consent for the processing of your personal data in the course of registering your “CGM LIFE Account” with the third-party provider, then Art. 6 para. 1 s. 1 lit. a) DS-GVO is the legal basis. In addition, the legal basis is our justified interest in data processing in accordance with Art. 6 para. 1 s. 1 lit. b) DS-GVO, which lies in the purposes as mentioned above.
5. Data transmission/recipient category: Third-party providers in Germany.
6. Storage duration: Cookies are stored until you delete them. Data for the technical operation are only kept as long as it is technically necessary, at the latest however after the cancellation of your contract with CGM Mobile Services GmbH.
   Data, which are collected during the use of the online services, are deleted within 30 days at the latest. IP-addresses are usually not stored. These data are locally encoded and decoded with the CGM LIFE ID, transmitted encoded and stored encoded on servers of CGM Deutschland AG in Germany.
7. Objection and removal possibility: You have the right to revoke all given consents towards CGM Mobile Services GmbH. Therefore, please address yourself directly to the data protection officer named in the data protection declaration of CGM Mobile Services GmbH.
8. Details can be found in the CLICKDOC App Privacy Policy and User Agreement:
   Privacy policy: https://de.cgmlife.com/AWS/eu-inventory/20-06-16_Datenschutzerklaerung_CLICKDOC.pdf
   User agreement: https://de.cgmlife.com/AWS/eu-inventory/19-05-05_Nutzungsvereinbarung_CLICKDOC.pdf

1. As part of our services we offer “CGM ELVI” for our video consultation hours on the following page: https://www.praxis-handrick.de/en/appointments/video/ (Provider: La-Well Systems GmbH / a company of CompuGroup Medical Deutschland AG, Amtsgericht Bad Oeynhausen HRB 7231, Hartwig-Mildenberg-Str. 5-9, 32257 Bünde, Germany).
2. Data category and description of data processing: personal data (full name, date of birth, health insurance data, telephone number, e-mail address), usage data (appointments). With CGM ELVI, video consultation hours, i.e. audiovisual communication transmissions between doctor and patient can be arranged and carried out. The use of the service is optional and is independent of our website.
   To establish the video session using the CGM ELVI, the doctor’s IP address and that of his patients/guests is transmitted to the server of La-Well Systems GmbH. The IP address is not stored persistently.
   In a video session using CGM ELVI, the video and voice transmission, the transmission of messages via chat and screen sharing takes place as an SSL-encrypted peer-to-peer connection, i.e. directly between the participants without an intermediate server. There is no storage or recording of these data.
   We would like to point out that La-Well Systems GmbH collects, stores and uses further data which is not available to us. For further information, please refer to the documents linked under 8) of the data protection declaration and the user agreements of La-Well Systems GmbH.
3. Purpose of the processing: Fulfilment of the service (making appointments), user-friendly service design.
4. Legal basis: If you have given your consent for the processing of your personal data in the course of registering your “CGM LIFE Account” with the third-party provider, then Art. 6 para. 1 s. 1 lit. a) DS-GVO is the legal basis. In addition, the legal basis is our justified interest in data processing in accordance with Art. 6 para. 1 s. 1 lit. b) DS-GVO, which lies in the purposes as mentioned above.
5. Data transmission/recipient category: Third-party providers in Germany.
6. Storage duration: Cookies are stored until you delete them. Data for technical operation is only kept as long as it is technically necessary, but at the latest after the termination of your contract with La-Well Systems GmbH or, if you have a CGM LIFE account, after termination with CompuGroup Medical Deutschland AG. When using the whiteboard within CGM ELVI, the uploaded files are temporarily stored in encrypted form on the server of La-Well Systems GmbH. The files are deleted after the video session has ended.
7. Possibility of objection and removal: You have the right to revoke all consents granted to La-Well Systems GmbH. Please, therefore contact the data protection officer named in the La-Well Systems GmbH data protection declaration directly.
8. For details, please refer to the CGM ELVI Privacy Policy and User Agreement:
   Privacy policy: Privacy policy for CGM ELVI
   User Agreement: User agreement for patients and guests of the CLICKDOC VIDEOSPRECHSTUNDE and the CGM ELVI

1. For the link to the app download via QR code on our website: https://www.praxis-handrick.de/en/appointments/app/ we use the QR code generator of a third party service provider (Provider: qr1°at, Wirtschaftskammer Wien, ATU66255429, Deublergasse 37, 1210 Vienna, Austria).
2. Data category and description of the data processing: usage data (server logging: IP address, user agent, request parameters, time stamp). By scanning the QR code a request is sent to the server of qr1°at. Depending on the type of the scanning device, the user’s request is forwarded either to the Apple AppStore or to Google Play.
3. Purpose of processing: User-friendly service design.
4. Legal basis: By scanning the QR code, the user gives his/her consent to the processing of the above-mentioned data; Art. 6 para. 1 s. 1 letter a) DS-GVO is therefore the legal basis.
5. Data transmission/recipient category: Third-party provide in Austria.
6. Storage duration: The duration of data storage at qr1°at can be found in the company’s data protection declaration: https://qr1.at/privacy
7. Possibility of objection and removal: You have the right to revoke all consents given to qr1°at. Please therefore address yourself directly to the data protection officer named in the qr1°at data protection declaration.
8. Details can be found in the CGM ELVI Privacy Policy and User Agreement:
   Privacy policy: https://qr1.at/privacy
   User agreement: https://qr1.at/tos

1. We have linked maps from “Google Maps” on our website on the following page: https://www.praxis-handrick.de/en/directions/. (Provider: Google Ireland Limited, Registernr.: 368047, Gordon House, Barrow Street, Dublin 4, Irland)
2. Data category and description of data processing: usage data (e.g. IP, location, page accessed). With Google Maps, we can display the location of addresses and a description of how to get there in interactive maps and enable you to use this tool. When you click on the link within our website, a connection to the Google servers in the USA is established. Your IP and location can be transmitted to Google. Google also receives the information that you have called up the corresponding page. This also takes place without a user account with Google. If you are logged into your Google account, Google can assign the above data to your account. If you do not wish to do this, you must log out of your Google account. Google creates user profiles from such data and uses these data for the purpose of advertising, market research or optimisation of its websites.
3. Purpose of processing: To provide a user-friendly, economical and optimised website.
4. Legal basis: If you have given your consent (“opt-in”) for the processing of your personal data using “Google Maps” by the third-party provider, Art. 6 para. 1 s. 1 lit. a) DS-GVO is the legal basis. The legal basis is also our legitimate interest in data processing for the above purposes in accordance with Art. 6 para. 1 s. 1 letter f) DS-GVO.
5. Data transmission/recipient category: Third-party providers in the USA.
6. Storage duration: Cookies up to 6 months, or until you delete them. Otherwise, as soon as they are no longer needed for processing purposes.
7. Possibility of objection and removal: You have a right of objection to Google against the creation of user profiles. Therefore, please contact Google directly via the data protection declaration mentioned below. You can make an opt-out objection regarding advertising cookies here in your Google Account:
   https://adssettings.google.com/authenticated.
8. Please refer to the Google Maps Terms of Use at https://www.google.com/intl/de_de/help/terms_maps.html and the Google Advertising Privacy Policy at https://policies.google.com/technologies/ads for more information on the use of Google cookies and their advertising technologies, storage duration, anonymisation, location data, functionality and your rights. Google’s general privacy policy: https://policies.google.com/privacy.

As the person concerned, you have the right to complain to the competent supervisory authority in the event of a breach of data protection law. The competent supervisory authority concerning data protection issues is the State Data Protection Commissioner of the federal state in which our company is based. The following link provides a list of the data protection officers and their contact details:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

1. Objection or revocation against the processing of your data

   Insofar as the processing is based on your consent according to Art. 6 para. 1 s. 1 letter a), Art. 7 DS-GVO, you have the right to revoke your consent at any time. It does not affect the lawfulness of the processing carried out based on the consent until revocation.
   Insofar as we base the processing of your personal data on the weighing of interests in accordance with Art. 6 Paragraph 1 S. 1 lit. f) DS-GVO, you can object to the processing. This is the case if the processing is not necessary, in particular, for the fulfilment of a contract with you, which is described by us in the following description of the functions. In the event of such an objection, we request that you explain the reasons why we should not process your personal data as we have done. In the event of your justified complaint, we will examine the facts of the case. We will either stop or adapt the data processing or show you our compelling reasons worthy of protection based on which we will continue the processing.

   You can object to the processing of your personal data for advertising and data analysis purposes at any time. You can exercise the right of objection free of charge. You can inform us about your objection at the following contact details:

   Dr. med. Christiane Handrick
   Marienstrasse 25
   10117 Berlin
   Germany

   Fax: +49 (0)30 24 63 17 56
   E-Mail address: datenschutz (at) praxis-handrick.de

2. Right to information

   You have the right to ask us to confirm whether personal data concerning you is being processed. If this is the case, you have the right to information about your personal data stored with us in accordance with Art. 15 DS-GVO. It includes, in particular, information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data, unless it was collected directly from you.

3. Right of rectification

   You have a right to correct incorrect data or to complete correct data in accordance with Art. 16 DS-GVO.

4. Right of deletion

   You have the right to have your data stored by us deleted in accordance with Art. 17 DS-GVO, unless legal or contractual retention periods or other legal obligations or rights to further storage conflict with this.

5. Right of restriction

   You have the right to request a restriction on the processing of your personal data if one of the conditions in Art. 18 para. 1 lit. a) to d) DS-GVO is fulfilled:

   • If you dispute the accuracy of the personal data concerning you for a period of time that allows the person responsible for verifying the accuracy of the personal data;
   • the processing is unlawful, and you object to the deletion of the personal data and instead request the restriction of the use of the personal data;
   • the controller no longer needs the personal data for the purposes of the processing, but you need it for the purposes of exercising or defending legal claims, or
   • if you have objected to the processing in accordance with Art. 21 (1) DS-GVO and it has not yet been established whether the legitimate reasons given by the controller outweigh your reasons.

6. Right to data transferability

   You have a right to data transferability in accordance with Art. 20 DS-GVO, which means that you can receive the personal data stored by us about you in a structured, common and machine-readable format or request that it be transferred to another person responsible.

7. Right of appeal

   You have a right to complain to a supervisory authority. As a general rule, you can do so by contacting the supervisory authority, in particular in the country in which you are resident, in your place of work or in the area where the suspected infringement was committed.

In order to protect all personal data transmitted to us and to ensure that our external service providers and we observe the data protection regulations, we have taken appropriate technical and organisational security measures. Therefore, among other things, all data between your browser and our server is transmitted in encrypted form via a secure SSL connection.

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this data protection declaration. We would like to point out that data transmission over the Internet (e.g. communication by e-mail) can have security gaps. It is not possible to completely protect data from access by third parties.

Last updated: 18.10.2020

Source (of German text): Privacy policy template from www.juraforum.de
Translation by DeepL, edited by Wolfgang Senges and Grammarly