Hausarztpraxis

Dr. med. univ. Julia Reiffenstuhl

Academic Teaching Practice of the Medical Faculty TU Dresden

Privacy Policy

Note: This is a translated version of the page. For a legally binding declaration, please refer to the original page.

We are delighted that you're interested in our company. Data protection has a particularly high priority for the publisher of this website: Dr. Reiffenstuhl's General Practice. The use of the internet pages of Dr. Reiffenstuhl's General Practice is possible without any personal data being provided. However, if an affected person wishes to take advantage of special services offered by our company through our website, it may be necessary for us to process their personal data. If processing personal data is required and there is no legal basis for such a processing, we generally obtain the consent of the affected person. The processing of personal data, e.g. name, address, email address or telephone number of an affected person, always takes place in accordance with the General Data Protection Regulation (GDPR) and in compliance with the applicable national data protection regulations for Dr. Reiffenstuhl's General Practice. Through this privacy policy, our company wants to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, affected persons are informed through this privacy policy about their rights. Dr. Reiffenstuhl's General Practice has implemented numerous technical and organizational measures as a responsible party to ensure that an almost complete protection of the processed personal data on our website is ensured. However, internet-based data transmissions can generally have security gaps, so we cannot guarantee absolute protection. For this reason, it remains up to each affected person to transmit their personal data via alternative means, for example by phone.

Definitions

The data protection policy of Dr. Reiffenstuhl's General Practice is based on the definitions used by the European Union legislator when issuing the General Data Protection Regulation (GDPR). Our data protection policy should be easily readable and understandable for both the public, our customers, and business partners. To ensure this, we would like to explain the terms used in advance. In this data protection policy, we use, among other things, the following definitions:

  1. Personal Data: Personal data are all information that relates to an identified or identifiable natural person (hereinafter referred to as "data subject"). A natural person is considered identifiable if they can be directly or indirectly, in particular by assigning a unique identifier such as name, number, location data, online ID, or one or more specific characteristics expressing the physical, physiological, genetic, psychological, economic, cultural, or social identity of that natural person.
  2. Data Subject: A data subject is any identified or identifiable natural person whose personal data are processed by the responsible party for processing.
  3. Processing: Processing means every operation or series of operations carried out with or without automated processes on personal data such as collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, querying, using, disclosing through transmission, dissemination or making available in other ways, comparing or linking, restricting, deleting or destroying.
  4. Restriction of Processing: Restricting processing means marking stored personal data with the aim of limiting their future processing.
  5. Profiling: Profiling means any form of automated processing of personal data that consists in using such personal data to evaluate certain aspects relating to a natural person, particularly for assessing aspects concerning working performance, economic situation, health, personal preferences, interests, reliability, behavior, location or travel history of the said natural person.
  6. Pseudonymisation: Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific affected individual without additional information being provided, as long as this additional information is stored separately and subject to technical and organisational measures which ensure that the personal data are not assigned to an identified or identifiable natural person.
  7. Data controller or processor: The data controller or processor (also referred to as "controller" in what follows) means a natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of processing personal data. If the purposes and means of this processing are determined by Union law or the law of the Member States, then the controller may be designated according to Union law or the law of the Member State.
  8. Processor: A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  9. Recipient: A recipient is a natural or legal person, public authority, institution or other body to whom personal data are disclosed, regardless of whether it is a third party or not. However, authorities that receive personal data in the context of a specific investigation mandate under Union law or Member State law do not qualify as recipients.
  10. Third Party: A third party is any natural or legal person, public authority, institution or other body apart from the affected individual, the controller, processor and individuals who are authorized by the controller or processor to process personal data directly.
  11. Consent: Consent means any freely given, specific, informed and unambiguous indication of the affected person's wishes in which they express their agreement for a particular case that the processing of their personal data is acceptable to them. This can take the form of an expression or other clear affirmative action by which the individual indicates that they are willing to have their personal data processed.

Name and Address of the Responsible Person for Data Processing

The responsible person in accordance with the General Data Protection Regulation (GDPR), other data protection laws applicable in member states of the European Union, and other regulations with a data protection character is: Publisher: Dr. Reiffenstuhl's Medical Practice

Collection of General Data and Information

The website of Dr. Reiffenstuhl's Medical Practice collects with each call-up to the website by a person or an automated system various general data and information. These general data and information are stored in server log files. The collected data may include:

  1. Browser types and versions used
  2. Operating systems used by the accessing system
  3. Websites from which the accessing system arrives at our website (referrer)
  4. Sub-pages accessed on our website through an accessing system
  5. Date and time of access to the website
  6. Internet Protocol address (IP address)
  7. Internet service provider of the accessing system
  8. Other similar data and information that serve the prevention of attacks on our IT systems

When using this general data, Dr. Reiffenstuhl's Medical Practice does not draw any conclusions about the person concerned. These data are used to:

  • Provide the contents of our website correctly
  • Ensure the permanent functionality of our IT systems and technology for our website
  • Supply law enforcement authorities with necessary information in case of a cyber attack

These anonymous collected data and information are evaluated by Dr. Reiffenstuhl's Medical Practice solely to increase data protection and security within our company, ensuring an optimal level of protection for the personal data we process. The server log files' anonymized data are stored separately from all personally identifiable data provided by a person concerned. In addition, the following personal data is collected, where explicit consent has been given by the users and in compliance with applicable data protection regulations:

  • First name and last name of the user
  • IP address of the user
  • Email address of the user
  • Information about the place of residence (post code etc.)

The processing of personal data takes place on the basis of our legitimate interest to fulfill our contractually agreed-upon services and optimize our online offer. You can visit this website without providing any information about yourself.

Integration with Third-Party Services

The online offer on this website may contain integrated content from third parties, such as Doctena's online appointment scheduling or maps from OpenStreetMap, or links to other online services. This requires that the providers of these contents receive the user's IP address. However, we make sure to only use contents whose respective providers only use the IP address for delivering the content. We have no influence on how third-party providers use this data for statistical purposes. To our knowledge, we inform users about it.

SSL Encryption

To protect your data during transmission, we use current encryption methods (e.g., SSL) over HTTPS.

Contact Option through Website

The website of Dr. Reiffenstuhl's medical practice contains information required by law that enables quick electronic contact and direct communication with us, including an email address for electronic mail. If a person contacts the responsible party via email or using a contact form, their personal data is automatically stored.

Personal data voluntarily provided to the responsible party will be used solely for processing or contacting the individual. We do not pass on this information to third parties.

Routine Deletion and Blocking of Personal Data

The responsible party processes and stores personal data only for as long as it takes to achieve the storage purpose, or if required by European guidelines and regulations or other laws that apply to us. If the storage purpose ceases to exist or a retention period prescribed by the European Union's regulatory authority or another competent law enforcement agency expires, we will block or delete the personal data in accordance with legal requirements.

Rights of the Data Subject

  1. Right to Confirmation: Every data subject has the right, granted by the European Commission and Parliament, to request confirmation from the controller whether their personal data are being processed. If a data subject wishes to exercise this right to confirmation, they can contact an employee of the responsible person at any time.

  2. Right to Information: Any data subject whose personal data is being processed has the right, granted by the European Commission and Parliament, to receive free information from the controller about the stored personal data related to them and a copy of this information. Furthermore, the European Commission and Parliament have provided the data subject with information on the following points:

    • The purposes for which their personal data are being processed
    • The categories of personal data that are being processed
    • Recipients or categories of recipients to whom their personal data has been disclosed or will be disclosed, especially in third countries or international organizations
    • If possible, the planned duration for which their personal data is stored, or if this is not possible, the criteria used to determine this period
    • The existence of a right to rectification or erasure of their personal data or restriction on processing by the controller or opposition rights against such processing
    • The existence of a complaint with an authority
    • If the personal data were not collected from them: all available information about the origin of the data
    • The existence of automated decision-making, including profiling pursuant to Article 22 (1) and (4) DS-GVO, and at least in these cases, meaningful information on the involved logic as well as the significance and intended effects for the data subject

Additionally, the data subject has a right to be informed whether their personal data have been transmitted to a third country or an international organization. If this is the case, they also have the right to receive information about any suitable guarantees related to the transmission. If a data subject wishes to exercise these rights of access, they can contact an employee of the responsible person at any time.

  1. Right to Correction: Any person affected by the processing of personal data has the right, granted by the European Commission and Regulation Authority, to request immediate correction of any inaccurate personal data concerning them. Furthermore, they have the right to complete incomplete personal data - also through an additional statement - taking into account the purposes of the processing. If a person wishes to exercise this right to correction, they can contact one of the employees responsible for the processing at any time.

  2. Right to Erasure (Right to be Forgotten): Any person affected by the processing of personal data has the right, granted by the European Commission and Regulation Authority, to request that their personal data be deleted immediately if one of the following reasons applies and the processing is not necessary:

  • The personal data were collected or otherwise processed for purposes which are no longer necessary.
  • The person withdraws their consent on which the processing was based in accordance with Art. 6(1)(a) DS-GVO or Art. 9(2)(a) DS-GVO, and there is no other legal basis for the processing.
  • The person exercises their right to object under Article 21(1) DS-GVO against the processing, and there are no overriding legitimate reasons for the processing, or they exercise their right to object under Art. 21(2) DS-GVO.
  • The personal data were processed unlawfully.
  • Erasure of the personal data is necessary to fulfill a legal obligation under Union law or the law of the Member State to which the responsible person is subject.
  • The personal data were collected in relation to offered services of an information society within Art. 8(1) DS-GVO.

If one of these reasons applies and a person affected by the processing wishes to have their personal data deleted, stored at Dr. Reiffenstuhl's medical practice, they can contact any employee responsible for the processing at any time. The employee of Dr. Reiffenstuhl's medical practice will ensure that this request is complied with immediately.

If the personal data were made public and our company as the controller under Art. 17(1) DS-GVO is obliged to delete the personal data, we will take reasonable measures - also technical in nature - taking into account available technology and implementation costs, to inform other controllers of the processing who have processed the published personal data that the person affected has requested them to erase all links to those personal data or copies or reproductions thereof, as long as the processing is not necessary.

The employee at Dr. Reiffenstuhl's medical practice will take care of this in each individual case.

  1. Right to Restriction of Processing: Any person whose personal data are being processed has the right, granted by the European Union's guidelines and regulations authority, to request that their processing be restricted if one of the following conditions applies:
  • The accuracy of the personal data is disputed by the affected person for a period allowing the controller to verify its accuracy.
  • The processing is unlawful, but the affected person refuses deletion of the personal data and instead requests restriction on use of the personal data.
  • The controller no longer needs the personal data for the purposes of processing, but the affected person requires them to assert, exercise or defend their legal claims.
  • The affected person has objected to the processing pursuant to Article 21(1) DS-GVO (General Data Protection Regulation), and it is not yet clear whether the legitimate grounds of the controller outweigh those of the data subject.

If one of these conditions applies and an affected person wishes to restrict personal data stored by Dr. Reiffenstuhl's Medical Practice, they can contact a staff member at any time. The employee will arrange for the restriction on processing.

  1. Right to Data Portability: Any person whose personal data are being processed has the right, granted by the European Union's guidelines and regulations authority, to receive their relevant personal data in a structured, commonly used and machine-readable format. They also have the right to transmit these data to another controller without hindrance from the original controller who provided them with the data. This applies if processing is based on consent pursuant to Article 6(1)(a) DS-GVO or Article 9(2)(a) DS-GVO, or a contract according to Article 6(1)(b) DS-GVO and automated means are used for processing; this does not apply where the processing is necessary for the performance of a task in the public interest or exercised by an authority with which the controller has been entrusted. Furthermore, when exercising their right to data portability pursuant to Article 20(1) DS-GVO, the affected person also has the right to request that personal data be directly transmitted from one controller to another where technically feasible and without prejudice to the rights and freedoms of other persons.

  2. Right to Object: Any person whose personal data are being processed has, in accordance with Article 21(1) of the GDPR, the right to object at any time for reasons related to their particular situation to processing of those personal data which is based on point (e) or f) of Article 6(1), including profiling. The Dr. Reiffenstuhl Medical Practice will no longer process the person's personal data if they object, unless we can demonstrate compelling legitimate grounds for doing so that override the interests, rights and freedoms of the individual concerned, or where processing is necessary for the establishment, exercise or defence of legal claims. Furthermore, any person whose personal data are being processed has the right to object at any time for reasons related to their particular situation to such processing which is carried out by Dr. Reiffenstuhl Medical Practice in connection with scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, unless that processing is necessary for a task carried out in the public interest. To exercise the right to object, any person concerned can contact directly any employee of Dr. Reiffenstuhl Medical Practice or another employee. The data subject also has the option to assert their objection rights regarding the use of services from the information society, regardless of Directive 2002/58/EC, by using automated procedures that involve technical specifications.

  3. Right to withdraw consent: Any person whose personal data are being processed has, in accordance with Article 7(3) of the GDPR, the right to withdraw their consent at any time for processing of those personal data. If a person wishes to exercise this right, they can contact an employee responsible for processing at any time.

Article 6, paragraph I, letter a) of the General Data Protection Regulation (GDPR) serves as our legal basis for data processing when we obtain consent for a specific purpose. If personal data processing is necessary to fulfill a contract with which the affected person is party, such as in cases where goods are delivered or services provided, Article 6, paragraph I, letter b) of the GDPR applies. The same applies to pre-contractual measures, e.g., when inquiries about our products or services. If we are subject to a legal obligation that requires personal data processing, for example, to fulfill tax obligations, then the processing is based on Article 6, paragraph I, letter c) of the GDPR. In rare cases, it may be necessary to process personal data to protect vital interests of the affected person or another natural person. For instance, if a visitor in our premises were injured and their name, age, health insurance information, or other vital details had to be passed on to a doctor, hospital, or third parties for medical treatment. In such cases, processing would be based on Article 6, paragraph I, letter d) of the GDPR. Lastly, data processing may also be based on Article 6, paragraph I, letter f) of the GDPR if it is necessary to protect our legitimate interests or those of a third party and does not outweigh the rights and freedoms of the affected person. Processing that falls under this category are permitted because they have been specifically mentioned by the European legislator. The legislator has taken the view that there may be an interest in processing data when the affected person is a customer (recital 47, paragraph 2 GDPR).

Legitimate Interests in Processing Pursued by the Controller or a Third Party

If processing personal data is based on Article 6(1)(f) GDPR, our legitimate interest as controller is to conduct our business activities for the benefit of all our employees and shareholders.

Duration for Which Personal Data are Stored

The criterion for the duration of storage of personal data is the respective statutory retention period. After expiration of this term, the corresponding data will be deleted on a regular basis if they are no longer required for contract fulfillment or negotiation.

We inform you that providing personal data may be legally required (e.g. tax regulations) or can arise from contractual agreements (e.g. information about the contracting party). In some cases, it is necessary for a contract conclusion that an affected person provides us with personal data which will then need to be processed by us. The affected person is obligated to provide us with personal data when our company concludes a contract with them.

Failure to provide personal data would have the consequence that no contract could be concluded with the affected person. Before providing personal data, the affected person must contact one of our employees. Our employee will inform the affected person on an individual basis about whether provision of personal data is legally or contractually required for the conclusion of a contract, if there is an obligation to provide personal data, and what consequences would arise from non-provision of personal data.

Revision of Data Protection Statement

We reserve the right to update this data protection statement so that it always meets current legal requirements or to implement changes in our services within the data protection statement, for example when introducing new services. For your next visit, the revised data protection statement will apply.

Existence of Automated Decision-Making

As a responsible company, we refrain from automated decision-making or profiling.