Datenschutzerklärung

This privacy policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within the context of providing our services, as well as within our online presence and its associated websites, functions, and content, and external online presences, such as our social media profiles (hereinafter collectively referred to as "online presence"). Regarding the terminology used, such as "processing" or "controller," we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Responsible party
Dr. med. Ali Iraki,
Karl-Tauchnitz-Straße 7
04107 Leipzig
Germany

dr-iraki@t-online.de

Types of data processed
– Inventory data (e.g., personal master data, names, or addresses).
– Contact data (e.g., email addresses, telephone numbers).
– Content data (e.g., text entries, photographs, videos).
– Usage data (e.g., websites visited, interest in content, access times).
– Meta/communication data (e.g., device information, IP addresses).

Categories of affected persons:
Visitors and users of the online service (hereinafter we will refer to the affected persons collectively as "users").

Purpose of processing
– Provision of the online service, its functions and content.
– Responding to contact requests and communication with users.
– Security measures.
– Audience measurement/marketing.

The term
“personal data” refers to any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and encompasses virtually any handling of data.

“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

“Profiling” means any type of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

The term “controller” refers to the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Relevant Legal Bases
In accordance with Article 13 of the GDPR, we inform you of the legal bases for our data processing. For users within the scope of the General Data Protection Regulation (GDPR), i.e., the EU and the EEA, the following applies if the legal basis is not specified in the privacy policy:
The legal basis for obtaining consent is Article 6(1)(a) and Article 7 of the GDPR;
The legal basis for processing data to fulfill our services and implement contractual measures, as well as to respond to inquiries, is Article 6(1)(b) of the GDPR;
The legal basis for processing data to comply with our legal obligations is Article 6(1)(c) of the GDPR;
In the event that processing personal data is necessary to protect the vital interests of the data subject or another natural person, Article 6(1)(d) of the GDPR serves as the legal basis.
The legal basis for processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller is Article 6(1)(e) GDPR.
The legal basis for processing to protect our legitimate interests is Article 6(1)(f) GDPR.
The processing of data for purposes other than those for which it was collected is governed by the provisions of Article 6(4) GDPR.
The processing of special categories of data (pursuant to Article 9(1) GDPR) is governed by the provisions of Article 9(2) GDPR.

Security measures:
In accordance with legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as access to, input of, transfer of, and ensuring the availability and separation of the data. Furthermore, we have established procedures that guarantee the exercise of data subject rights, the deletion of data, and responses to data breaches. We also consider the protection of personal data during the development and selection of hardware, software, and processes, in accordance with the principles of data protection by design and by default.

Cooperation with processors, joint controllers and third parties
If, in the course of our processing, we disclose data to other persons and companies (processors, joint controllers or third parties), transmit it to them or otherwise grant them access to the data, this is done only on the basis of a legal permission (e.g. if the transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract), if users have consented, if a legal obligation requires it or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we disclose, transmit or otherwise grant access to data to other companies within our corporate group, this is done in particular for administrative purposes as a legitimate interest and, furthermore, on a basis that complies with legal requirements.

Transfers to Third Countries:
If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA), or the Swiss Confederation), or if this occurs in the context of using third-party services or disclosing or transferring data to other persons or companies, this will only be done if it is necessary for the performance of our (pre-)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we will only process or have data processed in a third country if the legal requirements are met. This means, for example, that processing is based on special guarantees, such as the officially recognized finding of a level of data protection equivalent to that of the EU (e.g., for the USA through the "Privacy Shield") or compliance with officially recognized specific contractual obligations.

Rights of data subjects:
You have the right to request confirmation as to whether data concerning you is being processed, and to access this data as well as further information and a copy of the data in accordance with legal requirements.

In accordance with legal requirements, you have the right to request that the data in question be deleted immediately, or alternatively, in accordance with legal requirements, to request a restriction of the processing of the data.

In accordance with legal requirements, you have the right to request the completion of your data or the correction of inaccurate data concerning you.

You have the right to request access to the data concerning you that you have provided to us, in accordance with legal requirements, and to request its transfer to other controllers.

Furthermore, in accordance with legal requirements, you have the right to lodge a complaint with the competent supervisory authority.

Right of withdrawal:
You have the right to withdraw any consent you have given with effect for the future.

Right to object:
You can object to the future processing of your personal data at any time in accordance with legal requirements. In particular, you can object to processing for direct marketing purposes.

Cookies and the Right to Object to Direct Marketing
"Cookies" are small files that are stored on users' computers. Various types of information can be stored within cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or even after their visit to an online service. Temporary cookies, also known as "session cookies" or "transient cookies," are deleted after a user leaves an online service and closes their browser. Such a cookie might, for example, store the contents of a shopping cart in an online store or a login status. "Permanent" or "persistent" cookies remain stored even after the browser is closed. These can, for example, save the login status so that users remain logged in when they return to the site after several days. Similarly, user interests can be stored in such a cookie for audience measurement or marketing purposes. Third-party cookies are cookies that are offered by providers other than the operator of the online service (otherwise, if they are only the operator's own cookies, they are called first-party cookies).

We may use temporary and permanent cookies, and we explain this in our privacy policy.

If users do not wish to have cookies stored on their computer, they are asked to deactivate the corresponding option in their browser's system settings. Stored cookies can be deleted in the browser's system settings. Disabling cookies may lead to functional limitations of this online service.

You can generally object to the use of cookies for online marketing purposes with many services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, you can prevent the storage of cookies by disabling them in your browser settings. Please note that this may prevent you from using all the features of this website.

Deletion of Data:
The data we process will be deleted or its processing restricted in accordance with legal requirements. Unless expressly stated otherwise in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no legal obligations to retain it.

Unless the data is deleted because it is required for other legally permissible purposes, its processing will be restricted. This means the data will be blocked and not processed for any other purpose. This applies, for example, to data that must be retained for commercial or tax law reasons.

Changes and updates to the privacy policy:
We ask that you regularly review the content of our privacy policy. We will update the privacy policy as soon as changes to our data processing activities make this necessary. We will inform you as soon as any changes require action on your part (e.g., consent) or any other individual notification.

Healthcare Services:
We process the data of our patients, prospective patients, and other clients or contractual partners (collectively referred to as "patients") in accordance with Article 6 Paragraph 1 Letter b) GDPR in order to provide them with our contractual or pre-contractual services. The data processed, its nature, scope, purpose, and the necessity of its processing are determined by the underlying contractual relationship. The processed data generally includes patient inventory and master data (e.g., name, address, etc.), as well as contact details (e.g., email address, telephone number, etc.), contract data (e.g., services used, products purchased, costs, names of contact persons), and payment data (e.g., bank details, payment history, etc.).

As part of our services, we may also process special categories of personal data pursuant to Article 9(1) GDPR, in particular information concerning the health of patients, possibly relating to their sex life or sexual orientation. Where necessary, we obtain the explicit consent of the patients for this processing in accordance with Article 6(1)(a), Article 7, and Article 9(2)(a) GDPR. Otherwise, we process these special categories of data for the purposes of preventive healthcare on the basis of Article 9(2)(h) GDPR and Section 22(1)(1)(b) BDSG (German Federal Data Protection Act).

Where necessary for the performance of the contract or required by law, we disclose or transmit patient data in the course of communication with medical professionals, to third parties necessarily or typically involved in the performance of the contract, such as laboratories, billing centers, or similar service providers, insofar as this serves the provision of our services pursuant to Art. 6 para. 1 lit. b GDPR, is legally required pursuant to Art. 6 para. 1 lit. c GDPR, serves our interests or those of the patients in efficient and cost-effective healthcare as a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, or is necessary pursuant to Art. 6 para. 1 lit. d GDPR to protect the vital interests of the patients or another natural person, or within the framework of consent pursuant to Art. 6 para. 1 lit. a, Art. 7 GDPR.

The data will be deleted when it is no longer required to fulfill contractual or legal obligations of care, as well as to handle any warranty and similar obligations, whereby the necessity of retaining the data is reviewed every three years; otherwise, the statutory retention obligations apply.

Google Analytics
Based on our legitimate interests (i.e., our interest in analyzing, optimizing, and operating our online services economically, in accordance with Article 6(1)(f) of the GDPR), we use Google Analytics, a web analytics service provided by Google LLC ("Google"). Google uses cookies. The information generated by the cookie about users' use of the online services is generally transmitted to and stored on a Google server in the USA.

Google is certified under the Privacy Shield agreement and thus guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active)
;

Google will use this information on our behalf to evaluate users' use of our online services, to compile reports on activity within these online services, and to provide us with other services related to the use of these online services and internet usage. Pseudonymous user profiles may be created from the processed data.

We only use Google Analytics with IP anonymization enabled. This means that Google shortens the IP address of users within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

The IP address transmitted by the user's browser is not merged with other Google data. Users can prevent the storage of cookies by adjusting their browser settings; furthermore, users can prevent Google from collecting and processing data generated by the cookie and related to their use of the online service by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de
;

For further information on data usage by Google, settings and opt-out options, please see Google's privacy policy.