logo

Contents

1 General Information, Controller, Data Protection Officer

1.1 Information on the Responsible Body

1.2 Data Protection Officer

1.3 Scope of the Processing of Personal Data

1.4 Legal Basis for the Processing of Personal Data

1.5 Data Erasure and Storage Period

1.6 Information on the Transfer of Data to the USA

2 Use of Our Website

2.1 Provision of the Website, CDN and Creation of Log Files

2.1.1 Informational Use

2.1.2 Hosting

2.1.3 Use of Cookies

2.1.4 Cookie Consent with the “Cookie Consent Tool”

2.1.5 Cloudflare

2.1.6 Uploadcare

2.1.7 jsDelivr

2.2 Plugins and Tools

2.2.1 Posthog

2.2.2 Hubspot

2.2.3 Hubspot Analytics and Banner (hs-analytics.net, hs-banner.com, hsadspixel.net)

2.2.4 Google Tag Manager

2.2.5 Google Analytics

2.2.6 Microsoft Advertising

2.2.7 Meta Pixel

2.2.8 DoubleClick

2.2.9 reCAPTCHA

2.2.10 Appointment Organization and Reminders

2.2.11 Online Medical History

2.2.12 Happy

2.2.13 Treatment Recommendations

2.2.14 GRWAPI

2.2.15 Social Media Presence

3 Use of Services, Own Services

3.1 Handling of Applicant Data

3.2 Treatment at the Dental Practice

3.3 Billing of Medical Services

4 Rights of the Data Subject

4.1 Right of Access

4.2 Right to Rectification

4.3 Right to Restriction of Processing

4.4 Right to Erasure

4.4.1 Obligation to Erase

4.4.2 Information to Third Parties

4.4.3 Exceptions

4.5 Right to Notification

4.6 Right to Data Portability

4.7 Right to Object

4.8 Right to Withdraw Consent Under Data Protection Law

4.9 Automated Individual Decision-Making Including Profiling

4.10 Right to Lodge a Complaint with a Supervisory Authority

5 Data Security, Third-Party Websites, Changes

5.1 SSL / TLS Encryption

5.2 Data Protection and Third-Party Websites

5.3 Changes to This Privacy Policy

 

 

 

Privacy Policy https://www.dental21-freiham.de/

and at the same time information for data subjects pursuant to Article 13 and Article 14 GDPR

  1. General Information, Controller, Data Protection Officer

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is:

 

MVZ Dentalzentrum Schwabing GmbH

Leopoldstraße 33

80802 München

Phone: 089 89054374

Email: info@dental21-freiham.de

We have appointed a data protection officer for our organization. They can be reached at

DataCo GmbH

Sandstraße 33 

80335 Munich

Telephone number: +49 89 452459 900

E-mail address: datenschutz@dataguard.de

Website:www.dataguard.de

As a matter of principle, data concerning health are highly sensitive and, pursuant to Art. 9 of the EU General Data Protection Regulation (hereinafter “GDPR”), require special protection. For this reason, data protection is of particularly high importance to us.

 

As a matter of principle, we process our users’ personal data only insofar as this is necessary to provide a functioning website as well as our content and services. The processing of our users’ personal data regularly takes place only with the user’s consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by statutory provisions.

Insofar as we obtain consent from the data subject for processing operations involving personal data, Art. 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

 

Where the processing is necessary for the protection of a legitimate interest of our company or of a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6(1)(f) GDPR serves as the legal basis for the processing.

 

The personal data of the data subject will be erased or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

Among other things, our website incorporates tools from companies based in the USA. When these tools are active, your personal data may be transferred to the US servers of the respective companies. We point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are obliged to disclose personal data to security authorities without you, as a data subject, being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, analyze and permanently store your data located on US servers for surveillance purposes. We have no influence over these processing activities. We have concluded valid, appropriate safeguards pursuant to Art. 46(2) GDPR with the service providers for the transfer to these third countries. 

 

At no point does any transfer of health data to the USA take place. If you have any further questions, please feel free to contact our data protection officer.

  1. Use of Our Website

Description and Scope of Data Processing

For the merely informational use of our website, it is generally not necessary for you to provide personal data. Rather, in this case we collect and use only those of your data that your web browser automatically transmits to us, such as:

 

  • the date and time of access to one of our web pages
  • your browser type
  • the browser settings
  • the operating system used
  • the page you last visited
  • the amount of data transferred and the access status (file transferred, file not found, etc.)
  • your IP address.

Purpose of Data Processing

During an informational visit, we collect and use these data exclusively in non-personal form. This is done in order to make use of the web pages you access possible at all, for statistical purposes and to improve our website. The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

 

Legal Basis for Data Processing

The legal basis for the temporary storage of the data and the log files is Art. 6(1)(f) GDPR.

 

Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s device. For this purpose, the user’s IP address must remain stored for the duration of the session.

 

Duration of Storage

The data are erased as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of the storage of data in log files, this is the case after fourteen days at the latest. Storage beyond this period is possible. In this case, the users’ IP addresses are erased or anonymized so that it is no longer possible to associate them with the accessing user. Access to the log data is possible only directly and exclusively for administrators.

 

Right to Object and Right to Removal

The collection of data for the provision of the services and the storage of the data in log files is strictly necessary for the operation of the services offered. The user may object to this. Whether the objection is successful must be determined by weighing the respective interests.

 

Further Information

The use of our services and other offerings may require the provision of personal data. Further information on the use of these services can be found in the section “Use of Services”.

 

This website is hosted by an external service provider (host). Our service provider is: 

 

Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA

 

The personal data collected on this website are stored on the host’s servers. These may primarily include IP addresses, contact requests, meta and communication data, contact data, names, website accesses and other data generated via a website.

 

These data are not merged with other data sources. The collection of these data takes place on the basis of Art. 6(1)(f) GDPR. Our legitimate interest in processing these data lies in presenting our website without errors and optimizing its functions.

 

Our host will process your data only insofar as this is necessary to fulfill its performance obligations and will follow our instructions with regard to these data.

 

To ensure processing that complies with data protection law, we have concluded a data processing agreement with our host.

The website’s server is geographically located in the USA.

Description and Scope of Data Processing

Our website uses cookies. Cookies are text files that are stored in or by the web browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again.

 

When accessing our website, the user is informed about the use of cookies via a consent banner, and their consent to the processing of the personal data used in this context is obtained and documented in compliance with data protection law. In this context, reference is also made to this privacy policy and to how the storage of cookies can be prevented in the browser settings.

 

On our website we use cookies that are not technically necessary. Text files that do not serve solely the functionality of the website but also collect other data are considered technically non-essential cookies.

 

By setting technically non-essential cookies, the following data are processed:

 

  • IP address
  • location of internet users
  • date and time of access to the website
  • tailoring of advertisements to the user
  • tracking of browsing behavior
  • linking of the website visit with other social media platforms

 

You can decide for yourself whether cookies can be set and accessed by means of the settings in your browser. For example, you can completely disable the storage of cookies in your browser, restrict it to certain websites, or configure your browser to notify you automatically whenever a cookie is about to be set and to ask you for feedback. For the full range of functions of our website, however, it is necessary for technical reasons to allow the cookies mentioned above.

Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers at the following links:

 

Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en

Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac

Opera: https://help.opera.com/de/latest/web-preferences/#cookies

 

Please note that if cookies are not accepted, the functionality of our website may be limited.

 

Legal Basis for Data Processing

The provisions of the German Telecommunications Telemedia Data Protection Act (TDDDG) apply to the storage of information on the end user’s terminal device and/or access to information already stored on the end user’s terminal device. Where the setting and reading of cookies is technically necessary, this is done to ensure the functionality of our website. In this case, the storage of and access to cookies on your terminal device takes place on the basis of Section 25(2) No. 2 TDDDG. This storage of and access to the information on your terminal device serves to make it easier for you to use our website and to enable us to offer you our services as requested by you. Some functions of our website also do not work without the use of these cookies and could therefore not be offered. As a rule, the cookies are erased after the session ends (e.g. logging out or closing the browser) or after a specified period expires.

 

Insofar as cookies are used that are not technically necessary, this takes place on the basis of your express consent, which you can give via the cookie banner. In this case, the basis for the storage of and access to information is Section 25(1) TDDDG in conjunction with Art. 6(1)(a) and Art. 7 GDPR. You can withdraw your consent at any time with effect for the future, or subsequently grant it again, by configuring your cookie settings accordingly. Alternatively, you can prevent the storage of cookies by making the appropriate settings in your browser software. Please note that the browser settings made always apply only to the respective browser used. If personal data are processed following the storage of and access to the information on your terminal device, the provisions of the GDPR apply. You can find information on this in the following sections of this privacy policy.

 

Purpose of Data Processing

If technically necessary cookies are used:

The purpose of using technically necessary cookies is to make the use of websites easier for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change. We require cookies for the following applications: 

 

  • storage of the settings of the cookie notice banner (consent tool) 
  • optimization of the functionality and design of our website.

 

The user data collected by technically necessary cookies are not used to create user profiles.

 

Technically non-essential cookies are used for the purpose of improving the quality of our website, its content and thus our reach and profitability. By setting these cookies, we learn how the website is used and can thus continuously optimize our offering. In particular, these cookies serve us for the following purposes:

 

  • objective measurement of user numbers
  • analysis of user data 

Duration of Storage, Right to Object and Right to Removal

Cookies are stored on the user’s computer and transmitted by it to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your web browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be erased at any time. This can also be done automatically. If cookies are disabled for our website, it may no longer be possible to use all functions of the website to their full extent.

You will be informed about the exact storage period in the notices in our consent tool. If consents were also given there, you can object there.

 

Our website uses the cookie consent technology of

 

Usercentrics GmbH Sendlinger Str. 7, 80331 Munich, Germany

 

in order to obtain your consent to the storage of certain cookies on your terminal device and to document this in compliance with data protection law.

 

Description and Scope of Data Processing

When you enter our website, your consents and other declarations regarding cookie use are obtained via our consent tool. The consent tool then stores a cookie in your browser in order to be able to associate the consents granted, or their withdrawal, with you.

 

Legal Basis for Data Processing

The “Cookie Consent Tool” is used in order to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6(1)(1)(c) GDPR.

 

Purpose of Data Processing

The provision of the “Cookie Consent Tool” serves to comply with overriding legal provisions and to inform users of the scope within which cookies are used on this website.

 

Right to Object and Right to Removal

The data collected by the consent tool remain stored until you erase the consent cookie yourself or the purpose for data storage ceases to apply. Mandatory statutory retention obligations remain unaffected.

This website uses the service “Cloudflare”. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter “Cloudflare”).

 

Description and Scope of Data Processing

Cloudflare offers a globally distributed content delivery network with DNS. In technical terms, the transfer of information between your browser and our website is routed via Cloudflare’s network. This enables Cloudflare to analyze the data traffic between your browser and our website and to serve as a filter between our servers and potentially malicious data traffic from the internet. In doing so, Cloudflare may also use cookies or other technologies to recognize internet users, which are, however, used solely for the purpose described here.

 

Legal Basis for Data Processing

The processing of your data by Cloudflare generally takes place on the basis of your consent (Art. 6(1)(a) GDPR).

 

In the context of the use of Cloudflare, personal data are transferred to Cloudflare Inc. in the USA. Cloudflare has acceded to the Trans-Atlantic Data Privacy Framework (TDPF; the data protection agreement between the EU and the USA), so that an adequate level of data protection is ensured for the data processing. You can find details here:

https://www.cloudflare.com/privacypolicy/.

 

You can find further information on the subject of security and data protection at Cloudflare here:

https://www.cloudflare.com/privacypolicy/.

 

To ensure processing that complies with data protection law, we have concluded a data processing agreement with Cloudflare.

 

This website uses the service “Uploadcare”. The provider is Uploadcare LLC, based at 18801 Collins Ave 102-120, Sunny Isles Beach, FL 33160, USA (hereinafter “Uploadcare”).

 

Description and Scope of Data Processing

Uploadcare is a content delivery network (CDN) for processing and providing image files. For this purpose, all images/photos and graphics uploaded to this website (by the website operator) are uploaded by a plugin to Uploadcare’s servers, optimized there for display and then delivered back to this server.

 

Legal Basis for Data Processing 

The use of Uploadcare is based on our legitimate interest in providing our website as error-free and securely as possible (Art. 6(1)(f) GDPR).

 

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://uploadcare.com/about/gdpr/.

 

Further information at: https://uploadcare.com/about/privacy-policy/.

 

To ensure processing that complies with data protection law, we have concluded a data processing agreement with Uploadcare.

To speed up the loading process of our website and optimize performance, we use jsDelivr, a content delivery network (CDN). jsDelivr serves to provide static files such as JavaScript libraries or stylesheets. By distributing these files to servers worldwide, the loading time for our users is shortened.

 

Purpose of Data Processing

Performance optimization: jsDelivr helps to load our website faster and to increase user-friendliness.

Global delivery: By using jsDelivr, we can deliver our content faster worldwide.

 

Type of Data Processed

Technical usage data: When you visit our website, your IP address is transmitted to jsDelivr’s servers in order to provide the requested files.

 

Legal Basis for Data Processing 

The processing of your data by jsDelivr generally takes place on the basis of our legitimate interest in optimizing our website and improving the user experience (Art. 6(1)(f) GDPR).

 

Scope of the Processing of Personal Data

We use Posthog (https://posthog.com/) of 

 

PostHog Inc, 2261 Market Street #4008, San Francisco, CA 94114, USA. 

 

PostHog can be used to analyze user behavior on our website for the purpose of improving our online offering. In this process, your entries are not recorded, so that no name, address or health data are transmitted. 

 

You can find further information on PostHog at https://posthog.com/faq and in PostHog’s privacy policy: https://posthog.com/privacy

 

Purpose of Data Processing

The purpose of processing the personal data lies in improving our online offering.

 

Legal Basis for the Processing of Personal Data

The legal basis for processing the users’ personal data is, as a matter of principle, the user’s consent pursuant to Art. 6(1)(1)(a) GDPR.

 

Duration of Storage

Your personal information is stored for as long as is necessary to fulfill the purposes described in this privacy policy or as required by law. 

 

Right to Withdraw and Right to Removal

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent up until the withdrawal.

 

You can prevent the collection and processing of your personal data by PostHog by preventing the storage of third-party cookies on your computer, using the "Do Not Track" function of a supporting browser, disabling the execution of script code in your browser, or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

For objection and removal requests directed to PostHog, you can contact privacy@posthog.com.

Scope of the Processing of Personal Data

We use Hubspot (https://hubspot.com/) of 

 

HubSpot House, One Sir John Rogerson's Quay, Dublin 2, Ireland 

 

We use Hubspot to provide you, at certain intervals, with health information and offers, e.g. by email. This includes, alongside clinical data, also further information about your treatment (e.g. the treatment and cost plan), additional recommendations and valuable preventive tips for your health as well as offers for our medical products.

 

In the event of your consent, the following data are processed:

 

  • name, address and contact data
  • age and gender
  • practitioner and practice data
  • medical history details
  • completed treatments
  • appointment information
  • results of customer satisfaction surveys

Purpose of Data Processing

The purpose of processing the personal data lies in improved and individualized patient communication.

 

Legal Basis for the Processing of Personal Data

The legal basis for processing the users’ personal data is, as a matter of principle, the user’s consent pursuant to Art. 6(1)(1)(a) GDPR and Art. 9(2)(a) GDPR.

 

Duration of Storage

Your personal information is stored for as long as is necessary to fulfill the purposes described in this privacy policy or as required by law. 

 

Right to Withdraw and Right to Removal

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent up until the withdrawal.

 

This website uses services from HubSpot that are provided via the domains hs-analytics.net and hs-banner.com, for the analysis of user behavior and the personalization of advertising banners. These services enable us to understand how visitors interact with our website and to present them with relevant content and offers.

 

Scope of the Processing of Personal Data

In the context of these services, the following personal data are processed:

  • IP address
  • location data
  • information about the browser and device used
  • pages visited and interactions on the website
  • data on clicks on advertising banners

 

Purpose of Processing

The processing of these data serves the following purposes:

  • analysis of user behavior to improve our website and offerings
  • personalization of advertising banners to display relevant content
  • creation of reports and statistics on the use of our website

Legal Basis 

The processing of your personal data takes place on the basis of your consent pursuant to Art. 6(1)(a) GDPR.

 

Withdrawal of Consent

You can withdraw your consent to the processing of your data by HubSpot at any time by adjusting your cookie settings or contacting us directly.

 

Data Transfer

HubSpot is a company based in the USA. Therefore, your personal data may be transferred to a third country outside the EU. However, HubSpot has implemented standard contractual clauses to ensure an adequate level of data protection.

 

Additional Information

You can find further information at www.hubsport.com.

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

 

Google Tag Manager is a tool with the help of which we can integrate tracking or statistics tools and other technologies on our website. Google Tag Manager itself does not create user profiles, does not store cookies and does not carry out any independent analyses. It serves merely to manage and deploy the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transferred to Google’s parent company in the United States.

 

Legal Basis for the Processing of Personal Data

The processing takes place exclusively on the basis of Art. 6(1)(a) GDPR; consent can be withdrawn at any time.

 

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

 

Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, time spent, operating systems used and the user’s origin. These data may be combined by Google into a profile that is associated with the respective user or their device.

Furthermore, using Google Analytics we can record, among other things, your mouse and scroll movements and clicks. In addition, Google Analytics uses various modeling approaches to supplement the collected data sets and employs “machine learning” technologies in data analysis.

 

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transferred to a Google server in the USA and stored there.

 

Legal Basis for the Processing of Personal Data

The processing of your data by Google Analytics generally takes place on the basis of your consent (Art. 6(1)(a) GDPR).

 

In the context of the use of Google Analytics, personal data are transferred to Google LLC in the USA. Google has acceded to the Trans-Atlantic Data Privacy Framework (TDPF; the data protection agreement between the EU and the USA), so that an adequate level of data protection is ensured for the data processing. You can find details here:

https://privacy.google.com/businesses/controllerterms/mccs/.

 

We have activated the IP anonymization function on this website. As a result, your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area prior to transmission to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide further services to the website operator related to website use and internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other data held by Google.

 

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

 

You can find more information on the handling of user data at Google Analytics in Google’s privacy policy:

https://support.google.com/analytics/answer/6004245?hl=de.

 

We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

To optimize our online advertising and present you with relevant ads, we use Microsoft Advertising. Microsoft Advertising is an online advertising platform that enables us to display our ads on various websites and in search engines.

 

Purpose of Data Processing

Personalized advertising: By analyzing your user behavior, we can present you with tailored advertisements that match your interests. Microsoft Advertising enables us to measure and optimize the effectiveness of our advertising campaigns.

Reach measurement: We can determine how many users have seen our advertising and how often.

 

Legal Basis

The processing of your data by Microsoft Advertising takes place on the basis of your consent (Art. 6(1)(a) GDPR).

To optimize our online advertising and to be able to present you with relevant ads on Meta platforms (Facebook, Instagram, etc.), we use the Meta Pixel. The Meta Pixel is a small piece of code that we have placed on our website. It enables us to track your behavior on our website and thus to better understand your interests.

 

Purpose of Data Processing

Personalized advertising: By analyzing your user behavior, we can present you with tailored advertisements that match your interests.

Reach measurement: We can determine how many users have seen our advertising and how often.

Conversion tracking: We measure the effectiveness of our advertising campaigns by tracking which actions you carry out after clicking on one of our ads (e.g. making a purchase).

 

Legal Basis

The processing of your data by the Meta Pixel generally takes place on the basis of your consent (Art. 6(1)(a) GDPR). By continuing to use our website after being informed about the use of the Meta Pixel and the option to refuse, you consent to this data processing.

We use Google DoubleClick, a service of Google LLC, to manage and optimize our online advertising. DoubleClick uses cookies and similar technologies to collect information about your use of our website. This information is used to present you with relevant ads and to measure the effectiveness of our advertising campaigns.

 

Purpose of Data Processing

Personalized advertising: By analyzing your user behavior, we can present you with tailored advertisements that match your interests.

Performance measurement: DoubleClick enables us to measure and optimize the effectiveness of our advertising campaigns.

Reach measurement: We can determine how many users have seen our advertising and how often.

 

Type of Data Processed

Technical usage data: These include, for example, your IP address, browser information and the operating system of your device.

Usage behavior: Information about which pages you visit, which ads you click on and how long you spend on our website.

 

Legal Basis for the Processing of Personal Data

The processing of your data by DoubleClick generally takes place on the basis of your consent (Art. 6(1)(a) GDPR).

To protect our website against abusive use, we use Google reCAPTCHA. Google reCAPTCHA serves to verify whether certain entries on our website originate from a human or from an automated program (bot).

 

Purpose of Data Processing

Spam and abuse protection: reCAPTCHA helps us to prevent spam comments, registrations and other forms of abuse.

Website security: By distinguishing between humans and bots, the security of our website is increased.

 

Type of Data Processed

User interactions: reCAPTCHA analyzes your behavior on our website, such as how you move the mouse pointer or how quickly you fill out forms.

IP address: Your IP address is transmitted to Google in order to carry out the verification.

 

Legal Basis for the Processing of Personal Data

The processing of your data by reCAPTCHA takes place on the basis of our legitimate interest in the security of our website and the prevention of spam (Art. 6(1)(f) GDPR).

To organize your treatment appointments, we use the address and contact data you have provided (e.g. email address or mobile number) in order to send you appointment confirmations and reminders. The provider of the appointment organization tool is Patient21 SE, Kurfürstendamm 33, 10719 Berlin. We have concluded a data processing agreement with the above-mentioned provider.  

 

Legal Basis for Data Processing

The processing of your contact and address data takes place for the purpose of carrying out the treatment relationship on the basis of Art. 6(1)(b) GDPR. We provide you with appointment confirmations and reminders following your revocable consent on the basis of Art. 6(1)(a) GDPR.

In order to carry out your treatment, we require your medical history data, which you can also transmit to us online. The provider of the tool for the online collection of the medical history is Patient21 SE, Kurfürstendamm 33, 10719 Berlin. We have concluded a data processing agreement with the above-mentioned provider.  

 

Legal Basis for Data Processing

The legal basis for processing appointment and medical history data is Art. 6(1)(b) GDPR in conjunction with Art. 9(2)(h) GDPR. The collection is an important pre-contractual measure for the treatment contract you have requested.

To support us in ensuring the quality of treatment, after your visit to the practice you voluntarily fill out the forms offered by the Happy tool in order to inform us of your personal satisfaction with the practice. The data are made available to the treating physicians and the practice staff for the improvement of our service. The provider of the tool is Patient21 SE, Kurfürstendamm 33, 10719 Berlin. We have concluded a data processing agreement with the above-mentioned provider.  

 

Legal Basis for Data Processing

The legal basis for processing your voluntary information is Art. 6(1)(f) GDPR. The practice has a legitimate interest in complying with statutory obligations to improve the quality of treatment.

 

To ensure your optimal care, we recommend suitable measures to you by email on the basis of your treatment history. The provider of the tool for recommendations is Patient21 SE, Kurfürstendamm 33, 10719 Berlin. We have concluded a data processing agreement with the above-mentioned provider.

 

Legal Basis for Data Processing

The processing of your contact and address data takes place following your revocable consent on the basis of Art. 6(1)(a) GDPR. 

 

To simplify and automate the interaction with our web services, we use GRWAPI. GRWAPI enables us to send API requests to external systems and to process the data received.

 

Purpose of Data Processing

 

Automation of processes: GRWAPI serves to automate certain tasks, such as retrieving data from external systems or sending notifications.

Improvement of user-friendliness: By using GRWAPI, we can simplify and speed up certain functions for our users.

 

Legal Basis

 

The processing of your data by GRWAPI generally takes place on the basis of our legitimate interest in the efficient handling of our business processes and the improvement of our services (Art. 6(1)(f) GDPR).

 

 

Through interaction with our LinkedIn presence (e.g. via a campaign), the data you have provided are transmitted by LinkedIn to companies of Patient21 SE as the operator of the LinkedIn presence. You can largely determine for yourself which personal data are publicly accessible via the settings of your LinkedIn account under the item “Privacy”. You can control and adjust these settings at https://www.linkedin.com/psettings/privacy.

 

Legal Basis

If you use LinkedIn forms for lead generation, the legal basis is your consent pursuant to Art. 6(1)(a) GDPR.

 

Duration of Storage

Patient21 stores your personal data, which LinkedIn makes available to us, for as long as knowledge of the data is necessary for the purposes of the business relationship or the purposes for which they were collected, or as long as statutory or contractual retention requirements exist. In addition, you can object to the storage of data at any time (right to object).

 

Further Information

Further information on the processing of user data on the part of LinkedIn can be viewed at https://www.linkedin.com/legal/privacy-policy.

 

You can obtain further information on the manner in which you can assert or exercise your data subject rights directly vis-à-vis LinkedIn at: https://www.linkedin.com/help/linkedin/answer/50191?trk=microsites-frontend_legal_privacy-policy.

We point out that, according to current case law, joint responsibility exists between Facebook (Facebook Ireland Ltd. | 4 Grand Canal Square | Grand Canal Harbour | Dublin 2 Ireland) and the operator of the Facebook fan page (“joint controller”). You can find more detailed information at: www.facebook.com/legal/terms/information_about_page_insights_data. For questions regarding data processing on the part of Facebook, you can contact Facebook’s data protection officer (https://www.facebook.com/help/contact/540977946302970).

 

Through interaction with our Facebook pages (e.g. in the form of messages, comments, or “likes”), the data you have provided are transmitted by Facebook to companies of Patient21 GmbH as the operator of the page.

 

The legal basis for these data transfers is Art. 6(1)(f) GDPR. You yourself can determine in the settings of your Facebook account which personal data are publicly accessible. To do so, go to the settings of your Facebook account under the item “Privacy”. You can control and adjust these settings at https://www.facebook.com/settings?tab=privacy. The behavior of the “likes” can also be controlled there (visibility to other users).

 

If you use Facebook forms for lead generation (the legal basis is consent pursuant to Art. 6(1)(a) GDPR), personal data (e.g. your name, the company stated, your email address or your telephone number) are stored by Facebook and made available to Patient21. The data can then be viewed by the companies of Patient21 GmbH in the company-wide CRM software.

 

Patient21 uses this contact data to provide you with further information about our services and products. The use of the lead forms in the context of our Facebook fan page takes place pursuant to Art. 6(1)(a) GDPR. Patient21 has legitimate interests in the processing, which can be understood under “Legitimate Interest”. You can object to the use of your data from the lead form at any time. The lead data are stored on Facebook for 90 days and then erased. You can find further information on how Facebook uses your data in Facebook’s supplementary information at: https://www.facebook.com/business/help/1526849577619206?id=735435806665862.

 

Patient21 stores your personal data, which Facebook makes available to us, for as long as knowledge of the data is necessary for the purposes of the business relationship or the purposes for which they were collected, or as long as statutory or contractual retention requirements exist. In addition, you can object to the storage of data at any time (right to object).

 

Facebook offers the operators of the page analysis functions (“Facebook Insights”). Via these functions, page operators can analyze a summary of data in the form of page statistics within a tool.

 

Patient21 uses these data to create anonymized statistics (“likes”, page views, the regional distribution of users, post reach, etc.) and to examine the effectiveness of the fan page posts. The use of the Facebook Insights function takes place pursuant to Art. 6(1)(f) GDPR. See also the item “Legitimate Interest”.

 

The responsibility for all processing connected with Facebook Insights and the further processing of user data lies with Facebook. You can find further information on this at: https://www.facebook.com/legal/terms/page_controller_addendum and here: https://www.facebook.com/privacy/explanation.

 

You can obtain further information on the manner in which you can assert or exercise your data subject rights directly vis-à-vis Facebook at: https://www.facebook.com/privacy/explanation

 

 

By becoming active through interaction with our Instagram presence (e.g. in the form of messages, comments, or “likes”), the data you have provided are transmitted by Instagram to companies of Patient21 GmbH as the operator of the Instagram account.

 

The legal basis for these data transfers is, among other things, also Art. 6(1)(f) GDPR. You yourself can decide in the settings of your Instagram account under the item “Privacy and Security” which personal data are publicly accessible. You can control and adjust these settings at https://www.instagram.com/accounts/privacy_and_security/.

 

If you use Instagram forms for lead generation (the legal basis is consent pursuant to Art. 6(1)(a) GDPR), personal data (e.g. your name, the company stated, your email address or your telephone number) are stored by Instagram or Facebook and made available to Patient21. The data can then be viewed by the companies of Patient21 GmbH in the company-wide CRM software.

 

Patient21 uses this contact data to provide you with further information about our services and products. The use of the lead forms in the context of our Instagram presence takes place pursuant to Art. 6(1)(f) GDPR. Patient21 has legitimate interests in the processing, which can be understood under “Legitimate Interest”. You can object to the use of your data from the lead form at any time. The lead data are stored on Instagram/Facebook for 90 days and then erased. You can find further information on how Facebook, as the operator of Instagram, uses your data in Facebook’s supplementary information at: https://www.facebook.com/business/help/563690893827148?id=735435806665862.

 

Patient21 stores your personal data, which Instagram/Facebook makes available to us, for as long as knowledge of the data is necessary for the purposes of the business relationship or the purposes for which they were collected, or as long as statutory or contractual retention requirements exist. In addition, you can object to the storage of data at any time (right to object).

 

Instagram offers the operators of the fan page analysis functions (“Instagram Insights”). Via these functions, account holders can analyze a summary of data in the form of page statistics within a tool.

 

Patient21 uses these data to create anonymized statistics (“likes”, page views, the regional distribution of users, post reach, etc.) and to examine the effectiveness of the Instagram presence. The use of the Instagram Insights function takes place pursuant to Art. 6(1)(f) GDPR. See also the item “Legitimate Interest”.

 

The responsibility for all processing connected with Instagram Insights and the further processing of user data lies with Instagram or with Facebook (Instagram as a product of Facebook). You can find further information on this at: https://www.facebook.com/help/instagram/155833707900388.

 

You can obtain further information on the manner in which you can assert or exercise your data subject rights directly vis-à-vis Facebook (as the operator of Instagram) at: https://www.facebook.com/help/instagram/155833707900388.

 

 

  1. Use of Services, Own Services

Description and Scope of Data Processing

We offer you the opportunity to apply to us (e.g. by email or by post). In the following, we inform you about the scope, purpose and use of the personal data collected in the context of the application process. We assure you that the collection, processing and use of your data takes place in accordance with applicable data protection law and all other statutory provisions, and that your data are treated strictly confidentially.

 

For the processing of applicant data, we use Personio:

 

Personio SE & Co. KG Seidlstraße 3 80335 Munich, Germany

 

Legal Basis for Data Processing

The legal basis for the data processing is Section 26 BDSG (new version) under German law (initiation of an employment relationship), Art. 6(1)(b) GDPR (general contract initiation) and – insofar as you have given consent – Art. 6(1)(a) GDPR. Consent can be withdrawn at any time. Within our company, your personal data are passed on exclusively to persons involved in processing your application.

 

If the application is successful, the data you have submitted will be stored in our data processing systems on the basis of Section 26 BDSG (new version) and Art. 6(1)(b) GDPR for the purpose of carrying out the employment relationship.

 

Purpose of Data Processing

If you apply to us electronically, i.e. by email, we collect and process your personal data for the purpose of handling the application procedure, deciding on the establishment of an employment relationship and carrying out pre-contractual measures.

 

By submitting an application, you express your interest in taking up employment with us. In this context, you transmit to us personal data, which we use and store exclusively for the purpose of your job search/application.

 

In particular, the following data may be collected:

 

  • name (first and last name)
  • email address
  • telephone number
  • LinkedIn profile (optional)
  • channel through which you became aware of us
  • comparison between the job requirements and the skills of the applicant
  • planned employment
  • communication during the course of the application process
  • status updates and notes on your application

In addition, you have the option of attaching meaningful documents such as a cover letter, your CV and references. These may contain further personal data such as date of birth, address, etc.

 

Only authorized employees from the HR department or employees involved in the application procedure have access to your data.

 

As a matter of principle, the personal data are stored exclusively for the purpose of filling the vacant position for which you applied.

 

Duration of Storage

Your data are stored for a period of 6 months beyond the end of the application procedure. This is generally done to fulfill legal obligations or to defend against any claims arising from statutory provisions. After that, we are obliged to erase or anonymize your data. In this case, the data are available to us only as so-called metadata without a direct personal reference for statistical evaluations (for example the proportion of female or male applicants, the number of applications per period, etc.).

 

You will not be separately informed about the erasure of your data.

 

In addition, we reserve the right to store your data for inclusion in our “Talent Pool” for one year after the end of the application procedure, in order to identify any further interesting positions for you. This also applies, for example, to applications for a training or internship position. For this purpose, we provide you with a separate consent in which you can agree to any further storage of your data and inclusion in our “Talent Pool”. The data are erased from the “Talent Pool” after a period of one year.

 

You will not be separately informed about the erasure of your data.

 

If, in the course of the application procedure, you receive an offer of employment with us and accept it, we store the personal data collected in the course of the application procedure for at least the duration of the employment relationship.

 

Right to Object and Right to Removal

Insofar as personal data are processed by us as the responsible body, you as the data subject have, depending on the legal basis and purpose of the processing, certain rights under Chapter III of the EU General Data Protection Regulation (GDPR). You can find these in the chapter “Rights of the Data Subject” of this privacy policy.

 

Insofar as the processing of personal data is based on your consent, you have the right under Art. 7(3) GDPR to withdraw this consent under data protection law. To assert your data subject rights with regard to the data processed in this application procedure, please contact our data protection officer at the contact details given above.

Description and Scope of Data Processing

To carry out your dental treatment, we process your personal data – in particular health data such as medical histories, diagnoses, findings, treatment proposals or treatment and billing data.

 

Legal Basis for Data Processing

The processing takes place on the basis of Art. 6(1)(b) GDPR (treatment contract) and Art. 9(2)(h) GDPR (processing of special categories of data in the healthcare sector).

 

Duration of Storage

The data are stored in accordance with the statutory retention periods, in particular pursuant to Section 630f BGB, as a matter of principle for 10 years after the completion of the treatment, and in special cases for up to 30 years.

 

Description and Scope of Data Processing

To bill your dental treatment, we process your personal data – in particular health data such as medical histories, diagnoses, findings, treatment proposals or treatment and billing data.

 

Legal Basis for Data Processing

The processing takes place on the basis of Art. 6(1)(b) GDPR and Art. 9(2)(h) GDPR. Insofar as we involve Statutory Health Insurance (Dental) Physicians’ Associations, this takes place on a statutory basis or in the context of a data processing arrangement or a special transfer obligation. Insofar as we involve external billing service providers, this takes place on the basis of your consent (Art. 6(1)(a) GDPR).

 

Debt Collection by Collection Service Providers

If you do not settle an invoice that is due despite a reminder, we hand over the data necessary for debt collection to a collection service provider. For this purpose, we work with

 

PAIR Finance GmbH, Hardenbergstraße 32, 10623 Berlin

 

, which acts as an independent controller within the meaning of the GDPR. To process the claim, PAIR Finance uses, among other things, self-developed technology based on artificial intelligence to control debtor communication. Only the data necessary for debt collection are transmitted. Detailed descriptions of diagnoses or treatment are not transmitted, unless this is exceptionally strictly necessary for enforcing the claim and is specifically requested.

 

Legal Basis for the transfer 

The transfer takes place on the basis of Art. 6(1)(f) GDPR and Art. 9(2)(f) GDPR. In the course of processing the claim, PAIR Finance may also pass on your data to credit agencies, lawyers as well as courts and authorities. PAIR Finance GmbH will inform you separately about the processing of your data by PAIR Finance; the data protection notices are available at https://pairfinance.com/datenschutz-bezahlseite/.

  1. Rights of the Data Subject

If personal data concerning you are processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

 

You can request confirmation from the controller as to whether personal data concerning you are being processed by us.

 

If such processing is taking place, you can request information from the controller about the following:

 

(1) the purposes for which the personal data are processed;

(2) the categories of personal data being processed;

(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

(4) the envisaged period for which the personal data concerning you will be stored or, if specific information on this is not possible, the criteria used to determine the storage period;

(5) the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;

(6) the existence of a right to lodge a complaint with a supervisory authority;

(7) all available information about the origin of the data, where the personal data are not collected from the data subject;

(8) the existence of automated decision-making including profiling pursuant to Art. 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.

 

You have the right to request information as to whether the personal data concerning you are transferred to a third country or to an international organization. In this context, you can request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

 

You have a right to rectification and/or completion vis-à-vis the controller insofar as the processed personal data concerning you are inaccurate or incomplete. The controller must carry out the rectification without undue delay.

 

Under the following conditions, you can request the restriction of the processing of the personal data concerning you:

 

(1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of the use of the personal data;

(3) the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims, or

(4) if you have objected to the processing pursuant to Art. 21(1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.

If the processing of the personal data concerning you has been restricted, these data may – apart from being stored – only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a member state.

 

If the processing has been restricted under the above-mentioned conditions, you will be informed by the controller before the restriction is lifted.

You can request the controller to erase the personal data concerning you without undue delay, and the controller is obliged to erase these data without undue delay where one of the following grounds applies:

 

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You withdraw your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing.

(3) You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.

(4) The personal data concerning you were processed unlawfully.

(5) The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union law or the law of the member states to which the controller is subject.

(6) The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8(1) GDPR.

 

If the controller has made the personal data concerning you public and is obliged to erase them pursuant to Art. 17(1) GDPR, it shall, taking account of available technology and the cost of implementation, take reasonable measures, including of a technical nature, to inform controllers who are processing the personal data that you, as the data subject, have requested the erasure by them of any links to, or copies or replications of, these personal data.

 

The right to erasure does not exist insofar as the processing is necessary

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation that requires processing under Union law or the law of the member states to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) as well as Art. 9(3) GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or

(5) for the establishment, exercise or defense of legal claims.

 

If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.

 

You have the right vis-à-vis the controller to be informed about these recipients.

 

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit these data to another controller without hindrance from the controller to whom the personal data were provided, provided that

 

(1) the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, and

(2) the processing is carried out by automated means.

 

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be adversely affected by this.

 

The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

 

You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.

 

The controller will no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

 

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

 

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. 

 

You have the option, in the context of the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by automated means using technical specifications.

 

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent up until the withdrawal.

 

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

 

(1) is necessary for entering into, or the performance of, a contract between you and the controller,

(2) is authorized by Union or member state law to which the controller is subject and which lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or

(3) is based on your explicit consent.

 

However, these decisions may not be based on special categories of personal data pursuant to Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) GDPR applies and suitable measures to safeguard the rights and freedoms and your legitimate interests have been taken.

 

With regard to the cases referred to in (1) and (3), the controller shall take suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

 

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your residence, your place of work or the place of the alleged infringement, if you consider that the processing of the personal data concerning you infringes the GDPR.

 

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

  1. Data Security, Third-Party Websites, Changes

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the browser’s address bar changes from “http://” to “https://” and by the lock symbol in your browser bar.

 

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

 

The website may contain hyperlinks to and from third-party websites. If you follow a hyperlink to one of these websites, please note that we cannot assume any responsibility or guarantee for third-party content or data protection terms. Please make sure of the respective applicable data protection terms before transmitting personal data to these websites.

 

We reserve the right to change this privacy policy at any time with effect for the future. A current version is available on the website at any time. 

 

Ver 2.3

 

 

logo

Opening hours

Show opening hours

Dental21 München Freiham

Hans-Stützle-Str. 20, 81249 München

Phone number

089 89054374

089 89054374
Powered byPatient 21 Logo