The protection of your personal data is important to us. We strictly adhere to the provisions and legal basis of the German Federal Data Protection Act (BDSG, see also https://www.gesetze-im-internet.de/bdsg_1990/and the German Telemedia Act (TMG, see also https://www.gesetze-im-internet.de/tmg/By using our website, you consent to us collecting certain data. Below you will find information on what data is collected during your visit to the website and how it is used.
As a user of the website www.ident-offenbach.de, you can generally view all content without providing any personal data. However, if you as a user (hereinafter referred to as "data subject") wish to make use of certain services (e.g. appointment or contact forms) via our website, it may be necessary to process personal data (see also 4. Collection of data and information).
When processing personal data (e.g. name, date of birth, address, email address or telephone number) of a data subject, we always comply with the General Data Protection Regulation (GDPR, see also https://dsgvo-gesetz.de) as well as the professional regulations and country-specific data protection provisions that apply to us. With this privacy policy, we would like to inform data subjects about the type, scope and purpose of the personal data we collect and process. In addition, we inform all users of our website about their rights in connection with data processing by our practice.
As the controller, we also consider it our duty to take numerous technical and organisational measures to ensure that the personal data processed via this website is protected as completely as possible for users of the www.ident-offenbach.de website. In principle, however, internet-based data transmissions can have security gaps at any time, meaning that we cannot guarantee absolute protection. For this reason, every user concerned is free to transmit personal data to us by alternative means, for example by telephone.
1. Definition of terms
Our privacy policy should be easy to read and understand for both the public and our patients. To ensure this and to explain the terms used below in advance, we refer you here to the original legal texts and definitions of the GDPR at https://dsgvo-gesetz.de/art-4-dsgvo/ and https://dsgvo-gesetz.de/bdsg-neu/46-bdsg-neu/.
2. Name and address of the data controller
The controller within the meaning of the General Data Protection Regulation is
Dental Practice iDent
represented by Mr Thomas Balogh
Aschaffenburger Straße 107
63073 Offenbach am Main
Germany
Phone (069) – 83 83 79 79
Fax (069) – 83 83 79 78
E-Mail praxis@ident-offenbach.de
Internet www.ident-offenbach.de
3. Collection of data and information
Handling of personal data
Personal data is information that can be used to identify a person, i.e. information that can be traced back to a person. This includes the name, e-mail address or telephone number. Personal data is only collected, used and passed on by us if this is permitted by law or if the person concerned consents to the collection of data. In principle, you can visit our website without leaving any personal data. However, in some circumstances we require data from you, namely in the case of
- Appointment form
- Contact form
Under no circumstances will the data collected be sold or passed on to third parties for other reasons.
Collection and processing of non-personal data (access data/server log files)
Every time a data subject accesses our website, i.e. every time a file is retrieved or an attempt is made to retrieve a file on this server, data about this process is stored in a log file (server log file) at the web space provider. This data is not personal and we cannot trace which user has accessed which data.
In detail, the following data record is stored for each retrieval:
- Name of the retrieved file
- Date and time of retrieval
- Amount of data transferred
- Message whether the call was successful
- Message indicating why a retrieval may have failed
- Operating system and browser software of your computer
- Referrer URL (the page visited previously)
- Host name of the accessing computer (IP address)
All of the aforementioned data is only used for statistical evaluations, for the purpose of operation, security and optimisation of the offer by us and by service providers commissioned by us. The anonymous data of the server log files are stored separately from all personal data. Further personal data is only collected if you provide this information voluntarily, for example as part of an enquiry. We use this data to constantly improve our website and our service for you. However, the provider reserves the right to check the log data retrospectively if there is a justified suspicion of unlawful use based on concrete evidence.
Purpose of data processing
Data processing is carried out on the basis of legal requirements and regulations in order to fulfil the treatment contract between you and us and the associated obligations. For this purpose, we process your personal data, in particular your health insurance and health data. This includes anamnesis, biographical data, diagnoses, therapies and therapy suggestions as well as findings that we or other doctors collect. For these purposes, other doctors, psychotherapists, hospitals, rehabilitation clinics or expert centres where you are undergoing treatment may also provide us with data (e.g. in medical reports, doctor's letters). The collection of health data is a prerequisite and basis for your treatment. If the necessary information is not provided, it will not be possible to provide careful treatment in accordance with your obligations - at best, emergency care will be provided.
Recipients of your data
We only transfer your personal data to third parties if this is permitted by law, necessary in emergency situations or made possible by your consent (e.g. declaration of release from confidentiality, implied action). Recipients of your personal data may include pharmacists, other doctors, psychotherapists, associations of statutory health insurance physicians, health insurance companies, pension insurance companies (e.g. due to rehabilitation, retirement), MDK, public authorities (e.g. pension office, labour office, social welfare office, health office), courts (e.g. care court, social welfare office), health insurance companies (e.g. pension fund), health insurance companies (e.g. due to rehabilitation, retirement). (e.g. care court, social court), medical associations (e.g. arbitration boards), insurance companies (e.g. accident insurance, life insurance), schools and employers (e.g. sick leave certificates), carers and authorised representatives, etc. The data is mainly transmitted for the purpose of invoicing the services provided to you and to clarify medical questions and questions arising from your insurance relationship. In individual cases, data may be transferred to other authorised recipients.
4. Contact options via the website
The website of the iDent dental practice contains buttons that enable quick electronic contact with our practice, including the provision of an e-mail address. The personal data transmitted by data subjects on a voluntary basis via a contact form or by e-mail is automatically stored by us exclusively for the purpose of processing or contacting the data subject. All personal data collected will not be passed on to third parties under any circumstances.
5. Data protection for digital applications
Applicant documents and personal data transmitted electronically via the website (e.g. by e-mail or via an integrated application form) are processed exclusively for the purpose of handling the application procedure. If an employment contract is subsequently concluded between the controller and the applicant, the transmitted data will be stored in compliance with the statutory provisions. If no employment contract is concluded, all transmitted data will be deleted by the data controller after notification of the rejection decision, provided that no other legitimate interests of the data controller stand in the way of deletion. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).
6. Use of cookies
The iDent dental practice website uses cookies. Cookies are small text files that are stored on a computer system via an Internet browser. Cookies enable the iDent dental practice to recognise the user of a website when they visit it again. The purpose of this recognition is to make it easier for users to use a website and to provide more user-friendly services that would not be possible without cookies.
No personal data is stored in our cookies. Most browsers are set to accept cookies automatically. However, you can deactivate the storage of cookies or set your browser so that it notifies you as soon as cookies are sent. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programmes. This is possible in all common Internet browsers. Please note that cookies may be required for some functions of our website to function and/or be displayed correctly.
7. Deletion and blocking of personal data
Our practice only stores personal data of the data subject for as long as is necessary to fulfil the purpose of storage or for as long as is provided for by European directives, the competent supervisory authority or other applicable German laws.
If the storage purpose no longer applies or if the relevant storage period expires, the personal data will be routinely deleted in accordance with the statutory provisions.
8 Rights of the data subject
a) Right to confirmation
Pursuant to Art. 15 (1) GDPR , the data subject has the right to obtain confirmation from us as to whether personal data concerning him or her is being processed at our practice. If a data subject wishes to avail himself of this right of confirmation, he or she may, at any time, contact any employee of our practice.
b) Right to information
The right of access is divided into two stages. Firstly, the data subject can request confirmation from the controller as to whether personal data relating to them is being processed (see 9a - Right to confirmation). If no personal data of the data subject is processed, the applicant must be informed accordingly. If the data subject's personal data is processed, the data subject has the right to access the data free of charge. In addition, the controller must also provide the data subject with the following information in accordance with Art. 15 (1) GDPR :
- Purposes of processing;
- Categories of personal data that are processed;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- if the personal data are not collected from the data subject, all available information about the origin of the data;
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
If personal data is transferred to third countries or to an international organisation, data subjects also have the right under Art. 15 para. 2 GDPR to be informed of the appropriate safeguards taken in connection with the data transfer in accordance with Art. 46 GDPR (e.g. agreed standard data protection clauses or binding internal data protection regulations).
If a data subject wishes to avail himself of this right of access, he or she may, at any time, contact any employee of our practice.
c) Right to rectification
Pursuant to Art. 16 GDPR , the data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If a data subject wishes to exercise this right to rectification, he or she may, at any time, contact any employee of our practice.
d) Right to erasure ("right to be forgotten")
Pursuant to Art. 17 GDPR , the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies and insofar as the processing is no longer necessary
- The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR
- The personal data was processed unlawfully.
- The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
- The personal data was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.
If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by Zahnarztpraxis iDent, he or she may, at any time, contact any employee of our practice. The employee contacted will ensure that the request for erasure is complied with immediately.
e) Right to restriction of processing
Pursuant to Art. 18 GDPR the data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data,
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims, or
- the data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by the Zahnarztpraxis iDent, he or she may at any time contact any employee of the dental practice. The employee contacted will immediately arrange for the restriction of processing.
f) Right to data portability
Pursuant to Art. 20 GDPR the data subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format
It also has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising their right to data portability pursuant to Art. 20 para. 2 GDPR, the data subject has the right to obtain that the personal data be transferred directly from one controller to another controller, insofar as this is technically feasible and provided that this does not adversely affect the rights and freedoms of other persons (Art. 20 para. 4 GDPR).
In order to assert the right to data portability, the data subject may at any time contact any employee of the dental practice iDent.
g) Right to object
Pursuant to Art. 21 GDPR , the data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR. This also applies to profiling based on these provisions.
The dental practice iDent shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.
If the dental practice iDent processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing in accordance with Article 21(2) of the GDPR. This also applies to profiling insofar as it is associated with such direct advertising. If the data subject objects to the Zahnarztpraxis iDent to the processing for direct marketing purposes, the Zahnarztpraxis iDent will no longer process the personal data for these purposes (Art. 21 para. 3 GDPR).
In addition, pursuant to Art. 21 (6) GDPR, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by the Zahnarztpraxis iDent for scientific or historical research purposes, or for statistical purposes pursuant to Art. 89 (1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
In order to exercise the right to object, the data subject may contact any employee of the practice. The data subject is also free, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise his or her right to object by automated means using technical specifications.
The data subject also has the right to lodge a complaint with the competent data protection supervisory authority if they believe that their personal data is being processed unlawfully. The address of the supervisory authority responsible for us is
Hessian Commissioner for Data Protection and Freedom of Information
Prof. Dr. Michael Ronellenfitsch
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Germany
Telefon (0611) – 14 08 0
Telefax (0611) – 14 08 – 900
E-Mail poststelle@datenschutz.hessen.de
h) Automated decisions in individual cases including profiling
Any person affected by the processing of personal data has, in accordance with Art. 22 GDPR the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, provided that the decision (1) is not necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is based on the data subject's explicit consent.
If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject's explicit consent, the Zahnarztpraxis iDent shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.
If the data subject wishes to exercise the rights concerning automated individual decision-making, he or she may, at any time, contact any employee of our practice.
i) Right to withdraw consent under data protection law
The data subject has the right to withdraw consent to the processing of personal data at any time.
If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact any employee of our practice.
9. Use of web fonts
a) Google Fonts
External fonts from Google Fonts, a service of Google Inc ("Google"), are used on this website. These web fonts are integrated via a server call. It is transmitted to the server - usually in the USA - which web pages you have visited. In addition, the IP address of the browser of the end device of the visitor to this website is stored by Google. Further information can be found in Google's privacy policy:
https://fonts.google.com/#AboutPlace:about & https://policies.google.com/privacy?hl=en
b) Adobe Typekit
This site uses so-called web fonts, provided by Adobe Typekit, for the uniform and appealing display of fonts. If your browser does not support web fonts, a standard font will be used by your computer. When you access this page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. Therefore, the browser you are using must connect to the Adobe Typekit servers, which is why Adobe Typekit becomes aware that this website has been accessed via your IP address. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Further information can be found in Adobe Typekit's privacy policy:
https://typekit.com/ & https://www.adobe.com/de/privacy/policies/typekit.html
10. Data protection provisions about the application and use of Google Analytics (with anonymization function)
This website uses Google Analytics (with anonymization function), a web analysis service of Google Inc ("Google"). Web analysis is the collection, compilation and evaluation of data on visitor behavior and the use of individual websites. This data usually consists of the so-called referrer URL, the address from which a data subject came to our website, as well as information on the use of the individual subpages (e.g. an overview of the pages clicked on, the frequency of visits and the time spent on these pages). Web analysis is mainly used to optimize a website and for cost-benefit analysis.
The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
In addition to evaluating the use of our website, Google uses the data obtained to compile online reports on the activities on our pages and to provide other services in connection with the use of our website.
Google Analytics uses so-called "cookies", text files that are stored on your digital device (e.g. computer or smartphone) and that enable your use of the website to be analyzed (see also 7. Use of cookies). The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. However, due to the IP anonymization on this website, your IP address will be shortened and anonymized by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
In addition, the internet browser on the data subject's digital device automatically transmits data to Google for the purpose of online analysis each time a sub-page of this website is accessed on which a Google Analytics component has been integrated. With the help of this technical process in the background of the visited website, Google obtains knowledge of personal data, such as the IP address of the data subject. Google uses this specific data to compile reports on website activity (e.g. the origin of visitors and number of clicks) and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
By storing the cookies described above on the data subject's digital device, personal information such as the access time, the location from which access was made and the frequency of visits, including the IP address of the Internet connection used by the data subject, is transmitted to Google in the United States of America and stored each time the data subject visits our website. Google may also pass on this personal data collected via the technical process to third parties.
The data subject may, at any time, prevent the storage of cookies by our website by means of a corresponding setting in the browser software used and thus permanently deny the setting of cookies. However, we would like to point out at this point that in this case the data subject may not be able to use all functions of this website to their full extent. Such a setting in the browser software used would also prevent Google from placing a cookie on the data subject's digital device. In addition, a cookie already set by Google Analytics can be subsequently deleted at any time via the browser software or other software programs.
The data subject can also prevent Google from collecting the data generated by the cookie and relating to their use of the website (including their IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and installing it on their digital device: https://tools.google.com/dlpage/gaoptoutThe installation of the browser add-on is considered an objection by Google, which prevents data and information on visits to websites from being transmitted to Google Analytics via JavaScript. If the data subject's digital device is deleted, formatted or reinstalled at a later date, the data subject must reinstall the browser add-on in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person who is attributable to their sphere of control, it is possible to reinstall or reactivate the browser add-on at any time.
Further information and the applicable data protection provisions of Google may be retrieved under https://policies.google.com/privacy?hl=en&gl=en and under http://www.google.com/analytics/terms/en.html . Google Analytics is available at this link: https://www.google.com/intl/de_de/analytics/ You can find further information there.
11. Use of Google+ and Google reCaptcha
We integrate the function for recognizing bots ("ReCaptcha") of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, when entering data in our forms. Further information on this can be found in Google's privacy policy: https://www.google.com/policies/privacy/ and the opt-out instructions: https://adssettings.google.com/authenticated.
Plugins of the social network Google+ are integrated on our pages. The operating company of Google+ is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. You can recognize the Google plugins by the Google+ logo on our site. When you visit our pages, a direct connection is established between your browser and the Google server via the plugin. Google thereby receives the information that you have visited our site with your IP address. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Google. Further information on this can be found in Google's privacy policy at https://www.google.com/policies/privacy/. If you do not want Google to be able to associate your visit to our website with your Google user account, please log out of your Google user account.
12 Data protection provisions about the application and use of Facebook
Plugins of the social network Facebook are integrated on our pages. The operating company of Facebook is Facebook, Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the controller for the processing of personal data is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
You can recognize the Facebook plugins by the Facebook logo or the "Like" button on our site. You can find an overview of the Facebook plugins here: http://developers.facebook.com/docs/plugins/.
When you visit our pages, a direct connection is established between your browser and the Facebook server via the plugin. Facebook receives the information that you have visited our site with your IP address. If you click on the Facebook "Like" button while you are logged into your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to associate your visit to our pages with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information on this can be found in Facebook's privacy policy at http://de-de.facebook.com/policy.php.
If you do not want Facebook to be able to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account.
13. Use of Jameda seal and widget
Seals and/or widgets of jameda GmbH, St. Cajetan-Straße 41, 81669 Munich are integrated on our website. Although the corresponding content is displayed on our website in the widget - a small window that displays variable information - it is retrieved from the jameda servers at that moment. This means that the current content and the current ratings can always be displayed. To do this, a data connection must be established from this website to jameda.
Jameda erhält folgende Daten:
- Date and time of the visit
- the page from which the query is made
- Internet Protocol address (IP address) used
- Browser type and version
- Type of device
- Operating system
- similar technical information that is necessary for the content to be delivered
This data is only used to provide the content and is not stored or used in any other way. With the integration, we pursue the purpose and legitimate interest of presenting current and correct content on our website in accordance with Art. 6 para. 1 f GDPR. The aforementioned data is not stored. Further information on data processing by jameda can be found in the privacy policy of jameda GmbH at www.jameda.de.
14. Children & adolescents
Data subjects who have not yet reached the age of 18 should not transmit any personal data to us without the consent of their parents or legal guardians. In general, we do not request personal data from children and young people on our website, do not collect it and do not pass it on to third parties.
15. Legal basis of the processing
The legal basis for processing operations for which we obtain consent for a specific processing purpose is Art. 6 (1) (a) GDPR.
If the processing of personal data is based on the fulfillment of a contract between the controller and the data subject, as is the case, for example, with processing operations that are necessary for the provision of a service or consideration, the processing is based on Art. 6 para. 1 letter b GDPR. The same applies to processing operations that are necessary for the performance of pre-contractual measures.
If the processing of personal data is required by a legal obligation of our practice (e.g. fulfillment of tax obligations), the processing is based on Art. 6 para. 1 letter c GDPR.
In addition, a situation could arise within our practice in which the processing of personal data becomes necessary in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our practice were to be injured and their name, age, health insurance details or other vital personal information would have to be passed on to a doctor, hospital or other third party. In this case, the processing would be based on Article 6(1)(d) GDPR.
Ultimately, processing operations could be based on Article 6(1)(f) GDPR. Processing operations are based on this legal basis if the processing is necessary for the purposes of the legitimate interests pursued by our practice or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, in particular where the data subject is a child. In this respect, the European legislator takes the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 Sentence 2 GDPR).
16. SSL encryption
In order to provide visitors to our website with greater security when transmitting personal data, we work with SSL encryption. This encryption is used for inquiries that you send to us via our website. Data encrypted via SSL cannot be viewed by third parties. Please always ensure that SSL encryption is activated when transmitting personal data or other confidential data from your side. The use of encryption is easy to recognize: The Internet address in your browser address bar is preceded by https:// instead of http://.
17. Legitimate interests in the processing pursued by the controller or a third party
If the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is the performance of our business activities for the benefit of the well-being of our employees and our shareholders.
18. Storage period for personal data
The storage period of personal data is regulated by the respective statutory retention period. If this period expires, the collected data is routinely deleted, provided that it is no longer part of a contract fulfillment or contract initiation.
We only store your personal data for as long as is necessary to carry out the treatment. Due to legal requirements, we are obliged to retain this data for at least 10 years after completion of treatment. Other regulations may stipulate longer retention periods, for example 30 years for X-ray records in accordance with Section 28 (3) of the X-ray Ordinance.
19. Information on the mandatory provision of personal data by the data subject
At this point, we would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or that the provision of data may result from contractual regulations (e.g. information on the contractual partner). For example, if the data subject concludes a contract with our practice, they are obliged to provide us with personal data. If this data is not provided to us for the conclusion of the contract, the contract with our practice may not be concluded. The data subject can contact an employee at any time before providing personal data, who will be happy to clarify on a case-by-case basis whether the provision of personal data is necessary and required by law or contract. We will also inform the data subject whether the provision of personal data is mandatory in the individual case and what the consequences would be if the data were not provided.
20. Existence of automated decision-making
As a responsible practice, we do not use automated decision-making or profiling.
21. Validity and choice of law
This data protection declaration is to be regarded as part of the website from which you were referred to this page. If parts or individual formulations of this data protection declaration do not, no longer or do not fully comply with the applicable legal situation, the content and validity of the remaining parts of the document shall remain unaffected. German law applies. In the case of consumers, this choice of law only applies insofar as the protection granted by mandatory provisions of the law of the state of the consumer's habitual residence is not thereby withdrawn (principle of favorability).