This privacy policy clarifies the type, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and the associated websites, functions, and contents as well as external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer"). In the context of the used terms, such as "processing" or "responsible person", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Dr. med. Phillip Rogge
Am Oelpfad 12, 44263 Dortmund
Germany
https://www.dr-rogge.de
praxis@dr-rogge.de
Impressum:
https://www.dr-rogge.de/impressum/index.html
• Contact data (e.g. email, phone numbers).
• Content data (e.g. text inputs, photos, videos).
• Usage
data (e.g. visited websites, interest in content, access times).
• Meta/communication data (e.g. device
information, IP addresses).
Visitors and users of the online offer, as well as remote, written, and personal contacts (hereinafter
collectively referred to as "users").
• Provision of the offer, online functions, and contents.
• Answering contact requests and communication with
users.
• Security measures.
• Treatment, care, and order fulfillment.
"Personal data" are all information relating to an identified or identifiable natural person (hereinafter
referred to as "affected person"); an identifiable natural person is considered to be one who can be identified
directly or indirectly, in particular by means of assignment to a name, identification number, location data,
online identifier (e.g. cookie) or one or more special features that are the expression of the physical,
physiological, genetic, mental, economic, cultural or social identity of this natural person.
"Processing" means any operation or set of operations performed on personal data or on sets of personal data,
whether by automated means or not, such as collection, recording, organization, structuring, storage, adaptation
or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making
available, alignment or combination, restriction, erasure or destruction.
"Pseudonymization" means the
processing of personal data in such a way that the personal data can no longer be attributed to a specific natural
person without the use of additional information, provided that such additional information is kept separately and
is subject to technical and organizational measures that ensure that the personal data are not attributed to an
identified or identifiable natural person.
"Profiling" means any automated processing of personal data
consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in
particular to analyze or predict aspects concerning that natural person's performance at work, economic situation,
health, personal preferences, interests, reliability, behavior, location or movements.
"Responsible
person" means the natural or legal person, public authority, agency or other body which alone or jointly with
others determines the purposes and means of the processing of personal data; where the purposes and means of such
processing are determined by Union or Member State law, the responsible person or the specific criteria of his
appointment may be designated as appropriate.
"Auftragsverarbeiter" means a natural or legal person,
public authority, agency or other body which processes personal data on behalf of the responsible person.
According to Art. 13 GDPR, we inform you about the legal basis of our data processing. If the legal basis is not mentioned in the privacy policy, the following applies: The legal basis for the collection of consent is Art. 6 (1) (a) and Art. 7 GDPR, the legal basis for the processing for the fulfillment of our services and the execution of contractual obligations is Art. 6 (1) (b) GDPR, the legal basis for the processing for the fulfillment of our legal obligations is Art. 6 (1) (c) GDPR, and the legal basis for the processing for the protection of our legitimate interests is Art. 6 (1) (f) GDPR. In the case of a necessity to protect life or health of the affected person or another natural person, Art. 6 (1) (d) GDPR is the legal basis.
We implement, according to Art. 32 GDPR, appropriate technical and organizational measures to ensure a level of
security appropriate to the risk, taking into account the state of the art, the cost of implementation, and the
nature, scope, context, and purposes of processing, as well as the varying levels of risk and the varying
likelihood and severity of the risk to the rights and freedoms of natural persons. To this end, we take into
account the implementation costs and the nature, scope, context, and purposes of processing, as well as the
varying levels of risk and the varying likelihood and severity of the risk to the rights and freedoms of natural
persons.
The measures include the security of confidentiality, integrity, and availability of data by
controlling physical access to the data, as well as the processing of the data and their transmission, or the
securing of availability and their access. Furthermore, we have established procedures to ensure the exercise of
data subject rights, data deletion, and data breach notification to the competent supervisory authority.
Furthermore, we take into account the protection of personal data already in the development, or selection of
hardware, software, and procedures, in accordance with the principle of data protection by design and by default
(Art. 25 GDPR).
Where we disclose data to other persons and companies (processors or third parties) in the course of our
processing, this is done on the basis of a legal authorization (e.g. if a transfer of data to third parties, such
as payment service providers, is necessary for the fulfillment of a contract, in accordance with Art. 6 (1) (b)
GDPR), you have given your consent, a legal obligation exists, or our legitimate interests (e.g. in the case of
the use of commissioned processors, web hosts, etc.).
If we commission third parties with the processing
of data on the basis of a so-called "processing contract" in accordance with Art. 28 GDPR, this is done on the
basis of Art. 28 GDPR.
Where we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), this is done only if it is necessary for the fulfillment of our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation, or on the basis of our legitimate interests. Before transferring data to a third country, we ensure that the third country has an adequate level of data protection, in particular by concluding standard contractual clauses with the third country or by relying on publicly recognized certification bodies.
You have the right to obtain confirmation from us as to whether we process personal data concerning you. If this is the case, you have the right to obtain information about these personal data and to obtain a copy of the data. Furthermore, you have the right to obtain information about the origin of the data, the recipient of the data and the purpose of the data processing. You also have the right to request the correction, deletion or restriction of the processing of your personal data. You have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
You have the right to withdraw your consent at any time with effect for the future.
You have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
As "cookies" are small files that are stored on the user's computer, we use them to store information about the user's behavior on our website. The cookies are used to analyze the user's behavior and to improve the user experience. You can object to the use of cookies at any time by deleting them from your browser or by blocking them in your browser settings. You can also object to the use of cookies by using a cookie blocker or by using a browser that does not support cookies.
The data we process will be deleted or restricted in their processing in accordance with Articles 17 and 18 of the DSGVO. Unless explicitly stated in this data protection declaration, the data stored by us will be deleted as soon as it is no longer necessary for its intended purpose and the deletion is not prevented by legal storage obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons.
We process the data of our customers in the context of our contractual services to which conceptual and strategic advice, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes/handling, server administration, data analysis/consulting services and training services belong.
We process the data of our patients and interested parties and other contract partners (collectively referred to as "patients") in accordance with Article 6 (1) (b) DSGVO, in order to provide them with our contractual or pre-contractual services. The data processed, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship. The data processed include, in particular, basic and master data of the patients (e.g. name, address, etc.), as well as contact data (e.g. email address, telephone number, etc.), contract data (e.g. services used, products acquired, costs, names of contact persons, etc.) and payment data (e.g. bank account, payment history, etc.).
We process the data of our clients and interested parties and other contract partners (collectively referred to as "clients") in accordance with Article 6 (1) (b) DSGVO, in order to provide them with our contractual or pre-contractual services. The data processed, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship. The data processed include, in particular, basic and master data of the clients (e.g. name, address, etc.), as well as contact data (e.g. email address, telephone number, etc.), contract data (e.g. services used, honorarium, names of contact persons, etc.) and payment data (e.g. bank account, payment history, etc.).
We process data in the context of administrative tasks and organization of our business, financial accounting and compliance with legal obligations, such as archiving. We process the same data that we process in the context of the provision of our contractual services. The processing bases are Article 6 (1) (c) DSGVO, Article 6 (1) (f) DSGVO. The data subjects affected by the processing are customers, interested parties, business partners and website visitors. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e. tasks that serve the maintenance of our business activities, the fulfillment of our tasks and the provision of our services. The deletion of data in the context of contractual services and contractual communication corresponds to the specifications mentioned in these processing activities.
Created with
Datenschutz-Generator.de by RA Dr. Thomas Schwenke