Please note: This translation of the original German privacy policy can – even when the translation was done with the utmost care – result in different interpretations/meanings. For means of interpretation the German version shall prevail.
Data Protection Policy of Zahnkultur Berlin,
MVZ Zahnkultur Berlin-Köpenick GmbH
The requirements of the EU General Data Protection Regulation (hereinafter: GDPR) have been in effect in Europe since 25 May 2018. With the information provided below we would like to inform you about the processing of personal data by MVZ Zahnkultur Berlin-Köpenick in accordance with this new regulation (see Article 13 of the GDPR). Please read our Data Protection Policy carefully. Should you have any questions or comments about this Data Protection Policy, you can send them at any time to the e-mail address provided in section 2.
Table of contents
- Overview
-
Who is responsible for data processing on this website and how can the Data Protection Officer be contacted?
-
How, for what purpose and on what legal basis will your data be processed?
- 3.1) How and on what legal basis do we process your data when you visit our website?
- 3.2) How, to what extent and on what legal basis do we process your data in the context of an online scheduling of an appointment? (applies only to our website zahnkultur-berlin.de).
- 3.3) How, to what extent and on what legal basis do we process your data in the context of any dental treatment?
- 3.4) How, to what extent and on what legal basis do we process your data when you apply for a job with us? (applies only to our website zahnkultur-berlin.de)
- 3.5) How, to what extent and on what legal basis do we process your data in the context of a business relationship with our service providers and business partners?
- 3.6) How, for what purpose and on what legal basis do we process your data in connection with our online presence and our website optimisation?
- 3.7) How, to what extent and on what legal basis do we process your data in connection with our company profiles on social networks?
4. In which cases do we share your data with recipients outside the EU?
5. What rights do you have with respect to your data?
6. How long will your data be stored with us?
1. Overview
The following Data Protection Policy informs you about the nature and scope of the processing of personal data by MVZ Zahnkultur Berlin-Köpenick GmbH. Personal data means information that can be attributed, directly or indirectly, to your person.
Data processing by MVZ Zahnkultur Berlin-Köpenick GmbH can essentially be divided into six categories:
- When making appointments online, we process your data required for this purpose as well as any other information you provide to us in this context (see 3.2 applies only our websitezahnkultur-berlin.de).
- To provide out patients with treatment and for fulfilment of the treatment contract, we process data of our patients that are necessary for such purpose (see 3.3).
- In connection with applications for any job vacancies, we process data that applicants send us in connection with an application (see 3.4 / applies only to our websitezahnkultur-berlin.de).
- In business transactions with our service providers and business partners, we process personal data of the respective contact persons (see 3.5).
- When you access the website of MVZ Zahnkultur Berlin-Köpenick GmbH, your terminal device sends various kinds of information to our server. This might include personal data. The information thus collected is used, among other things, to embed external contents in our website. See also 3.1 and 3.6.
- MVZ Zahnkultur Berlin-Köpenick GmbH has company profiles on various social networks. For information on how personal data will be processed in connection with your visit to these company profiles, please refer to our privacy policy for social networks.
You have different rights that you can assert towards us in accordance with the requirements of the GDPR. This includes, among other things, the right to object to selected data processing, in particular data processing for advertising purposes. Any option to object is typographically emphasised.
If we perform any other data processing, we will inform you on a case-by-case basis. If you have any questions about our Data Protection Policy, please do not hesitate to contact our external Data Protection Officer at any time. You will find the contact details below.
2. Who is responsible for data processing and how can the Data Protection Officer be contacted?
This Data Protection Policy applies to data processing by MVZ Zahnkultur Berlin-Köpenick GmbH, Dörpfeldstrasse 46, 12489 Berlin (“Controller”), and to the following website:
www.zahnimplantate-berlin.dental
Our contact details:
Zahnkultur Berlin
MVZ Zahnkultur Berlin-Köpenick GmbH
Dörpfeldstrasse 46
12489 Berlin
Telephone: 030 / 565 90 50 0
Fax: 030 / 565 90 50 20
E-mail: kontakt@zahnkultur-berlin.de
You may contact our Data Protection Officer at the above address, to the attention of the Data Protection Officer, or at datenschutzbeauftragter@zahnkultur-berlin.de
Please note that your health insurance company is responsible for any data processing performed in the context of the electronic patient record. We kindly ask you to address any questions you may have in this regard to your insurance company. gematik GmbH is responsible for the provision of the telematics infrastructure.
3. How, for what purpose and on what legal basis will your data be processed?
3.1. How and on what legal basis do we process your data when you visit our website?
When you visit our website, the browser used on your terminal device will automatically send information to the server of our website which will temporarily be stored in what is commonly referred to as a log file. This is outside our sphere of influence. The following information will be collected without any activities on your part and will be stored until its automatic erasure:
- the IP address of the requesting Internet-enabled device;
- date and time of access;
- name and URL of the retrieved file;
- the website from which access was made (referrer URL);
- the browser you use and, if applicable, the operating system of your Internet-enabled computer and the name of your Internet provider.
Legal basis for processing the IP address is point (f) of Article 6 (1) of the GDPR. Our legitimate interest results from the purposes of data collection listed. Please allow us to note that we cannot and will not draw any direct conclusions about your identity from the data collected.
We will use the IP address of your terminal device and the other data listed above for the following purposes:
- ensuring a smooth connection;
- ensuring a comfortable use of our website;
- to evaluate system security and stability.
The data will be stored for a period of 7 days and then automatically erased. We also make use of cookies and tracking tools on our website. For more information on the exact methods involved and the way in which your data are used for this, please see point 3.4 below.
If you have given your consent to the geolocation option in your browser or in the operating system or other settings of your terminal device, we will use this function to be able to offer you individual services (e.g. the location of our doctor’s office) related to your current location. We will process your location data processed in this way exclusively for this function. The data will be erased when you stop using this function.
This website is hosted by an external service provider (Host). The personal data collected on this website are stored on the servers of the Host. In order to guarantee data protection in the processing, we have concluded a data processing contract with our Host. We engaged a communications agency with the development and administration of our website. The communication agency therefore has access to the above-mentioned technical data. In order to guarantee data protection in processing, we have concluded a data processing contract with the communication agency.
3.1.1 Contact options via the website
The website of MVZ Zahnkultur Berlin-Köpenick GmbH contains information that enables you to quickly contact our company electronically as well as by direct communication, which also includes a general address of the electronic mail (e-mail address). If a data subject contacts the Controller by e-mail or by using a contact form, the personal data transmitted by the data subject will automatically be saved. Such personal data transmitted on a voluntary basis (cf. point (a) of Art. 6 (1) or Art. 9 (1) of the GDPR) by a data subject to the Controller are stored for the purpose of processing or contacting the data subject. Such personal data will not be passed on to third parties.
3.2 How, to what extent and on what legal basis do we process your data in the context of an online scheduling of an appointment?
(applies only to our website www.zahnkultur-berlin.de)
3.2.1 Data from you we process as well as purposes and legal bases of data processing
We process your data for making an appointment and thus within the scope of initiating a contract. The legal basis is therefore point (b) of sentence 1 of Art. 6 (1) of the GDPR in conjunction with point (h) of Art. 9 (2) of the GDPR and point (b) of no. 1 of Sec. 22 (1) of the BDSG [German Data Protection Act].
For making an appointment online, the following information must be provided as a minimum: Name, insurance status, type of appointment, selected doctor, booked appointment, mobile phone number. Other information that you provide on a voluntary basis might be processed in addition such as e.g. patient history, symptoms. Such data will be processed to enable us to keep the desired appointment free and to contact you in case we need to change the appointment. Our online booking service provider, Dr-Flex, will send a reminder via SMS.
3.2.2 Service by Dr-Flex
If you use the online appointment scheduling function on our practice website, we will forward you to our service provider Dr-Flex. Online appointment scheduling is made on the basis of a so-called iFrame that is incorporated into our website and forwards the data to the Dr-Flex server. Dr-Flex’s terms and conditions apply in addition to our terms and conditions.
For more information on how Dr-Flex processes your personal data, please visit: https://dr-flex.de/info/datenschutz.
Dr-Flex’s general terms and conditions for patients are available here: https://dr-flex.de/info/agb-patienten
Dr-Flex processes data on servers located in Germany.
For more information on data processing, in particular on storage periods, please refer to our Data Protection Information for dental treatment under 3.3
3.3 How, to what extent and on what legal basis do we process your data in the context of any dental treatment?
3.3.1 Data from you we process as well as purposes and legal bases of data processing
We process your data for fulfilling the treatment contract, the associated obligations and for billing our services. The legal basis is therefore point (b) of sentence 1 of Art. 6 (1) of the GDPR in conjunction with point (h) of Art. 9 (2) of the GDPR and point (b) of no. 1 of Sec. 22 (1) of the BDSG [German Data Protection Act].
The data we process includes, among other things, health data and thus special categories of personal data within the meaning of Art. 9 of the GDPR. These include the data collected using the medical history form such as name, contact details, insurance details, pre-existing conditions, allergic reactions, blood pressure, medications, pregnancy or preferences during treatment.
Furthermore, we collect data in your patient record. These include diagnoses, findings, x-ray images, therapy proposals, treatment and cost plans or medical reports. Last but not least, we also collect data in the context of making appointments and of cash payments for treatment. The collection of your health data is required for the treatment. Appropriate treatment and care cannot be provided if the necessary information is not provided.
3.3.2 Processing of your Data in the electronic patient record
Our practice can use the electronic patient record (ePA) and the associated functions, such as e.g. the digital transmission of the medical report to your health insurance company, the electronic prescription and the access to or storage of medical documents in the ePA, provided that you give your consent to this.
You can give your consent by giving the appropriate authorisation in the smartphone app of your health insurance company. Alternatively, you can also give us your consent orally in our practice and confirm it by entering your personal PIN on the health card reader. We will document your oral consent by a note in your patient record.
You can freely adjust the duration of our access rights to your ePA for a period of between 1 day and 18 months. You may, of course, revoke or extend the authorisation in your smartphone app, at any time, without needing to state any reasons. When you grant the access rights in our practice, we ask you to choose a suitable period and to communicate it to us. Please note that the transfer of treatment data or X-rays may take a few days.
In your ePA, you can at all times see in detail the extent to which we view the documents you have released for us. You can use your smartphone app to erase data in the ePA yourself. Please note that the erasure of this data means that such data can no longer be accessed in the ePA by other physicians involved in your treatment. Upon request and in exceptional cases, such erasure can also be made by our practice. In these cases, we kindly ask you to confirm your request in writing.
The legal basis for our processing of your personal data contained in the ePA is thus the above-mentioned treatment contract in conjunction with your consent according to point (a) of Art. 6 (1) of the GDPR. Please contact your health insurance company if you have further questions regarding the electronic patient record, in particular regarding the security of your data and the use of the smartphone app.
3.3.3 Storage period of the data
We only store your personal data for as long as this is necessary for performing the treatment or we are legally obliged to do so. For example, we are obliged by law to keep treatment data for at least 10 years after the end of any treatment.
Longer storage periods may result from to other regulations, for example 30 years for x-ray images according to Sec. 28 (3) of the Röntgenverordnung [German X-Ray Ordinance].
3.3.4. Data recipient
The dentist treating you is generally subject to their professional confidentiality obligations regarding any information relating to your treatment, besides needing to comply with the provisions under data protection laws.
Your data will therefore only be passed on to any third parties insofar as that is permitted under the legal provisions or if you have given us your consent and, where necessary, have released your doctor of the obligation of confidentiality.
As a precaution, we would like to point out that, in the context of your treatment, a disclosure of information will made between the various doctors or treatment teams employed by us to the extent that this is necessary for your treatment (since you will not always be treated by the same dentist/team). Insofar as we have no written release from the professional obligation to confidentiality, we assume your implicit consent, since this fact results from the practice procedure known to you.
Recipients of your personal data may be, in particular, other physicians, dental laboratories, health insurance associations, health insurance companies, the medical service of the health insurance, medical chambers and private medical settlement agents. The data will be transmitted predominantly for billing the services provided to you and for clarifying any medical and insurance-related issues. We might pass on your data to lawyers or service providers in order to secure or pursue payment claims. The legal basis for this is point (f) of Art. 6 (1) of the GDPR, since the transfer is based on our legitimate interest in enforcing our claim for remuneration.
Recipients of data may also be health authorities or other registration offices, such as e.g. the Cancer Register, to which we are obliged to report.
Our medical practice is also connected to the telematics infrastructure (TI). This TI is used to network health-care professionals and to use specialist medical applications. The technical operation of the TI is carried out by the company Gesellschaft für Telematikanwendungen der Gesundheitskarte mbH (gematik).
We make use of external service providers in our medical practice for various services in the field of IT, cleaning or waste disposal. Even if your data will not generally be passed on to these service providers, it cannot be excluded that they will gain knowledge of them. We commit all service providers to observe the professional medical secrecy obligations and to comply with the data protection regulations.
3.3.5 Where will the data be processed?
We process your data exclusively on our own servers located in Germany.
3.4 How, to what extent and on what legal basis do we process your data when you apply for a job with us?
(applies only to our website www.zahnkultur-berlin.de)
3.4.1 Data from you we process and purposes of the processing
We will process the data you send us in connection with any job application (including name, contact details, certificates, CV, job request) in order to verify your suitability for the job and to perform the application procedure.
3.4.2 Legal basis of data processing
The legal basis for processing your personal data in this application procedure is primarily Sec. 26 of the BDSG. According to this law, it is permitted to process data required in connection with taking a decision on the establishment of an employment relationship.
If such data is necessary for legal proceedings after the completion of the application procedure, data processing can be based on the requirements of Art. 6 of the GDPR, in particular for the purposes of the legitimate interests in accordance with point (f) of Art. 6 (1) of the GDPR. In such case, our interest consists in asserting or defending claims.
3.4.3 Storage period of the data
Data from rejected applicants will be erased after 6 months.
In the event that you have consented to a continued storage of your personal data, we will transfer your data to our applicant pool. The data there will be erased after the expiry of one year. If you take up a position with us, the data will be transferred to your personnel file.
3.4.4 Data recipient
Your job application will only be processed by the responsible employee.
3.4.5 Where will the data be processed?
The data will generally be processed on dedicated IT systems located on our premises. Besides the administrators, only staff members responsible for human resources and the company management are able to access these IT systems. Applicant data will not be processed outside the European Union.
3.5 How, to what extent and on what legal basis do we process your data in the context of a business relationship with our service providers and business partners?
3.5.1 Data from you we process and purposes of the processing
In the context of our business relationship, we will collect personal data for the following purposes:
- Initiation and establishment of the contractual relationship;
- Performance of the contractual relationship;
- Preservation of proof for any post-contractual warranty and litigation claims;
- Payment transactions;
- Measures for building and facility security (e.g. access control);
- Business management measures and measures to improve internal processes and products.
The following categories of personal data will be collected and processed:
- employee data (including name, (business) address, e-mail, phone, area of responsibility);
- communication data (e.g. e-mails, correspondence);
- if applicable, payment data (e.g. bank details);
- if applicable, billing data (e.g. tax number).
3.5.2 Legal basis of data processing
The legal basis for the above-described processing is the contractual relationship existing between us or the initiation of such a relationship and thus point (b) of sentence 1 of Art. 6 (1) of the GDPR. Insofar as the contractual relationship exists with your employer, the processing will be made to safeguard our legitimate interest in the performance of the contract or the purchase order. The legal basis is thus point (f) of sentence 1 of Art. 6 (1) of the GDPR.
In the other cases mentioned, the processing takes place for the purpose of our interest in the processing described. The legal basis is thus point (f) of sentence 1 of Art. 6 (1) of the GDPR.
Insofar as statutory retention obligations or information obligations exist, the legal basis for processing arises from point (c) of sentence 1 of Art. 6 (1) of the GDPR.
3.5.3 Storage period of the data
We store the data for a period of three years. After such period, the processing will be restricted to the purpose of fulfilling statutory retention obligations. Once the statutory retention obligations (ten years for tax-relevant documents or six years for other business correspondence) have expired, the data will be erased in full.
For personal data used in contact management, we verify after the expiry of four years to the end of the respective calendar year whether further storage is necessary. If further storage is found not to be required, the data will be erased. Should we become aware of your departure from the company, we will immediately erase your contact details – insofar as they are not contained in documents (e.g. business correspondence) that are subject to a retention obligation – or update them upon your request if you provide us with new contact details.
3.5.4 Data recipient
Your personal data will be transferred to:
- the department in charge of your service;
- payment service providers;
- tax office;
- other service providers involved in the service (if necessary);
- fiscal authorities.
3.5.5 Transfer of personal data to a third country
We will also transfer your data to third countries if and to the extent that such transfer is necessary for the performance of a contract with you or our business partner or for the conclusion or performance of a contract in the interest of the business partner. In this case, we will inform you in advance about the specific transfer to third countries.
3.5.6 Obligation to provide personal data
In the context of our business relationship, you only need to provide those personal data which are necessary for the establishment, implementation and termination of a business relationship or to the collection of which we are legally obliged. If no such data is provided, we will generally be forced to refuse the conclusion of the contract or the execution of the order or will no longer be able to perform an existing contract and might possibly need to terminate it.
3.6 How, for what purpose and on what legal basis do we process your data in connection with our online presence and our website optimisation?
3.6.1 Cookies – General Information
We use cookies on our website. If these cookies contain personal data, they are used on the basis of point (f) of Article 6 (1) of the GDPR, insofar as they are technically necessary cookies (e.g. the cookie that stores your consent). Our interest in optimising our website is to be regarded as justified within the meaning of the aforementioned regulation. The cookies which are absolutely necessary for the functioning of the website are stored on the legal basis of Sec 25 (2) no. 2 of the TTDSG [German Act on Data Protection and Privacy Protection in Telecommunication and Telemedia]. In other cases, the use is based on your consent, which you gave us in the consent banner when you first accessed the website and thus on Sec. 25 (1) of the TTDSG in conjunction with point (a) of Art. 6 (1) of the GDPR. You may withdraw your consent at any time by clicking on the “Change privacy settings” link in the footer of this website.
Cookies are small files which your browser automatically creates and saves on your device (laptop, tablet, smartphone etc.) when you visit our website. Cookies do not harm your device, contain no viruses, Trojan horses or other malware. Cookies store information resulting in connection with the specifically used device. But, that does not mean that we gain direct knowledge of your identity through such cookies. Cookies are used, on the one hand, to make the use of our offer more convenient for you. We use temporary cookiesthat will be stored on your device for a specific period of time. If you visit our site again to use our services, we will automatically recognise that you have already been here and which entries and settings you made, so that you do not need to make them again.
Most browsers accept cookies automatically. However, you may configure your browser settings such that no cookies will be saved on your computer or that a notification will be displayed before a new cookie is placed. If you fully deactivate cookies, you might not be able to use all functions of our website. The storage period of the cookies depends on their intended use and is not the same for all (see below).
Our website uses the cookies listed in the following table with the functions specified there. The storage period of the respective cookies is also listed in the table.
3.6.1.1 Required cookies that are placed on our website
- Description: Borlabs Cookie
- Provider: MVZ Zahnkultur Berlin-Köpenick GmbH |
- Funktion/Purpose: Saves the visitor’s consent to display external contents.
- Storage period: 7 days
3.6.1.2 Cookies placed on the basis of your consent for the embedding of external services
(applies only to our website www.zahnkultur-berlin.de)
- Description: VISITOR_INFO1_LIVE
- Provider: YouTube
- Function/Purpose: Used by YouTube to store user settings for embedded YouTube videos as well as for analysis and advertising purposes, and to suggest appropriate contents to the user.
- Storage period: 180 days
- Description: YSC
- Provider: YouTube
- Function/Purpose: Used by YouTube to store user input and link it to user actions, as well as for security purposes.
- Storage period: session
3.6.2 Google Maps
This website uses Google Maps to display interactive maps and to provide directions. Google Maps is a map service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin D04 E5W5, Ireland. When using Google Maps, information about the use of this website, including your IP address and the (start) address entered as part of the route planner function can be transferred to Google in the USA. The map contents will only be displayed and the necessary data will only be transferred to Google if you give us your consent. You may give it either in the consent banner, which is displayed when you first call up the website, or directly on the respective subpage. A cookie will be placed on your device to store your consent or rejection. You may revoke your consent at any time by using the link “Change privacy settings” in the footer.
If you visit a webpage of our internet offer that contains Google Maps and if you have directly given us your consent to the embedding of the Google Maps contents, your browser will establish a direct connection with Google’s servers. This also includes servers with which Google integrates content fonts as part of the display of Google Maps – i.e. servers of Google Fonts. The map content is transferred directly to your browser by Google and is integrated into the page. We therefore have no influence on the scope of data collected by Google in this manner. According to our knowledge, these are at least the following data:
- date and time of the visit to the relevant website;
- internet address or URL of the website accessed;
- IP address;
- (start) address entered during route planning.
We have no influence on the further processing and use of the data by Google and therefore cannot assume any responsibility.
If you do not want Google to collect, process or use data about you through our website, you can prevent the embedding of Google Maps when accessing our site by disabling the display of external content in the “Data privacy settings”. In this case, however, you will not be able to use the map display.
Google may also process the data required to display the content in the USA. The USA cannot be expected to provide a level of data protection that is equivalent to that in the EU. It is, in particular, possible that US authorities or intelligence agencies might access that data, without the possibility of an appeal. We have no influence on such processing by Google, nor are we able to say whether Google actually transmits data to its servers in the USA. To the extent that Google transfers data to third countries, Google claims that this is only done if an adequate level of data protection can be guaranteed in the respective third country. This can be achieved, for example, by the so-called EU standard contractual clauses.
The legal basis for the embedding of Google Maps and the transmission of the technically required data to Google is your consent and thus point (a) of sentence 1 of Art. 6 (1) of the GDPR.
The purpose and scope of the data collection and the further processing and use of the data by Google as well as your rights and setting options for the protection of your privacy can be found in Google’s Privacy Policy. You may also change your settings in the Privacy Centre, where you can manage and protect your data.
3.6.3 YouTube Videos
(applies only to our website www.zahnkultur-berlin.de)
We have integrated YouTube videos into our website. YouTube is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
In order to protect your data, the videos will only be displayed if you have given your consent to the embedding of the external YouTube content. You may grant it either in the consent banner, which is displayed when you first visit the website, or directly on the respective sub-page. A cookie will be placed on your device to store your consent or rejection. You may revoke your consent at any time by using the link “Change privacy settings” in the footer.
The videos are stored on http://www.YouTube.com and can be played directly from our website. These are all integrated in the “extended data privacy mode”, i.e. no data about you as a user will be transmitted to YouTube if you do not play the videos. Only when you play the videos will the data listed below be transmitted. We have no influence on this data transmission.
By playing the videos, YouTube is notified that you have accessed the corresponding sub-page of our website. In addition, the following data will be transferred as a minimum
- IP address;
- date and time of the request;
- time zone difference to Greenwich Mean Time (GMT);
- content of the request (specific page);
- access status/HTTP status code;
- respective data volume transferred;
- website from which the request originated;
- browser;
- operating system and its interface;
- language and version of the browser software.
This transmission is made regardless of whether YouTube provides a user account that you have logged into or whether you have no user account. We have no influence on the further data processing by Google and, in particular, are unable to say which data processing is prevented by the extended data privacy mode. If you are logged into Google, your data will be directly linked to your account. If you do not wish for YouTube to link data to your profile, you have to log out before clicking on the button. YouTube might save your data as user profiles and might use them for advertisement, market research and/or needs-oriented design of its website. The particular objectives of such analysis (even in case of users who are not logged in) are the provision of appropriate advertisement and informing other users of the social network of your activities on our website. You have the right to object to the creation of these user profiles, which must be exercised towards YouTube.
The legal basis for the transfer of the technically required data to YouTube is your consent and thus point (a) of sentence 1 of Art. 6 (1) of the GDPR. The legal basis for the cookies placed by YouTube is Sec. 25 (1) of TTDSG in conjunction with point (a) of Art. 6 (1) of the GDPR.
Google may process your personal data on servers in the USA. Please note that the US is classified by the European Commission as an unsafe third country as it does not provide a data protection standard equivalent to that in the European Union. The processing of your personal data by Google in the USA can therefore involve risks for your personal rights and your freedom, especially as you may not be able to file an appeal before the courts. The legal basis for the transfer of data to the USA is your consent and thus point (a) of Art. 49 (1) of the GDPR.
The embedding of YouTube videos might cause other services of Google to be integrated as well, e.g. Google Fonts, Google Ads or Google Photos. Please see the privacy policy of YouTube for further information on the purpose and scope of data collection and processing by YouTube. There you will also find more information about your rights and settings to protect your privacy: https://www.google.de/intl/de/policies/privacy.
3.6.4 Hyperlinks to third party websites
We use hyperlinks to the Internet offerings of the social networks Facebook and Twitter on our website on the basis of point (f) of Article 6 (1) of the GDPR in order to raise awareness for our company. The underlying purpose of advertising is to be regarded as a legitimate interest within the meaning of the GDPR. The responsibility for an operation in compliance with data protection laws must be ensured by their respective providers.
3.6.5 Jameda hyperlink
Our website also includes a hyperlink to the Jameda Internet advertising portal for physicians and other health-care professionals. You may recognise the Jameda hyperlink by the Jameda logo (a white face with glasses on a blue background). If you click on the Jameda hyperlink, you will be redirected to our contact details and reviews at Jameda in a separate browser window and can rate us at Jameda – if you are logged in to your user account at Jameda. In addition, Jameda will then be able assign your visit to our website to you and your user account – if you are logged in to your Jameda account. We would like to point out that we have no knowledge of the content of the transmitted (personal) data or its use by Jameda.
More information can be found here. If you do not want Jameda to be able to assign your visit to our pages, please log out of your Jameda account.
3.7 How, to what extent and on what legal basis do we process your data in connection with our company profiles on social networks?
For information on how personal data is processed in connection with your visit to company profiles that we maintain on social networks, please refer to our privacy policy for social networks by following this link.
4. In which cases do we share your data with recipients outside the EU?
Except for the processing under 3.6., we will not pass on your data to recipients based outside the European Union or the European Economic Area.
5. What rights do you have with respect to your data?
5.1. Overview
In addition to the right to withdraw the consent that you have given us, you have the following additional rights if the respective legal requirements are met:
- Right of access to your personal data stored by us in accordance with Art. 15 of the GDPR; in particular, you may obtain information on the purposes for which your data are processed, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the origin of your data, if these have not been collected directly from you;
- Right to rectification of inaccurate or to completion of correct data in accordance with Art. 16 of the GDPR;
- Right to erasure of your data stored by us in accordance with Art. 17 of the GDPR insofar as no legal or contractual retention periods or other legal obligations or rights for further storage are to be observed;
- Right to restriction of the processing of your data in accordance with Art. 18 of the GDPR, insofar as you contest its accuracy, if its processing is unlawful, but you object to its erasure; the controller no longer needs the data, but you require it for the establishment, exercise or defence of legal claims or if you have objected against the processing in accordance with Art. 21 of the GDPR;
- Right to data portability in accordance with Art. 20 the GDPR, i.e. the right to receive selected data stored by us about you in a commonly used, machine-readable format, or to request the transmission of these data to another controller;
- Right to lodge a complaint with a supervisory authority. For this purpose, you may usually consult the supervisory authority of your customary place of residence or work, or our company headquarters.
5.2 Right to object to processing
You may object to data processing on grounds relating to the data subject’s particular situation under the conditions of Art. 21 (1) of the
The above general right to object to data processing shall apply to all processing purposes described in this privacy policy in which processing is done on the basis of point (f) of Article 6 (1) of the GDPR. In contrast to the special right to object intended for data processing for advertising purposes (cf. 3.3.3), we are only obliged to implement such a general objection under the GDPR if you provide us with grounds of overriding importance (e.g. a possible danger to life or health). In addition, you have the option to contact the supervisory authority responsible for MVZ Zahnkultur Berlin-Köpenick GmbH, i.e. Berliner Beauftragte für Datenschutz und Informationsfreiheit [Berlin Data Protection and Freedom of Information Officer].
6. How long will your data be stored with us?
Insofar as no details are given in this regard in the individual points above:
The duration of the storage of personal data depends on the respective legal retention period (e.g. medical, commercial and tax retention periods). This period is normally 3 years (e.g. in the case of the regular limitation period of contractual or medical liability claims) or 10 years (e.g. in the case of tax retention periods). In some cases, the retention period is 18 or 30 years (e.g. for chronic diseases). After expiry of the period, the corresponding data are routinely erased provided that they are no longer necessary for the performance of the contract or initiation of the contract and/or that there is no legitimate interest on our part in their further storage.
Last update: May 2022