Private Practice for Future-Oriented Psychotherapy
Dear Patient,
The protection of your personal data is important to us. According to the EU General Data Protection Regulation (GDPR), we are obligated to inform you about the purpose for which our practice collects, stores, or forwards data. This information will also outline your rights regarding data protection.
RESPONSIBILITY FOR DATA PROCESSING
Responsible for data processing is: Tatjana Ott Contact details: Charles-H.-King-Str. 2 14163 Berlin Tel: 01777896843
PURPOSE OF DATA PROCESSING
Data processing is carried out based on legal requirements to fulfill the treatment contract between you and your doctor and the associated obligations. For this purpose, we process your personal data, especially your health data. This includes medical history, diagnoses, therapy proposals, and findings that we or other doctors collect. For these purposes, other doctors or psychotherapists treating you may also provide us with data (e.g., in medical reports). The collection of health data is a prerequisite for your treatment. If the necessary information is not provided, careful treatment cannot be provided.
RECIPIENTS OF YOUR DATA
We only transmit your personal data to third parties if legally permitted or if you have consented. Recipients of your personal data may include other doctors/psychotherapists, medical associations, health insurance companies, the Medical Service of the Health Insurance, medical chambers, and private medical billing offices. Transmission is primarily for the purpose of billing for services provided to you, clarifying medical and insurance-related matters arising from your insurance relationship. In individual cases, data may be transmitted to other authorized recipients.
STORAGE OF YOUR DATA
We only retain your personal data for as long as necessary to carry out treatment. Due to legal requirements, we are obligated to retain this data for at least 10 years after the completion of treatment. Other regulations may result in longer retention periods, such as 30 years for X-ray recordings according to Section 28 (3) of the X-ray Ordinance.
YOUR RIGHTS
You have the right to obtain information about the personal data concerning you. You can also demand the correction of incorrect data. Furthermore, under certain conditions, you have the right to the deletion of data, the right to restrict data processing, and the right to data portability. The processing of your data is based on legal regulations. Only in exceptional cases do we require your consent. In these cases, you have the right to revoke consent for future processing. You also have the right to lodge a complaint with the competent supervisory authority for data protection if you believe that the processing of your personal data is not lawful. The address of the competent supervisory authority for us is:
Berlin Commissioner for Data Protection and Freedom of Information Friedrichstr. 219 Visitor entrance: Puttkamerstr. 16-18 (5th floor) 10969 Berlin
LEGAL BASIS
The legal basis for the processing of your data is Article 9 (2) lit. h) GDPR in conjunction with Section 22 (1) No. 1 lit. b) Federal Data Protection Act. If you have any questions, please feel free to contact us.
Google Maps
Our website uses the Google Maps API to visually represent geographical information. When using Google Maps, Google also collects, processes, and uses data about the use of the Maps functions by visitors to the websites. For more information about data processing by Google, please visit the following link: https://policies.google.com/privacy?hl=en. There you will find Google’s privacy policy.
Log Data
When you visit our website, the device you use to access the page automatically transmits log data (connection data) to our servers. Log data is also captured by our servers when visitors access your web pages. Log data includes the IP address of the device you use to access the website or service, the type of browser you use to access it, the website you visited prior, your system configuration, and date and time stamps. We only store IP addresses to the extent necessary to provide our services. Otherwise, IP addresses are deleted or anonymized. We store your IP address when visiting our website and the IP addresses of visitors to your web pages for the purpose of detecting and defending against attacks for a maximum of 7 days.
Cookies
Our websites use so-called „cookies.“ Cookies are small text files and do not harm your device. They are either temporarily stored for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit ends. Permanent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser. Sometimes, cookies from third-party companies may also be stored on your device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g., cookies for processing payment services). Cookies have various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g., the shopping cart function or video display). Other cookies are used to analyze user behavior or display advertisements. Cookies that are necessary for the performance of the electronic communication process (necessary cookies) or for providing certain functions desired by you (functional cookies, e.g., for the shopping cart function) or for optimizing the website (e.g., cookies for measuring web audience) are stored based on Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If consent for the storage of cookies has been requested, the storage of the respective cookies is based exclusively on this consent (Art. 6 para. 1 lit. a GDPR); the consent can be revoked at any time. You can configure your browser to inform you about the setting of cookies and allow cookies only in individual cases, to exclude the acceptance of cookies for specific cases or in general, and to activate the automatic deletion of cookies when the browser is closed. Disabling cookies may limit the functionality of this website. If cookies are used by third-party companies or for analytical purposes, we will inform you separately within the scope of this privacy policy and, if necessary, request your consent.
Contact Form If you submit inquiries to us via the contact form, your information from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not share this data without your consent. The processing of this data is based on Art. 6(1)(b) GDPR, provided your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if requested. The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions—especially retention periods—remain unaffected.
Inquiry by Email, Phone, or Fax If you contact us by email, phone, or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of processing your request. We will not share this data without your consent. The processing of this data is based on Art. 6(1)(b) GDPR, provided your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if requested.
The data you send us via contact requests will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions—especially legal retention periods—remain unaffected.
Google Web Fonts This site uses so-called web fonts provided by Google for the uniform representation of fonts. When you call up a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
For this purpose, the browser you use must connect to Google’s servers. This gives Google knowledge that our website was accessed via your IP address. The use of Google WebFonts is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the uniform presentation of the font on its website. If a corresponding consent has been requested (e.g., consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR; consent can be revoked at any time.
If your browser does not support web fonts, a default font will be used by your computer. For more information on Google Web Fonts, see:
https://developers.google.com/fonts/faq and Google’s Privacy Policy: https://policies.google.com/privacy?hl=en.
Extended Privacy Policy for DOCTOLIB’s Online Appointment Service
For DOCTOLIB, the security and confidentiality of its users‘ personal data are top priorities. Therefore, DOCTOLIB commits to comply with all German and European regulations for the protection of personal data.
DOCTOLIB adheres to the professional rules issued by the respective chambers and associations for doctors and healthcare professionals.
DOCTOLIB applies an extremely strict privacy policy, as outlined below, to ensure the security of its users‘ personal health data:
Each user solely owns their data. DOCTOLIB can only process this data for the purposes listed below. The processing of data is transparent, confidential, and according to high security standards. DOCTOLIB commits to continuously monitor and improve existing data protection measures in accordance with the Federal Data Protection Act (BDSG) as amended on June 30, 2017, and the General Data Protection Regulation of April 27, 2016 (GDPR). DOCTOLIB has its own data protection team specialized in maintaining and continuously improving the already very high level of security. This team includes legal experts, a data protection officer, a chief security officer, and a team of developers trained in data protection and security. Users‘ personal health data are hosted in two separately certified data centers with physical security.
SUBJECT OF DATA PROTECTION PROVISIONS
DOCTOLIB aims to inform its users about how it protects the personal data collected via the website https://www.doctolib.de or through the „Doctolib“ mobile application available on mobile devices.
These data protection provisions describe how DOCTOLIB and healthcare professionals as subscribers to DOCTOLIB’s online services use and store the personal data of visitors and users (hereinafter referred to as „users“) when using and navigating the website www.doctolib.de (hereinafter the „Website“) or using the mobile application (hereinafter the „Application“).
Certain personal data of users are considered as health-related personal data and are therefore referred to as „health-related personal data.“
These data protection provisions may be amended, supplemented, or updated, especially to comply with developments in laws, regulations, case law, editorial matters, or technology. However, the personal data of the user will always be processed in accordance with the data protection provisions applicable at the time of their collection, unless a retroactive rule provides otherwise.
The data protection provisions are part of the general terms of use of the website.
IDENTITY AND CONTACT DETAILS OF THE RESPONSIBLE PARTIES
Legal Declaration: According to the law, the responsible party for processing is the person who determines the means and purposes of the processing. The data processor is the person who processes personal data on behalf of and under the instructions of the responsible party. The data processor acts exclusively under the supervision and instructions of the responsible party.
The responsible party for the processing of personal data is:
For the health-related personal data provided by the user (i) when scheduling an online appointment through the website or the application or (ii) by the healthcare professional in their Doctolib appointment calendar: Each individual doctor with whom you have scheduled an appointment. In this case, each doctor is considered the responsible party. Doctolib is the data processor: Doctolib acts under the specific instructions of the responsible party. For the data entered by the user when setting up an account or navigating the website: DOCTOLIB GMBH, Wilhelmstraße 118, Aufgang C, 10963 Berlin, registered in the commercial register of the Charlottenburg local court under registration number HRB 175963B, represented by the managing directors Simon Krüger and Stanislas Niox-Chateau.
Depending on whether DOCTOLIB is the responsible party or the data processor, DOCTOLIB takes appropriate measures to ensure the security and confidentiality of the personal information it possesses or processes in compliance with the BDSG and the GDPR. For more information regarding the services provided by DOCTOLIB, we refer you to the terms of use of the website (https://www.doctolib.de/terms).
COLLECTION AND ORIGIN OF DATA
All data concerning users are collected directly from them.
Where necessary, we undertake to obtain their consent and/or allow them to object to the use of their data for specific purposes.
In any case, users are informed of the purposes for which their data are collected by DOCTOLIB through various online data collection forms or through our cookie management.
PURPOSE OF DATA PROCESSING
Necessity of collecting personal data
Most DOCTOLIB services do not require registration, so users can visit the website without prior registration.
When scheduling an appointment online with a doctor, it may be necessary to provide certain personal data of the user. If, in these cases, the user does not wish to provide the requested information, they may not be able to access certain parts of the website or the application, and DOCTOLIB may subsequently be unable to process their request.
Purposes
The legal basis for collecting user data is:
our legitimate interest in ensuring the best quality of our services, the best possible tracking of appointments and user care journeys, and the conduct of satisfaction surveys to improve the operation of our website and application. the consent of users, where required by applicable law, particularly regarding advertising and cookies.
Personal data of users are collected for the following purposes:
to enable users to navigate the website and use the application, to connect them with healthcare professionals and enable them to do so, to manage users‘ appointments and treatment progress—as well as that of their relatives—with healthcare professionals (e.g., receiving appointment notifications, changing or canceling appointments) to provide users with optimal treatment appointments.
As a secondary purpose, personal data may be processed for the following purposes:
for the prevention and combating of computer fraud (spam, hacking…) to improve navigation on the website and use of the application to conduct voluntary surveys on the services of Doctolib anonymously or pseudo-anonymously to generate statistics on the use of the DOCTOLIB tool, for internal reporting to research and development teams, and for reporting to healthcare professionals (no health-related personal data are used).
For more details on managing cookies, please see below.
The mandatory or optional nature of the requested personal data and the possible consequences of not providing them are indicated at the time of their collection(s).
TYPES OF PROCESSED PERSONAL DATA
DOCTOLIB, acting as a data processor for appointment scheduling, appointment management, and treatment, may process the following data in whole or in part:
Last name (and maiden name), first name, date of birth Phone number, email address, postal address (possibly Digicode) Password Reason for the appointment with the healthcare provider, healthcare provider’s specialty, frequency of appointments. Treating and referring physician Appointment history Those data belonging to the patient record, which the healthcare professional shares with the user. The same data from relatives for whom the user schedules appointments.
DOCTOLIB, acting as the responsible party for appointment scheduling and management, may collect the following data in whole or in part:
to enable you to navigate the website or use the application: connection data and usage of the website or the application. for the prevention and combating of computer fraud (spamming, hacking…): computer hardware for browsing, IP address, password (hashed) to improve user navigation on the website or use of the application: login and usage data to conduct optional opinion surveys: email address to conduct communication campaigns: SMS, email, phone, letter
NO DISCLOSURE OF PERSONAL DATA
Personal data will under no circumstances be forwarded to commercial or advertising partners.
The personal data may only be used by DOCTOLIB, parent and subsidiary companies, and subcontractors (service providers) for the respectful fulfillment of the purposes mentioned above in accordance with the principles of data protection.
In the scope of their respective responsibilities and the aforementioned purposes, the individuals who may access the data (excluding health-related personal data) of Doctolib users are employees of the DOCTOLIB customer service.
Additionally, DOCTOLIB employs hosting providers certified by the French Ministry of Health.
DOCTOLIB also uses the services of several specialized companies (mailing, audience analysis), whose list can be sent to the data subjects upon request to datenschutz[at]doctolib.de. No personal health data are disclosed to them. If these companies use servers outside the European Union, we have entered into special contracts and standard contractual clauses of the European Commission with them to monitor and secure the transfer of your data to these providers.
DURATION OF STORAGE
Data will be stored only for as long as necessary in accordance with applicable law to fulfill the respective purpose.
USER RIGHTS
Whenever DOCTOLIB processes personal data, DOCTOLIB takes all necessary measures to ensure their accuracy and relevance in accordance with the purpose for which they are collected. According to the GDPR, users have the following rights:
Right of access, information (Article 15 GDPR), rectification (Article 16 GDPR), updating, completeness of user data Right to block or delete personal data (Article 17 GDPR), if they are inaccurate, incomplete, ambiguous, expired, or if their collection, use, disclosure, or storage is prohibited (more information) Right to withdraw consent at any time (Articles 13-2 GDPR) Right to restrict processing (Article 18 GDPR) Right to object to processing (Article 21 GDPR) Right to data portability of the data entered by the user, to the extent that they are processed automatically based on a contract or consent (Article 20 GDPR)
If the user wants to know how DOCTOLIB uses their personal data, wants to object to processing, or wants to request a correction, they can contact DOCTOLIB in writing at the following address: DOCTOLIB GMBH – DPO — Wilhelmstraße 118, Aufgang C, 10963 Berlin, Germany or by email at datenschutz[at]doctolib.de.
In this case, the user must provide the personal data that DOCTOLIB should correct, update, or delete; they must identify themselves precisely with a copy of their ID (identity card or passport). For requests to delete personal data, DOCTOLIB’s legal obligations to retain or archive the documents concerned must be taken into account. You also have the right to lodge a complaint with a supervisory authority regarding the processing of your personal data by us. The competent supervisory authority at the seat of DOCTOLIB is the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.
„COOKIES“ AND TAGS ON THE INTERNET
„COOKIES“
A „cookie“ is a small information file sent to the user’s browser and stored on the user’s terminal (e.g., PC, smartphone) (hereinafter referred to as „cookies“). The file contains information such as the user’s domain name, the user’s internet service provider, the user’s operating system, and the date and time of access. Cookies cannot damage the user’s terminal in any way.
DOCTOLIB may process information about the user’s visit to the website, the pages visited, and searches (excluding health-related personal data). This information allows DOCTOLIB to improve the content of the website and the user’s navigation.
Since cookies facilitate browsing and/or the delivery of services offered by the website, the user can configure their browser through the „Settings/Security“ menu to decide whether to accept cookies on their terminal comprehensively or according to the sender or not. The user can also configure their browser to prompt them for consent or rejection of cookies before a cookie can be stored on their terminal. DOCTOLIB informs the user that in this case, they may not have access to all the features of their browsing software.
If the user rejects the storage of cookies on their terminal or browser or deletes the cookies already stored, they will be informed that browsing and visits to the website may be restricted for them. This could also be the case if DOCTOLIB or one of its service providers cannot store or consult the cookies necessary for operation.
DOCTOLIB declines any liability for consequences arising from the restricted operation of the website and the services offered by DOCTOLIB if (i) the cookies have been rejected by the user, (ii) DOCTOLIB cannot store or consult the cookies necessary for operation.
The configuration for managing cookies and the user’s choice varies for each browser. The help menu of the respective browser describes how the user can change their preferences regarding cookies. The user can change and implement their wishes and choices regarding cookies at any time.
DOCTOLIB may also access external service providers to help collect and process the information described in this section.
Lastly, by clicking on the social network icons for Twitter, Facebook, Linkedin, and Google Plus on our website or in our mobile application, and if you have accepted the storage of cookies, by continuing to browse our website or mobile application, Twitter, Facebook, Linkedin, and Google Plus may also place cookies on your devices (computer, tablet, mobile phone). These types of cookies are only placed on your devices with your consent by continuing to browse our website or mobile application. However, you can revoke your consent to the storage of this type of cookies at any time through our cookie management policy.
„INTERNET TAGS“
DOCTOLIB may occasionally use internet tags (also called action tags, single-pixel GIFs, clear GIFs, invisible GIFs, and 1×1 GIFs) and use them via a partner advertisement or a specialized web analytics partner, which may be located abroad (and therefore may store the corresponding information, including the user’s IP address). These tags are placed both in online advertisements so that surfers have access to the website, and on their various pages. This technology allows DOCTOLIB to evaluate visitors‘ responses on the website and the efficiency of their actions (e.g., number of accesses to a page and the information sought) as well as the user’s use of this website. The external service provider (advertising partner or web analyst) may collect information about visitors to the website and other internet websites using these tags, compile reports on the activity of the website for DOCTOLIB, and provide other services for their use and the internet.
