Privacy Notice for Patients and Physicians

In the following, we inform you about the processing of your personal data in the context of your treatment relationship. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy notice.

Only the German text is legally binding. This English version is for informational purposes only. (https://www.bodyclinic.de/legal/datenschutzerklaerung-patient-und-arzt/)

§1. Controller and Data Protection Officer

The controller pursuant to Art. 4 (7) GDPR is your respective treating physician. You can find the contact details of the controller and their data protection officer (if one has been appointed) on the attached list or the separately provided sheet.

If you are receiving both medical treatment and nutritional counseling, your treating physician and your nutrition coach are each solely responsible (as controllers) for the data processing within their respective area of competence.

§2. Purposes of Processing and Legal Bases

We process your personal data for entering into, carrying out, and handling the treatment contract. For this purpose, we process your personal data, in particular your health data. This includes especially information such as your medical history (anamnesis), diagnoses, therapy suggestions, and findings that we collect. You can either provide these data to us yourself or have them transmitted to us by third parties (for example, via a doctor’s letter from other physicians treating you).

The collection and processing of this information is a prerequisite for your treatment. Without processing this information, a careful and proper treatment cannot take place. The legal basis for processing these data is Art. 9 (2) (h) GDPR in conjunction with § 22 (1) No. 1 (b) BDSG (German Federal Data Protection Act).

In individual cases, we also process your personal data on the basis of your consent. Such consent will be obtained through a separate information and consent form. You have the right to withdraw any consent given, at any time with effect for the future.

§3. Retention Period

We retain your personal data only for as long as is necessary to carry out your treatment. By law, we are obligated to keep your data for 10 years after the conclusion of the treatment. Other legal provisions may result in longer retention periods for certain data. After the expiration of the statutory retention periods, your personal data will be deleted.

§4. Recipients of Personal Data

In addition to your treating physician, the practice staff who are directly involved in your treatment have access to your data. Our staff may only process your data according to our strict instructions and are, like your treating physician, legally and/or contractually bound to confidentiality.

We only transmit your personal data to third parties if we are permitted or required to do so by law, or if you have given your consent and released us from confidentiality. Possible recipients of your personal data include, for example, medical associations (Ärztekammern) or private medical billing agencies.

We also employ external service providers (processors) who may process personal data on our behalf under Article 28 GDPR. These service providers can be recipients of your personal data in this context. For instance, we use commissioned service providers for data storage and software usage. For appointment management, we utilize the services of The Body Clinic – leichter leben GmbH, Schöneberger Ufer 71, 10785 Berlin. Upon your request, we will gladly provide you with a complete list of all current processors engaged by us.

All external service providers are carefully selected by us, engaged in writing, and obligated to confidentiality. These providers are strictly bound by our instructions and are regularly monitored. They will not disclose your personal data to third parties, nor will they process your data beyond the scope of the contractual agreements.

§5. Place of Processing

We process your data within the European Union and the European Economic Area (EU/EEA). Your personal data is not transmitted to any third country (a country outside the EU/EEA). If, in an individual case, a transfer to a third country should become necessary, we ensure that all legal requirements under Art. 44 ff. GDPR are fulfilled (for example, by applying appropriate safeguards as required by the GDPR).

§6. Data Subject Rights

As a data subject, you have the following rights with regard to the processing of your personal data:

  • Right of access (Art. 15 GDPR): You have the right to obtain free information about the personal data we have stored about you, and to receive a copy of this data. This includes information on the origin of the data, the recipients or categories of recipients to whom the data have been disclosed, the purposes of the processing, and the expected duration of storage.
  • Right to rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate personal data concerning you, as well as the completion of incomplete data.
  • Right to erasure (Art. 17 GDPR): You can request the deletion of your personal data, provided the processing is no longer necessary and any legal retention periods have expired.
  • Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing of your personal data, meaning the data will be marked and only processed for certain purposes.
  • Right to notification (Art. 19 GDPR): If you exercise your right to rectification, erasure, or restriction, we are obligated to inform all recipients to whom your personal data has been disclosed about these changes, unless this proves impossible or involves disproportionate effort. You also have the right to be informed about those recipients.
  • Right to data portability (Art. 20 GDPR): You have the right to receive the personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to request that we transmit this data to another controller, where technically feasible.
  • Right to object (Art. 21 GDPR): You have the right to object to the processing of your personal data at any time, on grounds relating to your particular situation, when the data processing is based on Art. 6 (1) (e) or (f) GDPR. If you lodge an objection, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.
  • Right to withdraw consent (Art. 7 (3) GDPR): If your personal data is processed on the basis of your consent, you have the right to withdraw that consent at any time with effect for the future. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

     

The exercise of your rights does not require any particular form. You can address your request to exercise any of the above rights to the respective controller or their data protection officer using the contact information provided.

Furthermore, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). You may contact the supervisory authority at the controller’s place of business, or the supervisory authority in the country or state of your habitual residence, place of work, or the place of the alleged infringement if you believe that the processing of your personal data violates data protection laws.

Schedule an Appointment

Click the button below to book your intake session with our medical assistant. We look forward to supporting you on your journey to a healthy weight.

Check your eligibility
Scroll to Top