Privacy policy patient and doctor

In the following, we inform you about the processing of your personal data in the context of your treatment relationship. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

§1 Controller and data protection officer

The controller pursuant to Art. 4 (7) GDPR is your respective attending physician. The respective contact details of the controller and its data protection officer (if any) can be found in the attached list or on the separate sheet provided.

If you are under the care of both a doctor and a nutritionist, your treating doctor and your nutritionist coach are each solely responsible for the data processing that occurs in their area of competence.

§2 Processing purposes and legal bases

We process your personal data to conclude, implement and process the treatment contract. For this purpose, we process your personal data, in particular your health data. This includes in particular medical histories, diagnoses, therapy suggestions and findings that we collect. You can either provide us with this data yourself or have it provided to us by third parties, e.g. other doctors with whom you are undergoing treatment (doctor’s letter). The processing of this data is a prerequisite for your treatment. Without the processing of this information, careful treatment cannot take place. The legal basis for the processing of this data is Art. 9 para. 2 lit. h GDPR in conjunction with § Section 22 para. 1 no. 1 lit. b) BDSG.

In individual cases, we process your personal data on the basis of your consent. This will be obtained with separate information. You have the right to withdraw your consent at any time with effect for the future.

§3 Storage period

We only store your personal data for as long as is necessary to carry out the treatment. We are legally obliged to keep your data for 10 years after the end of treatment. Other regulations may stipulate longer retention periods. Once the statutory retention periods have expired, your personal data will be deleted.

§4 Recipients of personal data

In addition to your attending physician, the practice employees who are directly involved in your treatment also have access to your data. Our employees may only process your data in accordance with our strict guidelines and, like your treating doctor, are legally and/or contractually obliged to maintain confidentiality.

Your personal data will only be passed on to third parties if we are entitled or obliged to do so on the basis of statutory provisions or your consent and release from the duty of confidentiality. Recipients of your personal data may include medical associations or private medical clearing houses.

Insofar as we are supported by external service providers who process personal data on our behalf as part of order processing in accordance with Art. 28 GDPR, they may be recipients of your personal data. For example, we use processors in the area of data storage and software use. For example, we use the services of The Body Clinic – leichter leben GmbH, Schöneberger Ufer 71, 10785 Berlin, Germany, to manage our appointments. We will be happy to provide you with a complete list of all current processors on request. The service providers have been and will be carefully selected by us, commissioned in writing and bound to secrecy. The service providers are strictly bound by our instructions and are regularly monitored. Your personal data will not be passed on to third parties or processed by the service providers outside the existing contractual relationship.

§5 Place of processing

We process your data within the EU, the EEA. Your personal data will not be transferred to a third country (a country outside the EU and the EEA). If a third country transfer should take place in individual cases, it is ensured that the legal requirements pursuant to Art. 44 et seq. GDPR are complied with.

§6 Rights of data subjects

You have the following rights vis-à-vis the controller named above:

  • a right to free information about the personal data processed about you and to receive a copy of this data as well as information about its origin and recipients, the purpose of the data processing and the duration of storage (Art. 15 GDPR);
  • if applicable, a right to rectification of incorrect or incomplete data (Art. 16 GDPR), erasure (Art. 17 GDPR) or restriction of processing (=blocking; Art. 18 GDPR) of your personal data;
  • to be informed in accordance with Art. 19 GDPR of all recipients to whom the data concerning you have been disclosed;
  • to object to the processing, pursuant to Art. 21 GDPR;
  • the right to request that the data provided by you be transferred to you or another controller (Art. 20 GDPR)
  • the right to withdraw your consent to the processing of your personal data at any time with effect for the future (Art. 7 (3) GDPR). The lawfulness of the data processing carried out before the revocation remains unaffected.

Compliance with a special form is not required for the assertion of your data subject rights. You can address such requests to the respective controller or their data protection officer.

In addition, you have the right to lodge a complaint about alleged breaches of data protection law with a supervisory authority, for example at the registered office of the controller, your place of residence, your place of work or the place of the alleged breach (Art. 77 GDPR).

Scroll to Top