Praxis für ästhetische und rekonstruktive Brustchirurgie

Data-Protection-Notice



The following privacy policy applies to the use of the website www.dr-fenner.eu (hereinafter referred to as "Website").

By using this Website, you agree to the collection, use, and transfer of your data in accordance with this privacy policy.

The responsible party within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

Dr. med. Susan Fenner
Lietzenburger Straße 54
10719 Berlin

T.  030 263 272 05
info@dr-fenner.eu
www.dr-fenner.eu

If you wish to object to the collection, processing, or use of your data according to this privacy policy either in whole or for individual measures, please address your objection to the responsible party mentioned above.

You can save and print this privacy policy at any time.

General Use of the Site

Access data
We collect information about you when you use this website. We automatically record information about your usage behavior and interaction with us, and we record data about your computer or mobile device. We collect, store, and use data about every access to our website (so-called server log files). Access data includes the name and URL of the accessed file, the date and time of access, the amount of data transferred, the notification of successful access (HTTP response code), the browser type and version, the operating system, the referrer URL (i.e., the previously visited page), the IP address, and the requesting provider.

We use this log data without assigning it to you personally or creating any other profile, solely for statistical evaluations aimed at operating, securing, and optimizing our online offering, as well as for anonymously recording the number of visitors to our website (traffic), the scope and manner of use of our website and services, and for billing purposes, such as measuring the number of clicks received from cooperation partners. Based on this information, we are able to provide personalized and location-based content, analyze traffic, detect and fix errors, and improve our services. We reserve the right to subsequently review the log data if there is a legitimate suspicion of unlawful use based on concrete indications. We store IP addresses in the log files for a limited period if this is necessary for security purposes or for the provision or billing of a service, for example, when you use one of our offers. After the ordering process is canceled or payment has been received, we delete the IP address if it is no longer required for security purposes. We also store IP addresses if there is a concrete suspicion of a criminal offense in connection with the use of our website. In addition, as part of your account, we store the date of your last visit (e.g., upon registration, login, clicking links, etc.).

Email Contact
If you contact us via email — as we do not provide a contact form — we store your information for the purpose of processing the inquiry and in case follow-up questions arise. We store and use additional personal data only if you consent to this or if it is permitted by law without specific consent.

Legal Bases and Storage Period
The legal basis for data processing according to the above sections is Article 6(1)(f) of the GDPR. Our interests in data processing are, in particular, ensuring the operation and security of the website, analyzing how visitors use the website, and facilitating the use of the website.

Unless specifically stated otherwise, we store personal data only as long as necessary to fulfill the pursued purposes.

Your rights as a data subject affected by data processing.
Under the applicable laws, you have various rights regarding your personal data. If you wish to exercise these rights, please send your request by email or by post with clear identification of your person to the address mentioned in Section 1.

Below you will find an overview of your rights.

Right to confirmation and information.
You have the right at any time to obtain confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have the right to obtain from us free information about the personal data stored about you along with a copy of this data. Furthermore, you have the right to the following information:

  • the purposes of the processing
  • the categories of personal data that are processed
  • the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular recipients in third countries or international organizations
  • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria used to determine that duration
  • the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by the controller or a right to object to such processing
  • the existence of a right to lodge a complaint with a supervisory authority
  • where the personal data are not collected from you, all available information about the source of the data
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for you. Where personal data are transferred to a third country or to an international organization, you have the right to be informed about the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

    • Right to rectification
    You have the right to demand from us without delay the rectification of inaccurate personal data concerning you. Taking into account the purposes, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

    Right to erasure ("right to be forgotten")
    You have the right to request that we erase personal data concerning you without delay, and we are obliged to erase personal data without delay where one of the following reasons applies:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You withdraw your consent on which the processing was based according to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there is no other legal basis for the processing.
  • You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
  • The personal data have been unlawfully processed.
  • The erasure of the personal data is required to fulfill a legal obligation under Union law or the law of the Member States to which we are subject.
  • The personal data have been collected in relation to services offered by the information society pursuant to Article 8(1) GDPR.

    • If we have made the personal data public and are obliged to erase them pursuant to Article 17 GDPR, we will, taking into account available technology and the cost of implementation, take reasonable measures, including technical measures, to inform controllers processing the personal data that you have requested the erasure of all links to, or copies or replications of, those personal data.

    Right to restriction of processing
    You have the right to request from us the restriction of processing if one of the following conditions is met:

  • the accuracy of the personal data is contested by you, for a period that allows us to verify the accuracy of the personal data
  • the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of their use;
  • we no longer need the personal data for the purposes of processing, but you require the data for the establishment, exercise, or defense of legal claims
  • you have lodged an objection to the processing pursuant to Article 21(1) GDPR, as long as it has not yet been determined whether our legitimate interests outweigh yours.

    • Right to data portability
    You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and you have the right to transmit those data to another controller without hindrance from us, provided that

  • the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, or on a contract pursuant to Article 6(1)(b) GDPR, and
  • the processing is carried out by automated means.

    • In exercising your right to data portability pursuant to paragraph 1, you have the right to obtain that the personal data be transmitted directly by us to another controller, where technically feasible.

    Right to object
    You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

    If we process personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing.

    You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.

    Automated decisions, including profiling
    You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effects concerning you or similarly significantly affects you.

    Right to withdraw consent to data processing
    You have the right to withdraw your consent to the processing of personal data at any time.

    Right to lodge a complaint with a supervisory authority
    You have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your residence, your place of work, or the place of the alleged infringement, if you believe that the processing of personal data concerning you is unlawful.

    Data security
    We are committed to ensuring the security of your data within the framework of applicable data protection laws and technical possibilities.

    Your personal data is transmitted to us in encrypted form. This applies to your orders as well as to the customer login. We use the SSL (Secure Socket Layer) encryption system, but please note that data transmission over the internet (e.g., via email communication) may have security vulnerabilities. A complete protection of data from third-party access is not possible.

    To secure your data, we maintain technical and organizational security measures, which we continually adapt to the latest technological standards. We also do not guarantee that our services will be available at all times; disruptions, interruptions, or outages cannot be excluded. The servers we use are regularly and carefully secured.

    Automated decision-making
    No automated decision-making takes place based on the collected personal data.

    Disclosure of data to third parties
    No data transfer to non-EU countries

    In principle, we use your personal data only within our company.

    If and to the extent we involve third parties in the performance of contracts (e.g., logistics service providers), they will receive personal data only to the extent necessary for the corresponding service.

    In the event that we outsource certain parts of data processing ("data processing on behalf of"), we contractually require processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject.

    No data transfer to entities or individuals outside the EU takes place and none is planned.

    External hosting
    This website is hosted by an external service provider. Personal data is stored on the provider's servers. This may include IP addresses, contact inquiries, metadata and communication data, contract data, contact details, names, website access data, and other data generated through a website.

    The use of the hosting provider is for the purpose of fulfilling contracts with our potential and existing customers (Article 6(1)(b) GDPR) and in the interest of providing a secure, fast, and efficient delivery of our online offering by a professional provider (Article 6(1)(f) GDPR).

    We use the following web hosting provider:
    IONOS SE
    Elgendorfer Str. 57
    56410 Montabaur

    Conclusion of a data processing agreement
    To ensure data protection-compliant processing, we have concluded a data processing agreement with IONOS SE.

    SSL encryption
    To protect the security of your data during transmission, we use encryption methods (e.g., SSL) over HTTPS that are in line with current technological standards.

    Changes to our privacy policy
    We reserve the right to amend this privacy policy to ensure it always complies with current legal requirements or to implement changes to our services in the privacy policy, such as the introduction of new services. The new privacy policy will apply to your subsequent visits.



    back
    .