The protection of your personal data is important to us. We strictly adhere to the provisions and legal basis of the Federal Data Protection Act and the Telemedia Act (TMG, see also https://www.gesetze-im-internet.de/tmg/) when collecting, processing and using your data. By using our website, you agree that we may collect certain data. Below you will find information on which data is collected during your visit to the homepage and how it is used.
In principle, as a user of the website www.drtuna.com, you can view content in full without providing any personal data. However, if you as a user (hereinafter referred to as “data subject”) wish to use certain services (e.g. appointment or contact forms) via our website, the processing of personal data may become necessary (see also 4. Collection of data and information).
When processing personal data (e.g. name, date of birth, address, email address or telephone number) of a data subject, we always comply with the General Data Protection Regulation (DSGVO, see also https://dsgvo-gesetz.de) as well as with the professional regulations and country-specific data protection provisions applicable to us. With this data protection declaration, we would like to inform data subjects about the type, scope and purpose of the personal data we collect and process. Furthermore, we inform all users of our website about their rights in connection with the data processing by our practice.
As the controller, we also see it as our duty to take numerous technical and organisational measures to ensure that the personal data processed via this website www.drtuna.com is protected as completely as possible for the users of this website. However, Internet-based data transmissions can always have security gaps, so that absolute protection cannot be guaranteed by us. For this reason, every user concerned is free to transmit personal data to us by alternative means, for example by telephone.
2. the name and address of the controller
The person responsible within the meaning of the General Data Protection Regulation is:
Dr. Tuna Rhinoplasty represented by
Dr. med. Altuğ Tuna
Phone: 069 – 29 55 90
Telefax: 069 – 28 21 11
E-mail: firstname.lastname@example.orgInternet www.drtuna.com
3. collection of data and information
Dealing with personal data
Personal data is information that can be used to identify a person, i.e. information that can be traced back to a person. This includes the name, email address or telephone number. We only collect, use and pass on personal data if this is permitted by law or if the person concerned consents to the collection of the data. In principle, you can visit our website without leaving any personal data. In some cases, however, we require data from you, namely in the case of:
• Callback form
Under no circumstances will the data collected be sold or passed on to third parties for any other reason.
Collection and processing of non-personal data (access data/server log files)
Every time a data subject accesses our website, i.e. every time a file on this server is retrieved or attempted to be retrieved, data about this process is stored in a log file (server log file) at the web space provider. This data is not personal and we cannot trace which user has retrieved which data.
In detail, the following data record is stored for each retrieval:
• Name of the retrieved file
• Date and time of the retrieval
• Transmitted data volume
• Message whether the retrieval was successful
• Message why a retrieval failed, if applicable
• Your computer’s operating system and browser software
• Referrer URL (the previously visited page)
• Host name of the accessing computer (IP address)
All of the aforementioned data is only evaluated for statistical purposes, for the purpose of the operation, security and optimisation of the offer by us and by service providers commissioned by us. The anonymous data of the server log files are stored separately from all personal data. Further personal data is only collected if you provide this information voluntarily, for example in the context of an enquiry. We use this data to continuously improve our website and our service for you. However, the provider reserves the right to check the log data retrospectively if there is a justified suspicion of unlawful use due to concrete indications.
Purpose of the data processing
Data processing is carried out on the basis of legal requirements and regulations in order to fulfil the treatment contract between you and us and the associated obligations. For this purpose, we process your personal data, in particular your health insurance and health data. This includes medical history, biographical data, diagnoses, therapies and therapy suggestions as well as findings that we or other doctors collect. For these purposes, other doctors, psychotherapists, hospitals, rehabilitation clinics or assessment centres where you are receiving treatment may also provide us with data (e.g. in reports on findings, doctors’ letters). The collection of health data is a prerequisite and basis for your treatment. If the necessary information is not provided, careful, dutiful treatment cannot take place – at best emergency care.
Recipients of your data
We only transfer your personal data to third parties if this is permitted by law, necessary in emergency situations or made possible by your consent (e.g. declaration of release from confidentiality, implied action). Recipients of your personal data may be pharmacists, other doctors, psychotherapists, associations of panel doctors, health insurance companies, pension insurance companies (e.g. due to rehabilitation, retirement), MDK, authorities (e.g. pension office, employment office, social welfare office, health office), courts (e.g. care court, social welfare court).(e.g. care court, social court), medical associations (e.g. arbitration boards), insurance companies (e.g. accident insurance, life insurance), schools and employers (e.g. AU certificates), carers and authorised representatives etc.. The data is mainly transmitted for the purpose of billing for the services provided to you, for clarifying medical questions and questions arising from your insurance relationship. In individual cases, data is transmitted to other authorised recipients.
4. contact options via the website
The website of the dr.tuna – Rhinoplastik contains buttons that enable a quick electronic contact to our practice, which includes the specification of an e-mail address. The personal data transmitted by data subjects, on a voluntary basis, via a contact form or by e-mail are automatically stored by us exclusively for the purpose of processing or contacting the data subject. All personal data collected will not be passed on to third parties under any circumstances.
5. data protection with digital applications
Application documents and personal data transmitted electronically via the website (e.g. by e-mail or via an integrated application form) are processed exclusively for the purpose of handling the application procedure. If an employment contract is subsequently concluded between the data controller and the applicant, the transmitted data will be stored in compliance with the statutory provisions. If no employment contract is concluded, all transmitted data will be deleted by the controller after notification of the rejection decision, provided that no other legitimate interests of the controller conflict with such deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).
No personal data is stored in our cookies. Most browsers are set to accept cookies automatically. However, you can deactivate the storage of cookies or set your browser to notify you as soon as cookies are sent. Furthermore, cookies that have already been set can be deleted at any time via an internet browser or other software programmes. This is possible in all common Internet browsers. Please note that cookies may be required for some functions on our website in order to function and/or display correctly.
7. deletion and blocking of personal data
Our practice stores personal data of the data subject only for as long as is necessary to achieve the purpose of storage or as long as is required by European directives, the competent supervisory authority or other applicable German laws.
If the purpose of storage ceases to apply or the relevant storage period expires, the personal data is routinely deleted in accordance with the statutory provisions.
8. rights of the data subject
a) Right to
confirmationAccording to Article 15 (1) of the GDPR
, the data subject has the right to obtain confirmation from us as to whether personal data relating to him or her are being processed in our practice. If a data subject wishes to exercise this right of confirmation, he or she may, at any time, contact an employee of our practice.
b) Right of accessThe
right of access is divided into two stages. First, the data subject may request confirmation from the controller as to whether personal data relating to him or her are being processed at all (see 9a – Right of confirmation). If no personal data of the data subject are processed, the applicant must be informed of this. If personal data of the data subject are processed, the data subject has the right to obtain information about the data free of charge. In addition, according to Art. 15(1) of the GDPR, the controller must also provide the following information to the data subject:
• processing purposes;
• categories of personal data that are processed;
• the recipients or categories of recipients to whom the personal data have been or will be disclosed;
• If possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
• the existence of a right to obtain the rectification or erasure of personal data concerning him or her, or the restriction of processing by the controller, or a right to object to such processing;
• the existence of a right of appeal to a supervisory authority;
• if the personal data are not collected from the data subject, any available information on the origin of the data;
• the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
In addition, if personal data are transferred to third countries or to an international organisation, data subjects have the right under Art. 15(2) GDPR to be informed about the appropriate safeguards taken in connection with the data transfer pursuant to Art. 46 GDPR (e.g. agreed standard data protection clauses or binding internal data protection rules).
If a data subject wishes to exercise this right to information, he or she may contact a member of staff at our practice at any time.
c) Right to rectificationThe
data subject has the right under Article 16 of the GDPR to obtain from the controller the rectification without delay of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
If a data subject wishes to exercise this right of rectification, he or she may contact an employee of our practice at any time.
d) Right to erasure (“right to be forgotten”)
Pursuant to Article 17 of the GDPR
, the data subject has the right to obtain from the controller the erasure without delay of personal data concerning him or her, where one of the following grounds applies and to the extent that the processing is no longer necessary:
• The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
• The data subject withdraws the consent on which the processing was based pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR and there is no other legal basis for the processing.
• The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
• The personal data have been processed unlawfully.
• The deletion of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
• The personal data was collected in relation to information society services offered pursuant to Art. 8(1) DSGVO.
If one of the aforementioned reasons applies, and a data subject wishes to arrange for the deletion of personal data stored by dr.tuna – Rhinoplastik, he or she may, at any time, contact any employee of our practice. The contacted employee will arrange for the deletion request to be complied with immediately.
e) Right to restriction of processing
The data subject has the right under Article 18 GDPR to request the controller to restrict processing if one of the following conditions is met:
• the accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data,
• the processing is unlawful and the data subject refuses the erasure of the personal data and instead requests the restriction of the use of the personal data;
• the controller no longer needs the personal data for the purposes of processing, but the data subject needs them for the establishment, exercise or defence of legal claims, or
• the data subject has objected to the processing pursuant to Article 21(1) of the GDPR, as long as it has not yet been determined whether the legitimate grounds of the controller override those of the data subject.
If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of personal data stored by the dr.tuna – Rhinoplastik, he or she may, at any time, contact any employee of our practice. The contacted employee will arrange the restriction of the processing immediately.
f) Right to data
portabilityPursuant to Article 20
of the GDPR, the data subject has the right to receive the personal data concerning him or her that he or she has provided to a controller in a structured, commonly used and machine-readable format.
He/she shall also have the right to transmit such data to another controller without hindrance from the controller to whom the personal data have been provided, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and that the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, pursuant to Article 20(2) of the GDPR, when exercising the right to data portability pursuant to Article 20(1) of the GDPR, the data subject has the right to obtain that the personal data be transferred directly from one controller to another controller, to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals (Article 20(4) of the GDPR).
In order to assert the right to data portability, the data subject may contact an employee of our practice at any time.
g) Right to
object Pursuant to Article 21
of the GDPR, the data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR. This also applies to profiling based on these provisions.
The dr.tuna – Rhinoplastik shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defence of legal claims.
If the dr.tuna – Rhinoplastik processes personal data for the purposes of direct marketing, the data subject shall have the right, in accordance with Article 21(2) of the Data Protection Act, to object at any time to processing of personal data processed for the purposes of such marketing. This also applies to profiling insofar as it is related to such direct marketing. If the data subject objects to dr.tuna – Rhinoplastik to the processing for direct marketing purposes, dr.tuna – Rhinoplastik will no longer process the personal data for these purposes (Art. 21 Para. 3 DSGVO).
In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her which is carried out by the dr.tuna – Rhinoplastik for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the Data Protection Regulation (DSGVO), unless the processing is necessary for the performance of a task carried out in the public interest.
In order to exercise the right to object, the data subject may directly contact a staff member. The data subject is also free to exercise his or her right to object by means of automated procedures using technical specifications in the context of the use of information society services, notwithstanding Directive 2002/58/EC.
The data subject also has the right to lodge a complaint with the competent data protection supervisory authority if he or she considers that the processing of his or her personal data is not lawful. The address of the supervisory authority responsible for us is:
Hessian Commissioner for Data Protection and Freedom of Information
Prof. Dr Michael Ronellenfitsch
Telephone (0611) – 14 08 0Fax
(0611) – 14 08 – 900E-mail email@example.com
h) Automated decisions on a case-by-case basis, including profiling Every data
subject concerned by the processing of personal data has the right under Art. 22 GDPR, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is based on Union or Member State law to which the controller is subject and that law provides for adequate measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) has the data subject’s explicit consent.
If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and the data controller, or (2) it is made with the data subject’s explicit consent, the dr.tuna – Rhinoplasty shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, which include at least the right to obtain the data subject’s involvement on the part of the controller, to express his or her point of view and to contest the decision.
If the data subject wishes to exercise rights concerning automated decisions, he or she may, at any time, contact any employee of our practice.
- Right to withdraw consent under data protection law
- The data subject has the right to withdraw consent to the processing of personal data at any time.
If the data subject wishes to exercise the right to withdraw consent, he or she may, at any time, contact any employee of our practice.
9. use of web fonts
a) Google Fonts
https://fonts.google.com/#AboutPlace:about & https://policies.google.com/privacy?hl=de
b) Adobe TypekitFor a
https://typekit.com/ & https://www.adobe.com/de/privacy/policies/typekit.html
10. data protection provisions for the use and application of Facebook
Plugins of the social network Facebook are integrated on our pages. The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the data controller is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
You can recognise the Facebook plugins by the Facebook logo or the “Like” button on our site. You can find an overview of the Facebook plugins here: http://developers.facebook.com/docs/plugins/.
If you do not want Facebook to be able to assign your visit to our pages to your Facebook user account, please log out of your Facebook user account.
11.use of marketing services
a) Google Marketing ServicesWe
use marketing services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
on these websites.
Services deployed include:
Google Ads: The use of the Google service Google Ads allows us conversion tracking, i.e. it can be determined whether you have reached our website via a Google ad. It is not possible for us to identify you on this basis. Only statistics are created.
Double-click: The use of the Google service Double-Klick allows us to present relevant advertisements to the user. Cookies are used to identify the user’s browser. This makes it possible to track which ads have been shown to the user and which ads the user has called up.
AdSense: The use of the Google service AdSense enables us to display third-party advertisements on our pages. Cookies and pixel tags are used to evaluate visitor behaviour and to be able to place ads that are as interest oriented as possible.
Google Re-Marketing: The use of Google’s Re-Marketing function allows us to display interest-based advertisements to the user within the Google advertising network, which relate to content that the user has previously accessed on our website. This can also be done across devices.
Google Tag Manager: The use of the Google service Tag Manager only enables us to integrate the listed services by implementing the other cookies/tags.
b) Facebook pixelWe
use the so-called “Facebook pixel” of the provider Facebook (for EU: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; International: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA)
on this website. This is a small, invisible pixel that establishes a connection to Facebook servers when you visit our website. Personal data such as the IP address and other information such as browser type/version, operating system used, the page you previously visited, the host name of the accessing device, IP address and the time of the request may also be transmitted. This enables Facebook to identify the users of our website and to display targeted advertising to users who are interested in our website. In addition, we can use the Facebook pixel to track whether our Facebook ads are effective.
Where data is processed outside the EEA, where there is no level of data protection equivalent to the European standard, this is done on the basis of the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC
12. data protection provisions for the use of Google Analytics (with anonymisation function)
This website uses Google Analytics (with anonymisation function), a web analytics service provided by Google, Inc. (“Google”). Web analytics is the collection, compilation and evaluation of data about visitor behaviour and the use of individual internet pages. This data usually consists of the so-called referrer URL, the address from which a data subject came to our website, as well as information on the use of the individual sub-pages (e.g. an overview of the pages clicked on, the frequency of visits and the time spent on these pages). Web analysis is mainly used to optimise a website and for cost-benefit analysis.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
In addition to evaluating the use of our website, Google uses the data obtained to compile online reports on the activities on our pages and to provide other services related to the use of our website.
In addition, the internet browser on the digital end device of the data subject automatically transmits data to Google for the purpose of online analysis each time a sub-page on this website is called up on which a Google Analytics component has been integrated. With the help of this technical procedure in the background of the visited website, Google obtains knowledge of personal data, such as the IP address of the data subject. Google uses this specific data to compile reports on website activity (e.g. the origin of visitors and number of clicks) and to provide other services to the website operator in connection with website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
By storing the cookies described above on the digital end device of the data subject, personal information such as the access time, the location from which an access originated and the frequency of visits, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America and stored. Google may also pass on this personal data collected via the technical process to third parties.
The data subject can prevent the storage of cookies by our website at any time by means of an appropriate setting in the browser software used and thus permanently object to the setting of cookies. However, we would like to point out at this point that in this case the data subject may not be able to use all the functions of this website to their full extent. Such a setting in the browser software used would also prevent Google from setting a cookie on the digital end device of the data subject. In addition, a cookie already set by Google Analytics can be subsequently deleted at any time via the browser software or other software programmes.
13. SSL encryption
In order to provide visitors to our website with more security when transmitting personal data, we work with SSL encryption. This encryption is used for requests that you send to us via our website. Data encrypted via SSL cannot be viewed by third parties. Please always ensure that SSL encryption is activated when transmitting personal data or otherwise confidential data from your side. The use of encryption is easy to recognise: The internet address in your browser address bar is preceded by https:// instead of http://.
14. use of Google+
15. children & youths
Persons concerned who have not yet exceeded the age of 18 should not transmit any personal data to us without the consent of their parents or a legal guardian. In general, we do not request personal data from children and young people on our pages, do not collect such data and do not pass it on to third parties.
16. legal basis of the processing
The legal basis for processing operations in which we obtain consent for a specific processing purpose is Article 6(1)(a) DSGVO for our practice.
If the processing of personal data is based on the performance of a contract between the controller and the data subject, as is the case, for example, with processing operations that are necessary for the provision of a service or consideration, the processing is based on Article 6(1)(b) of the GDPR. The same applies to processing operations that are necessary for the implementation of pre-contractual measures.
If the processing of personal data is required by a legal obligation of our practice (e.g. compliance with tax obligations), the processing is based on Art. 6 para. 1 letter c DSGVO.
In addition, a situation could arise within our practice where the processing of personal data becomes necessary in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our practice were to be injured and as a result their name, age, health insurance details or other vital personal information needed to be passed on to a doctor, hospital or other third party. In this case, the processing would be based on Art. 6(1)(d) DSGVO.
Ultimately, processing operations could be based on Art. 6(1)(f) DSGVO. Processing operations are based on this legal basis if the processing is necessary to protect the legitimate interests of our practice or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overriding, in particular if the data subject is a child. In this respect, the European legislator takes the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, sentence 2 of the GDPR).
17. legitimate interests in the processing pursued by the controller or a third party
If the processing of personal data is based on Art. 6 (1) (f) DSGVO, our legitimate interest is the performance of our business activities for the benefit of the well-being of our employees and our shareholders.
18. storage period for personal data
The storage period of personal data is regulated by the respective statutory retention period. If this period expires, the collected data is routinely deleted, provided that it is no longer part of the fulfilment of a contract or the initiation of a contract.
We only keep your personal data for as long as is necessary to carry out the treatment. Due to legal requirements, we are obliged to keep this data for at least 10 years after completion of the treatment. According to other regulations, longer retention periods may apply, for example 30 years for X-ray records according to section 28 paragraph 3 of the X-ray Ordinance.
19. clarification on the mandatory provision of personal data by the data subject
At this point, we would like to inform you that the legislator sometimes prescribes the provision of personal data (e.g. tax regulations) or that the provision of data may result from contractual regulations (e.g. information on the contractual partner). If the data subject concludes a contract with our practice, for example, he or she is obliged to provide us with personal data. If this data is not made available to us for the conclusion of the contract, the contract with our practice could not be concluded. The data subject can contact a member of staff at any time before providing personal data, who will be happy to explain to him or her on a case-by-case basis whether the provision of the personal data is necessary and required by law or contract. We will also inform the data subject whether the provision of the personal data is mandatory in the individual case and what the consequences of not providing the data would be.
20. existence of automated decision making
As a responsible practice, we do not use automatic decision-making or profiling.
(21) Legal effect and choice of law This data protection declaration is to be regarded as part of the website from which reference was made to this page. If sections or individual terms of this statement are not legal or correct, the content or validity of the other parts remain uninfluenced by this fact. German law shall apply. In the case of consumers, this choice of law only applies insofar as the protection granted by mandatory provisions of the law of the state of the consumer’s habitual residence is not withdrawn as a result (favourability principle)