Privacy Policy
Name and address of the person responsible
The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Chiropraktikzentrum Berlin
Anne Rampacher-Kahl
Spichernstr.15
10777 Berlin
T: + 49- (0) 30-84 18 34 06
Data Protection
For data protection requests, please contact: info(at)chiroberlin.de
General information about data processing
Online appointment booking
The technical implementation of our online appointment booking service is provided by samedi GmbH from Berlin, the German security specialist for patient data. As part of booking your appointment online, samedi processes your given personal data and health data. You can read the privacy policy of samedi GmbH here.
Samedi GmbH meets all the organizational and technical precautions required by current standards in order to comply with the data protection requirements, in particular to protect the data against unauthorized access by third parties. Your data will be transmitted encrypted and stored in accordance with the latest standards recommended by the Federal Office for Information Security (BSI).
By using the online appointment booking service, you agree that the personal data and health data you provide or collect are processed by us and by samedi GmbH.
Scope of processing of personal data
In principle, we collect and use personal data of our users only to the extent necessary to provide a functional website and our content and services. The collection and use of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent can not be obtained for reasons of fact and the processing of the data is permitted by law.
Legal basis for the processing of personal data
In so far as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) as the legal basis for the processing of personal data. In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR as legal basis. This also applies to processing operations required to carry out pre-contractual actions.
In so far as processing of personal data is required to fulfill a legal obligation that is subject to our company, Art. 6 para. 1 lit. c GDPR as legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR as legal basis. If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. f GDPR as legal basis for processing.
Data deletion and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. In addition, such storage may take place if provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.
Provision of the website and creation of log files
Description and scope of data processing
Each time our website is accessed, our server automatically collects data and information from visitor’s computer. The following data is collected:
- Information about the browser type and version used
- The user’s operating system
- The user’s Internet service provider
- The user’s IP address
- Date and time of the access
- Web pages from which the user accessed this website/li>
- Web pages accessed on this website
The data is also recorded in the log files of our server. No permanent storage of this data or other personal data of the user takes place.
Legal basis for data processing
The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f GDPR.
Purpose of the data processing
The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user’s IP address must be kept for the duration of the session.Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
For these purposes, our legitimate interest in the processing of data according to Art. 6 para. 1 lit. f GDPR.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed. In the case of storing the data in log files, this is the case after no more than seven days. Additional storage is possible – in this case, the IP addresses of the users are deleted or obfuscated, so that identification is no longer possible.
Opposition and removal possibility
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.
Use of cookies
Our website uses cookies. Cookies are text files that are stored in and by the browser of the user’s computer or device. If a user visits a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened. We use cookies to make our website more user-friendly. Some elements of our website require that the browser be identified when moving to another page. The data of the users collected in this way is pseudo-anonymised – therefore, the user cannot be identified. The data is not stored together with other personal data of the users.
The legal basis for the processing of personal data using cookies is Article 6 (1) lit. f GDPR.
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some features of our website can not be offered without the use of cookies. For these, it is necessary that the browser is recognized even after changing page.
We use the following cookies:
| Cookie Name | Description |
|---|---|
| pll_language | As this website is available in both English and German, this cookie saves your language selection. |
| euCookie | When you accept the use of cookies on this website, this cookie is placed to remember your selection. |
Description and scope of data processing
When a user sends us an email, the user’s personal data transmitted by the email will be stored.
This data is not passed on to third parties. The data is used exclusively for processing the conversation.
Legal basis for data processing
The legal basis for the processing of the data transmitted in the course of sending an email is Art. 6 (1) lit. f GDPR. If the email contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
Duration of storage
The data will be deleted as soon as it is no longer necessary to keep. In the case of email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.
During the sending process no personal data will be collected additionally.
Right of objection and removal
The user has the option at any time to revoke his or her consent to the processing of personal data. If you contact us by email, you may object to the storage of your personal data at any time. In such a case, the conversation can not continue. Please inform us if this is your wish. All personal data stored in the course of such a request will be deleted.
Rights of the data subject
If your personal data is processed, you are the affected person according to the GDPR and you have the following rights to the person responsible:
Right of access
You may ask the person in charge to confirm if personal data concerning you is processed by us. If such processing is available, you can request information from the person responsible about the following information:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data relating to you has been disclosed or is still being disclosed;
(4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information on the source of the data if the personal data is not collected from the data subject;
(8) the existence of automated decision-making including profiling under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.
You have the right to request information about whether your personal information relates to a third country or an international organization. In this connection, you can request the appropriate guarantees in accordance with. Art. 46 GDPR in connection with the transfer.
Right to correction
You have a right to correction and/or completion from the person responsible if your personal data is incorrect or incomplete. The responsible person must make the correction without delay.
Right to limit processing
You may request the limitation of the processing of your personal data under the following conditions:
(1) if you deny the accuracy of your personal data for a period of time that enables the person responsible to verify the accuracy of the personal data Check data;
(2) the processing is unlawful and you refuse the deletion of the personal data and instead demand the restriction of the use of the personal data;
(3) the controller no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
(4) you have objected to processing in accordance with Art. 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the limitation of the processing according to the above conditions is lifted, you will be informed by the person in charge before the restriction is lifted.
Right to erasure (Right to be forgotten)
1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
d) the personal data have been unlawfully processed;
e)the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
2. Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
a) for exercising the right of freedom of expression and information;
b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
e) for the establishment, exercise or defence of legal claims.
Right to information
The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.
Right to data portability
1. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
b) the processing is carried out by automated means.
2. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
4. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.
Right to object
1. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
3. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
4. At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.
5. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
6. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.