We, the operators of www.zahnarzt-schwabing-west.de, take the protection of your personal data very seriously and comply strictly with the rules of data protection laws. Personal data is only collected on this website to the extent technically necessary. Under no circumstances shall the data collected be sold or passed on to third parties for other reasons.
The practice owner is responsible for the collection and storage of the data. The practice owner’s contact details can be found in the imprint of this website.
The following policy shows you how we ensure this protection and what kind of data is collected for what purpose.
- Personal data: Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
- Data subject: Data subject means any identified or identifiable natural person whose personal data is being processed by the controller.
- Processing: Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Restriction of processing: Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.
- Pseudonymisation: Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
- Controller or data controller: Controller or data controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
- Processor: Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- Recipient: Recipient means a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
- Third party: Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
- Consent: Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Data processing on this website
The sole purpose of our website is to provide information about our practice, our range of treatments, and therapies for various diseases. When you visit our website, only the data transmitted by your browser to our server is collected. This data is necessary to display and navigate our website. The legal basis for the collection of the data is point (f) of Article 6 (1) of the EU General Data Protection Regulation. Specifically, the following data is collected when you visit our website:
- used browser types and versions,
- the operating system used by the accessing system,
- the website from which an accessing system accesses our website (so-called referrer)
- the subsites that are accessed via an accessing system on our website
- the date and time of access to the website,
- an Internet Protocol (IP) address,
- the Internet service provider of the accessing system and
- other similar data and information that serves to avert threats in the case of attacks on our information technology systems.
When using this general data and information, we do not draw any conclusions about the data subject. This information is rather needed
- to deliver the contents of our website correctly,
- to ensure the permanent operability of our information technology systems and the technology of our website as well as
- to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.
This anonymously collected data and information is analysed by us with the aim of enhancing data protection and data security in our company, ultimately in order to ensure an optimum level of protection for the personal data processed by us. The anonymous data of the server log files is stored separately from all personal data provided by a data subject and is deleted at the latest after six months.
Statutory or contractual requirements for the provision of personal data; necessary requirement for entering into a contract; obligation of the data subject to provide the personal data; possible consequences of failure to provide such data
We would like to inform you that the provision of personal data is, in part, required by law (e.g. fiscal regulations) or can also result from contractual requirements (e.g. information on the contractual partner). For entering into a contract, it may also be necessary for a data subject to provide us with personal data, which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company enters into a contract with him or her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded.
Rights of data subjects
Any data subject shall have the right, accorded by the European legislature, to obtain from the controller confirmation whether or not personal data concerning him or her is being processed. If a data subject wishes to exercise this right of confirmation, he or she may at any time contact our data protection officer or another staff member of the controller.
Any data subject shall have the right, accorded by the European legislature, to obtain from the controller at any time and free of charge information on the personal data stored concerning him or herself and a copy of such information. In addition, the European legislature has accorded the data subject access to the following information:
- the purposes of processing
- the categories of personal data that are processed
- the recipients or categories of recipients to whom the personal data has been or will be disclosed including but not limited to recipients in third countries or international organisations
- where possible, the envisaged period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period
- the existence of the right to rectification or erasure of personal data concerning the data subject or restriction of processing by the controller or the right to object to such processing
- the right to lodge a complaint with a supervisory authority
- where personal data has not been obtained from the data subject: any available information as to the source of the data
Furthermore, the data subject shall have the right to obtain information as to whether personal data has been transferred to a third country or to an international organisation. Where this is the case, the data subject shall also have the right to obtain information on appropriate safeguards for such transfers.
If a data subject wishes to exercise this right to obtain such information, he or she may at any time contact our data protection officer or another staff member of the controller.
Any data subject shall have the right, accorded by the European legislature, to obtain without undue delay the rectification of inaccurate personal data concerning him or her. In addition, the data subject shall also have the right, taking into account the purposes of the processing, to have incomplete personal data completed, including by means of providing a supplementary statement.
If a data subject wishes to exercise this right of rectification, he or she may at any time contact our data protection officer or another staff member of the controller.
Any data subject shall have the right, accorded by the European legislature, to obtain from the controller the erasure of personal data concerning him or her without undue delay, where one of the following grounds applies and to the extent that processing is not necessary:
- The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
- The data subject withdraws his or her consent on which the processing is based according to point (a) of Article 6 (1) GDPR, or point (a) of Article 9 (2) GDPR, and where there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) GDPR.
- The personal data has been unlawfully processed.
- The personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
- The personal data has been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.
If one of the above grounds applies and a data subject wishes to have personal data stored by the “Zahnarztpraxis Oana Prodan” erased, he or she may contact our data protection officer or another staff member of the controller at any time. The data protection officer of the “Zahnarztpraxis Oana Prodan” or another staff member shall arrange for the erasure request to be complied with without undue delay.
If the personal data has been made public by the “Zahnarztpraxis Oana Prodan” and our company as the controller has the obligation to erase the personal data pursuant to Art. 17 (1) GDPR, the “Zahnarztpraxis Oana Prodan”, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers which are processing the personal data which was made public, that the data subject has requested the erasure by such other controllers of any links to, or copy or replication of, such personal data to the extent that the processing is no longer necessary. The data protection officer of the “Zahnarztpraxis Oana Prodan” or another staff member shall arrange the necessary steps in the individual case.
Any data subject shall have the right, accorded by the European legislature, to obtain from the controller restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead.
- The controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims.
- The data subject has objected to processing pursuant to Article 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored by the “Zahnarztpraxis Oana Prodan”, he or she may contact our data protection officer or another staff member of the controller at any time. The data protection officer of the “Zahnarztpraxis Oana Prodan” or another staff member shall arrange for the restriction of processing without undue delay. Any data subject shall have the right, accorded by the European legislature, to receive personal data concerning him or her, which the data subject has provided to a controller, in a structured, commonly used, and machine-readable format. He/she shall also have the right to transmit such data to another controller without hindrance from the controller to which the personal data has been provided, where the processing is based on consent pursuant to point (a) of Article 6 (1) GDPR or point (a) of Article 9 (2) GDPR or on a contract pursuant to point (b) of Article 6 (1) GDPR and the processing is carried out by automated means, unless processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Moreover, in exercising his or her right to data portability pursuant to Art. 20 (1) GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the freedoms of others.
If he or she wishes to exercise this right to data portability, the data subject may at any time contact the data protection officer appointed by the “Zahnarztpraxis Oana Prodan” or another staff member.
Any data subject shall have the right, accorded by the European legislature, to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6 (1) GDPR.
In the event of an objection, the “Zahnarztpraxis Oana Prodan” shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Any data subject shall have the right, accorded by the European legislature, to withdraw his or her consent to the processing of personal data at any time.
If a data subject wishes to exercise his or her right to withdraw his or her consent, he or she may at any time contact our data protection officer or another staff member of the controller.
In order to make the visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text programs that are stored on your computer (by your browser) after you visit our website. When you return to our website, the browser you are using will send the information stored in the cookie to our website and can thus make navigation easier for you, for example, by remembering your settings. Cookies are neither viruses nor can they install malicious software on your computer. They are only short texts that are exchanged between web server and browser. The following types of cookies are used on our website:
- Transient cookies (temporary use)
These cookies are only stored for the period of use of your browser. They store a so-called session-ID, which links various enquiries from your browser to a common session. This enables your computer to be recognised when you return to the website. As soon as you close the browser, these cookies are also automatically deleted.
- Persistent cookies (time-limited use)
These cookies differ from transient cookies only in that they are not automatically deleted when you close your browser but only after a specific time. However, you can delete these cookies at any time via your browser settings.
As a rule, you can configure the settings of your browser in such a way that cookies are not accepted and stored by the browser at all or only to a limited extent. However, if you make use of this option you may not then be able to use all functions of our website.
Notification of changes
In the event of such a change, we shall notify you of this at the latest six weeks before it becomes effective. You have a general right to withdraw any consent you have given.
Legal basis for processing
Point (a) of Article 6 (1) GDPR serves as our company’s legal basis for processing operations for which we request consent for a specific processing purpose. Where the processing of personal data is necessary for the performance of a contract to which the data subject is a party, such as processing operations necessary for the supply of goods or any other form of service or consideration, processing shall be based on point (b) of Article 6 (1) GDPR. The same shall apply to such processing operations which are necessary to take steps prior to entering into a contract, for example in the case of inquiries about our products or services. If processing is necessary for compliance with a legal obligation to which our company is subject, such as, for example, tax obligations, processing is based on point (c) of Art. 6 (1) GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises and his name, age, health insurance details or other vital information then needed to be disclosed to a doctor, hospital or other third party. Then processing would be based on point (d) of Article 6 (1) GDPR. Finally, processing operations could be based on point (f) of Article 6 (1) GDPR. This is the legal basis for processing operations that are not covered by any of the aforementioned legal bases if the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. We are allowed to perform such processing operations in particular because they have been specifically mentioned by the European legislature. In this respect, it took the view that a legitimate interest could exist if the data subject is a client of the controller (Recital 47 sentence 2 GDPR).
Legitimate interests in processing pursued by the controller or by a third party
If the processing of personal data is based on point (f) of Art. 6 (1) GDPR, our legitimate interest is to perform our business activities for the greater good of all our employees and our shareholders.
Duration of storage of personal data
The criterion for the duration of storage of personal data is the respective statutory retention period. After the expiry of this period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfilment or initiation of contracts.
The controller or your contact
If you have any questions regarding the collection, processing or use of your personal data, for information, correction, blocking or erasure of data as well as the withdrawal of any consent given or objection to a specific use of data, please contact the website operator directly. The practice owner’s contact details can be found in the imprint of this website.
Data protection for job applications and in the job application process
The controller collects and processes the personal data of applicants for the purpose of handling the application procedure. Such data may also be processed by electronic means. This is the case in particular if an applicant submits relevant application documents to the controller by electronic means, such as by e-mail or a web form available on the website. If the controller concludes an employment contract with an applicant, the transmitted data is stored for the purpose of handling the employment relationship in compliance with statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents shall be erased after two months, unless such erasure conflicts with any other legitimate interests of the controller. Other legitimate interests in this sense include, for example, an obligation to provide evidence in proceedings under the German General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz – AGG).
Use of Google (Universal) Analytics for web analysis
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited (“Google”). Google Analytics uses so-called “cookies”, which are text files stored on your computer that enable an analysis of how you use the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. IP anonymisation is enabled on this website. For this reason, Google will truncate your IP address within member states of the European Union or in other states which are party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing the website operator with other services relating to website usage and Internet usage. Further information: https://support.google.com/analytics/answer/2763052?hl=de.
The IP address that your browser transmits in the context of Google Analytics will not be associated with any other data held by Google. You can disable cookies by selecting the appropriate settings in your browser software. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing such data by downloading and installing the browser plug-in available at: http://tools.google.com/dlpage/gaoptout?hl=de.
You can prevent the collection by Google Analytics by withdrawing your consent here: Disable Google Analytics
We would like to point out that this website uses Google Analytics with the extension “gat._anonymizeIp();” to ensure the anonymised collection of IP addresses (so-called IP masking).
Use of Google Maps
Our website uses Google Maps to display maps and to provide directions.
Google Maps is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit the website, Google receives information that you have accessed the corresponding page of our website. This also happens regardless of whether you have a user account with Google or are logged in via such account. In the event that you are logged in via a Google user account while using the website, the data will be associated directly with your user account. The data can be processed in the USA. If you do not want this, you must log out before using the service.
Forwarding and data transfer to Doctolib GmbH
Embedded content from external Internet sites
Our site uses embedded content from external Internet sites. No personal data, with the exception of the IP address, is transmitted when you open our site.
This website uses the Google Ad Words Conversion Tracking” feature of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google AdWords Conversion Tracking uses so-called “cookies”, which are text files stored on your computer that enable an analysis of how you use the website when you click on a Google advertisement. The cookies are valid for a maximum of 90 days. No personal data is stored in this context. As long as the cookie is valid, Google and we, as the website operators, can recognise that you have clicked on an advertisement and have reached a certain target page (e.g. order confirmation page, newsletter registration). These cookies cannot be tracked across multiple websites of different AdWords participants. The cookie creates conversion statistics in “Google AdWords”. These statistics record the number of users who have clicked on one of our advertisements. They also count how many users have visited a target page tagged with a “conversion tag”. However, the statistics do not contain any data by which you can be identified.
Jameda seal and widget
Seals or widgets of jameda GmbH, St. Cajetan-Straße 41, 81669 Munich, are embedded in our website. A widget is a small window that displays changing information. Our seal also works in a similar way, i.e. it does not always look the same, as the display changes regularly. Although the relevant content is displayed on our website, it is retrieved from the Jameda servers at that moment. This is the only way to always show the latest content, especially the current rating. For this purpose, a data connection must be established between this website and jameda, and jameda receives certain technical data (date and time of the visit; the page from which the query is made; Internet Protocol address used (IP address), browser type and version, device type, operating system and similar technical information), which is necessary for the content to be delivered However, this data is only used to provide the content and is not stored or used in any other way.