Praxis  Owrak
DE / EN

Privacy Policy

Information on the processing of your data

Controller

Dr. med. [PLACEHOLDER: First name Last name]
General practitioner

[PLACEHOLDER: Street House number]
[PLACEHOLDER: Postcode] [PLACEHOLDER: City]

Phone: [PLACEHOLDER: +49 xxx xxxxxxx]
Email: [PLACEHOLDER: praxis@example.de]

Principles of Data Processing

This privacy policy informs you about the processing of personal data on this website in accordance with the General Data Protection Regulation (GDPR) and the German Telecommunications Digital Services Data Protection Act (TDDDG).

Where the use of cookies or access to information stored on the end device is concerned, this is governed by §25 TDDDG.

TODO: Legal basis for individual processing operations to be completed by a lawyer or data protection officer.

Health Data (Art. 9 GDPR)

As a medical practice, we generally process special categories of personal data pursuant to Art. 9 GDPR (health data). Processing is carried out on the basis of Art. 9(2)(h) GDPR (medical diagnosis, healthcare and treatment).

Important notice: NO health data is collected via the contact form on this website. Please do not share any health-related information via the contact form. For medical matters, please contact the practice directly by phone or in person.

TODO: Detailed description of health data processing in the practice to be completed by a lawyer or data protection officer.

Contact Form

When using our contact form, the following data is collected:

  • Name
  • Email address
  • phone number (optional)
  • Message content

Purpose: Processing your contact request and communicating with you.

Legal basis: Processing is carried out on the basis of Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to your enquiry).

Storage period: Your data will be deleted after your enquiry has been processed, unless statutory retention obligations apply. As a rule, deletion takes place no later than 6 months after completion of the process.

Transmission: Your contact form data is transmitted to the Resend service for email delivery (see section Email Delivery).

Notice: Please do not submit any health data or other sensitive information via the contact form. For medical matters, please contact the practice directly by phone or in person.

Hosting (Cloudflare)

This website is hosted by:

Cloudflare, Inc.
101 Townsend St
San Francisco, CA 94107, USA

Data processed: IP address, HTTP request data (browser type, URL accessed, date and time of access). This corresponds to standard server log files.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and efficient operation of the website).

Data processing agreement: A data processing agreement has been concluded with Cloudflare pursuant to Art. 28 GDPR.

Third-country transfer: Data may be transferred to the USA. The transfer is carried out on the basis of EU Standard Contractual Clauses (SCC) pursuant to Art. 46 GDPR.

TODO: Detailed Cloudflare processing description to be completed by a lawyer or data protection officer.

Email Delivery (Resend)

To deliver contact form messages, we use the email service:

Resend, Inc.
2261 Market Street #4990
San Francisco, CA 94114, USA

Data processed: Name, email address and message content from the contact form submission. Email delivery takes place via Resend's EU region (eu-west-1).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the reliable delivery of contact enquiries).

Data processing agreement: A data processing agreement (DPA) has been concluded with Resend pursuant to Art. 28 GDPR.

Third-country transfer: Resend is based in the USA. The transfer of personal data is carried out on the basis of EU Standard Contractual Clauses (SCC) pursuant to Art. 46(2)(c) GDPR. Account data and metadata (e.g. delivery logs) may be processed in the USA.

Retention period: Emails are processed after successful delivery in accordance with Resend's retention policy. Delivery logs are deleted by Resend after 30 days.

Cookies and Tracking

This website uses NO cookies, no tracking tools and no external analytics services.

  • No Google Analytics or comparable analytics services
  • No Google Fonts via CDN (fonts are served locally)
  • No tracking pixels or social media buttons

As we do not use cookies or comparable access to device storage beyond technically necessary functions, no cookie banner or consent mechanism is required pursuant to §25 TDDDG.

Your Rights

You have the following rights with regard to the personal data concerning you:

  • Art. 15 GDPR: Right of access
  • Art. 16 GDPR: Right to rectification
  • Art. 17 GDPR: Right to erasure
  • Art. 18 GDPR: Right to restriction of processing
  • Art. 20 GDPR: Right to data portability
  • Art. 21 GDPR: Right to object

To exercise your rights, please contact: [PLACEHOLDER: praxis@example.de]

You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data by us.

Supervisory Authority

The competent supervisory authority for data protection is:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW)
Kavalleriestr. 2–4
40213 Düsseldorf, Germany

Email: poststelle@ldi.nrw.de
Website: www.ldi.nrw.de