We take the protection of your personal data and the whole issue of data protection very seriously. It goes without saying that we follow all the applicable and relevant regulations for data protection, especially the General Data Protection Regulation and the Federal Act on Data Protection. In the context of this data privacy statement, we would like to inform you about the data that we record during your visit and how exactly this data is used:
1. Name and address of the responsible party
In terms of the General Data Protection Regulation, other national data protection laws of member states and further data protection rules, the responsible party is:
Dental Practice Dr. Elke Hubiak
Represented by Dr. Elke Hubiak
Telefon: +49 (0) 2921 17031
Telefax: +49 (0) 2921 17032
2. Name and address of the data protection officer
The data protection officer as defined by the General Data Protection Regulation and this data privacy statement can be reached at:
Data protection officer
Dental Practice Dr. Elke Hubiak
Data protection officer IHK
3. General information on data processing
3.1. Scope of processing personal data
In principle, we only process personal data of our users if it is necessary for providing a functional website and our contents and services. Personal data of our users is processed regularly only with the user's consent. In such cases, an exception is made when getting prior consent is not possible due to practical reasons and data processing is permitted by the legal regulations.
3.2. The legal basis for processing personal data
As long as we get consent for processing operations of personal data from the person concerned, Art. 6 paragraph 1 lit. a EU-General Data Protection Regulation (GDPR) serves as the legal basis.
For processing personal data which is required for the performance of a contract to which the person concerned is party, Art. 6 paragraph 1 lit. b GDPR serves as the legal basis. This is also applicable for processing operations, which are required for implementing pre-contractual measures.
If the processing of personal data is required in order to comply with a legal obligation incumbent on our company, Art. 6 paragraph 1 lit. c GDPR serves as the legal basis.
If vital interests of the person concerned or of another natural person necessitate processing of personal data, Art. 6 paragraph 1 lit. d GDPR serves as the legal basis.
If data processing is required for protecting a legitimate interest of our company or of a third party, and if the interests, basic rights and basic freedoms of the person concerned do not outweigh the interests of our company or the third party, Art. 6 paragraph 1 lit. f GDPR serves as the legal basis for processing.
3.3. Data deletion and duration of storage
The personal data of the person in question is deleted or blocked as soon as the purpose of storage ceases to be relevant. Personal data can also be stored if its storage was stipulated by the European or national legislators in Union regulations, laws or other provisions which the responsible party has to follow. Data can also be deleted or blocked if a storage duration stipulated by the aforementioned standards expires, unless there is need for storing the data further for conclusion of a contract or for performance of a contract.
4. Providing the website and preparing log files
4.1. Description and scope of data processing
Whenever our website is visited, our system automatically records data and information from the computer system of the calling computer.
The following data is collected:
- (1) Information on the browser type and the version used
- (2) The operating system of the user
- (3) The internet service provider of the user
- (4) The IP address of the user
- (5) Date and time of the visit
- (6) Websites from which the system of the user arrived on our website
- (7) Websites that are visited by the system of the user through our website
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
4.2. The legal basis for processing data
The legal basis for the temporary storage of data and log files is Art. 6 paragraph 1 lit. f GDPR.
4.3. Purpose of processing data
Data is stored in log files to ensure the functionality of the website. In addition, we use the data for optimising the website and for ensuring the security of our information technology systems. In this context, the data is not evaluated for marketing purposes.
Here our legitimate interest also lies in data processing according to Art. 6 paragraph 1 lit. f GDPR.
4.4. Duration of storage
Data is deleted as soon as it is no longer required for achieving the purpose for which it was collected. In case the data is collected for making the website available, the data is deleted when the respective session is over.
If data is saved in log files, it is deleted after seven days at the latest. It is possible that the data will be saved even after this. In that case, the IP addresses of the users are deleted or anonymised so that allocation of the calling client is not possible any longer.
4.5. Option to object and delete
Collecting the data for providing the website and storing the data in log files is absolutely necessary for running the website. Therefore, the user does not have an option to object.
5. Usage of Cookies
5.1. Description and scope of data processing
In the Cookies, the following data is saved and transferred:
- (1) Language settings (even if the website is only in German)
- (2) Log-in information (only for registered users)
- (3) Session ID
- (4) Using website functions
Data of users collected in this way is anonymised with technical means. Hence, allocation of the data to calling users is not possible any longer. The data is not saved together with other personal data of the user.
Installation of Cookies by our website can be prevented using the settings in the respective internet browser. Cookies that are already installed can be deleted using the internet browser or other software programs. This can be done in all the common internet browsers. If installation of Cookies is deactivated in the respective internet browser, all the functions of our website may not always be fully usable.
5.2. The legal basis for processing data
The legal basis for processing personal data using Cookies is Art. 6 paragraph 1 lit. f GDPR.
5.3. Purpose of processing data
The purpose of using the technically required Cookies is to simplify the usage of websites for the user. Some functions of our website cannot be offered without using Cookies. For this it is necessary that the browser is recognized even after a page change.
We need Cookies for the following applications:
- (1) Sign-in (only registered users): When you sign-in, your sign-in details are saved in an encrypted form as Cookies so that you are signed-in automatically when you visit again. By choosing “Stay signed in” in the sign-in window, you can decide if these Cookies will be installed.
- (2) Session: When our website is visited for the first time, a new session is started. This session is allocated to your computer using a unique Cookie. Sessions allow recognising the user between two page changes and to provide the user with all the functionalities. Here a temporary Cookie is involved which is deleted automatically when the internet browser is closed.
- (3) Services of third-party providers: Using external services (e.g. Google Maps, YouTube) and sharing content on social networks or similar websites can lead to creation of a Cookie. These Cookies are not created directly by our website, rather they are created by the third-party providers.
The user data collected using the technically required Cookies is not used for creating user profiles.
Here our legitimate interest also lies in processing personal data according to Art. 6 paragraph 1 lit. f GDPR.
5.4. Duration of storage, Option to object and delete
If Cookies are deactivated for our website, all the functions of our website may not be fully usable any longer.
6. Contact form and email correspondence
6.1. Description and scope of data processing
Contact forms are available on our webpage which can be used for getting electronic contact details. If the user fills out the contact form, the data entered in the form is sent to us and saved. The data entered in the form is as follows:
- (1) Name and surname
- (2) Address (street, house number, postcode, location)
- (3) Phone number, mobile number, fax number
- (4) Email address
The so-called mandatory fields to be filled are marked as such, we only ask for the most essential details in the mandatory fields which we need at the minimum to be able to provide the desired service. All the information is given by the user voluntarily. When the form is sent, the following data is also saved:
- Date and time of sending
Your permission is taken in the sending process for processing the data and a reference is made to this data privacy statement.
Alternatively, contacting via the given email address is possible. In that case, the personal data of the user sent via email is saved. In this connection, data is not transferred to third parties. The data is only used for carrying out the conversation.
6.2. The legal basis for processing data
The legal basis for processing data when consent of the user is obtained is Art. 6 paragraph 1 lit. a GDPR.
The legal basis for processing data which is transferred while sending an email is Art. 6 paragraph 1 lit. f GDPR. If the email correspondence aims at concluding a contract, then another legal basis for processing is Art. 6 paragraph 1 lit. b GDPR.
6.3. Purpose of processing data
Processing the personal data from the contact form is only useful to us for processing the contact details. If the correspondence is carried out via email, even in that case the legitimate interest lies in processing the data.
Other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
6.4. Duration of storage
Data is deleted as soon as it is no longer required for achieving the purpose for which it was collected. The personal data from the contact form and the personal data sent via email is deleted when the respective conversation with the user is completed. The conversation is complete when it can be assumed from the situation that the issue of the person concerned has been conclusively clarified.
The personal data collected additionally during the sending process is deleted at the latest after a period of seven days.
6.5. Option to object and delete
The user always has the option to revoke his consent for processing personal data. If the user gets in touch with us via email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
The objection can be sent via email or post to:
Dental Practice Dr. Elke Hubiak
All personal data that is saved while establishing contact is then deleted.
7. Using Google Maps
This website uses Google Maps for displaying maps and for route planning. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
By using this website, especially by using the route planning function, you give permission to Google, one of its representatives, or a third party service provider, to collect, process and use the automatically collected data and the data given by you.
8. Video display with YouTube
To embed videos, we use the service and the technology of YouTube. YouTube is operated by YouTube, LLC 901 Cherry Ave, San Bruno, CA 94066, USA.
By using this website, especially by using the Video function, you give permission to YouTube, one of its representatives, or a third party service provider, to collect, process and use the automatically collected data and the data given by you.
9. Rights of the person concerned
If your personal data is processed, you are the person concerned in terms of GDPR and you have the following rights vis-à-vis the responsible party:
9.1. Right to information
You can demand a confirmation from the responsible party on whether your personal data is processed by us.
If it turns out that your data is processed in this way, you can demand information about the following from the responsible party:
- (1) the purposes for which the personal data is processed;
- (2) the categories of personal data that are processed;
- (3) the recipients or the categories of recipients to whom your personal data was disclosed or will be disclosed;
- (4) the planned duration of storage of your personal data or, if concrete details cannot be given regarding this, the criteria for determining the storage duration;
- (5) the existence of the right to correct or delete your personal data, a right to restrict the processing by the responsible party or a right of objection against this processing;
- (6) the existence of a right to file a complaint at a regulatory body;
- (7) all the available information about the origin of data, if the personal data is not collected from the person concerned;
- (8) the existence of automatic decision making including profiling according to Art. 22 paragraph 1 and 4 GDPR and – at least in these cases – meaningful information about the involved logic and the scope and the intended effects of such a processing for the person concerned.
9.2. Right to correct
You have a right of correction and/or completion vis-à-vis the responsible party, if your processed personal data is incorrect or incomplete. The responsible party must immediately make the correction.
9.3. Right to limit the processing
You can demand that the processing of your personal data be limited under the following conditions:
- (1) if you have contested the correctness of your personal data for a duration which allows the responsible party to review the correctness of the personal data;
- (2) the processing is unlawful and you reject the deletion of personal data and instead demand that the use of the personal data must be limited;
- (3) the responsible party does not need the personal data for the purpose of processing any longer, but you need it to assert, exercise or defend legal claims, or
- (4) if you have filed an objection against processing according to Art. 21 paragraph 1 GDPR, and it is still not clear if the legitimate reasons of the responsible party outweigh your reasons.
If the processing of your personal data is limited, then this data, apart from you saving it, may only be processed with your consent or for asserting, exercising or defending legal claims, or for protecting the rights of another natural or legal person, or in the important public interest of the union or a member state.
If the limitation on processing according to the aforementioned conditions is obstructed, you are informed by the responsible party before the limitation is lifted.
9.4. Right to delete (“Right to be forgotten”)
Obligation to delete
You can ask the responsible party to delete your personal data immediately and the responsible party is obligated to delete this data immediately, for one of the following reasons:
- (1) Your personal data is not required any longer for the purpose for which it was collected or processed in any other way.
- (2) You revoke your consent on which the processing was based according to Art. 6 paragraph 1 lit. a or Art. 9 paragraph 2 lit. a GDPR, and another legal basis for processing is missing.
- (3) You file an objection according to Art. 21 paragraph 1 GDPR against the processing and there are no overriding legitimate reasons for processing, or if you file an objection according to Art. 21 paragraph 2 GDPR against the processing.
- (4) Your personal data was processed unlawfully.
- (5) Deleting your personal data is necessary to comply with a legal obligation according to the union legislation or the law of Member States, which the responsible party has to follow.
- (6) Your personal data was collected with regard to the services offered by the information society according to Art. 8 paragraph 1 GDPR.
9.5. Information to third parties
If the responsible party has made your personal data public and if the responsible party is obligated to delete it according to Art. 17 paragraph 1 GDPR, then it takes appropriate measures considering the available technology and the implementation costs, even those that are technical in nature, to inform those responsible for processing the data, that you as the person concerned have asked that all links to this personal data, or copies or replications of this personal data be deleted.
The right to delete is not applicable if the processing is required:
- (1) to exercise the right to free expression and information;
- (2) to comply with a legal obligation, that requires processing according to the union legislation or the laws of member states, which the responsible party has to follow, or for performing a task in public interest or while exercising official authority, which was transferred to the responsible party;
- (3) for reasons of public interest in the field of public health according to Art. 9 paragraph 2 lit. h and i and Art. 9 paragraph 3 GDPR;
- (4) for archiving purposes that are of public interest, for scientific or historical research purposes or for statistical purposes according to Art. 89 paragraph 1 GDPR, if the right specified in Section a) is likely to make the realisation of goals of this processing impossible or seriously impair it, or
- (5) for asserting, exercising or defending legal claims.
9.7. Right to inform
If you have asserted the right to correct, delete or limit the processing vis-à-vis the responsible party, the responsible party is obligated to inform all recipients to whom your personal data was disclosed about this correction or deletion of data or limitation of the processing, unless it proves to be impossible or if it implies disproportionate effort.
You have the right vis-à-vis the responsible party to be informed of these recipients.
9.8. Right to data portability
You have the right to receive your personal data which you have provided the responsible party in a structured, common and machine-readable format. In addition, you also have the right to send this data to another responsible party without any restriction from the responsible party to whom the personal data was provided, if
- (1) the processing was based on consent according to Art. 6 paragraph 1 lit. a GDPR or Art. 9 paragraph 2 lit. a GDPR or on a contract according to Art. 6 paragraph 1 lit. b GDPR and
- (2) the processing is done with automatic processes.
While exercising this right, you also have the right to effect the transfer of your personal data directly from one responsible party to another responsible party, as long as it is technically feasible. Freedoms and rights of other persons may not be affected by this.
The right to data portability is not applicable for processing of personal data which is required to perform a task in public interest or while exercising official authority, which was transferred to the responsible party.
9.9. Right of objection
You have the right to file an objection, due to reasons which result from your special situation, at any time, against processing your personal data which is processed based on Art. 6 paragraph 1 lit. e or f GDPR; this is also applicable for a profiling based on these provisions.
The responsible party does not process your personal data any longer unless, it can show compelling and legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing is useful for asserting, exercising or defending legal claims.
If your personal data is processed for direct advertising, you have the right to raise an objection at any time against processing of your personal data for the purpose of such an advertisement; this is also applicable to profiling, if it is connected with such direct advertising.
If you object to the processing for purposes of direct advertising, then your personal data is not processed any longer for these purposes.
You have the option of exercising your right of objection with an automatic process in connection with the usage of services of the information society, regardless of the guideline 2002/58/EG, where technical specifications are used.
9.10. The right to revoke the declaration of consent on data protection
You have the right to revoke your data protection consent declaration at any time. By revoking the consent, the legality of the processing carried out, which was based on the consent till its revocation, is not affected.
9.11. Automatic decision making in individual cases including profiling
You have the right to not be subjected to a decision based only on an automatic process, including profiling, which has a legal effect on you or affects you in a similar way. This is not applicable if the decision
- (1) is required for the conclusion or the fulfilment of a contract between you and the responsible party,
- (2) is permitted based on legislation of the union or the laws of member states which the responsible party has to follow, and these legal provisions have appropriate measures for protecting your rights and freedoms and your legitimate interests or
- (3) is taken with your express consent.
However, these decisions may not be based on special categories of personal data according to Art. 9 paragraph 1 GDPR, unless Art. 9 paragraph 2 lit. a or g GDPR applies and appropriate measures are taken for protecting the rights and freedoms and your legitimate interests.
With regard to the cases mentioned in (1) and (3), the responsible party takes appropriate measures, to protect the rights and freedoms and your legitimate interests, which include at least the right to get an intervention of a person from the responsible party, for explaining their point of view and for challenging the decision.
9.12. Right to file a complaint at a regulatory body
Irrespective of any other administrative or judicial remedy, you have the right to file a complaint at a regulatory body, especially in the member state of your place of residence, your workplace or the place of suspected infringement, if you believe that the processing of your personal data violates the GDPR.
The regulatory body with which the complaint was filed informs the complainant about the status and the outcome of the complaint along with the option of a legal remedy according to Art. 78 GDPR.
Commissioned data processing with third-party providers (Webhosting)
There are contracts for commissioned data processing (AV) with the internet service providers listed below:
Telefon: +49 30-300 146 0
Telefax: +49 30–886 15 111