Information for patients on data protection

Dear patient,

We take the protection of privacy and the security of your personal data seriously. According to the EU data protection regulation, we are obliged to inform you about the purposes for which our practice acquires, saves or passes on data. Please also refer to the information for your rights on data protection.

1. Responsibility for data processing
Person responsible for data processing is:
Augenarztpraxis Dr. med. Florian Gerlach
Johann-Sebastian-Bach-Str. 40
85521 Ottobrunn
Contact details: +49 (0) 89 609 93 77

2. Purpose of data processing
Data processing may be necessary in accordance to the applicable law for fulfilment of the treatment contract between you and your physician and the related duties. On this purpose, we shall process your personal data, especially your health data. This includes anamneses, diagnoses, therapy suggestions and our as well as other physicians’ findings. For these purposes, other physicians or psychotherapists whose treatment you are under can provide us with data (e.g. in referral letters). The collection of health data is prerequisite for your treatment. If the necessary information is not provided, carefully assessed treatment cannot take place.

3. Recipients of your data
We only transmit your personal data to third parties as far as permitted by law or if you have given us your consent to do so. Recipients of your personal data will primarily be other physicians/ psychotherapists, associations of statutory health insurance physicians, health insurance companies, the medical service of the statutory health insurance companies, medical councils and accounting centres for private treatment. Data transmission may primarily occur for the purpose of billing of services provided to you as well as for clarification of medical questions and questions resulting from your insurance relationship. In individual cases, data may be transmitted to other authorised recipients.

4. Storage of your data
We will store your personal data for only as long as necessary to perform the treatment. We are obliged by law to store these data for at least 10 years after completion of treatment. Under other provisions, longer retention periods may result, for instance 30 years for X-ray records according to paragraph 28 section 3 of the Röntgenverordnung (German X-ray regulation).

5. Your rights
You have the right to obtain information about the data concerning your person. Furthermore, you can demand for correction of incorrect data. In addition and under certain conditions, you are entitled the right of data deletion, the right of limitation of data processing as well as the right of data portability. The processing of your data is based on legal provisions. We require your consent in exceptional cases only. In these cases you have the right to revoke your consent for a future data processing. Furthermore, you have the right to complain to the competent supervisory authority for data protection if you consider the way of processing of your data as unlawful.

The address of our competent supervisory authority is:

Bayerisches Landesamt für Datenschutzaufsicht
c/o Regierung von Mittelfranken
Promenade 27
91522 Ansbach
Phone: 0981/531300

6. Legal foundations
Legal basis for procession of your data is article 9 section 2 lit. h) DSGVO (Datenschutzgrundverordnung, EU General Data Protection Regulation) in connection with paragraph 22 section 1 Nr. 1 lit. b) Bundesdatenschutzgesetz (German Federal Data Protection Act). Should you have any questions, please contact us.

7. Enquiry by e-mail, telephone or fax

In case you contact us by e-mail, telephone or fax, we will, for the purpose of handling your enquiry, save and process all person-related data received (name, enquiry). We will not share these data without your consent.

8. Note
In order to protect your privacy, we neither use Google Analytics nor do we place cookies. For information on whether and to which extent the embedded Google Maps function places cookies, please consult the current Google Maps terms in our imprint.

Disclosure of your personal data is not required during your visit to our website.

However, on each visit to our website, usage data will be transmitted automatically through your internet browser to our webhoster/ IT service provider and will be saved as protocol data in so called server log files. These data include for example:

• browser type and browser version
• operating system used
• referrer URL
• host name of the accessing computer
• date and time of server request
• IP address
• data volume transmitted

None of these data will be merged with other data sources.

Data processing and, in particular, statistical analysis are based on Art. 6 Abs. 1 lit. f) DSGVO (German Data Protection Act). The website operator has legitimate interest in a technically error-free presentation and optimisation of his website. In case of concrete indications of unlawful usage, the website operator (Domain Factory GmbH) reserves the right to check server log files retroactively.

Your practice team