Dear patient,
we hold you as an individual as well as your personal data particularly in high esteem. In the course of the medical treatment and the corresponding processing of your personal data we constantly aim at making the data processing as “fair” and transparent as possible for you.

In order to get a better idea of how we process your personal data in the context of your medical treatment we inform you, amongst others, which of your personal data we process as part of your treatment. Further, we would like to inform you how and for which purposes we use the data you give us. We also want to provide you with information about your rights and other sort of information connected to your medical treatment that might be interesting for you.

In case you have any questions to any topics in this data protection notice, please let us know; we are at your disposal anytime.

The following information is based upon the statutory provision according to Article 13 of the General Data Protection Regulation (hereinafter “GDPR”).

Data protection

1. Controller of the Processing of Personal Data

The Controller of the processing of your personal data is:
Sophienklinik GmbH
Specialized Clinic for Plastic and Aesthetic Surgery
Sophienstrasse 41
D-70178 Stuttgart
phone +49 (711) 25 25 75 – 0
fax +49 (711) 25 25 75 – 45
info@sophienklinik-stuttgart.de

We appointed a data protection officer who is available for your questions via e-mail anytime under dsb@sophienklinik-stuttgart.de

2. Processing of Your Personal Data (Purpose) and Legal Basis

Personal data that you give us or that we collect in the context of your medical treatment is processed generally only for the following purposes:

  • Treatment / for the fulfillment of the contract about medical treatment (cf. Article 9 para. 2 (h) GDPR in connection with section 22 para. 1 (b) Federal Data Protection Act [Bundesdatenschutz-gesetz, BDSG] in connection with section 630a German Civil Code [Bürgerliches Gesetzbuch, BGB]). We would like to inform you that without your personal data we neither can treat you nor are in the position to fulfill the contract about medical treatment.,
  • Documentation of treatment (cf. Article 9 para. 2 (h) GDPR in connection with section 22 para. 1 (b) BDSG in connection with section 630f BGB),
  • Billing of medical treatment (cf. Article 9 para. 2 (h) GDPR in connection with section 22 para. 1 (b) BDSG in connection with section 630a BGB),
  • Duties to provide information with regard to health insurances and social insurance carriers cf. Article 9 para. 2 (h) GDPR in connection with section 22 para. 1 (b) BDSG in connection with sections 284 et seqq. Code of Social Law, Book V [Fünftes Buch Sozialgesetzbuch, SGB V],
  • Duties to provide information towards tax authorities (cf. Article Article 9 para. 2 (g) GDPR in connection with sections 38 et seqq. Income Tax Act [Einkommenssteuergesetz, EStG]),
  • Enforcing a claim or defending against a claim (cf. Article 9 para. 2 (f) GDPR).

We only process your personal data for the purposes listed above, unless you either give us your explicit, voluntary consent or to the extent statutory law allows.

Web analysis with Matomo (formerly PIWIK)

Our website uses the web analytics service Matomo, provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, which enables cross-page recognition of the user to analyze user behavior. This allows us to find out which page views were made when, which regions they came from and which actions the user performed (e.g. clicks or purchases).

The following usage data is processed: Two bytes of the IP address of your calling system, the accessed website and the website from which you were redirected to the accessed website (referrer URL), visited subpages of our website, location data (based on the anonymized IP address), user times, dwell time and visit frequencies and browser/device data.

The usage information collected (including your shortened IP address) is transmitted to our server and stored. Your IP address is anonymized so that the data cannot be assigned to an identifiable person and the individual user remains anonymous. The usage data collected is not passed on to third parties.

The use of this analysis tool is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is based on Art. 6 (1) lit. a DSGVO; the consent can be revoked at any time.

The data is deleted as soon as it is no longer required for our recording purposes.

3. Duration of the Processing:

As you can see we process your personal data for different purposes and based upon various statutory laws. As a consequence statutory law requires that we store your personal data for different periods which does not make it easy for us.

For instance, we are obliged to store the data about your medical treatment for (at least) 10 years due to laws connected to our profession as well as civil law or tax law.

4. Recipients of Your Personal Data

For a smooth performance of the above-mentioned activities around your medical treatment in specific cases we might need to transfer your data to other persons/ companies/ authorities, respectively persons/ companies might be granted the opportunity to take notice of your personal data when fulfilling their obligations towards us.

The potential recipients are:

  • association of statutory health insurance physicians [Kassenärztliche Vereinigung],
  • private / statutory health insurances,
  • courts,
  • authorities,
  • social insurance carriers,
  • evaluators,
  • if applicable, factoring companies,
  • third party laboratories,
  • other doctors/ hospitals/ non-medic therapists,
  • attorneys,
  • tax consultants,
  • producers of medical products who perform maintenance jobs,
  • suppliers who look after our IT.

We emphasize once more that these recipients are granted access to your data, respectively may take notice of your data on a case by case basis only. Also a taking notice of the data only happens on the grounds of legal legitimation. Furthermore, we pay attention that such recipients only receive the data on a need-to-know which they need in order to fulfill their purpose.

We took the respective technical and organizational measures in order to keep the risk of having “external” third parties involved within an adequate level.

5. Your Rights as the Data Subject Concerned

As we process “your” personal data as described above you are entitled by statutory law to certain rights towards us to the extent not limited or excluded by statutory law. In particular, such rights include the following:.

  • Right of access to personal data being processed by us according to Article 15 GDPR. In case of a non-written request we kindly ask you for your understanding that we might ask you for providing evidence in order to prove that you really are the person who you claim to be,
  • Right to obtain without undue delay the rectifica-tion of inaccurate personal data concerning you according to Article 16 GDPR,
  • Right to obtain the erasure of your personal data without undue delay according to Article 17 GDPR,
  • Right to obtain the restriction of processing of your personal data according to Article 18 GDPR,
  • Right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us according to Article 20 GDPR,
  • Right to withdraw your consent at any time according to Article 7 para. 3 GDPR. The with-drawal of consent shall have effect only on future data processing after withdrawal. It shall not affect the lawfulness of processing based on consent before its withdrawal,
  • Right to lodge a complaint with a supervisory authority according to Article 77 GDPR. Generally, you contact the data protection authority either of your habitual residence or the one competent for our clinic ; the latter is:
    The Commissioner for Data Protection of the Federal State of Baden-Württemberg [Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg]
    Postbox 10 29 32
    D-70025 Stuttgart
    phone: 0049-711/615541-0
    fax: 0049-711/615541-15
    e-mail: poststelle@lfdi.bwl.de

6. Right to Object

To the extent your personal data is processed on the basis of legitimate interests according to Article 6 para. 1 sentence 1 (f) GDPR you are entitled to object in accordance with Article 21 GDPR to the processing of personal data concerning you as far as reasons exist that derive from your specific situation.

In case you would like to execute your right to object or withdraw, a message to us is sufficient.

7. Data Security

It is our utmost endeavor to protect you, respectively your personal data as effective as possible. For this reason we took various measures in order to protect your data to the extent possible against unauthorized access. In this regard we implemented technical and organizational measures which we deem adequate, in order to protect your data against accidental or intentional manipulation, partial or full loss of data, destruction or unauthorized access by third parties. We constantly review our security measures and their effectiveness corresponding to the technological development and, as needed, improve them.

8. Up-to-Dateness of this Data Protection Notice and Changes

This data protection notice as of May 2018 is the currently valid version.

Due to changes of statutory law or instructions by authorities as well as changing circumstances of proces-sing it may become necessary to update this data protection notice from time to time.

We will inform you prominently about such changes. In addition, such changes will be highlighted in the next version of our data protection notice.

You can obtain the respective current data protection notice either in our clinic or on our website under www.sophienklinik-stuttgart.de/en/

I have received the data protection notice according to GDPR and understand it.