1. Name and address of the person responsible
Your contact person as the person responsible within the meaning of the European Data Protection Basic Regulation ("EU-DSGVO") and other national data protection laws of the member states as well as other provisions of data protection law:
Prof. Dr. med. Charlotte Holm Mühlbauer
Prof. Dr. med. Wolfgang Mühlbauer
- Medical specialists for plastic and aesthetic surgery -
ATOS Private Clinic Munich
- Center for Plastic and Aesthetic Surgery -
D - 81925 Munich, Germany
Phone: +49 (0) 89 20 4000 205
Fax: +49 (0) 89 20 4000 299
(hereinafter referred to as "we", "us" or "our")
2. Provision of the website
a. Legal basis
The legal basis for the processing of your personal data within the framework of the provision of the website is Art. 6 para. 1 lit. f EU-DSGVO.
The temporary storage of your personal data by us is necessary to enable delivery of the website to your computer. For this purpose, your personal data must be stored for the duration of the session.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of your personal data for the provision of the website, this is given as soon as you have left the website.
d.Possibility of objection and removal
The collection of your personal data for the provision of the website is mandatory for the operation of the website. There is therefore no possibility for you to object.
3. Use of technically necessary cookies
a. Legal basis
The legal basis for the processing of your personal data within the framework of the use of technically necessary cookies is Art. 6 para. 1 lit. f EU-DSGVO.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected; this is particularly the case if you leave the website.
d. Possibility of objection and removal
You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. You can delete cookies that have already been saved at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that all functions of the website can no longer be used to their full extent.
4. Personal data that you provide voluntarily for communication purposes
In order for you to receive individually tailored services, you will be asked to provide personal data. For this purpose, our website provides a contact form which can be used for electronic contact. We also offer the option of making an online appointment. The data is entered into an input mask and transmitted to us and stored. The following data is collected as part of this process:
In addition, the following data will be stored at the time the message is sent:
If you do not wish to provide this information, please understand that you do not have access to the requested functions or information.
Alternatively, you can contact us using the email address provided. In this case, the personal data of the user transmitted with the e-mail will be stored.
If you contact us electronically, for example by e-mail, we may inform you of the following: Data transmission on the Internet (e.g. communication by e-mail) cannot guarantee complete data security due to security gaps. Therefore a complete protection of the data against access by third parties is not possible. In particular, it cannot be ruled out that unencrypted e-mails may be read by unauthorised persons during transmission. If you wish to send us personal or sensitive data (e.g. health data), we advise against sending unencrypted e-mails. In the case of confidential information, we therefore recommend that you contact us by post or telephone.
By voluntarily entering this data in the contact form, you as a user declare your consent to the collection and storage of the data entered in each case. Data processing is thus carried out for the purpose of establishing contact in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO on the basis of your voluntary consent.
We also offer you the option of making an online appointment. For this we need the following data:
The data collected will be processed exclusively for the following purposes: Provision of an online appointment agreement, administration of an online appointment calendar, administration of appointments, online tool for appointment calendar administration, information of patients about doctors, e-mail and SMS notifications (so-called recall system).
Data processing for the aforementioned purposes is carried out within the framework of order processing by the service provider Doctolib GmbH, Wilhelmstraße 118, 10963 Berlin - Datenschutzerklärung https://www.doctolib.de/terms/agreement.
Our service provider is also requested by us to comply with the statutory data protection regulations. Encrypted data transmission to the service provider takes place. The online appointment pages are also protected by SSL encryption.
Since the data collected during the use of online appointment allocation is provided voluntarily by you, you as a user declare your consent to the processing of the data entered in each case by Doctolib GmbH and we obtain your consent to this. Data processing by Doctolib GmbH is thus carried out for the aforementioned purposes in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO on the basis of your voluntary consent.
The legal basis for the processing of data transmitted by e-mail is Art. 6 para. 1 lit. f DS-GVO. If the purpose of the contact request, e-mail or online appointment is to conclude a contract, there is a further legal basis for processing in accordance with Art. 6 para. 1 lit. b DS-GVO.
We process personal data only for the purposes of conversation and contact processing. The necessary justified interest in the processing of the data in the case of an establishment of contact via the contact form or by e-mail as well as via the online appointment allocation lies in it.
The processing of other personal data during the sending process serves to prevent misuse of the contact form and online appointment allocation as well as to ensure the security of our information technology systems.
5. Purposes for which your personal data will be processed:
Within the framework of your treatment, data concerning your person, your social status and the medical data necessary for the treatment will be collected, recorded, stored, processed, queried, used, transmitted, etc. In general, this is referred to as the "processing" of your data. This term "processing" is the generic term for all these activities. For data protection reasons, the processing of patient data in our practice is only possible if this is prescribed or permitted by law or if you as a patient have given your consent.
For your patient-related care / treatment, processing of your data is particularly necessary for preventive, diagnostic, therapeutic, curative and aftercare reasons. Processing also takes place - in the sense of the best possible care - with regard to interdisciplinary conferences for the analysis and discussion of diagnostics and therapy, for pre-, co- and further care with regard to diagnostics, therapy, findings as well as disease / vital status. In addition, doctor's letters / reports are written and processed for quality assurance reasons, to identify and combat hospital infections and for discharge management.
In addition to this patient-related processing, your treatment also needs to be administered. This essentially requires the processing of your data for the billing of your treatment, for reasons of controlling/inspection, for the assertion, exercise and defence of legal claims, etc. Furthermore, data processing is carried out for the purpose of further training and education of physicians and members of other professions in the health care system, for research purposes or for statutory reporting obligations (e.g. to the police on the basis of reporting law, to state health authorities on the basis of the Infection Protection Act, to cancer registers) and not least for reasons of the support and maintenance of IT systems and applications, etc.
6. Google Analytics
This website uses Google Analytics, the web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA . (hereinafter referred to as "Google").
Google Analytics uses "cookies", which are text suggestion files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. However, if IP anonymisation is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA where it will be shortened. Google will use this information on our behalf to evaluate your use of the website, compile reports on website activity and provide us with other services relating to website activity and internet usage. The IP address transmitted by your Internet browser as part of Google Analytics is not combined with other data from Google.
b. Legal basis
The legal basis for the processing of your personal data is Art. 6 para. 1 lit. f EU-DSGVO.
The processing of your personal data enables us to analyse your surfing behaviour. By evaluating the data collected, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. By anonymizing your IP address, your interest in the protection of personal data is sufficiently taken into account.
d. Storage period
Your personal data will be deleted as soon as they are no longer needed for the purposes mentioned above. In our case, this will happen after 14 months.
e. Objection and removal possibility
If you would like to disable Google Analytics, please visit this page and install the Google Analytics disable add-on for your internet browser. For detailed information on installing and uninstalling the add-on, see the relevant help resources for your Internet browser.
Browser and operating system updates may cause the deactivation add-on to stop working as intended. For more information about managing add-ons for Chrome, click here. If you are not using Chrome, check directly with your Internet browser manufacturer to see if add-ons are working properly in the browser version you are using.
The latest versions of Internet Explorer occasionally download the Google Analytics opt-out add-on after data is sent to Google Analytics. Therefore, if you use Internet Explorer, the add-on will install cookies on your computer. These cookies ensure that any information collected is immediately deleted from the server that collected the information. Make sure that third-party cookies are not disabled for Internet Explorer. If you delete your cookies, the add-on will reset these cookies within a short time to ensure that your Google Analytics browser add-on continues to work properly.
The browser add-on to disable Google Analytics does not prevent data from being sent to the website or other web analytics services.
7. Jameda widget
Our website includes a widget from jameda GmbH, St. Cajetan-Straße 41, 81669 Munich, Germany. A widget is a small window that displays variable information. Although the corresponding content is displayed on our website, it is retrieved from the jameda servers at this moment. This is the only way to always show the current content, especially the current rating. For this purpose, a data connection from our website to jameda must be established and jameda receives certain technical data (date and time of the visit; the page from which the query is made; Internet protocol address used (IP address), browser type and version, device type, operating system and similar technical information) which are necessary for the content to be delivered. However, this data is only used to provide the content and is not stored or used in any other way.
8. Online presence in social media (Facebook/Instagram)
We maintain online presences within social networks and platforms in order to communicate with the patients, interested parties and users active there and to inform them about our services.
We would like to point out that user data may be processed outside the European Union. This can result in risks for users, as it could, for example, make it more difficult to enforce the rights of users. With regard to US providers that are certified under the Privacy Shield, we would like to point out that by doing so they commit themselves to comply with EU data protection standards.
In addition, user data is usually processed for market research and advertising purposes. For example, user profiles can be created on the basis of user behavior and the resulting interests of users. The usage profiles can in turn be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the user's computer in which the user's usage behaviour and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them).
The processing of the personal data of the users takes place on the basis of our legitimate interests in effective information of the users and communication with the users in accordance with Art. 6 Para. 1 letter f. DSGVO. If the users are requested by the respective providers of the platforms to consent to the aforementioned data processing, the legal basis for the processing is Art. 6 Para. 1 lit. a., Art. 7 DSGVO.
For a detailed description of the respective processing operations and the opt-out options, we refer to the following linked information of the providers.
Also in the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. Should you nevertheless require any help, please do not hesitate to contact us.
9. Google Maps
We integrate the maps of the service "Google Maps" of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google LLC is certified for the us European Privacy Shield Agreement, which ensures compliance with EU data protection standards.
To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy retrievability of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
You will find more information on the handling of user data in Google's data protection declaration: https://www.google.de/intl/de/policies/privacy/.
10. Google Web Fonts
This website uses so-called web fonts provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for the uniform display of fonts. When you access a page, your browser loads the web fonts you need into your browser cache to display text and fonts correctly. To do this, the browser you are using must connect to Google's servers. This enables Google to know that your IP address has been used to access our website. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
If your browser does not support web fonts, a standard font will be used by your computer.
11. Categories of beneficiaries
Within our practice, those departments and departments receive personal data that they need to fulfil the aforementioned purposes. In addition, we make use of various service providers and transfer your personal data to other trustworthy recipients. These can be, for example:
Insofar as we disclose data to other persons and companies (contract processors or third parties) in the context of our data processing, transmit them to them or otherwise grant them access to data, this is done on the basis of a legal permit or on the basis of your consent or because a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using a hosting provider, etc.). If we commission third parties with the processing of personal data on the basis of a so-called "contract processing agreement", this is done on the basis of Art. 28 DSGVO.
12. Your rights
You have the following rights vis-à-vis us:
a. Right to information
You have the right to be informed as to whether and which of your personal data is processed by us. In this case we will additionally inform you about
(1) the purpose of the processing;
(2) the categories of data;
(3) the recipients of your personal data;
(4) the planned storage period or the criteria for the planned storage period;
(5) Your other rights;
(6) if you have not provided us with your personal data: All available information about their origin;
(7) if available: the existence of automated decision-making and information on the logic involved, the scope and the intended effects of the processing.
b. Right of rectification
You have the right to have your personal data corrected and/or completed if it is inaccurate or incomplete.
c. Right to limit the processing
You have the right to limit the processing, provided that
(1) we verify the accuracy of your personal data processed by us;
(2) the processing of your personal data is unlawful;
(3) you need your personal data processed by us for the purpose of prosecution;
(4) you have lodged an objection against the processing of your personal data and we examine this objection.
d. Right to cancellation
You have a right to deletion, provided that
(1) we no longer need your personal data for its original purpose;
(2) you revoke your consent and there is no further legal basis for processing your personal data;
(3) you object to the processing of your personal data and, unless it is direct marketing, there are no overriding reasons for further processing;
(4) the processing of your personal data is unlawful;
(5) the deletion of your personal data is required by law;
(6) your personal data was collected as a minor for Information Society services.
e. Right to information
If you have asserted your right to correction, deletion or restriction of processing, we will inform all recipients of your personal data of this correction, deletion of data or restriction of processing.
f. Right to data transfer
You have the right to receive your personal data processed by us on the basis of your consent or for the execution of the contract in a structured, common and machine-readable format and to transfer them to another responsible party. If this is technically feasible, you have the right for us to transfer this data directly to another responsible person.
g. Right of objection
In the case of special reasons, you have the right to object to the processing of your personal data. In this case, we will no longer process your personal data unless we can prove compelling reasons worthy of protection for the processing.
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time.
h. Right of revocation
You have the right to revoke your consent given to us at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the revocation.
i. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to appeal to the competent supervisory authority if you believe that the processing of your personal data by us violates the EU Data Protection Regulation.
The competent supervisory authority for us is:
Bavarian State Office for Data Protection Supervision (BayLDA)
91522 Ansbach, Germany
Phone: +49 (0) 981 53 1300
13. Deletion of data / restriction of processing
Personal data processed by us will be deleted or their processing restricted in accordance with Art. 17 and 18 DSGVO. Unless otherwise expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them. This applies, for example, to data which must be stored for commercial or tax reasons (e.g. § 257 HGB, § 147 para. 1 AO - Aufbewahrung bis 10 Jahre). If the data are not deleted because they are required for other, legally permissible purposes, their processing will be restricted. This means that the data is blocked and not processed for other purposes.
We do not employ a separate data protection officer. If you have any questions, please do not hesitate to contact us at any time. As a responsible practice, we refrain from automatic decision-making or profiling.