Data Privacy – Practice for Endocrinology Prof. Dr. Wüster

Important Data Protection Information for Users of this Website

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration. When you use this website, various personal data are collected. Personal data is data by which you can be personally identified. This Privacy Policy explains what information we collect and how we use it. It also explains how and for what purpose this is done. We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

1. Contact Details and Terminology

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified.
The responsible body in the sense of Art. 4 sentence 7 DSGVO is the operator of this website named in the imprint is:

Hormon- und Stoffwechselzentrum Prof. Wüster MVZ GmbH
Prof. Dr. med. Dr. h. c. Christian Wüster
Telephone: 06131 – 588 48-0
E-mail: info@prof-wuester.de

Personal Data

Personal data includes all information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified directly or indirectly. An association with an identifier such as a name or pseudonym, an identification number, location data or an online identifier is sufficient. However, special characteristics are also sufficient for identification, such as the expression of physical, physiological, genetic, psychological, economic, cultural or social identity. This includes, for example, name, address, telephone number, e-mail address, but also the IP address, even if this is only indirectly or temporarily assigned to a specific person. A distinction is also made between personal data that is required for the establishment and content of the legal relationship or changes to it (inventory data) and personal data about the use of Internet pages (usage data).

Hyperlinks and External References

Hyperlinks represent a cross-reference in a document and correspond in principle to source references in a printed document; however, unlike in a book, you can call up these cross-references by clicking on the reference. References in a web document like this are typical. The references can link several documents and also web pages from different providers. In their entirety, these references reflect the World Wide Web (www). A distinction is made between internal links and external links. Internal links connect several text passages or documents under one domain, external links lead to domains, websites and servers of other providers. Other data protection regulations may apply on other web servers. You can tell whether there is a link to an external website by taking a closer look at the link. The destination of the link can be displayed by your browser. Please refer to the instructions of your browser for more information; in many web browsers it is sufficient for the link to be displayed if you move the mouse over the link without clicking on it.

Embedding External Content

Sometimes it can be useful to embed content from other websites into our design. You will then see other content in our design. Technically, this works through an IFrame/Inlineframe. This displays other web content as independent documents in a defined area of the browser, the browser address line only shows the address of the surrounding page. Our website is displayed as a technical frame, but the content then comes from another server. This makes sense, for example, when calling up videos hosted by other providers such as Youtube or Vimeo. Technically, this means that usage data is transferred to the third-party provider. You can find out which data the provider uses for other purposes in the privacy policy of the respective provider.

2. Data Processing Operations

Usage Data

Your web browser transmits usage data to our web server the first time you access our web pages. This is the only way our web server can present the website to your web browser. This usage data is available in the HTTP/S header, is sent automatically by you and is used for the duration of the page call. They contain, among other things:

  • the name of the web page or file accessed
  • the date and time of the request
  • the time zone difference to Greenwich Mean Time (GMT)
  • the amount of data transferred
  • a message about the successful retrieval (access status/HTTP status code)
  • the browser type including version and language as well as the operating system
  • the referrer URL (previously visited page)
  • the IP address and the requesting provider

Further information about the HTTP header can be found in Wikipedia as well as in the RFC 2616 specification, chapter 14. The aforementioned data serve the following purpose:

  • technical connection establishment of the website
  • evaluation of system security and stability
  • administrative purposes

General information on the legal basis for data processing on this website
If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) lit. a DSGVO or Art. 9 (2) lit. a DSGVO if special categories of data are processed in accordance with Art. 9 (1) DSGVO. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 (1) a DSGVO. If you have consented to the storage of cookies or to the access to information in your terminal device (e.g. via device fingerprinting), the data processing is additionally carried out on the basis of Section 25 (1) TTDSG. This consent can be revoked at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b DSGVO. Furthermore, if your data is required for the fulfilment of a legal obligation, we process it on the basis of Art. 6 para. 1 lit. c DSGVO. Furthermore, the data processing may be carried out on the basis of our legitimate interest according to Art. 6 para. 1 lit. f DSGVO. Information on the relevant legal basis in each individual case is provided in the following paragraphs of this data protection declaration.

Data Collection when Contacting Us

You can contact us via our website/contact form, but also by telephone, fax, e-mail and other means of communication. The information you provide is voluntary. With your voluntary information, we additionally process the time of the enquiry as well as, for technical reasons, your usage data sent in connection with the means of communication, such as telephone number or e-mail address. If you make an enquiry in the context of a contractual relationship or for the purpose of initiating a contract, the data processing is carried out in accordance with Art. 6 (1) p. 1 lit. b) DSGVO. In all other cases, we process your data based on your consent in accordance with Art. 6 para. 1 p. 1 lit. a) DSGVO. We use the collected data for individual communication with you, for contract initiation or implementation.
The personal data collected by us for the use of the contact form will be deleted after completion of your request, at the latest after expiry of the statutory retention obligations. Please note in connection with e-mails: Despite our comprehensive technical and organisational measures to protect your data, communication by e-mail has security vulnerabilities. If you wish to transmit confidential information, we advise you to use encrypted transmission, for example using PGP or S/MIME.

Note on Data Transfer to the USA and other Third Countries

Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

Storage of Cookies

A cookie is a small data file containing a string of characters that is generated and stored on your terminal device (for example, desktop PC, smartphone or tablet) during your visit to our website. A cookie can only contain the information that we send to your client; it cannot be used to read any further data on your device.
With the help of these cookies, your end device – but not directly its user – can be recognised. So-called session cookies contain a randomly generated, unique identification number. This enables our server to recognise which pages of the website the user has already visited during the respective “session”. They are usually deleted automatically after the session ends. Alternatively, the session ID can be stored on the server or transmitted in the Uniform Resource Identifier (URI). In contrast to session cookies, temporary cookies are stored on the client for a specific period of time. A previous visit to the website is recognised by the temporary cookie and the previous settings are retained. Cookies serve the purpose of customising the use of the website and the user profile. This means that settings that have already been made do not have to be re-entered on a new visit. They can also be used to statistically record the use of the website and to evaluate it for the purpose of optimisation.
The number of visitors to our website and the frequency with which the individual pages are called up provide us with information as to whether there might be interest in further contributions of a comparable nature in the future. The legal basis is Art. 6 para. 1 sentence 1 lit. f) DSGVO. The data processed by cookies are necessary for the user-specific design of the website and for its optimisation. Overriding interests or fundamental rights and freedoms of third parties are not apparent. The use of cookies can be restricted in the security settings of your browser (e.g. Chrome, Firefox, Safari) and can also be prevented altogether. Cookies can be deleted at any time. Information on this can be found in the operating aids of the browser. Some cookies are only stored with your explicit consent; in these cases, the legal basis is Art. 6 para. 1 sentence 1 lit. a) DSGVO.

Consent with Borlabs Cookie

Our website uses the Borlabs Cookie consent technology to obtain your consent to the storage of certain cookies in your browser or to the use of certain technologies and to document this in accordance with data protection law. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg (hereinafter referred to as Borlabs). When you enter our website, a Borlabs cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data is not shared with the Borlabs cookie provider. The collected data will be stored until you request us to delete it or until you delete the Borlabs cookie yourself or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected. Details on the data processing of Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/. Borlabs Cookie Consent Technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c DSGVO.

Data Transfer to Third Parties

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated via a website. The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO). Insofar as a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Our hoster will only process your data insofar as this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data.

In general, we will only process and transmit your personal data to third parties under the following conditions:

  • You have given your consent to this, Art. 6 para. 1 sentence 1 lit. a) DSGVO.
  • The transfer is necessary for the execution of a contract or the initiation of a contract, Art. 6 para. 1 sentence 1 lit. b) DSGVO.
  • There is a legal obligation to which we are subject, Art. 6 para. 1 sentence 1 lit. c) DSGVO.
  • For the protection of vital interests of a natural person, Art. 6 para. 1 sentence 1 lit. d) DSGVO.
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, Art. 6 (1) sentence 1 lit. e) DSGVO.
  • The processing is necessary to protect our legitimate interests or those of a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data override these, Art. 6 (1) sentence 1 lit. f) DSGVO. This includes, for example, the assertion, exercise or defence of legal claims.

Analysis of Website Visitors (Tracking)

Our tracking measures are based on Art. 6 para. 1 sentence 1 lit. f) DSGVO. They serve the statistical collection of website visits and thus the needs-based design and ongoing optimisation of the website.

Tracking with Google Analytics

When visiting this website, your surfing behaviour may be statistically evaluated. This is done primarily with so-called analysis programs.
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, length of stay, operating systems used and the origin of the user. This data is assigned to the respective end device of the user.

There is no assignment to a user ID. Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modelling approaches to supplement the data records collected and uses machine learning technologies in the data analysis. Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transferred to a Google server in the USA and stored there. The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/

The storage of cookies can be prevented by setting the browser. The collection of the data generated by the cookie and related to the use of the website (including the IP address) to Google as well as the processing of this data by Google can be prevented by a plugin available under this link. The collection by Google Analytics can also be prevented by clicking on the following link. An opt-out cookie will be set to prevent future collection of data when visiting the website on this end device for as long as the cookie is present on the end device; if you delete the cookie and wish to continue to prevent Google Analytics, you must set it again: Deactivate Google Analytics. Here you can find more detailed information on Google’s terms of use and data protection. We comply with the recommendations of the data protection authorities on the use of Google Analytics. For this purpose, we have also concluded an order processing agreement with Google.

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de
For more information on how Google Analytics handles user data, please see Google’s privacy policy:
https://support.google.com/analytics/answer/6004245?hl=de

Google Web Fonts

We use so-called web fonts for the uniform display of fonts. These are provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. When you call up a page, your browser loads the web fonts into its browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using connects to Google’s servers. This gives Google knowledge of the usage data. The legal basis is Art. 6 para. 1 lit. f DSGVO. If your browser does not support web fonts, a standard font from your computer will be used. Further information on Google Web Fonts can be found here and in Google’s privacy policy.

Google Maps

This site uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. In order to use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. If Google Maps is activated, Google may use Google Web Fonts for the purpose of uniform font display. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
Google Maps is used in the interest of an attractive presentation of our online offers and to make it easy to find the places we indicate on the website. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO. Insofar as a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/

More information on the handling of user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de

Embedding Videos

YouTube

This website embeds videos from the website YouTube. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of our websites on which YouTube is embedded, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. Furthermore, YouTube can save various cookies on your end device or use comparable technologies for recognition (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts.
If you are logged into your YouTube account, you enable YouTube to associate your surfing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account. YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. Further information on the handling of user data can be found in YouTube’s privacy policy at: https://policies.google.com/privacy?hl=de

Doctolib

On our website you have the possibility to make appointments with us. We use Doctolib for booking appointments. The provider is Doctolib GmbH, Mehringdamm 51, 10961 Berlin (hereinafter “Doctolib”). For the purpose of booking an appointment, you enter the requested data and the desired date in the mask provided. The data entered will be used for the planning, execution and, if necessary, follow-up of the appointment. The appointment data is stored for us on the servers of Doctolib, whose privacy policy you can view here: https://www.doctolib.de/terms/agreement. The data you enter will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Mandatory legal provisions – in particular retention periods – remain unaffected. The legal basis for data processing is Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in making it as uncomplicated as possible to arrange appointments with interested parties and customers. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO / Art. 9 para. 2 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

Order Processing

We have concluded a contract on order processing (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.

Own Services, Handling of Applicant Data

We offer you the opportunity to apply for a job with us (e.g. by e-mail, post or via an online application form). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other statutory provisions and that your data will be treated in strict confidence.

Scope and Purpose of Data Collection

When you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) to the extent that this is necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b DSGVO (general contract initiation) and – if you have given your consent – Art. 6 para. 1 lit. a DSGVO. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons involved in processing your application.
If the application is successful, the data you submitted will be stored in our data processing systems on the basis of Section 26 BDSG and Art. 6 (1) lit. b DSGVO for the purpose of implementing the employment relationship.

Retention Period of the Data

If we are unable to make you a job offer, if you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted for up to 6 months from the end of the application process (rejection or withdrawal of the application) on the basis of our legitimate interests (Art. 6 para. 1 lit. f DSGVO). The data will then be deleted and the physical application documents destroyed. This storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for further retention no longer applies. Longer storage may also take place if you have given your consent (Art. 6 para. 1 lit. a DSGVO) or if legal storage obligations prevent deletion.

3. Rights as a Data Subject

Data subjects have the right,

  • to request information about the personal data we process, Art. 15 DSGVO. This includes information about the purposes of processing, the category of personal data, the categories of recipients to whom data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of the data if it was not collected by us. Furthermore, they can request information about the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the details of this.
  • for demand the correction of incorrect or incomplete personal data stored by us without delay, Art. 16 DSGVO
  • to request the erasure of personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims, Art. 17 DSGVO
  • to request the restriction of the processing of personal data, insofar as the accuracy of the data is contested, the processing is unlawful, but the data subject objects to its erasure and we no longer need the data, but he or she requires it for the assertion, exercise or defence of legal claims, or he or she has objected to the processing in accordance with Art. 21 DSGVO, Art. 18 DSGVO
  • to receive the personal data that data subjects have provided to us in a structured, common and machine-readable format or to request the transfer to another controller, Art. 20 DSGVO
  • to revoke the consent given to us at any time. This has the consequence that we may no longer continue the data processing based on this consent in the future, Art. 7 (3) DSGVO and complain to a supervisory authority, Art. 77 DSGVO.

As a rule, data subjects can contact the supervisory authority of their usual place of residence or workplace or our registered office. The competent supervisory authority is the State Data Protection Commissioner of the federal state in which we have our registered office.

In the case of processing of personal data on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f) DSGVO, data subjects have a right of objection. You can object to the processing of personal data. There must be grounds arising from their particular situation or the objection must be directed against direct marketing, Art. 21 DSGVO. In the latter case, data subjects have a general right to object, which can be implemented without specifying a particular situation.

Right to object to Data Collection in specific Cases and to Direct Marketing (Art. 21 GDPR)

IF DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 ABS. 1 LIT. E OR F DSGVO, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION DECLARATION. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING REASONS TO DO SO.
UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS (OBJECTION UNDER ARTICLE 21(1) DSGVO). IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 DSGVO).

4. Technical Measures

Security During Data retrieval SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

5. Objection to Advertising E-Mails

We hereby object to the use of contact data published within the scope of the imprint obligation to send advertising and information material that has not been expressly requested. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example by spam e-mails.

Change Cookie settings
Contact
Hormon- und Stoffwechselzentrum MVZ GmbH · Prof. Dr. med. Dr. h. c. Christian Wüster · Wallstraße 3–7 · 55122 Mainz · Telephone: 06131 58848-0 · Private Patient: 06131 58848-18 · Emergency Phone: 06131 58848-11 · Fax: 06131 58848-48 · E-Mail: info@prof-wuester.de
© 2022 Hormon- und Stoffwechselzentrum MVZ GmbH   
Doctolib Make an appointment online Click here