Privacy policy

Privacy Notice

Privacy Notice

for the website praenatal-ultraschall.de (“Privacy Notice“)

Table of Contents

1. Data protection and legal bases 3

2. Server log data 4

3. Website functionalities 4

a) Contact form/email 4

b) Online appointment request 5

c) Job application per email 7

4. Cookies 7

5. Additional services and third-party contents 9

a) Google Fonts 10

b) Friendly Captcha 10

c) Mapbox 10

6. Links to third-party offers 11

7. Recipients of personal data 11

8. Data processing in third countries 12

9. Storage term and erasure 12

10. Your rights 12

11. Security 13

12. Amendments and modifications

We,

Professional association

Prof. Dr. med. Gunter Mielke und Dr. med. Stephan Bosselmann

Specialists in Gynecology and Obstetrics

Richard-Wagner-Straße 11

70184 Stuttgart

Germany

(Imprint)

(“we” or “Pränatalzentrum Stuttgart“)

as the controller within the meaning of data protection law and, simultaneously, the service provider, would like to inform you about the processing of your personal data as well as your rights as a data subject in the context of the use of our website https://www.praenatal-ultraschall.de/ (“Website”).

Your personal data will only be processed in accordance with the provisions of the data protection law of the European Union, in particular, the General Data Protection Regulation (“GDPR”) and in a supplementary manner the German Federal Data Protection Act (“BDSG“) as well as the German Telecommunications Digital Services Data Protection Act (“TDDDG“) and other statutory data protection provisions (collectively “Data Protection Law“).

If you wish to take a look at the GDPR, you will find its full text online via: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679. You can also find the BDSG on the Internet at the following link: https://www.gesetze-im-internet.de/englisch_bdsg/index.html; the TDDDG can be found here: https://www.gesetze-im-internet.de/ttdsg/.

This Privacy Notice only applies to the Website that can be accessed at https://www.praenatal-ultraschall.de/ including all of its subdomains. All other Pränatalzentrum Stuttgart websites are exclusively governed by the privacy policies that can be retrieved from those websites.

Furthermore, this Privacy Notice does not apply to external websites of third parties to which links are provided on our Website. The terms used in this document, such as “personal data” or their “processing”, shall have the meaning defined in Art. 4 GDPR.

1. Data protection and legal bases

The subject matter of this Privacy Notice is protection of personal data. This includes all information that relates to an identified or identifiable natural person (“data subject”). This covers any information that enables a third party to identify you, such as your name, address, phone number, or your email address. The term “personal data” also includes any information that is inevitably generated by your use of our Website, such as beginning, end and scope of use, or your IP address.

Personal data will also be collected when you submit such data when contacting us to arrange an appointment (see section 3).

We will process your data only to the extent permissible under applicable statutory provisions. We will process your data based on legal bases which include, but are not limited to the following:

• Consent (Art. 6(1) (a) GDPR): We will process certain data exclusively based on your previously given and voluntary consent. You may withdraw your consent at any time with effect for the future.

• Contract performance and/or steps prior to entering a contract (Art. 6(1) (b) GDPR): We need certain information from you, in particular for the purpose of preparing or executing your contract with us.

• Compliance with a legal obligation (Art. 6 (1) (c) GDPR): In addition, we process your personal data for meeting legal obligations, such as regulatory requirements or retention duties under commercial or tax law.

• Safeguarding legitimate interests (Art. 6(1) (f) GDPR): We will process certain data for safeguarding our own legitimate interests and those of third parties. However, this shall only apply, if your interests do not override our interests on a case by case basis.

Please note that this is not a complete or conclusive enumeration of the possible legal bases, but that these are only some examples intended to make the legal bases under Data Protection Law more transparent. For further information on the legal bases for the various types of processing in connection with our Website, please read the explanations in the sections below.

2. Server log data

When you visit our Website, the following access data may be stored:

• IP address of the requesting device,

• retrieved web page and file,

• http response status code,

• size of the pages and files retrieved in bytes

• previous website from which you came to our Website (referrer URL),

• date, time and time zone of server request,

• browser type and version,

• operating system used by the requesting device,

When you visit our Website, such information may be stored on your device and/or such information that is already stored on your device may be accessed. The storage and/or access is based on § 25 (2) no. 2 TDDDG, as this information is strictly necessary to ensure the operation of our Website and IT security and to be able to provide you with our Website as requested.

We also will process this data based on Art. 6 (1) (f) GDPR for providing this Website, to ensure its technical operation, and to safeguard the security of our IT systems. We pursue the interest of making our Website available for use, ensuring its functionality and usability and maintaining it on a permanent basis. This data will be automatically processed when you access our Website. You will not be able to use our Website without providing this information. We will not use this data for the purpose of drawing conclusions regarding your identity.

Automatically collected data will usually be deleted when the purpose no longer exists, unless some other legal basis applies. However, if some other legal basis applies, we will delete your data when such other applicable legal basis no longer applies.

You may not object to the collection and storage of your server log data, because this data is technically required for a trouble-free operation of the Website.

3. Website functionalities

a) Contact form/email

You may contact us via the contact form in the “Contact” section in the header of our Website. When you use the contact form, we will collect and store the following information:

• email address,

• your individual message.

Furthermore, you may provide the following information on a voluntary basis:

• family name,

• first name.

When you contact us by email, we may process the information that you provided on a voluntary basis, such as your name or email address.

Data that you provide via our contact form or by email will be transmitted to us via a secured connection (for details please refer to section 11). Your contact data will only be collected, processed, and used for the purpose of receiving and, if applicable, for responding to your inquiry. Data that is transmitted in connection with communication via a contact form or by email will be processed in accordance with Art. 6 (1) (b) GDPR, if it is transmitted for the purpose of negotiating or performing a contract with you, or otherwise in accordance with Art. 6 (1) (f) GDPR. In the latter case, we have a legitimate interest in processing that you shared voluntarily.

We will delete the information you provided as soon as the purpose of data collection entirely ceases to exist, subject to compliance with any continuing statutory retention duties.

To the extent that your data is processed based on legitimate interests, you may object to the storage of your personal data at any time. In this case, we will no longer process your data, unless we can prove a legitimate interest in this data processing or unless we are obligated to store your data pursuant to other statutory regulations. If you wish to exercise your right to object to data storage, please contact us by letter, fax, or email.

Please note that we cannot guarantee absolute data security, with regard to communication via the contact form and in particular via email. Specifically, if confidential data is concerned, we recommend using a safe communication channel, e.g., postal service.

b) Online appointment request

You may send us an appointment request via an online form in the “Contact” section in the header of the Website. When you use the form, we will collect and store the following mandatory personal data:

• family name,

• first name,

• date of birth,

• health insurance company,

• the desired service,

• preferred appointment time (morning or afternoon),

• preferred availability (time),

• phone number,

• email address.

In order to optimize appointment scheduling and so that we can assess the urgency of your appointment request and prioritize your request if necessary, you also have the opportunity to provide us with the following personal data on a voluntary basis. Some of the data listed below is also health data, which we process exclusively for the purposes described, provided you have expressly consented to this:

• your gynecologist,

• first day of last menstruation,

• estimated date of delivery (EDD),

• weight (KG),

• number of multiples,

• any other information.

Data that you provide via the online appointment request form will be transmitted to us via a secured connection (for details please refer to section 11). Your data will only be collected, processed and used for the purpose of making an appointment and, if necessary, assessing the urgency and prioritization of your appointment request. The processing of the mandatory data transmitted in the context of an online appointment request is based on Art. 6 (1) (b) GDPR, as it concerns the negotiation or performance of a contract with you. The data you voluntarily provide will only be processed if you have expressly consented to this, on the basis of Art. 6 (1) (a) GDPR, if applicable in connection with Art. 9 (2) (a) GDPR.

We will delete the information you provided as soon as the purpose of data collection entirely ceases to exist, subject to compliance with any continuing statutory retention duties.

You may withdraw your consent to processing the data voluntarily provided by you at any time with effect for the future. To exercise your right of withdrawal, please contact us in writing, by fax or by e-mail.

Please note that we cannot guarantee absolute data security, with regard to communication via the online form (and in particular via email). Specifically, if confidential data and information relating to your health is concerned, from a data protection point of view we recommend using a safe communication channel, e.g. postal service.

c) Job application per email

You may send applications for vacancies and/or send us unsolicited job applications by email. We process data that you have sent us in connection with your job application in order to check whether you are suited for the position and to carry out the job application procedure and possibly prepare and perform an employment contract.

The legal basis for processing your personal data in the context of your job application is in particular Art. 26 BDSG in connection with Art. 6 (1) (1) (b) GDPR. In accordance with this provision, the processing of personal data is permissible to the extent it is needed in connection with the hiring decision and for offering an employment.

Of course, whether or not you submit a job application to us is entirely up to you. However, if you decide to apply for a job, you should provide the relevant personal data that is required for entering into an employment relationship. If necessary, we will contact you after you have submitted an application using the contact details you have provided and ask you for further necessary data, without which we will not be able to consider you in the application process.

Any other additional information that you may choose to provide will be stored in accordance with Art. 6 (1) (f) GDPR, since we also have a legitimate interest in processing your additional information that you voluntarily provided to us for the purpose of carrying out our recruiting process.

You may withdraw your consent to the processing of data that you provided voluntarily at any time with effect for the future without giving any reasons. In this case, we will no longer process your data, unless we can prove a legitimate interest in this data processing or unless we are obligated to store your data pursuant to other statutory regulations. To exercise your right of withdrawal, please contact us in writing, by fax or by e-mail.

Should the data, following the completion of the job application process, still be required for enforcing rights, data processing may occur for safeguarding legitimate interests pursuant to Art. 6 (1) (f) GDPR. In this case, our interest is the assertion of or defense against claims.

Applicants' data is regularly deleted after six months in the event of a negative reply.

If you should be selected and offered a job during the recruitment process, your data will be transferred to your employee file and stored therein to the extent required for the establishment and implementation of the employment relationship.

In principle, only those staff members will have access to your data that need this information for the proper handling of the recruitment process.

4. Cookies

This Website uses Cookies and similar tracking technologies (collectively “Cookies”) in order to enable the best possible website design. Among other things, these technologies make the navigation on the Website easier and ensure a high degree of user-friendliness.

Cookies are small identifiers that our web server sends to your browser and that your device stores, if the relevant default settings are enabled. For instance, they may be used to determine whether your device has communicated with us before. In that case, they serve the purpose of making the use of our Website more comfortable for you and allow us to optimize our services by analyzing the usage of our Website. Cookies may be placed by us or Third-Party Providers, such as our partners, for analyses, marketing, and social media. The storage and use of cookies and the related data processing are based on § 25 (2) no. 2 TDDDG in connection with Art. 6 (1) (f) GDPR or § 25 (1) TDDDG in connection with Art. 6 (1) (a) GDPR, if you have given your consent to the storage and use of Cookies. Personal data may only be stored in Cookies, if this is strictly necessary, or if you have given your consent. We expressly reserve the right to recourse to other legal bases.

If you give your consent to the use and storage of non-essential Cookies (see section 4, lit. b below), you may withdraw it at any time for the future in the Cookie settings of this Website.

Furthermore, you may also prevent the storing of strictly necessary Cookies at any time by selecting the browser setting “no Cookies”. Please refer to the help section of your browser for further information on the technical management and deletion of Cookies via your browser settings.

Additionally, you may prevent the storage and use of any type of Cookies by installing free browser add-ons, such as “Adblock Plus” (adblockplus.org/de) in combination with the “EasyPrivacy” list (easylist.to).

If you prevent any kind of storage of Cookies, this may result in a limited usability of our Website.

a) Strictly necessary Cookies

On our Website, we use the following strictly necessary Cookies that are required for the operation of our Website, and in the storage of which we have a legitimate interest, otherwise our Website would be unable to offer specific basic functionality (e.g., you would have to re-set your website settings each time you navigate to another page):

Further information on the specific cookies used can be found in our cookie consent tool under the “Categories” tab.

Strictly necessary Cookies will be stored and used in accordance with § 25 (2) no. 2 TDDDG in connection with Art. 6 (1) (f) GDPR. If you wish to disable strictly necessary Cookies, you may only disable them in your browser settings and/or browser add-ons. For further details, please refer to the section above. This may result in a limited functionality of this Website.

b) Functional Cookies

Additional Cookies that are not strictly necessary for using the Website may still perform important tasks. They allow a convenient user experience on our Website. For example, functional Cookies may enable a Website to remember information that has an impact on the behavior of a website or its appearance, such as pre-filled forms, your preferred language, or the region you are currently staying in. On our Website, we use functional Cookies.

Further information on the specific functional cookies used can be found in our cookie consent tool under the “Categories” tab.

If you have given your consent to the storage and use of functional Cookies, they will be stored and used based on § 25 (1) TDDDG in connection with Art. 6 (1) (a) GDPR. For further details, please refer to the above sections in section 4. You may withdraw this consent at any time with effect for the future in the Cookie settings of this Website.

5. Additional services and third-party contents

On our Website, we use third-party plug-ins in order to integrate their contents and services, such as maps and fonts (collectively “contents”). In this regard, the processing of your data and the possible storage and/ or access of information on/from your device is based on your consent, if you have given it to us, and otherwise on our legitimate interests. We have a legitimate interest in the efficient operation and optimization (above all, regarding the user experience) of our Website. In addition, the storage and/or access of/to information on/from your device is strictly necessary to ensure the operation of our Website and IT security and to be able to provide you with our Website as requested. We expressly reserve the right to recourse to other legal bases.

In each case, the third-party provider of these contents will obtain your IP address, since otherwise they would be unable to transmit the contents to your device. The IP address is a prerequisite for displaying the contents. Furthermore, third-party providers may store Cookies on your device.

You may disable the loading of plugins and/or their storage and use of Cookies in the settings of your browser and/or by browser add-ons, such as “Adblock Plus” (https://adblockplus.org/de/) in combination with the “EasyPrivacy” list (https://easylist.to/) (see section 4 above). Please note that, in this case, you may not be able to use all features of our Website anymore.

a) Google Fonts

We integrate the so-called Google Fonts (typefaces) provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland in our Website which gives us access to the Google fonts library. The Google font library is hosted locally on our servers. No data is transmitted to Google

For further information on the use of data by Google, settings, and your right to object please refer to the Google website using the following link: https://policies.google.com/privacy?hl=en.

b) Friendly Captcha

To identify bots, e.g. when making entries in online forms, we use the “Friendly Captcha” service of the provider Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany. When Friendly Captcha is used, server log data (see section 2) may be transmitted to the provider of Friendly Captcha.

This data is processed on the legal bases of Art. 6 (1) (f) GDPR to provide the Website and to ensure the security of our IT systems. Our interest is to ensure the use of our Website and its technical functionality and to maintain it permanently. Information may be stored on your device and/or information that is already stored on your device may be accessed. The storage or access is based on § 25 (2) no. 2 TDDDG, as this information is strictly necessary to ensure the IT security of our Website and to be able to provide you with our Website as requested. Neither we nor the provider of Friendly Captcha will use this data for the purpose of drawing conclusions regarding your identity.

For further information on data processing by Friendly Captcha GmbH, please refer to https://friendlycaptcha.com/de/legal/privacy-end-users/ (“Friendly Captcha privacy policy for end users”).

You may not object to the processing of your data in connection with the use of Friendly Captcha, as this data processing is strictly necessary to ensure the IT security of our Website.

c) Mapbox

We use the “Mapbox” services of the provider Mapbox Inc, 740 15th St NW, Washington DC 20005, USA (“Mapbox”) to display maps.

Data processed when using Mapbox may include, in particular, IP addresses and location data, which, however, are not collected without your prior consent (usually through appropriate device settings).

This data is transmitted to Mapbox and may be stored and processed on servers outside the EEA, in particular in the US.

Mapbox is certified in accordance with the EU-U.S. Data Privacy Framework (see https://www.dataprivacyframework.gov/list). Any data transfers of personal data to the US are subject to the adequacy decision of the EU Commission based on the EU-U.S. Data Privacy Framework.

For further information on the use of data by Mapbox, please visit the Mapbox website at the following link https://www.mapbox.com/legal/privacy#product-privacy-policy.

6. Links to third-party offers

If we use links to websites and services (“offers”) of third parties, you will be redirected via hyperlink to the respective offer of the third party (e.g. to offers from www.jameda.de) when you click on the links.

Please note that the third-party offers linked from our Website may use their own cookies on your device or collect personal data. We have no influence on this. If necessary, please obtain information directly from the providers of these linked third-party offers. The respective provider and controller can be found in particular in the imprint and the respective data privacy policies on the corresponding websites.

7. Recipients of personal data

As a general rule, only those staff members will have access to your personal data that need this information for purposes directly related to the described purposes.

We will only pass on your personal data to external recipients if this is required for handling or processing your request, if you have given your consent, or on another kind of statutory permission.

External recipients may include, but are not limited to:

• Processors: These are service providers that we use in the provision of services, for instance in the areas of technical infrastructure and Website maintenance. Such processors will be carefully selected by us and audited on a regular basis in order to ensure that your privacy will be safeguarded. They shall use the data exclusively for the purposes indicated by us and in accordance with our instructions. Provided that the statutory provisions set forth in Art. 28 GDPR are complied with, we have the right to retain such processors.

• Public entities: This term refers to government authorities, public institutions, and other public-law entities, e.g., supervisory authorities, courts, public prosecutors, or fiscal authorities. Personal data will be transmitted to such public entities only for compelling statutory reasons. This kind of transmission will be based on Art. 6 (1) (c) GDPR.

• Non-public bodies: Service providers and auxiliaries (Hilfspersonen) to whom data is transmitted in compliance with a legal obligation, or for safeguarding legitimate interests, such as tax advisors or auditors. The transmission will then occur based on Art. 6 (1) (c) and/or (f) GDPR.

8. Data processing in third countries

In the event that we should transmit your data to third countries outside the EU and/or the EEA as described above, apart from legally permissible exceptions, we will ensure prior to passing on your data that the recipient either offers an adequate level of data protection, or that you give your consent to this data transmission. An adequate level of data protection may be guaranteed, e.g., by certification of the recipient under the EU-U.S. Data Privacy Framework, by the agreeing on the EU Standard Contractual Clauses or on the Binding Corporate Rules (BCR). Please contact us via the communication channels mentioned above, if you wish to receive a copy of the specific guarantees regarding the transmission of your data to third countries.

9. Storage term and erasure

We will store your personal data only as long as required for meeting the purposes or – if a consent was given – as long as you do not withdraw your consent. In the event of a withdrawal, we will no longer process your personal data, unless its continued processing is permissible in accordance with the applicable statutory provisions, or even compellingly required (e.g., due to retention periods under commercial or tax law). We will also erase your personal data if we are obligated to do so to comply with statutory requirements.

For further details on the storage periods that apply to your personal data please refer to the relevant explanations in the sections above.

10. Your rights

As a data subject, you have numerous rights. In particular, these are:

• Right of access (Art. 15 GDPR) You have the right to obtain information from us about the data that we have stored about you.

• Right to rectification and erasure (Art. 16 and Art. 17 GDPR): You have the right to demand the rectification of inaccurate data and – if the statutory preconditions are met – the erasure of your data.

• Right to restriction of processing (Art. 18 GDPR): You have the right – provided the legal requirements are met – to demand that we restrict the processing of your data.

• Right to data portability (Art. 20 GDPR): If you have provided data to us under a contract or based on a consent and if the statutory preconditions are met, you may demand to receive the information submitted by you in a structured and commonly used format, or that we transmit this information to another controller.

• Right to object to data processing based on legitimate interests (Art. 21 GDPR): If reasons exist that are based on grounds relating to your particular situation, you may object at any time to the processing of personal data by us, to the extent that this is based on legitimate interests within the meaning of Art. 6 (1) (f) GDPR. If you should exercise your right to object, we will discontinue the processing of your data, unless we are able to show that there are compelling reasons that allow the continued data processing and outweigh your rights.

• Withdrawal of consent (Art. 7 GDPR): If you have given us consent to process your data, you may withdraw this consent (opt-out) at any time with effect for the future. Until such date, your personal data will be considered to have been lawfully processed. If you wish to withdraw your consent to the use of certain Cookies, please note the information in section 4.

• Right to lodge complaints with the supervisory authority (Art. 77 GDPR): You may also lodge a complaint with the competent supervisory authority if you consider that the processing of your data violates the applicable Data Protection Law. In particular, you may contact the data protection authority at your habitual residence, your place of work, or the place of the alleged infringement, or the supervisory authority having competence at our place of business. The supervisory authority that has competence at our place of business is: Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit in Baden-Württemberg (LfDI) (www.baden-wuerttemberg.datenschutz.de).

If you should have any questions regarding the processing of your personal data, your rights as a data subject, any consents that you may have given, please do not hesitate to contact us via any of the other communication channels specified in at the beginning of this Privacy Notice.

11. Security

We use technical and organizational safeguards to protect your personal data against coincidental or willful manipulation, loss, destruction, or access by unauthorized parties. These measures will be continuously adapted to the then-current state of the art.

Any personal data that is transmitted to us during your use of this Website will be safely transmitted using data encryption. We use the encryption protocol Transport Layer Security (TLS), more commonly known by the name of its precursor Secure Sockets Layer (SSL).

Our employees are bound to confidentiality.

12. Amendments and modifications

From time to time it may become necessary to modify, change or amend the contents of this Privacy Notice. Therefore, we reserve the right to modify, change or amend it at any time. Should we require your consent to an amendment and/or modification, we will obtain it from you. We will publish the revised version of this Privacy Notice on this same Website We recommend reading this Privacy Notice next time you visit our Website.