Book appointment
Logo
Dr. med. Theresa Hermine Herttrich

Privacy Policy (Datenschutzerklärung)

1. Introduction

Protecting your personal data is of the highest priority. This Privacy Policy explains the nature, scope and purpose of the processing of personal data (hereinafter “data”) in connection with our online offering. This includes the associated website, its functions and content, as well as external online presences such as social media profiles (collectively referred to as the “online offering”). Your personal data is treated confidentially and processed strictly in accordance with applicable data-protection laws and the provisions of this Privacy Policy.

General information

This Privacy Policy provides you with a comprehensive overview of what happens to your personal data when you visit this website. Personal data is any information that can be used to identify you personally. For detailed information on data protection, please refer to this complete Privacy Policy.

Controller / responsible entity

Data processing on this website is carried out by the website operator. The controller’s contact details can be found in the section “Controller” of this Privacy Policy.

Collection of your data

Personal data is collected, on the one hand, when you actively provide it to us—for example by completing a contact form. Other data is collected automatically (or after your consent) when you visit the website by the controller’s IT systems. This is mainly technical data (e.g., internet browser, operating system or time of page access). This data is collected automatically as soon as you enter the website.

Use of your data

Some data is collected to ensure the error-free provision of the website. Other data may be used to analyse your user behaviour in order to optimise the offering and adapt it to your needs.

Transfer of data to external parties

In the course of the controller’s business activities, it may be necessary to transfer personal data to external parties. Such transfers take place only under specific conditions: where disclosure is necessary for the performance of a contract; where there is a legal obligation (e.g., to tax authorities); where there is a legitimate interest pursuant to Art. 6(1)(f) GDPR (DSGVO); or where another legal basis permits the data transfer. Where external service providers are used (processors), personal data is disclosed only on the basis of a valid data processing agreement pursuant to Art. 28 GDPR (DSGVO). Where data is processed jointly with other parties, a joint-controller arrangement pursuant to Art. 26 GDPR (DSGVO) is concluded.

Withdrawal of consent

Certain processing operations are possible only with your explicit consent. You may withdraw your consent at any time. The lawfulness of processing carried out up to the time of withdrawal remains unaffected.

Right to object to specific processing and to direct marketing (Art. 21 GDPR / DSGVO)

Where your personal data is processed on the basis of Art. 6(1)(e) or (f) GDPR (DSGVO), you have the right to object at any time to such processing on grounds relating to your particular situation. This also applies to profiling based on those provisions. The applicable legal basis for processing is set out in this Privacy Policy. If you object, the controller will no longer process your personal data unless compelling legitimate grounds can be demonstrated that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims (objection pursuant to Art. 21(1) GDPR / DSGVO).

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data for such marketing. This also applies to profiling to the extent that it is related to such direct marketing. After you object, the controller will no longer use your personal data for direct marketing purposes (objection pursuant to Art. 21(2) GDPR / DSGVO).

Rights under the GDPR (DSGVO)

You have the right to lodge a complaint with a competent supervisory authority in the event of infringements of the GDPR (DSGVO). This right may be exercised, in particular, in the Member State of your habitual residence, place of work or the place of the alleged infringement. This is without prejudice to any other administrative or judicial remedies.

Personal data processed automatically on the basis of consent or for the performance of a contract may be requested in a structured, commonly used and machine-readable format. Upon request, a direct transfer of such data to another controller may also take place, where technically feasible.

Any data subject has the right to obtain, free of charge, information about personal data stored about them, its origin, recipients and the purpose of data processing. In addition, there is a right to rectification or erasure of such data, insofar as permitted by law. For further questions or concerns regarding personal data, you may contact the controller at any time.

You also have the right to request restriction of processing where the accuracy of the data is contested and verification is pending. In cases of unlawful processing, you may request restriction instead of erasure. Restriction may also be requested if the data is no longer needed, but is required for the establishment, exercise or defence of legal claims. If an objection is lodged pursuant to Art. 21(1) GDPR (DSGVO), restriction may be requested pending the determination of whether the controller’s legitimate grounds override yours.

Where processing has been restricted, such personal data—apart from being stored—may be processed only with your consent, for the establishment, exercise or defence of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the EU or a Member State.

2. Controller

The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR / DSGVO) is:

Dr. Theresa Hermine Herttrich
Address: Alramstraße 20, 81371 München (Munich)
Website: www.praxis-herttrich.de
Email: info@praxis-herttrich.de
Phone: 089 7474 7724

3. Processors

We work with various processors who process data on our behalf. These service providers are contractually obliged to treat data confidentially and to use it only within the scope of the respective service. There are also cases in which responsibility for data processing is shared jointly with other parties. In such cases, responsibilities are regulated transparently and documented to ensure compliance with data-protection requirements.

4. Definitions

To ensure transparency and comprehensibility of this Privacy Policy, we primarily use terms that are also defined in the GDPR (DSGVO). The full legal definitions can be found in Art. 4 GDPR (DSGVO). The most important terms in connection with this Privacy Policy are explained below:

Personal data: Any information relating to an identified or identifiable natural person (the “data subject”). A person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie) or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

Processing: Any operation or set of operations performed on personal data, whether or not by automated means. This includes collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data.

Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Consent: Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

Website: The entire online offering provided by the controller under a specific URL, including all content, information, functions and services made accessible to users via that URL.

Terminal device: An electronic device capable of accessing the internet and loading websites, including computers, laptops, tablets and smartphones.

These definitions help to better understand this Privacy Policy and the meaning of the terms used.

5. Hosting

This website is hosted on the servers of an external service provider to ensure reliable and secure use of this online offering.

Processing by the hosting provider is carried out pursuant to Art. 6(1)(f) GDPR (DSGVO), as the controller has a legitimate interest in providing a stable and secure website. Where it is necessary to obtain the user’s consent (e.g., for the use of certain cookies or tracking technologies), processing is based on consent pursuant to Art. 6(1)(a) GDPR (DSGVO) and § 25(1) TTDSG. Consent may be withdrawn at any time with effect for the future.

Our website is hosted by Vercel Inc, 440 N Barranca Ave #4133, Covina, CA 91723, USA. When accessing pages, Vercel automatically processes data such as your IP address and technical information in order to deliver the website and ensure security. Further information can be found in Vercel’s privacy policy:Vercel Privacy Policy.

Domain name provider: 1&1 Ionos, Eigendorfer Str. 57, 56410 Montabaur, Germany.
Details on data processing and data protection can be found in the hosting provider’s privacy policy: https://www.ionos.de/terms-gtc/datenschutzerklaerung/

6. Legal bases for data processing

The processing of your personal data is carried out on the basis of the GDPR (DSGVO) as well as other relevant statutory provisions. Depending on the purpose, different legal bases may apply.

If you have consented to the processing of your personal data, processing takes place pursuant to Art. 6(1)(a) GDPR (DSGVO). This applies in particular to the processing of special categories of personal data pursuant to Art. 9(2)(a) GDPR (DSGVO), as well as to transfers of personal data to third countries pursuant to Art. 49(1)(a) GDPR (DSGVO). You may withdraw consent at any time.

Processing may be necessary for the performance of a contract or for taking steps prior to entering into a contract and is then based on Art. 6(1)(b) GDPR (DSGVO). Processing may also be required to comply with legal obligations and is then based on Art. 6(1)(c) GDPR (DSGVO).

In certain cases, processing is carried out to safeguard the legitimate interests of the controller or a third party, unless your interests or fundamental rights and freedoms override those interests. Such processing is based on Art. 6(1)(f) GDPR (DSGVO).

In addition, national provisions may apply—such as § 25 TTDSG—where cookies are stored or information is accessed on your terminal device. The applicable legal bases are explained in the relevant sections of this Privacy Policy.

7. Transfer to unsafe third countries and to non-DPF-certified US companies

If tools from companies based in third countries without an adequate level of data protection are used on this website, or if US tools are used whose providers are not certified under the EU–US Data Privacy Framework (DPF), your personal data may be transferred to and processed in those countries. Please note that an adequate level of data protection comparable to that of the EU may not be guaranteed in such countries. Transfers to the USA are permitted only if the recipient is certified under the EU–US DPF or provides appropriate additional safeguards. Further information on possible transfers, including recipients, can be found in this Privacy Policy.

8. Storage period

Unless a more specific storage period is stated in this Privacy Policy, personal data remains with the controller until the purpose for processing no longer applies. If a legitimate request for erasure is made or consent is withdrawn, the data will be erased unless other legally permissible reasons for storage exist (e.g., tax or commercial retention periods). In such cases, data is erased after those reasons cease to apply.

The controller stores personal data only for as long as necessary to fulfil the respective purposes for which it was collected, including the performance of contractual obligations, compliance with statutory retention periods, and safeguarding legitimate interests (e.g., IT security and protection against abuse). Where processing is based on consent, data is stored until consent is withdrawn. Withdrawal is possible at any time with effect for the future. Data is then erased without undue delay unless statutory retention obligations or other overriding legal reasons require further storage.

In summary, personal data is erased once the purpose has been fulfilled or the legal basis for storage no longer applies, unless legal obligations or legitimate interests justify continued storage.

9. Security measures and data minimisation

Comprehensive technical and organisational measures are implemented to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or unauthorised access. Care is taken to collect and process only the data that is strictly necessary for the relevant purpose. This data minimisation strategy helps to significantly reduce the risk of misuse and unauthorised access. Security measures are continuously adapted to the state of the art to ensure a consistently high level of protection.

10. SSL/TLS encryption

To protect the security of your data during transmission, encryption methods consistent with the current state of the art (e.g., SSL or TLS) are used via HTTPS. SSL (Secure Socket Layer) and TLS (Transport Layer Security) are protocols for encrypting data transmissions on the internet. This ensures that data exchanged between your browser and the server is protected against unauthorised access. An encrypted connection can be recognised by the change of the browser address line from “http://” to “https://” and by the lock symbol in your browser line.

11. Storage of user information in log files

Each time the website is accessed, information of a general nature that your browser transmits to the server is automatically collected. This information is stored in so-called log files and typically includes:
a) IP address of the requesting device
b) Date and time of access
c) Name and URL of the retrieved file
d) Referrer URL
e) Browser used and user agent string
f) Operating system
g) Name of your access provider
h) HTTP status code

This data is stored for security reasons, to ensure a smooth connection setup of the website, for convenient use of the website, to evaluate system security and stability, and for further administrative purposes.

The legal basis is Art. 6(1)(f) GDPR (DSGVO). The legitimate interest arises from the purposes listed above. Under no circumstances is the collected data used to draw conclusions about you personally. Stored data is anonymised or erased unless statutory retention obligations exist.

Server log data

When visiting this website, your browser automatically transmits certain data (e.g., IP address, date/time, browser type) which is stored by the hosting provider in server log files. This data is used exclusively for technical security and operational stability. No personal evaluation takes place.

Technical analysis (Speed Insights)

We use Vercel Speed Insights to measure the technical performance of our website (e.g., load times) anonymously. No personal data is stored or transmitted to third parties.

12. Cookies

This website uses cookies. Cookies are small files that your browser automatically creates and that are stored on your terminal device (laptop, tablet, smartphone, etc.) when you visit the site. Cookies do not cause any damage to your device and do not contain viruses, trojans or other malware.

Cookies store information that results in connection with the specific terminal device used. This does not mean, however, that the controller thereby immediately obtains knowledge of your identity.

The use of cookies serves, on the one hand, to make use of the offering more pleasant for you. For example, so-called session cookies are used to recognise that you have already visited individual pages of the website. These are automatically deleted when you leave the site.

In addition, temporary cookies are also used to optimise user-friendliness. These are stored on your device for a specified period of time. If you visit the site again to use services, it is automatically recognised that you have already been there and which entries and settings you made, so you do not have to enter them again.

On the other hand, cookies are used to statistically record the use of the website and evaluate it for the purpose of optimising the offering. These cookies enable the controller to automatically recognise, on a return visit, that you have already been to the site. These cookies are automatically deleted after a defined period.

The data processed through cookies is required for the stated purposes to safeguard legitimate interests of the controller and third parties pursuant to Art. 6(1)(f) GDPR (DSGVO).

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. Complete deactivation of cookies may, however, mean that you cannot use all functions of the website.

13. Cookie consent banner

This website currently uses only technically necessary cookies required for operation of the site. At present, no cookies are used for analytics, tracking or marketing purposes.

If additional cookies or tracking technologies are introduced, a dedicated cookie-consent management system will be implemented that obtains your explicit consent before setting such cookies. This Privacy Policy will be updated accordingly.

Functionality and purpose
The cookie consent banner will set a technically necessary cookie to store your cookie consent settings. This cookie does not process personal data. It only stores the settings you selected when entering the website, including:

a) consent to or rejection of certain cookies
b) time of consent
c) duration of storage of the settings
d) legal basis for processing

Processing by the cookie consent banner is carried out pursuant to Art. 6(1)(f) GDPR (DSGVO). The controller’s legitimate interest is to ensure lawful consent for the use of cookies. Where consent is requested, processing is based on Art. 6(1)(a) GDPR (DSGVO).

Storage period and erasure
The stored settings remain saved until you delete the cookies in your browser or withdraw your consent. You can change your settings at any time in the cookie settings of this website.

14. Enquiries by email or telephone

You can send enquiries to the controller by email or telephone. The personal data transmitted in this context (e.g., name, email address, telephone number and the enquiry itself) is processed and stored by the controller exclusively for the purpose of handling the enquiry and any follow-up questions.

The legal basis is Art. 6(1)(b) GDPR (DSGVO) where processing is necessary for the performance of a contract or to take steps prior to entering into a contract. If processing is not related to a contract, it is based on Art. 6(1)(f) GDPR (DSGVO), as the controller has a legitimate interest in processing and answering enquiries.

15. Prohibition of unsolicited advertising emails

The use of the contact data published in the imprint for sending advertising and informational material not expressly requested is hereby prohibited. Any unauthorised use of contact data for advertising purposes constitutes an infringement of the rights of the website operator and will not be tolerated. The website operator expressly reserves the right to take legal action in the event of violations, in particular in the case of unsolicited advertising such as spam emails.

Sending to existing customers without consent

Newsletters may be sent to existing customers without their explicit consent under certain conditions. This is permissible pursuant to Art. 6(1)(f) GDPR (DSGVO) if the following conditions are met:

a) Existing customer relationship: the customer provided their email address in connection with the sale of a product or service.
b) Direct advertising of the controller’s own similar products or services: the newsletter contains only advertising for the controller’s own similar products or services.
c) Notice of the right to object: the customer was clearly informed, when the email address was collected and in each newsletter, that they may object to the use of their email address at any time without incurring costs other than transmission costs at the basic rates.
d) No objection by the customer: the customer has not objected to the use of their email address.

This type of newsletter dispatch is based on the controller’s legitimate interest in informing existing customers about similar products or services and maintaining the business relationship. Processing is carried out pursuant to Art. 6(1)(f) GDPR (DSGVO). Customers may object to the use of their email address for this purpose at any time. An informal message by email to the controller or use of the “unsubscribe” link in the newsletter is sufficient.

16. Use of analytics and tracking tools

Analytics and tracking tools may be used to ensure needs-based design and continuous optimisation of this website. These measures help to statistically record the use of the website and thereby optimise the offering for you. Storage and analysis of data is based on Art. 6(1)(f) GDPR (DSGVO), as the provider has a legitimate interest in offering an attractive and functional website.

If corresponding consent has been obtained, processing additionally takes place on the basis of Art. 6(1)(a) GDPR (DSGVO) and § 25(1) TTDSG insofar as consent includes the storage of cookies or access to information on the user’s terminal device (e.g., device fingerprinting). Consent can be withdrawn at any time.

Google Ads Tracking

Google Ads Tracking may be used, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Ads Tracking uses cookies to measure the effectiveness of advertising campaigns and to analyse your use of this website. Information about your use of this website collected by cookies is generally transferred to servers of Google in the USA and stored there.

Google is certified under the EU–US Data Privacy Framework (DPF), which ensures an adequate level of protection for transfers of personal data from the EU to the USA. Further information: https://www.dataprivacyframework.gov/.

Further information on data protection for Google Ads Tracking can be found at: https://policies.google.com/privacy.

Google Analytics

Google Analytics may be used, a web analytics service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses cookies to enable analysis of your use of the website. Information about your use of this website collected by cookies is generally transferred to servers of Google in the USA and stored there. If IP anonymisation is activated on this website, your IP address is shortened by Google within Member States of the European Union or in other states party to the Agreement on the European Economic Area before transmission.

Google is certified under the EU–US Data Privacy Framework (DPF). Further information: https://www.dataprivacyframework.gov.

Further information on Google Analytics data processing can be found at: https://policies.google.com/privacy.

Fonts

The font used on this website, Lato, is hosted locally. No data is exchanged with Google servers or other third-party providers.

17. Appointment booking or calendar tool

This website uses an appointment booking or calendar tool to facilitate the planning and booking of appointments. This tool makes it possible to manage appointments and process booking requests efficiently.

The use of the appointment booking or calendar tool is based on your consent pursuant to Art. 6(1)(a) GDPR (DSGVO) and § 25(1) TTDSG, as consent is required for the use of cookies and other tracking technologies. Your consent serves the efficient management and confirmation of your appointment bookings. Consent may be withdrawn at any time with effect for the future.

Detailed information on the appointment booking or calendar tool is provided below:

jameda

jameda is used to arrange appointments online. jameda is a service provided by jameda GmbH, Balanstr. 71a, 81541 München, Germany. When booking an appointment via jameda, the data you enter (e.g., name, email address, phone number, date and time of the appointment) is transmitted to jameda and stored there.

jameda uses this data to manage and confirm appointment bookings. Your data is stored and processed in data centres within the EU, in particular in Germany. jameda may also disclose this information to third parties if legally required or if third parties process this data on behalf of jameda.

Further information on data processing by jameda can be found in jameda’s privacy policy: https://www.jameda.de/datenschutz.

Doctolib

Doctolib is used to arrange appointments online. Doctolib is a service provided by Doctolib GmbH, Mehringdamm 51, 10961 Berlin, Germany. Doctolib GmbH is a subsidiary of Doctolib SAS, 54 quai Charles Pasqua, 92300 Levallois-Perret, France.

When an appointment is booked via Doctolib, the data you enter (e.g., name, email address, phone number, date and time of the appointment) is transmitted to Doctolib and stored there for the stated purpose. The data is used for appointment management and to provide Doctolib services such as confirmations, reminders and cancellations. Data is stored in accordance with statutory retention periods, generally 10 years after the last appointment. The legal basis is Art. 6(1)(a) (consent) and/or Art. 6(1)(b) (performance of a contract) GDPR (DSGVO); where health data is collected, Art. 9(2)(h) GDPR (DSGVO) may also apply.

Your data is stored in data centres in Germany and France secured to the highest international standards. These data centres are operated by AWS (Amazon Web Services), which is certified for the storage of health data (HDS standard). Doctolib does not disclose data to third parties not involved in appointment management or service improvement. Doctolib may disclose information to third parties only where legally required or where third parties process such data on behalf of Doctolib.

Payment service

You have the option to pay for purchases using the following payment service: _________

18. Map service

This website uses a map service to provide geographic information and an interactive user experience. The integration is carried out by a third-party provider that may process personal data when you use its service.

Processing is carried out on the basis of Art. 6(1)(b) GDPR (DSGVO) for contract performance, in particular to provide geographic information and services, and on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR (DSGVO) in a smooth, convenient and secure user experience. Where consent is required for certain actions, processing is based on Art. 6(1)(a) GDPR (DSGVO). Consent can be withdrawn at any time with effect for the future.

Detailed information on the map service is provided below:

Google Maps

Google Maps is used to provide maps and geographic information on this website. Google Maps is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When visiting a page with embedded Google Maps, a connection to Google’s servers is established. Personal data such as your IP address and your interactions with the map may be transmitted to Google.

Google is certified under the EU–US Data Privacy Framework (DPF), which ensures an adequate level of protection for transfers of personal data from the EU to the USA. Further information: https://www.dataprivacyframework.gov.

Further information on Google Maps’ processing of personal data can be found in Google’s privacy policy: https://policies.google.com/privacy.

Severability clause (salvatorische Klausel)

If individual provisions of this agreement are or become invalid or unenforceable, the validity of the remaining provisions shall remain unaffected. The invalid or unenforceable provision shall be replaced by a valid and enforceable provision whose effects come closest to the economic objective pursued by the parties with the invalid or unenforceable provision. The above provisions apply accordingly in the event that the agreement proves to be incomplete.

Your rights

Under the GDPR (DSGVO), you have the right of access, rectification, erasure or restriction of processing of your personal data. Please contact us by email at info@praxis-herttrich.de.