I. Patient information on data protection
Dear patient,
The protection of your personal data is important to us. According to the EU General Data Protection Regulation (GDPR), we are obliged to inform you about the purpose for which our practice collects, stores or forwards data. We must also inform you of your rights as a person affected by data processing. We fulfill this obligation with this document. We have endeavored to provide this information in a precise, transparent, comprehensible and easily accessible form in clear and simple language.
1. controller within the meaning of the GDPR
Private practice for plastic & aesthetic surgery and lipedema surgery
Dr. med. Anna-Theresa Lipp
Specialist for Plastic & Aesthetic Surgery
Rindermarkt 16, 80331 Munich
Phone: +49 (0) 89 - 38 38 08 66
E-mail: info@pantea-health.de
2. contact details of the data protection officer
Data Protection Officer
Leopoldstrasse 21
80802 Munich
datenschutzbeauftragter@datenschutzexperte.de
Phone +49 (0)89 25 00 39 2 22
3. purposes and legal bases for data processing
Data processing is carried out on the basis of legal requirements in order to fulfill the treatment contract between you and your doctor and the associated obligations. The legal basis for the processing is Art. 6 para. 1 lit. b) in conjunction with Art. 9 para. 2 lit. h) GDPR in conjunction with § Section 22 para. 1 no. 1 lit. b) BDSG.
If you give us your express consent to process personal data for specific purposes (e.g. appointment reminder service, practice mailings), the lawfulness of this processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with Art. 9 para. 2 lit. b) BDSG. Art. 9 para. 2 lit. a) GDPR. Any consent given can be revoked at any time with effect for the future (see section 9 of this data protection information).
If necessary and legally permissible, we process your data beyond the actual contractual purposes to fulfill legal obligations in accordance with Art. 6 para. 1 lit. c in conjunction with Art. 9 para. 2 lit. a GDPR. Art. 9 para. 2 lit. b) and h) in conjunction with. § Section 22 para. 1 no. 1 lit. a) and b) BDSG or special statutory provisions. In addition, processing may be carried out to protect the legitimate interests of us or third parties and to defend and assert legal claims (e.g. to enforce claims) in accordance with Art. 6 para. 1 lit. f GDPR. If necessary, we will inform you separately, stating the legitimate interest, insofar as this is required by law.
4. categories of personal data
As part of the treatment, we process the personal data that is necessary for the execution of the treatment contract. In addition to name, contact and address data (e.g. name, telephone number, address), this also includes insurance numbers and health data.
For this purpose, we process your personal data, in particular your health data. This includes medical histories, photos, diagnoses, therapy suggestions and findings that we or other doctors collect.
5. sources of the data
We process personal data that we receive from you in the course of admission to our practice and treatment or that you provide to us by email or by post or by email, e.g. via our contact data sheet on the homepage, on the medical history form or via the Jameda online calendar. For these purposes, other doctors or psychotherapists with whom you are undergoing treatment may also provide us with data (e.g. in doctor's letters). If it is necessary for the execution of the treatment contract, corresponding documents will be requested from previous and/or subsequent treatment providers. In this case, we will inform you again separately.
6. recipient of your data
We only pass on your personal data within our practice to those areas and persons who need this data to fulfill contractual obligations or to implement our legitimate interest.
This includes the transfer of data to the Frauenklinik Dr. Geisenhofer GmbH and the Chirurgische Praxisklinik Prinzregentenplatz - Dr. med. Alexander Fischer for the purpose of surgery planning
If you have given us your prior consent
- and you are privately insured, you will be billed by the private medical clearing office;
- your biomaterials (tissue) provided in the course of treatment will be forwarded to an external laboratory for analysis together with other information about you. The owner of the laboratory isPantea Private Practice for Plastic & Aesthetic Surgery, Sendlinger Straße 21, 80331 Munich, Germany
The data is mainly transferred for the purpose of invoicing the services provided to you and to clarify medical questions and questions arising from your insurance relationship.
In individual cases, data is transferred to other authorized recipients on the basis of legal grounds.
7. transfer to a third country
A transfer to a third country is not intended.
8. storage of your data
Where necessary, we process and store your personal data for as long as is necessary to carry out the treatment.
In addition, we are subject to various retention and documentation obligations. According to Section 630f (3) of the German Civil Code (BGB), the retention obligation for patient files is 10 years, unless other retention periods apply under other regulations. X-ray images and records of X-ray examinations must be kept for 10 years and records of X-ray treatment for 30 years in accordance with Section 28 (3) RÖV. Records of radiation treatment must be kept for 30 years after the last examination or treatment in accordance with Section 85 (3) StrlSchV.
Further retention and documentation obligations arise from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods stipulated there are two to ten years.
Finally, the storage period also depends on the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.
9. your rights
Every data subject has the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, the right to notification under Art. 19 GDPR and the right to data portability under Art. 20 GDPR.
In addition, you have the right to lodge a complaint with a data protection supervisory authority in accordance with Art. 77 GDPR if you believe that your personal data is being processed unlawfully. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.
The address of the supervisory authority responsible for us is
Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 27, 91522 Ansbach, Germany
Telephone: +49 (0) 981 53 1300, Fax: +49 (0) 981 53 98 1300,
E-mail: poststelle@lda.bayern.de, Website: https://www.lda.bayern.de
If the processing of data is based on your consent, you are entitled to withdraw your consent to the use of your personal data at any time in accordance with Art. 7 GDPR. Please note that the revocation only takes effect for the future. Processing that took place before the withdrawal is not affected. Please also note that we may have to retain certain data for a certain period of time in order to comply with legal requirements (see section 8 of this data protection information).
Right of objection
Insofar as your personal data is processed in accordance with Art. 6 para. 1 lit. f GDPR to protect legitimate interests, you have the right to object to the processing of this data at any time in accordance with Art. 21 GDPR for reasons arising from your particular situation. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing. These must outweigh your interests, rights and freedoms, or the processing must serve the assertion, exercise or defense of legal claims.
To safeguard your rights, you can contact us using the contact details provided in section 1.
10. necessity of the provision of personal data
The provision of personal data or the collection of health data is a prerequisite for your treatment. If you do not provide the necessary data, careful treatment cannot take place.
11 Automated decision making
In principle, we do not use fully automated decision-making in accordance with Art. 22 GDPR to establish, fulfill or carry out treatment or for pre-contractual measures. If we use these procedures in individual cases, we will inform you of this separately or obtain your consent if this is required by law.
II Data protection on the website
1. definitions
Our privacy policy should be simple and understandable for everyone. As a rule, the official terms of the General Data Protection Regulation (GDPR) are used in this privacy policy. The official definitions are explained in Art. 4 GDPR.
2. server log files
When you visit our website, it is technically necessary for data to be transmitted to our web server via your Internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:
- Date and time of the request
- Name of the requested file
- Page from which the file was requested
- Access status
- Web browser and operating system used
- (Complete) IP address of the requesting computer
- Amount of data transferred
We collect the listed data to ensure a smooth connection to the website and to enable users to use our website comfortably. In addition, the log file is used to evaluate system security and stability as well as for administrative purposes. The legal basis for the temporary storage of data or log files is Art. 6 para. 1 lit. f GDPR.
For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short period of time. It is not possible for us to draw conclusions about individual persons based on this data. After 3 days at the latest, the data is anonymized by shortening the IP address at domain level so that it is no longer possible to establish a reference to the individual user.
The data may also be processed in anonymized form for statistical purposes. At no time is this data stored together with other personal data of the user, compared with other databases or passed on to third parties.
3. cookies
Our website uses cookies, which are stored by the browser on your device and which contain certain settings for the use of the website (e.g. for the current session). Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called session cookies, which are automatically deleted when you close your browser. Other cookies remain stored on your end device until you delete them or the storage period expires. These cookies enable us to recognize your browser on your next visit. In some cases, cookies are used to simplify website processes by storing settings (e.g. keeping options already selected). If personal data is also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the execution of the contract or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. The cookie settings can be managed for the respective browsers under the following links.
Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Safari: https://support.apple.com/kb/ph21411?locale=de_DE
Opera: http://help.opera.com/Windows/10.20/de/cookies.html
You can also individually manage the cookies of many companies and functions that are used for advertising. To do this, use the relevant user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices
Most browsers also offer a so-called "do-not-track function", with which you can indicate that you do not wish to be "tracked" by websites. When this function is activated, the respective browser informs advertising networks, websites and applications that you do not wish to be tracked for the purpose of behavior-based advertising and the like. For information and instructions on how to edit this function, please refer to the following links, depending on your browser provider:
Google Chrome: https://support.google.com/chrome/answer/2790761?co=GENIE.Platform%3DDesktop&hl=de
Mozilla Firefox: https://www.mozilla.org/de/firefox/dnt/
Internet Explorer: https://support.microsoft.com/de-de/help/17288/windows-internet-explorer-11-use-do-not-track
Safari: https://support.apple.com/kb/PH21416?locale=de_DE
Opera: http://help.opera.com/Windows/12.10/de/notrack.html
You can also prevent scripts from loading by default. NoScript only allows the execution of JavaScripts, Java and other plug-ins on trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: https://addons.mozilla.org/de/firefox/addon/noscript/).
Please note that the functionality of this website may be restricted if cookies are deactivated.
4. google analytics
Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. ("Google"). Google Analytics uses so-called cookies. These are text files that are stored on your computer and enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. We only use Google Analytics with activated IP anonymization. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area, whereby a personal reference can be excluded. Google is certified for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the level of data protection applicable in the EU.
If you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, the processing on this website is carried out for the purpose of website analysis.
Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. The terms of use of Google Analytics and information on data protection can be accessed via the following links: http://www.google.com/analytics/terms/de.html and at https://www.google.de/intl/de/policies/.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the URL https://tools.google.com/dlpage/gaoptout?hl=de.
Clicking on the following link will prevent Google Analytics from collecting data by setting an opt-out cookie:
Deactivation of Google Analytics
Information on how Google Analytics handles user data can be found in Google's privacy policy:
https://support.google.com/analytics/answer/6004245?hl=de
5. google maps
Our website uses the online map service provider Google Maps via an interface. The provider of the map service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To use the functions of Google Maps, it is necessary to save your IP address. This information is transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. The use of the map service Google Maps is in the interest of an appealing presentation of our online offer and to make it easier to find the addresses listed by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law(https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Further information on the handling of user data can be found in Google's privacy policy:
https://www.google.de/intl/de/policies/privacy/
Opt-out: https://www.google.com/settings/ads/
6. youtube
Our website uses plugins from the Google-operated YouTube site. The operator of the pages is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited.
If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
Further information on the handling of user data can be found in YouTube's privacy policy at
https://www.google.de/intl/de/policies/privacy
7. online presence in social media
We maintain online presences within social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of the respective operators apply.
Unless otherwise stated in our privacy policy, we process users' data if they communicate with us within social networks and platforms, e.g. write posts on our online presences or send us messages.
1. facebook fanpage
1.1 Responsible party
In the event that the data you provide to us is also or exclusively processed by Facebook, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is responsible for data processing within the meaning of the GDPR in addition to us or in our place. For this purpose, we have concluded an agreement with Facebook pursuant to Art. 26 GDPR on joint responsibility for the processing of data (Controller Addendum). This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook fan page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
If, as a visitor to the page, you would like to exercise your rights (information, correction, deletion, restriction, data portability, complaint to the supervisory authority, objection or revocation), you can contact Facebook.
You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in:
https://www.facebook.com/settings?tab=adsor http://www.your onlinechoices.com
For further details, please refer to Facebook's privacy policy: https://www.facebook.com/about/privacy/
1.2 Facebook's data protection officer
To contact Facebook's data protection officer, you can use the online contact form provided by Facebook at the following link https://www.facebook.com/help/contact/540977946302970.
1.3 Data processing for statistical purposes using page insights
Facebook provides so-called Page Insights for our Facebook fan page: https://www.facebook.com/business/a/page/page-insights. This is summarized data that provides information about how people interact with our page. Page Insights may be based on personal data that is collected in connection with a visit or interaction of people on or with our page and in connection with the content provided. Please note which personal data you share with us via Facebook. Your data may be processed for market research and advertising purposes, even if you are not logged in to Facebook or do not have a Facebook account. For example, user profiles can be created from user behavior and the resulting interests of users. The user profiles can in turn be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. This data collection takes place via cookies that are stored on your end device. Furthermore, data that is independent of the devices used by the users may also be stored in the user profiles, in particular if the users are members of the respective platforms and are logged in to them. The legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the optimized presentation of our offer, the effective information and communication with customers and interested parties as well as in the targeted placement of advertisements. Please note that we have no influence on data collection and further processing by Facebook. As a result, we cannot provide any information about the extent to which, where and for how long the data is stored by Facebook. Furthermore, we cannot make any statements about the extent to which Facebook complies with existing deletion obligations, which evaluations and links are made with the data by Facebook and to whom the data is passed on by Facebook. If you wish to avoid the processing of your personal data by Facebook, please contact us by other means.
2. other social media providers
2.1 Responsible body
If your personal data is processed by a provider listed below, this provider is responsible for data processing within the meaning of the GDPR. For the assertion of your rights as a data subject, we would like to point out that these can be asserted most effectively with the respective providers. Only they have access to the data collected from you. If you still need help, please feel free to contact our data protection officer at any time.
We have online presences on the social media platforms of the following providers:
- Instagram Inc, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour,
Dublin 2 Ireland
- YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
2.2 Data protection officer
Information on how to contact the data protection officer of the other social media providers can be found here:
- Instagram Inc.: https://www.facebook.com/help/contact/540977946302970
To contact the data protection officer for Google+ and YouTube, please contact Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
3. general data processing on the social media platforms
3.1 Data processing for market research and advertising
As a rule, personal data is processed on the company website for market research and advertising purposes. For this purpose, a cookie is set in your browser, which enables the respective provider to recognize you when you visit a website. The data collected can be used to create user profiles. These are used to place advertisements inside and outside the platform that presumably correspond to your interests. Furthermore, data can also be stored in the usage profiles independently of the devices you use. This is regularly the case if you are a member of the respective platforms and are logged in to them.
3.2 Data processing when contacting us
We collect personal data ourselves when you contact us, e.g. via a contact form or a messenger service such as Facebook Messenger. Which data is collected depends on the information you provide and the contact details you provide or share. This data is stored by us for the purpose of processing the inquiry and in the event of follow-up questions. Under no circumstances will we pass the data on to third parties without your consent. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR if your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that there are no legal storage obligations to the contrary. We assume that processing is complete if it can be inferred from the circumstances that the matter in question has been conclusively clarified.
3.3 Data processing based on consent
If you are asked by the respective providers of the platforms for consent to processing for a specific purpose, the legal basis for processing is Art. 6 para. 1 lit. a., Art. 7 GDPR. Any consent given can be revoked at any time with effect for the future.
4. data transfer and recipients
Please note that by using the social media platforms, data processing may take place outside the EU and the European Economic Area, so that the European level of data protection cannot necessarily be guaranteed. The aforementioned social media providers based in the USA are certified for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the level of data protection applicable in the EU.
We have no influence on the processing and handling of your personal data by the respective providers. We also have no information on this. For further information, please check the privacy policy of the respective provider:
- Instagram privacy policy/opt-out: http: //instagram.com/about/legal/privacy/
- YouTube/Google privacy policy: https://policies.google.com/privacy?hl=de&gl=de, Opt-out: https://adssettings.google.com/authenticated, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
8. integration of third-party services and content
It may happen that third-party content, such as videos from YouTube, maps from Google Maps, RSS feeds or graphics from other websites are integrated into this online offering. This always presupposes that the providers of this content (hereinafter referred to as "third-party providers") are aware of the user's IP address. This is because without the IP address, they would not be able to send the content to the respective user's browser. The IP address is therefore required to display this content. We endeavor to only use content whose respective providers only use the IP address to deliver the content. However, we have no influence on whether the third-party providers store the IP address, e.g. for statistical purposes. Insofar as we are aware of this, we will inform users accordingly.
9. contact
When contacting the provider by e-mail or telephone, the user's details are stored for the purpose of processing the inquiry and in the event that follow-up questions arise (see Section I.).
10. handling of personal data
Personal data is information that can be used to identify a person, i.e. information that can be traced back to a person. This includes the name, email address or telephone number. But data about preferences, hobbies, memberships or which websites someone has viewed also count as personal data.
Personal data is only collected, used and passed on by the provider if this is permitted by law or if the user consents to the collection of data.
11. data transfer and recipients
Your personal data will not be transferred to third parties unless
- if we have explicitly indicated this in the description of the respective data processing.
- if you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
- the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
- in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR and
- insofar as this is necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.
We also use external service providers for the processing of our services, which we have carefully selected and commissioned in writing. They are bound by our instructions and are regularly monitored by us. With whom we have concluded order processing contracts in accordance with Art. 28 GDPR if necessary. These are service providers for web hosting, sending e-mails and maintaining and servicing our IT systems, etc. The service providers will not pass this data on to third parties.
12. data security
We take appropriate technical and organizational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.
13. duration of the storage of personal data
The duration of the storage of personal data is based on the relevant statutory retention periods (e.g. from commercial law and tax law). After expiry of the respective period, the corresponding data is routinely deleted. If data is required for contract fulfillment or contract initiation or if we have a legitimate interest in further storage, the data will be deleted if it is no longer required for these purposes or if you exercise your right of revocation or objection.
14 Your rights
Below you will find information on which data subject rights the applicable data protection law grants you vis-à-vis the controller with regard to the processing of your personal data:
The right to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.
The right, in accordance with Art. 16 GDPR, to demand the immediate correction of incorrect or incomplete personal data stored by us.
The right to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
The right to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR
The right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller in accordance with Art. 20 GDPR
The right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our registered office stated above or, if applicable, that of your usual place of residence or workplace.
The right to withdraw consent granted in accordance with Art. 7 para. 3 GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
Right of objection
If your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that this is done for reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right to object without the requirement to specify a particular situation.
If you wish to exercise your right of revocation or objection, simply send an e-mail to info@pantea-health.de.
15. reservation of right of amendment
We reserve the right to adapt or update this privacy policy if necessary in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take into account changes to our services, e.g. when introducing new services. The latest version applies to your visit.
Status of this privacy policy: 19.02.2021