Privacy policy

Privacy policy of the Practice for Breastfeeding Counseling and Emotional Support

I take the protection of your data very seriously. I would like to inform you below about which
personal data I process for which purposes when you visit my practice and use my services.

1. scope of application

The following information applies to all personal data that I collect during your visit to my practice. The responsible provider for this content is me, Karin Giese, Münchnerstr. 87, 85774 Unterföhring. The legal basis for data protection can be found in the EU General Data Protection Regulation (hereinafter GDPR) and the German Federal Data Protection Act (BDSG).

2. definitions

Personal data
“Personal data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3. the following data is processed:

• Basic data (first name, surname, address, contact details, date of birth)

• Billing data (in addition to basic data EC card data)

• Health data: The data collected before, during and after treatment about your state of health and physical condition, including medical history, treatment plan, medication, images for photo documentation (medical history and treatment data). Health data is not collected during courses and is therefore not processed.

4. purposes and legal bases of data processing:

I process your basic and billing data for the purpose of fulfilling the contract and invoicing my services. If you pay by EC card, EC card data will be transmitted to the payment provider IZettle PayPal (Europe) S.à r.l. et Cie, S.C.A. (R.C.S. Luxembourg B 118 349) for the purpose of payment processing. With regard to processing by the payment provider, please refer to its privacy policy, available at https://www.zettle.com/de/rechtshinweise/datenschutzhinweise.

The legal basis for the processing of your basic and billing data is Art. 6 para. 1 sentence 1 b GDPR.

Your medical history and treatment data are also required to fulfill the contract (legal basis Art. 6 para. 1 sentence 1 a and b, Art. 9 para. 2a GDPR).

I also use your basic data (only name, address) to inform you by post about my offers, promotions and services for the purposes of direct marketing (legal basis Art. 6 para. 1 sentence 1 f GDPR). If you have separately and expressly consented to this, I will also send you advertising in the aforementioned sense by e-mail, telephone, fax or via social media (Art. 6 para. 1 sentence 1 a GDPR).

If you provide me with personal data for purposes other than carrying out the treatment, the purpose of the data processing depends on your request. I will use your personal data to process your request. If you communicate with me by e-mail, your e-mails and the personal data provided therein will be stored on my behalf on the servers of my e-mail provider ALL-INKL.COM – Neue Medien Münnich, Hauptstraße 68 | D-02742 Friedersdorf. The legal basis for data processing is Art. 6 para. 1 sentence 1 a and f GDPR. My legitimate interest in data processing within the meaning of Art. 6 para. 1 sentence 1 f GDPR follows from the fact that I cannot process your request without your data.

5. transfer of the data to a third country

I do not transfer any of the personal data covered by this declaration to third countries.

6. voluntary provision of data

The provision of the personal data mentioned under point 3 is necessary for the conclusion of a contract.

If you visit my practice without booking a treatment or consultation, the provision of data is voluntary.

7. duration of the storage of your data

I store personal data that I process for contractual purposes (basic data, billing data) in accordance with the retention periods under tax and commercial law. I store anamnesis and treatment data for a period of 10 years. If you provide me with personal data for purposes other than treatment, the duration of data processing depends on your request. Your e-mails will be stored on the servers of my e-mail provider for a period of 6 years, unless they are subject to longer retention periods under tax and commercial law.

8. reach measurement with Matomo

As part of Matomo’s reach analysis, the following data is processed on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) GDPR), the following data is processed: the browser type and version you use, the operating system you use, your country of origin, the date and time of the server request, the number of visits, the time you spend on the website and the external links you click on. The IP address of users is anonymized before it is stored.

Matomo uses cookies, which are stored on the user’s computer and which enable an analysis of the use of our online offer by the user. Pseudonymous user profiles can be created from the processed data. The cookies have a storage period of one week. The information generated by the cookie about your use of this website is only stored on our server and is not passed on to third parties.

Users can object to the anonymized data collection by the Matomo program at any time with effect for the future by clicking on the link below. In this case, a so-called opt-out cookie is stored in their browser, which means that Matomo no longer collects any session data. However, if users delete their cookies, the opt-out cookie will also be deleted and must therefore be reactivated by the users.

The logs with the user data are deleted after 6 months at the latest.