Privacy policy

Plastic Surgery Munich

This data protection declaration (privacy policy) informs you about the use of personal data when using our websites.

In section 1 below, we inform you about our contact options and the terms used in the following. An explanation of the data processing procedures on our websites follows in section 2. Following this, you will find further information on your rights in section 3 and information on technical measures in section 4.

1. Contact details and terminology

Responsible authority

The responsible authority, within the meaning of Art. 4(7) of the GDPR, is Dr Susanne Morath and Dr Hendrik Schöll, represented by Dr Hendrik Schöll. You can find more details in the Legal notice of this website.

Terminology

Personal data

Personal data includes any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly. It is sufficient to assign an identifier such as a name or pseudonym, an identification number, location data or an online identifier. However, special characteristics are also sufficient for identification, such as the expression of physical, physiological, genetic, psychological, economic, cultural or social identity.

This includes, for example, name, address, telephone number and email address, as well as the IP address, even if this is only indirectly or temporarily assigned to a specific person.

A distinction is also made between personal data that is required for the establishment and content of the legal relationship or changes to it (inventory data) and personal data regarding the use of Internet pages (usage data).

Hyperlinks and external references

Hyperlinks [colloquially: links] are cross-references in a document and are equivalent in principle to source references in a printed document; however, unlike in a book, you can call up these cross-references by clicking on the link. Links in a web document like this are typical. The links can connect several documents and websites from different providers. In their entirety, these links reflect the World Wide Web (WWW). There is a distinction between internal links and external links. Internal links connect several text passages or even documents under one domain, external links lead to domains, websites and servers of other providers.

Different data protection regulations may apply on other web servers. A closer look at the link will tell you whether it is a link to an external website. The destination of the link can be displayed by your browser. Please refer to the instructions for your browser for more information; in many web browsers, the link will be displayed if you hover over it with your mouse without clicking on it.

Embedding external content

It may sometimes be appropriate to embed content from other websites into our design. You will then see other content in our design. Technically, this works through an IFrame/Inlineframe. This displays other web content as independent documents in a defined area of the browser; the browser address bar will only display the address of the surrounding page. Our website is displayed as a technical frame, but the content then comes from another server. This makes sense, for example, when viewing videos hosted by other providers such as YouTube or Vimeo.

Technically, this transfers usage data to the third-party provider. You can find out what data the provider uses for other purposes in the privacy policy of the respective provider.

Data collection when contacting us

You can contact us via our website/contact form, as well as by phone, fax, email and other means of communication. The information you provide is voluntary. Along with your voluntary information, we also process the time of the enquiry as well as, for technical reasons, your usage data sent in connection with the means of communication, such as telephone number or email address.

If you make an enquiry within the context of a contractual relationship or for the purpose of initiating a contract, the data processing is carried out in accordance with Art. 6(1)(1)(b) of the GDPR. In all other cases, we process your data based on your consent, as per Art. 6(1)(1)(a) of the GDPR.

We use the collected data for individual communication with you, for the purpose of contract initiation or implementation. The personal data collected by us for the use of the contact form will be deleted after the request you have made has been dealt with, depending on the content of the request, at the latest after expiry of the respective applicable statutory retention obligations.

With regard to emails, please note that communicating by email has security vulnerabilities regardless of the measures we take. If you want to transmit confidential information, please check the encryption of your provider or send the email encrypted.

Storage of cookies

A cookie is a small data file containing a string of characters that is generated and stored on your end device (for example, desktop PC, smartphone or tablet) during your visit to our website. A cookie can only contain the information we send to your device; it cannot be used to read any further data on your device. Your terminal device can be recognised using these cookies – but its user cannot be identified directly.

So-called session cookies contain a randomly generated, unique identification number. This allows our server to recognise which pages of the website the user has already visited during the “session” in question. They are usually deleted automatically after the session ends. Alternatively, the session ID can be stored on the server or transmitted in the Uniform Resource Identifier (URI). In contrast to session cookies, temporary cookies are stored on your device for a specific period of time. Any previous visits to the website are recognised by the temporary cookie and the previous settings are retained.

Cookies serve the purpose of customising the use of the website and the user profile. This means that settings that have already been made do not have to be re-entered on subsequent visits. However, they can also be used to record website usage statistics and evaluate usage for optimisation purposes. The number of visitors to our website and the frequency with which individual pages are viewed tell us whether there might be interest in similar content in the future.

The legal basis is Art. 6(1)(1)(f) of the GDPR. The data processed by cookies is necessary for the user-specific design of the website and for its optimisation. Overriding interests or fundamental rights and freedoms of third parties are not apparent. The use of cookies can be restricted in the security settings of your browser (such as Chrome, Firefox, Safari) and can also be prevented altogether. Cookies can be erased at any time. Information on this can be found in the help section of your browser. Some cookies are only stored with your explicit consent; in these cases, the legal basis is Art. 6(1)(1)(a) of the GDPR.

Your internet browser shows you whether cookies have been stored, as well as their content. Detailed information can be found on the website of the Federal Commissioner for Data Protection and Freedom of Information and the Federal Office for Information Security.

Data transmission to third parties

We will only process and transmit your personal data to third parties under the following conditions:

  • You have given your consent to this as per Art. 6(1)(1)(a) of the GDPR.
  • The transmission is necessary for the execution of a contract or the initiation of a contract, as per Art. 6(1)(1)(b) of the GDPR.
  • There is a legal obligation to which we are subject, as per Art. 6(1)(1)(c) of the GDPR.
  • For the protection of vital interests of a natural person, as per Art. 6(1)(1)(d) of the GDPR.
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority, if such authority has been conferred on us, as per Art. 6(1)(1)(e) of the GDPR.
  • The processing is necessary to protect our legitimate interests or those of a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail, Art. 6(1)(1)(f) of the GDPR. This includes, for example, the assertion, exercise or defence of legal claims.

Data processing by Google

We use services offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We have described the services below. However, for site visitors whose habitual residence is in the European Economic Area or Switzerland, the processor and single point of contact for Google is Google Ireland Limited (hereinafter Google). The registered office of Google Ireland Ltd. is Gordon House, Barrow Street, Dublin 4, Ireland, phone: +353 1 543 1000. The Company is incorporated under the laws of Ireland and is registered under registration number 368047.

Insofar as Google also processes data in the USA, Google is listed as a participant in the EU-US Privacy Shield Framework as well as the Swiss-U.S. Privacy Shield Framework. Both data protection agreements are intended to guarantee a level of data protection comparable to that of the EU or Switzerland.

Analysis of website visitors (tracking)

Our tracking measures are based on Art. 6(1)(1)(f) of the GDPR. They are used for recording website visits statistics and thus for the needs-based design and ongoing optimisation of the website.

Google Web Fonts

We use so-called web fonts to ensure the uniform display of fonts. These fonts are provided by Google. When you access a page, your browser loads the web fonts into its browser cache in order to display texts and fonts correctly. For this purpose, the browser you use connects to Google’s servers. This gives Google knowledge of the usage data. The legal basis for this is Art. 6(1)(f) of the GDPR.

If your browser does not support web fonts, a standard font is used by your computer.

You can find more information about Google Web Fonts at https://developers.google.com/fonts/faq and in Google’s privacy policy https://www.google.de/intl/de/policies/privacy/.

Google Maps

This site uses the map service Google Maps from Google.

For technical reasons, usage data, including your IP address, is transmitted to Google servers for the use of the map service. We have no influence on this data transmission.

The use of Google Maps pursues the purpose, and thus our legitimate interest, of showing you how to get to us by means of displaying a simple map. For this purpose we have integrated the map service.

The legal basis for this legitimate interest of data processing is Art. 6(1)(f) of the GDPR.

You can find more information on how Google handles user data in Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/.

3. Rights as a data subject

Data subjects have the right to;

  • request information about the personal data we process, as per Art. 15 of the GDPR. This includes information about the purposes of processing, the category of personal data, the categories of recipients to whom data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint and the origin of the data if it was not collected by us. Furthermore, they can request information about the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
  • immediately request the correction of incorrect or incomplete personal data stored by us, as per Art. 16 of the GDPR;
  • request the erasure of personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims, as per Art. 17 of the GDPR;
  • to request the restriction of the processing of personal data, insofar as the accuracy of the data is disputed, the processing is unlawful, but the data subject objects to its erasure and we no longer require the data, but he/she needs it for the assertion, exercise or defence of legal claims or he/she has objected to the processing pursuant to Art. 21 of the GDPR, Art. 18 of the GDPR;
  • obtain the personal data that data subjects have provided to us in a structured, commonly used and machine-readable format or request the transfer to another controller, as per Art. 20 of the GDPR;
  • to revoke the consent once given to us at any time. This has the consequence that we may no longer continue to process data based on this consent in the future, Art. 7(3) of the GDPR, and
  • complain to a supervisory authority, as per Art. 77 of the GDPR. As a rule, data subjects can contact the supervisory authority of their habitual residence or workplace or our registered office for this purpose. The competent supervisory authority is the State Data Protection Commissioner of the federal state in which we have our registered office. You can find their contact details under the following external link:

If personal data is processed on the basis of legitimate interests pursuant to Art. 6(1)(1)(f) of the GDPR, data subjects have the right to object. They can object to the processing of personal data. There must be reasons arising from their particular situation or the objection must be directed against direct advertising, as per Art. 21 of the GDPR. In the latter case, data subjects have a general right to object, which can be implemented without specifying a particular situation.

4. Technical measures

Data retrieval security

For the security of data transmission, we use a so-called TLS/SSL encryption. TLS stands for Transport Layer Security; it is also known by the abbreviation SSL for Secure Sockets Layer. You can access the website in encrypted form by placing the abbreviation https:// in front of the domain, e.g. https://. You can recognise encryption in most browsers by a lock symbol in the browser bar. Please consult the documentation for your web browser.

The Hypertext Transfer Protocol Secure (https) is a technical communication protocol on the internet for the use of the World Wide Web (www) or just web. This is used to retrieve electronic hypertext documents, the so-called webpages.