Privacy Policy
Privacy Policy for the website www.faltenbehandlungen.berlin
Since May 25, 2018, the provisions of the EU General Data Protection Regulation (hereinafter: GDPR) have been in effect throughout Europe. Below, we would like to inform you about the processing of personal data carried out by MVZ Zahnkultur Berlin-Köpenick in accordance with this new regulation (see Article 13 of the GDPR). Please read our privacy policy carefully. If you have any questions or comments regarding this privacy policy, you may contact us at any time at the email address provided in Section 2.
Table of Contents
1. Overview
2. Who is responsible for data processing on this website and how can the Data Protection Officer be contacted?
3. How, for what purpose and on what legal basis is your data processed?
3.1. How and on what legal basis do we process your data when you visit our website?
3.2. How, to what extent and on what legal basis do we process your data in the context of dental treatment?
3.3. How, to what extent and on what legal basis do we process your data in the context of our business relationship with our service providers and business partners?
3.4. How, for what purpose and on what legal basis do we process your data in connection with our online presence and website optimisation?
3.5. How and on what legal basis do we process your data for marketing purposes?
4. When do we transfer your data to recipients outside the EU?
5. What rights do you have regarding your data?
6. How long do we store your data?
1. OVERVIEW
The following privacy notice informs you about the nature and scope of the processing of so-called personal data by MVZ Zahnkultur Berlin-Köpenick GmbH. Personal data refers to information that can be directly or indirectly attributed to you.
Data processing by MVZ Zahnkultur Berlin-Köpenick GmbH in connection with our wrinkle treatment services can essentially be divided into three categories:
- For the purpose of treatment and fulfillment of the treatment contract, the necessary data of our patients is processed (see 3.2).
- In our business dealings with our service providers and business partners, we process the personal data of the respective contact persons (see section 3.3).
- When you visit the website, various pieces of information are exchanged between your device and our server. This may also include personal data. The information collected in this way is used, among other things, to integrate external content or to display advertisements in your device’s browser. See sections 3.1, 3.6, and 3.5.
In accordance with the provisions of the GDPR, you have various rights that you can exercise against us. These include, among other things, the right to object to certain data processing activities, in particular data processing for advertising purposes. The option to object is highlighted in the text.
If we carry out any further data processing, we will inform you of this on a case-by-case basis. If you have any questions about our privacy policy, please feel free to contact our external data protection officer at any time. You will find the contact information below.
2. WHO IS RESPONSIBLE FOR DATA PROCESSING, AND HOW CAN THE DATA PROTECTION OFFICER BE CONTACTED?
This privacy policy applies to data processing by MVZ Zahnkultur Berlin-Köpenick GmbH, Dörpfeldstraße 46, 12489 Berlin (“Data Controller”), and to the following website:
https://faltenbehandlungen.berlin/
Our contact information:
Zahnkultur Berlin
MVZ Zahnkultur Berlin-Köpenick GmbH
Dörpfeldstraße 46
12489 Berlin
Phone: 030 / 565 90 50 0
Fax: 030 / 565 90 50 20
If you have any questions regarding data protection, please contact us at j.oeztan@zahnkultur-berlin.de
You can reach our Data Protection Officer at the above address, attn: Data Protection Officer, or at datenschutzbeauftragter@zahnkultur-berlin.de
Please note that your health insurance provider is responsible for data processing in connection with the electronic patient record. We ask that you direct any questions regarding this matter to them.
Gematik GmbH is responsible for providing the telematics infrastructure itself.
3. HOW, FOR WHAT PURPOSE, AND ON WHAT LEGAL BASIS IS YOUR DATA PROCESSED?
When you visit our website, the browser on your device automatically sends information to our website’s server, which is temporarily stored in a log file. We have no control over this process. The following information is collected automatically and stored until it is automatically deleted:
• the IP address of the requesting internet-enabled device,
• the date and time of access,
• the name and URL of the file accessed,
• the website from which access occurred (referrer URL),
the browser you are using and, if applicable, the operating system of your internet-enabled computer, as well as the name of your internet service provider.
The legal basis for processing the IP address is Article 6(1)(f) of the GDPR. Our legitimate interest arises from the purposes of data collection listed below. Please note that we cannot and do not draw any direct conclusions about your identity from the data collected.
We use your device’s IP address and the other data listed above for the following purposes:
• To ensure a smooth connection,
• To ensure a comfortable user experience on our website,
• To evaluate system security and stability.
The data is stored for a period of 7 days and then automatically deleted. Furthermore, we use so-called cookies and tracking tools on our website. The specific methods involved and how your data is used for this purpose are explained in more detail below in Section 3.4.
If you have consented to so-called geolocation in your browser, operating system, or other settings on your device, we use this feature to offer you personalized services based on your current location (e.g., the location of our medical practice). We process your location data collected in this manner exclusively for this purpose. Once you stop using the service, the data is deleted.
This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host’s servers. To ensure data protection compliance, we have entered into a data processing agreement with our host.
We have commissioned a communications agency to develop and manage our website. As a result, the communications agency has access to the technical data mentioned above. To ensure that data is processed in compliance with data protection regulations, we have entered into a data processing agreement with the communications agency.
3.1.1 CONTACT OPTIONS VIA THE WEBSITE
In accordance with legal requirements, the website of MVZ Zahnkultur Berlin-Köpenick GmbH contains information that enables users to quickly contact our company electronically and communicate directly with us, including a general email address. If a data subject contacts the controller via email or a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted by a data subject to the data controller on a voluntary basis (see Art. 6(1)(a) or Art. 9(1) of the GDPR) is stored for the purposes of processing or contacting the data subject. This personal data is not disclosed to third parties.
3.2 HOW, TO WHAT EXTENT, AND ON WHAT LEGAL BASIS DO WE PROCESS YOUR DATA IN CONNECTION WITH DENTAL TREATMENT?
3.2.1 Data we process from you, as well as the purposes and legal bases for data processing
We process your data to fulfill the treatment contract, the associated obligations, and to bill for our services. The legal basis is therefore Art. 6(1)(b) GDPR in conjunction with Art. 9(2)(h) GDPR and § 22(1)(1)(b) BDSG.
The data we process includes, among other things, health data and thus special categories of personal data within the meaning of Article 9 of the GDPR.
This includes the data collected on the medical history form, such as name, contact information, details regarding insurance, pre-existing conditions, allergic reactions, blood pressure, medications, pregnancy, or treatment preferences.
We also collect data as part of your patient record. This includes diagnoses, findings, X-rays, treatment recommendations, treatment and cost plans, or doctor’s letters. In individual cases, intraoral before-and-after photos are also taken to document the success of the treatment.
Last but not least, we also collect data in connection with scheduling appointments and cash payments for treatment.
The collection of your health data is a prerequisite for treatment. If the necessary information is not provided, proper treatment cannot be performed.
3.2.2 Processing of Your Data in Connection with the Electronic Health Record
The use of the electronic health record (ePA) and its associated functions—such as the digital transmission of sick leave notices to your health insurance provider, electronic prescriptions, and access to or storage of medical records in the ePA—will be available in our practice as required by law once the “ePA for All” initiative is implemented.
By default, after you insert your electronic health card, we have access to the findings, medication plans, and other health data contained in your ePA for 90 days. You can configure this in the app provided by your health insurance provider or directly through your health insurance provider to deny or revoke our access to all or specific documents.
You can delete data from the ePA yourself using your smartphone app. Please note that deleting data means that other doctors involved in your treatment will no longer have access to that data within the ePA. Upon request, our practice can also perform the deletion in exceptional cases. In such cases, we ask that you confirm your request in writing.
If you have further questions about the electronic patient record, particularly regarding the security of your data and the use of the smartphone app, please direct them to your health insurance provider.
3.2.3 Data Retention Period
We retain your personal data only for as long as is necessary to provide treatment or as required by law.
For example, due to legal requirements, we are obligated to retain treatment records for at least 10 years after the completion of treatment.
Other regulations may result in longer retention periods, for example, 30 years for X-ray images pursuant to Section 28(3) of the X-ray Ordinance.
3.2.4 Recipients of the Data
In addition to data protection regulations, your treating physician is generally bound by medical confidentiality regarding all information related to your treatment.
Your data will only be disclosed to third parties to the extent permitted by law or if you have given us your consent and, where necessary, have released your physician from the duty of confidentiality. If you utilize private services and have given your consent, we will transmit your data to DZR Deutsches Zahnärztliches Rechenzentrum GmbH for billing purposes.
Our digital medical history form on the website and the iPads in our practices is provided by synMedico GmbH. We have entered into a data processing agreement with synMedico GmbH that governs the processing of your data on our behalf.
To conduct the legally required medication safety check, the necessary data is forwarded to our service provider, ifap Service-Institut für Ärzte und Apotheker GmbH. We have entered into a data processing agreement with ifap Service-Institut für Ärzte und Apotheker GmbH that governs the processing of your data on our behalf. The check is performed to identify risks such as allergies, interactions between different medications, and medications contraindicated due to pre-existing conditions, and to take these into account when prescribing or dispensing medications.
As a precaution, we would like to inform you that, as part of your treatment with us, information may be shared among the various doctors or treatment teams employed by us to the extent necessary for your treatment (since you will not always be treated by the same doctor or team). To the extent that we have not received a written waiver of confidentiality in this regard, we assume your tacit consent, as this fact arises from the practice procedures with which you are familiar.
Recipients of your personal data may primarily include other physicians, dental laboratories, associations of panel physicians, health insurance companies, the Medical Service of the Health Insurance Funds, medical associations, and private medical billing agencies. The transfer of data is primarily for the purpose of billing for services provided to you and for clarifying medical issues and matters arising from your insurance relationship. If necessary, we may disclose your data to attorneys or service providers to secure or pursue payment claims. The legal basis for this is Article 6(1)(f) of the GDPR, as the disclosure is based on our legitimate interest in enforcing our claim for remuneration.
Recipients of data may also include public health authorities or other reporting agencies, such as the cancer registry, to which we are required to report.
Our practice is also connected to the so-called Telematics Infrastructure (TI). This TI serves to network healthcare professionals and utilize specialized medical applications. Technically, the TI is operated by the Gesellschaft für Telematikanwendungen der Gesundheitskarte mbH (gematik).
We have integrated external service providers into our practice operations for various services in the areas of IT, cleaning, and waste disposal. Although we generally do not disclose your data to these service providers, it cannot be ruled out that they may become aware of it. All service providers are bound by us to comply with medical confidentiality and data protection regulations.
3.2.5 Where is the data processed?
We process your data exclusively on our own servers and on the servers of our service providers in Germany.
3.3 HOW, TO WHAT EXTENT, AND ON WHAT LEGAL BASIS DO WE PROCESS YOUR DATA IN THE CONTEXT OF OUR BUSINESS RELATIONSHIP WITH OUR SERVICE PROVIDERS AND BUSINESS PARTNERS?
3.3.1 Data we process from you and the purposes of data processing
Within the scope of our business relationship, we collect personal data for the following purposes:
Initiation and establishment of the contractual relationship
Execution of the contractual relationship
Preservation of evidence for any post-contractual warranty and guarantee claims and legal disputes
Payment transactions
Measures for building and facility security (e.g., access controls);
Measures for business management and improvement of internal processes and products.
The following categories of personal data are collected and processed:
Employee data (including name, business address, email, phone number, area of responsibility)
Communication data (including emails, correspondence)
Payment data (e.g., bank account information)
Billing data (e.g., tax ID number)
3.3.2 Legal Basis for Data Processing
The legal basis for the processing described above is the contractual relationship between us or the initiation of such a relationship, and thus Article 6(1)(b) of the GDPR. To the extent that a contractual relationship exists with your employer, the processing is carried out to safeguard our legitimate interest in the performance of the contract or the order. The legal basis is therefore Article 6(1)(f) of the GDPR.
In the other cases mentioned, processing is carried out to safeguard our legitimate interest in the described processing activities. The legal basis is therefore Article 6(1)(f) of the GDPR.
To the extent that statutory retention obligations or information obligations apply, the legal basis for processing is Article 6(1)(c) of the GDPR.
3.3.3 Data Retention Period
We store the data for a period of three years. Thereafter, processing is limited to the purpose of complying with statutory retention requirements. Once the statutory retention periods have expired (ten years for tax-related documents and six years for other business correspondence), the data is completely deleted.
For personal data in our contact management system, we review after four years at the end of the respective calendar year whether further storage is necessary. If there is no such necessity, the data will be deleted. If we become aware that you have left the company, we will delete your contact information immediately—unless it is contained in documents subject to retention requirements (e.g., business correspondence)—or update it if you wish and provide us with new contact information.
3.3.4 Recipients of the Data
Your personal data will be disclosed to:
The department responsible for providing your service
Payment service providers
Tax advisors
Other service providers involved in providing the service (as necessary)
Tax authorities
3.3.5 Transfer of Personal Data to a Third Country
We will also transfer your data to third countries if and to the extent that such transfer is necessary to fulfill a contract with you or our business partner, or to conclude or fulfill a contract in the interest of the business partner. In this case, we will inform you in advance about the specific transfer to a third country.
3.3.6 Obligation to Provide Personal Data
Within the scope of our business relationship, you are only required to provide the personal data necessary for the establishment, performance, and termination of a business relationship, or data that we are legally obligated to collect. Without this data, we will generally have to refuse to conclude the contract or execute the order, or we will no longer be able to perform an existing contract and may have to terminate it.
3.4 HOW, FOR WHAT PURPOSE, AND ON WHAT LEGAL BASIS DO WE PROCESS YOUR DATA IN CONNECTION WITH OUR ONLINE PRESENCE AND WEBSITE OPTIMIZATION?
3.4.1 Cookies – General Information
We use so-called cookies on our website. If these cookies involve personal data, their use is based on Article 6(1)(f) of the GDPR, provided they are technically necessary cookies (e.g., the cookie that stores your consent). Our interest in optimizing our website is considered a legitimate interest within the meaning of the aforementioned provision. The storage of cookies that are strictly necessary for the website to function is based on the exception provided for in Section 25(2)(2) of the German Telemedia Act (TDDDG). In other cases, the use of cookies is based on the consent you provided to us via the consent banner when you first visited the website, and thus on the basis of Section 25(1) TDDDG in conjunction with GDPR Art. 6(1)(a). You may revoke your consent at any time by clicking the “Adjust privacy settings” link in the footer of this website.
Cookies are small files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your device and do not contain viruses, Trojan horses, or other malware. Information is stored in the cookie that is related to the specific device being used. However, this does not mean that we thereby gain direct knowledge of your identity. The use of cookies serves, on the one hand, to make the use of our website more convenient for you. We use temporary cookies that are stored on your device for a specific, predetermined period of time. If you visit our site again to use our services, the system automatically recognizes that you have previously visited us and recalls the entries and settings you made, so you do not have to re-enter them.
Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a notification always appears before a new cookie is created. Please note, however, that completely disabling cookies may prevent you from using all the features of our website. The duration for which cookies are stored depends on their intended use and varies (see below).
On our website, we use the cookies listed in the table below, with the functions specified there. You can also find the storage duration of each cookie in the table.
3.4.1.2 Cookies set based on your consent for the integration of external services
Name Provider Function / Purpose Duration
VISITOR_INFO1_LIVE YouTube Used by YouTube to store user settings for embedded YouTube videos, as well as for analytics and advertising purposes, and to suggest relevant content to the user. 180 days
YSC YouTube Used by YouTube to store user input and link it to the user’s actions, as well as for security purposes. Session
mapbox.eventData.uuid:# Mapbox Used to display street maps Persistent
mapbox.eventData:# Mapbox Used to display street maps Persistent
3.4.1.3 Cookies set for advertising purposes based on your consent
Name Provider Function / Purpose Duration
_fbp Meta Website analytics, ad targeting, and ad measurement Session / 1 year
c_user Meta Website analytics, ad targeting, and ad measurement Session / 1 year
datr Meta Website analytics, ad targeting, and ad measurement Session / 1 year
fr Meta Website analytics, ad targeting, and ad measurement Session / 1 year
m_pixel_ration Meta Website analytics, ad targeting, and ad measurement Session / 1 year
pl Meta Website analytics, ad targeting, and ad measurement Session / 1 year
presence Meta Website analytics, ad targeting, and ad measurement Session / 1 year
sb Meta Website analytics, ad targeting, and ad measurement Session / 1 year
spin Meta Website analytics, ad targeting, and ad measurement Session / 1 year
wd Meta Website analytics, ad targeting, and ad measurement Session / 1 year
xs Meta Website analytics, ad targeting, and ad measurement Session / 1 year
_ga Google Website analytics, ad targeting, and ad measurement 2 years
_gat Google Website analytics, ad targeting, and ad measurement 2 years
_gid Google Website analytics, ad targeting, and ad measurement 2 years
3.4.2 Street Maps (Mapbox)
We have integrated street maps into our website that are provided by Mapbox, Inc., 740 15th Street, NW, 5th Floor, Washington, DC 20005, USA. To display these street maps, the data technically required for this purpose is transmitted to Mapbox—this generally includes at least the following information
• Date and time of the visit to the relevant webpage
• Internet address or URL of the accessed webpage
• IP address
We have no influence over the further processing and use of the data by Mapbox. However, you can find more information on this in Mapbox’s privacy policy.
The legal basis for the integration of the street maps and the transmission of the technically necessary data to Mapbox is your consent and thus Art. 6(1)(a) GDPR. The legal basis for the cookies set by Mapbox is Section 25(1) of the German Telemedia Act (TDDG) in conjunction with Article 6(1)(a) of the GDPR. You may revoke your consent at any time by clicking the “Adjust privacy settings” link in the footer.
Mapbox processes the data required to display the content in the United States. The transfer to the United States is based on the Trans-Atlantic Data Privacy Framework, for which Mapbox holds certification. The transfer is thus based on an adequacy decision by the European Commission pursuant to Article 45 of the GDPR.
3.4.3 YouTube Videos
We have embedded YouTube videos on our website. YouTube is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To protect your data, the videos are only displayed if you have given your consent to the embedding of external YouTube content. You can give your consent either in the consent banner that appears when you first visit the website or directly on the respective subpage. A cookie is set to store your consent or refusal. Consent you have given can be revoked at any time via the “Adjust privacy settings” link in the footer.
The videos are stored on http://www.YouTube.com and can be played directly from our website. They are embedded in “enhanced privacy mode,” meaning that, according to Google’s own statements, Google will not link the information that you have played videos on our website to your YouTube profile in order to suggest further videos to you on YouTube or to use your data for advertising or market research purposes.
By playing the videos, YouTube receives the information that you have visited the corresponding subpage of our website. In addition, at least the following data is transmitted.
IP address
Date and time of the request
Time zone difference from Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred in each case
Website from which the request originates
Browser
Operating system and its interface
Language and version of the browser software
This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. We have no influence over further data processing by Google and, in particular, cannot specify which data processing operations are prevented by the enhanced privacy mode. If you are logged in to Google, your data may therefore be directly associated with your account. If you do not wish for this association with your YouTube profile, you must log out before activating the button.
The legal basis for the transmission of the technically necessary data to YouTube is your consent and thus Art. 6(1)(a) GDPR. The legal basis for the cookies set by YouTube is § 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR.
Google may also process the data required to display the content in the United States. Google’s transfer of data to the United States is based on the Trans-Atlantic Data Privacy Framework, for which Google holds certification. The transfer is thus based on an adequacy decision by the European Commission pursuant to Article 45 of the GDPR.
The embedding of YouTube videos may also involve other Google services, such as Google Fonts, Google Ads, or Google Photos. For more information on the purpose and scope of data collection and its processing by YouTube, please refer to YouTube’s Privacy Policy. There you will also find further information regarding your rights and settings options for protecting your privacy.
3.4.4 Hyperlinks to Third-Party Websites
On our website, we use hyperlinks to the websites of the social networks Facebook and Instagram in accordance with Article 6(1)(f) of the GDPR to promote our company. The underlying promotional purpose is to be regarded as a legitimate interest within the meaning of the GDPR. Responsibility for ensuring compliance with data protection regulations lies with the respective providers.
3.5 HOW AND ON WHAT LEGAL BASIS DO WE PROCESS YOUR DATA FOR ADVERTISING PURPOSES?
In particular, in areas related to wrinkle treatments, we regularly place ads on third-party websites. To measure and analyze the success of these ads and thus our investment, we have integrated advertising services into our website. These allow us, within the framework described below, to track the interaction of users on our website who were directed to our website via an ad. Our goal is also to ensure that our ads are displayed as frequently as possible to users whom we believe may have a heightened interest in our offerings or in working with us. These are either users who have already interacted with the relevant subpages of our website, or users who are similar to these users—at least based on their online profiles.
3.5.1 Meta Advertising Services: Meta Pixel, Conversions API, and Custom Audiences
We have integrated Meta code into our website that sets a cookie (known as the Meta Pixel). This pixel enables Meta to track your visit to our site and its subpages, as well as any actions you take on our site—such as booking an appointment—and, if applicable, to associate this information with your Facebook profile and other data Meta holds about you. In this context, Meta specifically tracks whether you previously clicked on an ad we placed on Facebook or other websites. This association also occurs across different devices or browsers, as long as you are logged into your Facebook profile on them. This may also be the case even if you do not have a Facebook window open in your browser. At the same time, Meta also tracks which subpages are visited or actions are performed directly on our web server via the so-called Conversions API.
The Custom Audiences feature allows us to specify, as part of our ad campaigns on Meta, which target groups and Facebook users will see these ads. For example, we can set our ads to be shown to users who have previously visited our website. We can also use this feature to display our ads on external websites operated by other providers to users who are similar to you based on the available data (so-called “lookalikes”). This feature also allows us to measure the success of our ads and use our advertising budget as effectively as possible. The data collected by Meta is only visible to us in the form of anonymous reports and is used solely for the purpose of displaying advertisements.
The Meta advertising services described above are only used if you have given your consent in our Consent Tool (“Cookie Banner”). The legal basis for the processing of your data is therefore GDPR Art. 6(1)(a). The legal basis for the cookies set by Meta is § 25(1) TDDDG in conjunction with GDPR Art. 6(1)(a). You can revoke your consent at any time by clicking the “Adjust privacy settings” link in the footer of this website.
The Meta Pixel, the Conversions API and Custom Audiences are services provided by Meta Platforms Ireland Ltd. (“Meta”), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. You have the option to prohibit Meta and its partners from displaying advertisements to you. You can adjust your settings for Meta advertising via the following link. Further information on how Meta processes your data can be found in Meta’s privacy policy.
With regard to the processing of your data in connection with tracking your activities on our website and the advertisements we place, we are jointly responsible with Meta – but not for any subsequent processing carried out independently by Meta. We have concluded a joint controllership agreement with Meta.
Meta has agreed to handle data subject rights insofar as they relate to processing carried out by Meta. Users may, for example, submit information requests or deletion requests directly to Meta. Your rights as a data subject (in particular the rights to access, erasure, objection and to lodge a complaint with the competent supervisory authority) are not restricted in any way by our agreement with Meta.
Meta also processes your data in the United States. Transfers by Meta to the U.S. are based on the Trans‑Atlantic Data Privacy Framework, for which Meta holds a certification. The transfer is therefore based on an adequacy decision of the European Commission pursuant to Art. 45 GDPR.
3.5.2 Google Ads Conversion Tracking
We use the Google advertising service “Conversion Tracking” on this website. This means that Google places a cookie on your device when you are directed to our website via a Google Ads advertisement. The cookie has a storage period of 30 days and enables us to understand which advertisement brought you to our site, which subpages you visit and which actions you take there. In particular, we can determine which services you viewed, whether you booked an appointment, viewed a job posting or submitted an application. We can also identify abandoned applications. Google may associate this data with your Google profile, if one exists.
For us, this means we can assess which of our advertisements are successful. We can also analyse this data and use it to display relevant advertising to you or so‑called “lookalikes” (i.e., users similar to your Google profile) on other websites. Google does not collect IP addresses for this purpose.
Google Ads Conversion Tracking is only used if you have given your consent via our consent tool (“cookie banner”). The legal basis for processing your data is therefore Art. 6(1)(a) GDPR. You may withdraw your consent at any time by clicking on the “Adjust privacy settings” link in the footer of this website.
Google Ads is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We have concluded a data processing agreement with Google to govern the processing of your personal data.
Google also processes your data in the United States. Transfers by Google to the U.S. are based on the Trans‑Atlantic Data Privacy Framework, for which Google holds a certification. The transfer is therefore based on an adequacy decision of the European Commission pursuant to Art. 45 GDPR.
4. WHEN DO WE TRANSFER YOUR DATA TO RECIPIENTS OUTSIDE THE EU?
Except for the processing activities described in sections 3.4 and 3.5, we do not transfer your data to recipients located outside the European Union or the European Economic Area.
5. WHAT RIGHTS DO YOU HAVE REGARDING YOUR DATA?
5.1 Overview
In addition to the right to withdraw any consent you have given us, you have the following rights under the applicable legal requirements:
Right of access to the personal data stored about you pursuant to Art. 15 GDPR, including information on processing purposes, categories of personal data, categories of recipients, storage periods, and the origin of your data if not collected directly from you.
Right to rectification of inaccurate data or completion of incomplete data pursuant to Art. 16 GDPR.
Right to erasure of your data pursuant to Art. 17 GDPR, unless statutory or contractual retention obligations or other legal requirements prevent deletion.
Right to restriction of processing pursuant to Art. 18 GDPR, for example if the accuracy of the data is contested, the processing is unlawful but you oppose deletion, the controller no longer needs the data but you require it for legal claims, or you have objected pursuant to Art. 21 GDPR.
Right to data portability pursuant to Art. 20 GDPR, i.e., the right to receive selected data in a commonly used, machine‑readable format or to request its transfer to another controller.
Right to lodge a complaint with a supervisory authority, typically the authority of your habitual residence, workplace or our company headquarters.
5.2 Right to object
Under the conditions of Art. 21(1) GDPR, you may object to the processing of your data for reasons arising from your particular situation.
This general right to object applies to all processing activities described in this privacy notice that are based on Art. 6(1)(f) GDPR. Unlike the specific right to object to processing for direct marketing purposes (see section 3.3.3 above), we are only obliged to comply with a general objection if you provide compelling legitimate grounds (e.g., potential risks to life or health).
You may also contact the supervisory authority responsible for MVZ Zahnkultur Berlin‑Köpenick GmbH, the Berlin Commissioner for Data Protection and Freedom of Information.
6. HOW LONG DO WE STORE YOUR DATA?
Unless otherwise specified above, the following applies:
The storage period for personal data is determined by statutory retention obligations (e.g., medical, commercial or tax‑related retention periods). These are typically:
3 years (e.g., for standard limitation periods of contractual or medical liability claims)
10 years (e.g., for tax‑related retention obligations)
18 or 30 years in certain cases (e.g., chronic medical conditions)
After expiry of the applicable retention period, the data is routinely deleted unless it is still required for contract performance or initiation, or unless we have a legitimate interest in continued storage.
As of 1 March 2026