Datenschutzhinweise

The requirements of the EU General Data Protection Regulation (hereinafter: GDPR) have been in effect in Europe since 25 May 2018. With the information provided below we would like to inform you about the processing of personal data by MVZ Zahnkultur Berlin-Köpenick in accordance with this new regulation (see Article 13 of the GDPR). Please read our Data Protection Policy carefully. Should you have any questions or comments about this Data Protection Policy, you can send them at any time to the e-mail address provided in section 2.

The following Data Protection Policy informs you about the nature and scope of the processing of personal data by MVZ Zahnkultur Berlin-Köpenick GmbH. Personal data means information that can be attributed, directly or indirectly, to your person.

Data processing by MVZ Zahnkultur Berlin-Köpenick GmbH can essentially be divided into three categories:

- To provide our patients with treatment and to fulfil the treatment contract, we process data of our patients that are necessary for such purposes (see 3.2).

- In business transactions with our service providers and business partners, we process personal data of the respective contact persons (see 3.3).

- When you access the website, your client device sends various kinds of information to our server. This might include personal data. The information thus collected is used, among other things, to embed external content in our website and to display ads in your browser. See 3.1, 3.6 and 3.5.

You have various rights, which you can assert towards us in accordance with GDPR. This includes, among other things, the right to object to selected data processing, in particular data processing for advertising purposes. Any option to object is typographically emphasised.

If we perform any other data processing, we will inform you on a case-by-case basis. If you have any questions about our Data Protection Policy, please do not hesitate to contact our external Data Protection Officer at any time. You will find the contact details below.

This privacy notice applies to data processing by MVZ Zahnkultur Berlin-Köpenick GmbH, Dö-rpfeldstraße 46, 12489 Berlin („controller“), and to the following website

www.zahnimplantate-berlin.dental

Our contact details:

Zahnkultur Berlin
MVZ Zahnkultur Berlin-Köpenick GmbH
Dörpfeldstrasse 46
12489 Berlin

Telephone: 030 / 565 90 50 0
Fax: 030 / 565 90 50 20

For queries relating to the processing of your personal data, you may contact us via email: j.oeztan@zahnkultur-berlin.de

You may contact our Data Protection Officer at the above address, to the attention of the Data Protection Officer, or at datenschutzbeauftragter@zahnkultur-berlin.de

Please note that your health insurance company is responsible for any data processing per-formed in the context of the electronic patient record. We kindly ask you to address any ques-tions you may have in this regard to your insurance company.

The gematik GmbH is responsible for the provision of the telematics infrastructure.

When you visit our website, your browser will automatically send information to our server which will temporarily be stored in what is commonly referred to as a log file. The following information will be collected without any activities on your part and will be stored until it is automatically deleted:

• IP address,

• date and time, 


• which page on our website you visit, 


• from which website you were referred to our website,

• browser, operating system and internet provider 


  The legal basis for processing the IP address is Article 6 (1) f GDPR. Our legitimate interest re-sults from the purposes of data collection listed below. Please allow us to note that we cannot and will not draw any direct conclusions about your identity from the data collected.

  We will use the IP address of your terminal device and the other data listed above for the fol-lowing purposes:

• ensuring a smooth connection,

• ensuring a comfortable use of our website,

• to evaluate system security and stability.

  The data will be stored for a period of 7 days and then automatically erased. We also make use of cookies and tracking tools on our website. For more information on the exact methods in-volved and the way in which your data are used for this, please see point 3.4 below. 

  

  If you have given your consent to the geolocation option in your browser or in the operating system or other settings of your terminal device, we will use this function to be able to offer you individual services (e.g. the location of our doctor’s office) related to your current location. We will process your location data processed in this way exclusively for this function. The data will be erased when you stop using this function.
  

  This website is hosted by an external service provider (hoster). The personal data collected on this website are stored on the servers of the hoster. In order to guarantee compliant processing of your data, we have concluded a data processing agreement with our hoster.
  

  We have engaged a communications agency with the development and administration of our website. The communication agency therefore has access to the above-mentioned technical data. In order to guarantee compliant processing of your data, we have concluded a data pro-cessing agreement with our communications agency.

  
  

The website of MVZ Zahnkultur Berlin-Köpenick GmbH contains information that enables you to quickly contact our company electronically as well as by direct communication, which also includes a general address of the electronic mail (e-mail address). If a data subject contacts the Controller by e-mail or by using a contact form, the personal data transmitted by the data subject will automatically be saved. Such personal data transmitted on a voluntary basis (cf. point (a) of Art. 6 (1) or Art. 9 (1) of the GDPR) by a data subject to the Controller are stored for the purpose of processing or contacting the data subject. Such personal data will not be passed on to third parties.

We process your data for fulfilling the treatment contract, the associated obligations and for billing our services. The legal basis is therefore point (b) of sentence 1 of Art. 6 (1) of the GDPR in conjunction with point (h) of Art. 9 (2) of the GDPR and point (b) of no. 1 of Sec. 22 (1) of the BDSG [German Data Protection Act].

The data we process includes, among other things, health data and thus special categories of personal data within the meaning of Art. 9 of the GDPR. These include the data collected using the medical history form such as name, contact details, insurance details, pre-existing condi-tions, allergic reactions, blood pressure, medications, pregnancy or preferences during treatment.

Furthermore, we collect data in your patient record. These include diagnoses, findings, x-ray images, therapy proposals, treatment and cost plans or medical reports. We may in some cases take intraoral before-and-after photos to document the success of the treatment. Last but not least, we also collect data in the context of making appointments and of cash payments for treatment. The collection of your health data is required for the treatment. Appropriate treatment and care cannot be provided if the necessary information is not provided.

The use of the electronic patient file (ePA) and it’s associated functions, such as digital transmission of sick notes to your health insurance company, electronic prescriptions and access to or storage of medical documents in the ePA, will be available in our practice from the introduction of the 'ePA for all', as required by law.

By default, we will have access to any reports, medication schedules or other health information stored in your ePA for 90 days after you insert your electronic health card in the card reader in our practice. You can deny or revoke access to all or certain documents by using the ePA smartphone app provided by your health insurance company, or ask your health insurance company to do so.

You can delete data from the ePA yourself using your smartphone app. Please note that deleting this information means that it will no longer be available within the ePA to other doctors in-volved in your care. In exceptional cases, you may also approach us to delete data on your. In such cases, we will ask you to confirm your request in writing.

If you have any further questions about the ePA, particularly about the security of your data and the use of the smartphone app, please contact your health insurance company directly.

We only store your personal data for as long as this is necessary for performing the treatment or we are legally obliged to do so. For example, we are obliged by law to keep treatment data for at least 10 years after the end of any treatment.

Longer storage periods may result from to other regulations, for example 30 years for x-ray images according to Sec. 28 (3) of the Röntgenverordnung [German X-Ray Ordinance].

The dentist treating you is generally subject to their professional confidentiality obligations regarding any information relating to your treatment, besides needing to comply with the provisions under data protection laws.

Your data will therefore only be passed on to any third parties insofar as that is permitted under the legal provisions or if you have given us your consent and, where necessary, have released your doctor of the obligation of confidentiality. If you make use of our private services and have given your consent, we will transmit your data to DZR Deutsches Zahnärztliches Rechenzentrum GmbH for invoicing.

Our digital medical history form on the website and the iPads in our surgeries is provided by synMedico GmbH. We have concluded a data processing agreement with synMedico GmbH to ensure compliant processing of your personal data.

To carry out the legally required drug therapy safety check, we will forward the required data to our service provider, ifap Service-Institut für Ärzte und Apotheker GmbH. We have concluded a data processing agreement with ifap Service-Institut für Ärzte und Apotheker GmbH to ensure compliant processing of your personal data. This safety check is carried out in order to recognise risks due to e.g. allergies, interactions between different drugs or contraindications of drugs, so that we may take them into account accordingly when prescribing or dispensing drugs for you.

As a precaution, we would like to point out that, in the context of your treatment, a disclosure of information will made between the various doctors or treatment teams employed by us to the extent that this is necessary for your treatment (since you will not always be treated by the same dentist/team). Insofar as we have no written release from the professional obligation to confidentiality, we assume your implicit consent, since this fact results from the practice proce-dure known to you.

Recipients of your personal data may be, in particular, other physicians, dental laboratories, health insurance associations, health insurance companies, the medical service of the health insurance, medical chambers and private medical settlement agents. The data will be transmit-ted predominantly for billing the services provided to you and for clarifying any medical and insurance-related issues. We might pass on your data to lawyers or service providers in order to secure or pursue payment claims. The legal basis for this is point (f) of Art. 6 (1) of the GDPR, since the transfer is based on our legitimate interest in enforcing our claim for remuneration.

Recipients of data may also be health authorities or other registration offices, such as e.g. the Cancer Register, to which we are obliged to report.

Our medical practice is also connected to the telematics infrastructure (TI). This TI is used to network health-care professionals and to use specialist medical applications. The technical oper-ation of the TI is carried out by the company Gesellschaft für Telematikanwendungen der Ge-sundheitskarte mbH (gematik)..

We make use of external service providers in our medical practice for various services in the field of IT, cleaning or waste disposal. Even if your data will not generally be passed on to these service providers, it cannot be excluded that they will gain knowledge of them. We commit all service providers to observe the professional medical secrecy obligations and to comply with the data protection regulations.

We process your data exclusively on our own servers and those of our service providers located in Germany.

In the context of our business relationship, we will collect personal data for the following purposes:

• Initiation and establishment of the contractual relationship;
• Performance of the contractual relationship;
• Preservation of proof for any post-contractual warranty and litigation claims;
• Payment transactions;
• Measures for building and facility security (e.g. access control);
• Business management measures and measures to improve internal processes and prod-ucts.

The following categories of personal data will be collected and processed:

• employee data (including name, (business) address, e-mail, phone, area of responsibility);
• communication data (e.g. e-mails, correspondence);
• if applicable, payment data (e.g. bank details);
• if applicable, billing data (e.g. tax number).

The legal basis for the above-described processing is the contractual relationship existing be-tween us or the initiation of such a relationship and thus point (b) of sentence 1 of Art. 6 (1) of the GDPR. Insofar as the contractual relationship exists with your employer, the processing will be made to safeguard our legitimate interest in the performance of the contract or the pur-chase order. The legal basis is thus point (f) of sentence 1 of Art. 6 (1) of the GDPR.

In the other cases mentioned, the processing takes place for the purpose of our interest in the processing described. The legal basis is thus point (f) of sentence 1 of Art. 6 (1) of the GDPR.

Insofar as statutory retention obligations or information obligations exist, the legal basis for processing arises from point (c) of sentence 1 of Art. 6 (1) of the GDPR.

We store the data for a period of three years. After such period, the processing will be restricted to the purpose of fulfilling statutory retention obligations. Once the statutory retention obli-gations (ten years for tax-relevant documents or six years for other business correspondence) have expired, the data will be erased in full.

For personal data used in contact management, we verify after the expiry of four years to the end of the respective calendar year whether further storage is necessary. If further storage is found not to be required, the data will be erased. Should we become aware of your departure from the company, we will immediately erase your contact details – insofar as they are not con-tained in documents (e.g. business correspondence) that are subject to a retention obligation – or update them upon your request if you provide us with new contact details.

Your personal data will be transferred to:

• the department in charge of your service;
• payment service providers;
• tax office;
• other service providers involved in the service (if necessary);
• fiscal authorities.

We will also transfer your data to third countries if and to the extent that such transfer is necessary for the performance of a contract with you or our business partner or for the conclusion or performance of a contract in the interest of the business partner. In this case, we will inform you in advance about the specific transfer to third countries.

We will also transfer your data to third countries if and to the extent that such transfer is necessary for the performance of a contract with you or our business partner or for the conclusion or performance of a contract in the interest of the business partner. In this case, we will inform you in advance about the specific transfer to third countries.

We use cookies on our website. If these cookies contain personal data, they are used on the basis of point (f) of Article 6 (1) of the GDPR, insofar as they are technically necessary cookies (e.g. the cookie that stores your consent). Our interest in optimising our website is to be regarded as justified within the meaning of the aforementioned regulation. The cookies which are absolutely necessary for the functioning of the website are stored according to the exception of § 25 (2) No. 2 TDDDG (Telecommunications Digital Services Data Protection Act). In other cases, the use is based on your consent, which you gave us in the consent banner when you first accessed the website and thus on Sec. 25 (1) of the TTDSG in conjunction with point (a) of Art. 6 (1) of the GDPR. You may withdraw your consent at any time by clicking on the “Customize data protection settings” link in the footer of this website.

Cookies are small files which your browser automatically creates and saves on your device (lap-top, tablet, smartphone etc.) when you visit our website. Cookies do not harm your device, contain no viruses, Trojan horses or other malware. Cookies store information resulting in connec-tion with the specifically used device. But, that does not mean that we gain direct knowledge of your identity through such cookies. Cookies are used, on the one hand, to make the use of our offer more convenient for you. We use temporary cookies that will be stored on your device for a specific period of time. If you visit our site again to use our services, we will automatically recognise that you have already been here and which entries and settings you made, so that you do not need to make them again.

Most browsers accept cookies automatically. However, you may configure your browser settings such that no cookies will be saved on your computer or that a notification will be displayed be-fore a new cookie is placed. If you fully deactivate cookies, you might not be able to use all functions of our website. The storage period of the cookies depends on their intended use and is not the same for all (see below).

Our website uses the cookies listed in the following table with the functions specified there. The storage period of the respective cookies is also listed in the table.

We have integrated street maps into our website which are provided by Mapbox, Inc, 740 15th Street, NW, 5th Floor, Washington DC 20005, US. In order to display these street maps, the technically necessary data is transferred to Mapbox - this is usually at least the following data

• Date and time of the visit to the website in question
• Internet address or URL of the website accessed
• IP address

We have no influence on the further processing and use of the data by Mapbox. However, you can find out more about this in Mapbox's privacy policy.

The legal basis for the integration of the street maps and the transmission of the technically required data to Mapbox is your consent and thus Article 6 (1) a GDPR. The legal basis for the cookies set by Mapbox is § 25 (1) TDDDG (Telecommunications Digital Services Data Protection Act) in conjunction with GDPR Article 6 (1) a. You may withdraw your consent at any time by clicking on the “Customize data protection settings” link in the footer of this website.

Mapbox process the data required to display the content on servers in the US. The transfer to the US takes place on the basis of the so-called Trans-Atlantic Data Privacy Framework, for which Mapbox maintains a valid certification. The transfer thus takes place on the basis of an adequacy decision by the EU Commission in accordance with Article 45 GDPR.

We have integrated YouTube videos into our website. YouTube is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

In order to protect your data, the videos will only be displayed if you have given your consent to the embedding of the external YouTube content. You may grant it either in the consent ban-ner, which is displayed when you first visit the website, or directly on the respective sub-page. A cookie will be placed on your device to store your consent or rejection. You may revoke your consent at any time by using the link “Change privacy settings” in the footer.

The videos are stored on http://www.YouTube.com and can be played directly from our website. They are integrated in ‘extended data protection mode’, i.e. Google will not link the infor-mation that you have played videos on our website to your YouTube profile in order to suggest further videos to you on YouTube or to use your data for advertising or market research purposes.

By playing the videos, YouTube is notified that you have accessed the corresponding sub-page of our website. In addition, the following data will be transferred as a minimum

• IP address;
• date and time of the request;
• time zone difference to Greenwich Mean Time (GMT);
• content of the request (specific page);
• access status/HTTP status code;
• respective data volume transferred;
• website from which the request originated;
• browser;
• operating system and its interface;
• language and version of the browser software.

This is the case regardless of whether YouTube provides a user account through which you are logged in or whether there is no user account. We have no control over Google's further pro-cessing of the data and, in particular, we cannot say what data processing is prevented by the extended data protection mode. If you are signed in to Google, your information may be associ-ated directly with your account. If you do not want this to be associated with your YouTube pro-file, you will need to log out before activating the button.

The legal basis for the transfer of the technically required data to YouTube is your consent and thus point (a) of sentence 1 of Art. 6 (1) of the GDPR. The legal basis for the cookies placed by YouTube is § 25 (1) TDDDG (Telecommunications Digital Services Data Protection Act) in con-junction with point (a) of Art. 6 (1) of the GDPR.

Google may process your personal data on servers in the USA. Any personal data transferred by Google to the US is transferred on the basis of the Trans-Atlantic Data Privacy Framework, for which Google maintains a certification. The transfer of your data therefore takes place on the basis of an adequacy decision by the EU Commission according to Article 45 GDPR.

The embedding of YouTube videos might cause other services of Google to be integrated as well, e.g. Google Fonts, Google Ads or Google Photos. Please see the privacy policy of YouTube for further information on the purpose and scope of data collection and processing by YouTube. There you will also find more information about your rights and settings to protect your privacy.

We use hyperlinks to the Internet offerings of the social networks Facebook and Twitter on our website on the basis of Article 6 (1) f GDPR in order to raise awareness for our company. The underlying purpose of advertising is to be regarded as a legitimate interest within the meaning of the GDPR. The responsibility for an operation in compliance with data protection laws must be ensured by their respective providers.

Especially in the areas of dental implants and orthodontics, we regularly place ads on third-party websites. In order to measure and analyse the success of these ads and thus of our investment, we have integrated advertising services on our website. These allow us to track the interaction of users on our website who have been directed to our website by an advertisement, as described below. In this way, we also want to ensure that our advertisements on the Internet are displayed as frequently as possible to users from whom we expect to receive increased interest in our offering or in an activity with us. These are either users who have already interacted with the corresponding subpages of our website, or users who are similar to these users – at least on the basis of their online profiles.

We have integrated a code snippet provided by Meta on our website that sets a cookie (the so-called Meta Pixel). This pixel enables Meta to track your visit to our site and the corresponding subpages as well as any actions you perform on our site, such as booking an appointment, and, if applicable, to associate them with your Facebook profile and other data Meta has about you. In this context, Meta will in particular record whether you have previously clicked on an ad placed by us on Facebook or other websites. You may be identified across different devices or brows-ers, as long as you are logged into them with your Facebook profile. This may also be the case if you do not currently have a Facebook window open in your browser. Using the so-called Conversions API directly on our web server, Meta also tracks which subpages are visited or actions are performed.

When we place ads with Meta, the Custom Audiences function enables us to determine which target groups and Facebook users they are displayed to. For example, we can set our ads to be displayed to users who have previously visited our website. We can also display our ads on ex-ternal websites of other providers to users who are similar to you based on the available data-base (so-called lookalikes). This function also enables us to measure the success of our adver-tisements and thus to use our advertising budget as sensibly as possible. The data collected by Meta is only visible to us in the form of anonymous reports and is only used for the placement of advertisements.

These Meta advertising services are only used if you have given your consent in our Consent Tool („Cookie Banner“). The legal basis for the processing of your data is thus GDPR Article 6 (1) a. The legal basis for the cookies set by Meta is § 25 (1) TDDDG (Telecommunications Digital Ser-vices Data Protection Act) in conjunction with GDPR Article 6 (1) a. You may withdraw your con-sent at any time by clicking on the “Customize data protection settings” link in the footer of this website.

The Meta Pixel, the Conversions API and Custom Audiences are provided by Meta Platforms Ire-land Ltd („Meta“), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. You have the option to prohibit Meta and its partners from displaying advertisements. To do so, you can edit the settings for Meta advertisements at the following link. For more information on how Meta processes your data, please see Meta’s privacy information.

We are jointly responsible with Meta for processing your data in connection with tracking your activity on our website and the advertisements we serve – but not for further processing by Meta. We have entered into a joint control agreement with Meta.

Meta has agreed to take care of the rights of data subjects insofar as Meta’s processing is con-cerned. Users may, for example, send information or requests for redress directly to Meta. However, your rights as a data subject (in particular to information, deletion, objection and complaints to the competent supervisory authority) are in no way restricted by our agreements with Meta.

Meta also processes your data in the US. Any personal data transferred by Meta to the US is transferred on the basis of the Trans-Atlantic Data Privacy Framework, for which Meta maintains a certification. The transfer of your data therefore takes place on the basis of an adequacy deci-sion by the EU Commission according to Article 45 GDPR.

We use the Google advertising service Conversions Tracking on this website. This means that Google sets a cookie on our website if you were directed to our website by a Google Ads ad. The cookie has a storage period of 30 days and allows us to track which ad you clicked on lead-ing you to our site, which subpages you visit on our website and what actions you perform there. In particular, we can see, for example, which services you have inquired about, whether you have booked an appointment, viewed a job advertisement or sent an application. We can also match canceled applications. Google may connect this data with an existing Google profile.

For us, this means that we can check which of our ads are successful. In addition, we can analyze and use this data to display appropriate advertising to you or so-called lookalikes (i.e. users who are similar to your Google profile) on other websites. IP addresses are not collected by Google.

Google Ads conversion tracking is only used if you have given your consent to this in our Consent Tool („Cookie Banner“). The legal basis for the processing of your data is thus GDPR Article 6 (1) a. The legal basis for the cookies set by Google is § 25 (1) TDDDG (Telecommunications Digital Services Data Protection Act) in conjunction with GDPR Article 6 (1) a. You may withdraw your consent at any time by clicking on the “Customize data protection settings” link in the footer of this website.

Google Ads is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dub-lin 4, Ireland. We have concluded a data processing agreement with Google to regulate the pro-cessing of your personal data by Google.

Google also processes your data in the US. Any personal data transferred by Google to the US is transferred on the basis of the Trans-Atlantic Data Privacy Framework, for which Google maintains a certification. The transfer of your data therefore takes place on the basis of an adequacy decision by the EU Commission according to Article 45 GDPR.

Except for the processing under 3.4 and 3.5, we will not pass on your data to recipients based outside the European Union or the European Economic Area.

In addition to the right to withdraw the consent that you have given us, you have the following additional rights if the respective legal requirements are met:

• Right of access to your personal data stored by us in accordance with Art. 15 of the GDPR; in particular, you may obtain information on the purposes for which your data are processed, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the origin of your data, if these have not been collected directly from you;

• Right to rectification of inaccurate or to completion of correct data in accordance with Art. 16 of the GDPR;

• Right to erasure of your data stored by us in accordance with Art. 17 of the GDPR insofar as no legal or contractual retention periods or other legal obligations or rights for further storage are to be observed;

• Right to restriction of the processing of your data in accordance with Art. 18 of the GDPR, insofar as you contest its accuracy, if its processing is unlawful, but you object to its erasure; the controller no longer needs the data, but you require it for the establishment, exercise or defence of legal claims or if you have objected against the processing in accordance with Art. 21 of the GDPR;

• Right to data portability in accordance with Art. 20 the GDPR, i.e. the right to receive selected data stored by us about you in a commonly used, machine-readable format, or to request the transmission of these data to another controller;

• Right to lodge a complaint with a supervisory authority. For this purpose, you may usually consult the supervisory authority of your customary place of residence or work, or our company headquarters.

You may object to data processing on grounds relating to your particular situation under the conditions of Art. 21 (1) GDPR.

The above general right to object to data processing shall apply to all processing purposes described in this privacy policy in which processing is done on the basis of point (f) of Article 6 (1) of the GDPR. In contrast to the special right to object intended for data processing for advertising purposes (cf. 3.3.3), we are only obliged to implement such a general objection under the GDPR if you provide us with grounds of overriding importance (e.g. a possible danger to life or health). In addition, you have the option to contact the supervisory authority responsible for MVZ Zahnkultur Berlin-Köpenick GmbH, i.e. Berliner Beauftragte für Datenschutz und Informationsfreiheit [Berlin Data Protection and Freedom of Information Officer].

Insofar as no details are given in this regard in the individual points above:

The duration of the storage of personal data depends on the respective legal retention period (e.g. medical, commercial and tax retention periods). This period is normally 3 years (e.g. in the case of the regular limitation period of contractual or medical liability claims) or 10 years (e.g. in the case of tax retention periods). In some cases, the retention period is 18 or 30 years (e.g. for chronic diseases). After expiry of the period, the corresponding data are routinely erased provided that they are no longer necessary for the performance of the contract or initiation of the contract and/or that there is no legitimate interest on our part in their further storage.

Last update: May 2025