01 Data controller
The controller responsible for data processing on this website within the meaning of the GDPR is:
- Practice
- Praxis Dr. Mücke
- Address
- Wilhelmstraße 40–42, 53111 Bonn, Germany
- Represented by
- Prof. Dr. med. Martin Mücke
- Phone
- +49 (0) 228 651 301
- [email protected]
02 General information on data processing
As a rule, we only process the personal data of our users to the extent necessary to provide a functioning website as well as our content and services. Processing is generally carried out only with the consent of the data subject or on the basis of a legal permission.
Legal bases
- Article 6 (1) (a) GDPR – consent of the data subject
- Article 6 (1) (b) GDPR – performance of a contract or pre-contractual measures
- Article 6 (1) (f) GDPR – protection of legitimate interests
Storage period
Personal data is deleted as soon as the purpose of storage no longer applies or a statutory retention period expires.
03 Provision of the website & server log files
Each time our website is accessed, our hosting provider automatically collects data and information transmitted by your browser. These are generally:
- browser type and version as well as the operating system used
- date and time of access
- the page or file accessed and the amount of data transferred
- anonymised or shortened IP address
The legal basis is Article 6 (1) (f) GDPR. Our legitimate interest lies in the technically error-free presentation and the security of our website.
04 Contact form & contact by email
If you contact us via the contact form or by email, the data you provide (e.g. name, contact details and your enquiry) will be stored in order to process your request. We do not pass on this data without your consent.
Processing is carried out on the basis of Article 6 (1) (b) GDPR if your enquiry relates to treatment or pre-contractual measures, and otherwise on the basis of your consent (Article 6 (1) (a) GDPR).
Please note: Do not send sensitive health data via the contact form. For medical matters, please use the telephone or the practice's secure communication platform.
05 Fonts
This website uses only fonts that are embedded directly within the website and loaded from the same server as the website itself. No fonts are loaded from external servers. No transfer of your data to third parties takes place as a result.
06 Map service (OpenStreetMap)
To display our location in the "How to find us" section, we embed an interactive map provided by the OpenStreetMap service. The provider is the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom.
The map is not loaded automatically. It is only displayed after you have actively clicked the "Load map" button (a so-called two-click solution). Only with this click do you consent to the data transfer in accordance with Article 6 (1) (a) GDPR. When the map is loaded, a connection to the OpenStreetMap servers is established and your IP address is transmitted.
Further information can be found in the OpenStreetMap privacy policy at osmfoundation.org/wiki/Privacy_Policy.
07 Images & graphic elements
The graphic backgrounds and design elements of this website are rendered entirely by the browser and generated without loading data from external servers. No transfer of your data to third parties takes place as a result.
08 Online appointment booking & digital enquiries
The practice uses external service providers for online appointment booking and for digital enquiries. When you use these services, your data is transmitted to the respective provider and processed there as a processor acting solely on our instructions.
Doctolib
On our website you have the option to book appointments with us. For appointment booking we use Doctolib. The provider is Doctolib GmbH, Mehringdamm 51, 10961 Berlin (hereinafter “Doctolib”).
For the purpose of booking an appointment, you enter the requested data and your preferred date into the form provided. The data entered is used for the planning, conduct and, where applicable, the follow-up of the appointment. Our entire appointment scheduling is carried out via Doctolib, not only the appointments booked online. The appointment data is stored on Doctolib’s servers on our behalf; you can view its privacy policy at doctolib.de/terms/agreement.
The data you enter remains with us until you ask us to delete it, withdraw your consent to storage, or the purpose for storing the data no longer applies. Mandatory statutory provisions – in particular retention periods – remain unaffected.
The legal basis for the data processing is Art. 6(1)(f) GDPR. The website operator has a legitimate interest in making appointment scheduling with interested parties and patients as straightforward as possible. Where consent has been requested, the legal basis for the processing is Art. 6(1)(a) or Art. 9(1)(a) GDPR; consent can be withdrawn at any time.
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required under data protection law which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
medflex services
To offer you an optimised service for managing enquiries and appointments, we use the enquiry management system of medflex GmbH. This system enables us to handle contacts and calendars efficiently. In addition, our patients can conveniently submit enquiries and book appointments online via the website or by telephone. In this context, medflex GmbH (Reichenaustraße 39a, 78467 Konstanz) acts exclusively as our processor pursuant to Art. 28 GDPR.
medflex GmbH processes all data in strict compliance with current data protection regulations and applies the highest security standards. Processing is carried out exclusively on our instructions.
For the effective management of your enquiries and appointments, the following information is recorded in the medflex system: first and last name, date of birth, telephone number, email address and information about your request (e.g. chat messages, preferred appointments). The exact scope of the data processed depends on the details you provide yourself in the course of your use.
Your data is collected for the purpose of enquiry and appointment management, as has previously been customary in our practice. The legal basis for processing your data is Art. 6(1)(b) GDPR (performance of the treatment contract), Art. 6(1)(a) GDPR (consent for appointment reminders via SMS and email) and Art. 9(2)(h) GDPR in conjunction with Section 22(1)(1)(b) BDSG (purposes of health care).
As the controller responsible for the data processing, we ensure that no disclosure of your data by medflex to commercial providers takes place. medflex GmbH and its employees are obliged to maintain confidentiality and are subject, like our practice staff, to the duty of confidentiality under Section 203 of the German Criminal Code (StGB). A separate release from the duty of confidentiality is not required.
With your consent, we would like to remind you of your appointments by SMS and/or email using the medflex system in order to reduce missed appointments. You can withdraw this consent at any time with effect for the future. If you no longer wish to receive reminders in the future, please let us know and we will deactivate this function immediately.
Online appointment booking
To use online appointment booking, it may be necessary to create a user account in the medflex system. The legal basis for processing your data in the context of online appointment booking is Art. 6(1)(b) GDPR (performance of the treatment contract) and Art. 9(2)(h) GDPR (purposes of health care).
Appointment booking button
On our website we have integrated the option to book appointments online via the medflex system. When you click the “Book appointment” button, you are redirected to a corresponding booking page where you can make an online appointment. With the redirection you leave the area of our website and reach the medflex appointment booking system, which is operated on our behalf.
Smart telephone assistant
To extend our telephone capacity and to support our staff in handling your requests, we have set up a digital telephone assistant. This assistant takes your calls when our practice team is currently unavailable or the line is busy.
- The assistant conducts a simple interactive dialogue to record your personal data and your request in a structured way.
- The contents of the call are recorded, transcribed and presented clearly for our practice team.
- This enables our team to handle your requests efficiently, e.g. by SMS or callback, based on the information you provide.
- The recordings are automatically deleted after 105 days. This period results from the quarterly billing requirements of medical institutions, in order to be able to verify services rendered for billing purposes.
The processing of data by the telephone assistant is likewise carried out on the basis of Art. 6(1)(b) GDPR (performance of the treatment contract) and, where applicable, Art. 9(2)(h) GDPR (health care), as it serves the purpose of booking appointments and handling medical enquiries.
As a data subject, you have the following rights regarding the processing of your data by our practice team and our processors: the right to information, rectification, erasure, restriction of processing, data portability and objection. In addition, you have the right to withdraw any consent given at any time, as well as the right to lodge a complaint with a supervisory authority.
Simpleprax – data collection & digital signing of patient forms
The Simpleprax software is provided and technically maintained on a processor basis by Simpleprax UG (haftungsbeschränkt), Stieglitzgasse 24, 85551 Kirchheim bei München (simpleprax.com) (hereinafter “Simpleprax”). Using Simpleprax, you have access to practice forms and can complete and sign them digitally.
To use Simpleprax, you must open a link that we provide to you. Registration is not necessary.
As part of your use of Simpleprax, your personal and medical data is made available on a secured central server in the Simpleprax data centre in Frankfurt am Main, Germany. The personal and medical data collected is transmitted end-to-end and TLS-encrypted and stored encrypted, separately from all other file types. The encrypted personal and/or medical data of a patient can be decrypted exclusively by their treating physician, provided this data was made available via that physician. The legal basis for storing this data is Art. 6(1)(1)(a) GDPR.
You can view the Simpleprax privacy policy at simpleprax.com/legal/privacy/anamnese.app.
09 Your rights as a data subject
With regard to the processing of your personal data, you have the following rights:
- right of access (Article 15 GDPR)
- right to rectification (Article 16 GDPR)
- right to erasure (Article 17 GDPR)
- right to restriction of processing (Article 18 GDPR)
- right to data portability (Article 20 GDPR)
- right to object to processing (Article 21 GDPR)
- right to withdraw consent already given (Article 7 (3) GDPR)
To exercise your rights, an informal message to the controller named under point 01 is sufficient.
10 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority if you consider that the processing of your personal data infringes the GDPR. The competent authority is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia.