Privacy policy

Privacy Policy

1. Introduction

With this privacy policy, we inform you about which personal data we process, for what purposes, and to what extent. This privacy policy applies to all data processing activities we conduct, particularly on our website, in our practice, and within external online presences such as social media profiles.

2. Controller

Dental Practice
Dr. med. dent. Nicole Horvath
Dr. med. dent. Sebastian Horvath
Dr. med. dent. Domonkos Horvath
Bahnhofstraße 24, 79798 Jestetten, Germany
Email: kontakt@drhorvath.de
Phone: +49 7745 7211
Imprint: www.drhorvath.de/impressum/

3. Data Protection Officer

Email: datenschutz@drhorvath.de

4. Types of Processed Data

• Basic data (e.g., names, addresses)
• Contact details (e.g., email, phone number)
• Content data (e.g., text entries in online forms)
• Usage data (e.g., visited websites, access times)
• Meta/communication data (e.g., IP addresses, browser information)
• Contract data (e.g., treatment details, invoices)
• Payment data (e.g., invoice amounts, payment methods)
• Special categories of personal data (health data under Art. 9(1) GDPR)

5. Purposes of Processing

• Provision of the website and optimization of user experience
• Appointment scheduling and patient communication
• Responding to inquiries (via phone, email, WhatsApp, contact form)
• Payment processing
• Advertising, analysis, and remarketing
• Security measures (including video surveillance)

6. Legal Bases for Processing

• Consent (Art. 6(1)(a) GDPR)
• Contract performance and pre-contractual measures (Art. 6(1)(b) GDPR)
• Legal obligation (Art. 6(1)(c) GDPR)
• Legitimate interest (Art. 6(1)(f) GDPR)

7. Data Transmission to Dental Laboratories

As part of dental treatment, we collaborate with external dental laboratories to create customized dental prosthetics, aligners, and other dental products for our patients. Relevant patient data is transmitted exclusively via our own secure server. This processing is based on the fulfillment of the treatment contract (Art. 6(1)(b) GDPR) and medical care (Art. 9(2)(h) GDPR).

8. Hosting and Security

Our website is hosted by Kinsta and uses Cloudflare for speed optimization and security. We implement technical and organizational security measures to protect your data.

9. Contact and Communication

• Contact Form: Data entered is processed on the website and sent to us via email. Consent is required before submission. Sensitive data should not be transmitted via the contact form.
• Email Communication: We operate our own email server, and emails are stored within the EU. Please do not send sensitive data via email.
• WhatsApp Business: Please note that WhatsApp transfers data to Meta (USA). We recommend not sending sensitive data via WhatsApp.

10. Web Analytics and Marketing

We use Google Analytics via Google Tag Manager, with IP anonymization enabled. You can opt out of Google Analytics tracking: Opt-Out Link.

We also use Google Ads and Facebook/Instagram Ads for conversion tracking and remarketing. You can opt out here:

• Google: adssettings.google.com
• Meta (Facebook/Instagram): www.facebook.com/adpreferences/ad_settings

11. Video Surveillance

We operate video surveillance inside and outside our premises for security purposes. Recordings are stored for 30 days and then deleted unless required for evidence. Treatment rooms are excluded from surveillance.

12. Your Rights as a Data Subject

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection to processing (Art. 21 GDPR)

13. Supervisory Authority

Competent data protection supervisory authority:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Email: poststelle@lfdi.bwl.de

14. Changes to this Privacy Policy

This privacy policy may be updated to reflect legal changes or adjustments to our data processing activities. Please check this page regularly.