Privacy Policy
Protecting your personal data matters to us. Below we inform you about the processing of your data in accordance with the GDPR. (The legally binding text is the German version.)
1. Controller
The controller within the meaning of the GDPR is: Dr. Daniel Zeiß GmbH Niedenau 36, 60325 Frankfurt am Main Email: praxis@danielzeiss.de · Phone: 069 34868114
TODO(Praxis): Falls ein Datenschutzbeauftragter bestellt ist, dessen Kontaktdaten hier ergänzen. — Add the data protection officer’s contact details if one has been appointed.
2. Medical confidentiality & health data
As a medical practice we are bound by medical confidentiality. Your health data (e.g. histories, diagnoses, findings) is processed to fulfil the treatment contract on the basis of Art. 9(2)(h) GDPR in conjunction with § 22 BDSG, and treated strictly confidentially.
3. Data collected when visiting the site
When you access our website, your browser automatically transmits information that is stored in server log files: IP address, date and time, requested resource, browser type and version, operating system, referrer URL. The legal basis is our legitimate interest in secure, functional operation (Art. 6(1)(f) GDPR).
These log files are also the sole source for our reach measurement — see section 6.
4. Contact form and email
If you contact us via the form or by email, we process the data you provide (name, contact details, request) to handle your enquiry. Legal basis: Art. 6(1)(b) and (a) GDPR. Please do not transmit sensitive health data via the form.
5. No cookies, no tracking, no consent banner
This website sets no cookies at all — neither technically necessary nor optional ones. It therefore needs no cookie banner and no consent prompt. Nothing is stored in your browser (no localStorage, no sessionStorage).
No JavaScript tracker is embedded. We use no advertising, marketing or profiling services and transmit no data to third parties for such purposes.
All content — fonts (Lato), images, scripts and stylesheets — is served from our own server. Opening our pages establishes no connection to content delivery networks, Google Fonts, map, video or social media services. Where we point to external offerings (e.g. streaming services, app stores), we do so exclusively with plain links: data is only loaded there once you deliberately click through.
6. Reach measurement (Matomo, log-based)
For reach measurement we use Matomo, open-source analytics software that we host ourselves on our own server in Germany. No data is passed on to the vendor or to any other third party.
Matomo is used exclusively in log-import mode: it evaluates only the server log files that arise anyway (see section 3). No counting pixel and no JavaScript tag is embedded in the page, no cookie is set, and no cross-device recognition takes place. IP addresses are anonymised by Matomo before they enter the analysis.
The purpose is the statistical evaluation of page usage in order to improve our offering. The legal basis is our legitimate interest in data-minimising reach measurement (Art. 6(1)(f) GDPR). As no information is stored on or read from your device, no consent under § 25 TDDDG is required.
7. Hosting
Our website is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. The servers are located in Germany. A data processing agreement pursuant to Art. 28 GDPR is in place.
8. Storage period
We store personal data only for as long as necessary for the respective purposes or as required by statutory retention obligations (e.g. retention of patient records).
TODO(Praxis): Konkrete Speicherfristen ergänzen (Server-Logfiles, Matomo, Kontaktanfragen). — Add concrete retention periods.
9. Your rights
You have the right to information, rectification, erasure, restriction of processing, data portability and objection. You can withdraw any consent given at any time with effect for the future.
10. Right to complain
You have the right to lodge a complaint with a data protection supervisory authority, in particular in the place of your residence, workplace or the alleged infringement.
11. SSL/TLS encryption
For security reasons this site uses SSL/TLS encryption. You can recognise an encrypted connection by the “https://” in your browser’s address bar.
12. Changes
We reserve the right to adapt this privacy policy so that it always complies with current legal requirements. The respective current version applies.
TODO(Praxis): Diese Datenschutzerklärung ist ein Entwurf und wurde NICHT juristisch geprüft. — This privacy policy is a draft and has NOT been reviewed by a lawyer. Have the practice’s legal counsel review and approve it before launch, in particular sections 2, 5/6 and 8.