Data protection

Introduction and terms

1. introduction

With the operation of our website www.dr-nabavi.de (hereinafter referred to as the "website"), we process personal data. We treat this data confidentially and process it in accordance with the applicable laws - in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG-neu). With our privacy policy, we want to inform you which personal data we collect from you, for what purposes and on what legal basis we use it and, if applicable, to whom we disclose it. In addition, we will explain to you what rights you have to protect and enforce your data privacy.

2. terms

Our data protection provisions contain technical terms that are used in the GDPR and the new BDSG. For your better understanding, we would like to explain these terms in simple terms in advance:

2.1 Personal data
"Personal data" means any information relating to an identified or identifiable person (Art. 4 No. 1 GDPR). Details of an identified person can be, for example, their name or email address. However, personal data is also data for which the identity is not immediately apparent, but can be determined by combining your own or third-party information to find out who the person is. A person can be identified, for example, by providing their address or bank details, their date of birth or user name, their IP addresses and/or location data. All information that can be used to identify a person in any way is relevant here.

2.2 Processing
Art. 4 No. 2 GDPR defines "processing" as any operation relating to personal data. This applies in particular to the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

Responsible company

3. responsible person

Responsible for data processing is:

Company: Dr Neda Nabavi ("we")
Legal representative: Dr Neda Nabavi (Owner)
Address: Ballindamm 3, 20095 Hamburg
Phone: +49 (0)40 87 97 999 77
Fax: +49 (0)40 87 97 999 78
e-mail: info(at)dr-nabavi.de

Processing frame

4. processing framework: Website

As part of the website with the URL www.dr-nabavi.de we process the personal data from you listed in detail in section 5 below. We only process data that you actively provide on our website (e.g. by filling in forms) or that you automatically provide when using our website.

Your data will be processed exclusively by us and will not be sold, lent or passed on to third parties. If we use the help of external service providers to process your personal data, this is done within the framework of so-called order processing, in which we as the client are authorised to issue instructions to our contractors. We use external service providers to operate our website for hosting, maintenance, care and further development. If other external service providers are used for individual processing operations listed in section 5, they will be named there.

Data transfer to third countries does not take place and is not planned. We will provide information about exceptions to this principle in the processing described below.

The processing in detail

5. provision of the website and server log files

5.1 Description of the processing
Each time you visit the website, we automatically collect information that your browser transmits to our server. This information is also stored in the so-called log files of our system. This involves the following data:

• Your anonymised IP address: the last two digits of the visitor IP are shortened, IP 11.22.33.44 becomes 11.22.0.0

The temporary storage of your IP address by the system is necessary in order to be able to deliver our website to the user's end device. For this purpose, the user's IP address must remain stored for the duration of the session. However, your IP address is not recorded in our log files.

5.2 Purpose
The processing is carried out to enable the website to be accessed and to ensure its stability and security. In addition, the processing serves to statistically analyse and improve our online offering.

5.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 6.2.

5.4 Storage period
The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. The log files are deleted after 30 days.

6. contact form and contact by e-mail

6.1 Description of the processing
We have provided a contact form on our website for contacting us. In this form, you are asked to enter your e-mail address, your name and a message to us. When you click the "Send" button, the data is transmitted to us using SSL encryption (see section 12). The contact form can only be transmitted if you accept our privacy policy by clicking on the corresponding checkbox. You can also contact us via the e-mail addresses provided on the website. In this case, the user's personal data transmitted with the e-mail will be processed by us.

6.2 Purpose
By providing a contact form on our website, we want to offer you a convenient way to get in touch with us. The data transmitted with and in the contact form or your e-mail will be used exclusively for the purpose of processing and responding to your enquiry.

6.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 7.2. If the e-mail contact is aimed at the conclusion or fulfilment of a contract, the data processing is carried out for the fulfilment of the contract (Art. 6 para. 1 lit. b GDPR).

6.4 Storage period
We will delete the data as soon as it is no longer required to fulfil the purpose for which it was collected. This is usually the case when the respective communication with you has ended. Communication is ended when it can be inferred from the circumstances that your request has been conclusively clarified. If statutory retention periods prevent deletion, the data will be deleted immediately after the statutory retention period has expired.

7. cookies

7.1 Description of the processing
Our website uses cookies. Cookies are small text files that are stored on the user's device when they visit a website. Cookies contain information that makes it possible to recognise an end device and possibly certain functions of a website. In most cases, we only use so-called "session cookies". These are automatically deleted when you end your internet session and close the browser. Other cookies remain stored on your end device for a longer period of time. We use the following cookies on our website:

• Cookie name: _ga (Provider: dr-nabavi.de)

  Purpose/function: Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

  Storage period: 2 years

• Cookie name: _gat (Provider: dr-nabavi.de)

  Purpose/function: Used by Google Analytics to limit the request rate.

  Storage period: This cookie expires at the end of the browser session.

• Cookie name: _gid (Provider: dr-nabavi.de)

  Purpose/function: Registers a unique ID that is used to generate statistical data on how the visitor uses the website

  Storage period: This cookie expires at the end of the browser session.

• Cookie name: r/collect (Provider: doubleclick.net)

  Purpose/function: Not classified

  Storage period: This cookie expires at the end of the browser session.

7.2 Purpose
We use cookies to make our website more user-friendly and to offer the functions described in section 10.1.

7.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 10.2.

7.4 Storage period
Cookies are automatically deleted at the end of a session or at the end of the specified storage period. As cookies are stored on your end device, you as the user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, individual functions of our website cannot be used or can only be used to a limited extent.

8th Newsletter

8.1 Description of the processing
We send out a newsletter at irregular intervals. The newsletter informs you about treatment options at the practice of Dr Neda Nabavi. You will only receive our newsletter if you actively subscribe to our mailing list. You can subscribe by completing and submitting a newsletter registration form on our website.

Only your e-mail address is required to subscribe to the newsletter. All other details (such as your first name and surname) are voluntary and are used solely to personalise the emails.

We use the so-called double opt-in procedure to carry out and verify newsletter registrations. Registration takes place in several steps. Firstly, you register for the newsletter on our website. You will then receive an e-mail from us at the e-mail address you have provided. In this e-mail, we ask you to confirm that you have actually registered for the newsletter and wish to receive it. Confirmation takes place by clicking on a confirmation link in the e-mail. Only after successful confirmation will we add you to our newsletter mailing list and send you future e-mails. As part of the double opt-in procedure, we store the date, time and your IP address both when you register and when you confirm.

8.2 Purpose
The processing takes place in order to offer the newsletter function and to be able to send newsletter emails to subscribers. The collection and storage of the date, time and IP addresses when subscribing to the newsletter serves to document the consent given and to protect against the misuse of email addresses.

8.3 Legal basis
The processing of our subscriber newsletter is based on consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time on our website at seu2.cleverreach.com/f/173628-170400/wwu/ revoke your consent. Your consent is voluntary. The collection and storage of date, time and IP addresses when registering for the newsletter is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 11.2.

8.4 Storage period and revocation of consent
If you do not confirm your subscription to our newsletter within 24 hours of receiving the corresponding registration email, your data will be automatically deleted. We process your personal data for the duration of your newsletter subscription. You can cancel your subscription to our newsletter at any time by revoking your consent. A simple declaration is sufficient for this (by e-mail to info@dr-nabavi.de, by post to Dr Neda Nabavi, Ballindamm 3, 20095 Hamburg or by fax to +49 (0)40 87 97 999 78). You can also unsubscribe from the newsletter by clicking on the unsubscribe link in every newsletter e-mail or here. If you withdraw your consent, we will no longer send you newsletters and your personal data will be removed from our active mailing list. We will add your e-mail address to our so-called black list to a limited extent in order to enforce your cancellation. This enables us to ensure that you do not receive any newsletters from us in future and that your e-mail address is not misused by third parties.

8.5 Recipients and transfer to third countries
We use the services of the newsletter provider CleverReach to manage our newsletter mailing list and to send emails. This takes place within the framework of order processing. CleverReach is an offer from CleverReach GmbH & Co. KG, Mühlenstraße 43, 26180 Rastede, Germany.

9. google maps

9.1 Description of the processing
Our website uses "Google Maps", a service for displaying maps provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). We use Google Maps by embedding a map with our business address on our website. The map is loaded directly from a Google server. In order for this to happen, your browser sends a request to a Google server. As a result, your IP address may also be transmitted to Google in connection with the address of our website. However, Google Maps does not store any cookies on your end device. If you are logged in to Google when you visit our site, Google Maps assigns this information to your Google user account. Google stores your data as user profiles and uses them for advertising purposes, market research and/or the customised design of Google websites. You have the right to object to the creation of these user profiles; to exercise this right, you must contact Google directly. Further information on data protection at Google can be found at http://www.google.com/intl/de-DE/policies/privacy/.

9.2 Purpose
The processing takes place in order to be able to show you an interactive map on our website.

9.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 19.2.

9.4 Recipients and transfer to third countries
Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework.

10. google analytics

10.1 Description of the processing
Our website uses "Google Analytics", a web analytics service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). Google Analytics uses cookies (see section 7), which enable your use of our website to be analysed. We use Google Analytics in the "Universal Analytics" version offered, which allows this analysis across devices by assigning the data to a pseudonymous user ID. The information generated by the cookie is usually transferred to a Google server in the USA and stored there. However, we only use Google Analytics with IP anonymisation. This means that your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. The statistics compiled by Google Analytics record in particular how many users visit our website, the country or location from which access is made, which subpages are accessed and which links or search terms visitors use to reach our website. You can find the Google Analytics terms of use at www.google.com/analytics/terms/de.html. An overview of data protection at Google Analytics can be found at www.google.com/intl/de/analytics/learn/privacy.html retrievable. Google's privacy policy can be found at www.google.de/intl/de/policies/privacy view.

10.2 Purpose
The processing takes place in order to be able to analyse the use of our website. The information obtained is used to improve and customise our online presence.

10.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 20.2.

10.4 Storage period and right to object
We have explained the storage period as well as your control and setting options for cookies in section 7. You can object to data processing by Google Analytics at any time by using the form provided by Google at tools.google.com/dlpage/gaoptout to download and install the browser add-on provided. Alternatively, you can click on the following link. This will place an opt-out cookie on your device, which will prevent the collection of your data on future visits to this website: