We handle your health and contact data with the utmost care – transparently, in accordance with the GDPR and professional confidentiality.

Controller within the meaning of the GDPR:

Derm4hair, Dr. N. Ben-Anaya, Lehmweg 6, 20251 Hamburg.

We process your data exclusively for the following purposes: treatment contract (Art. 9(2)(h) GDPR), appointment scheduling, billing, statutory retention obligations (§ 630f BGB, 10 years).

Categories: master data, contact data, health data (diagnoses, findings, therapies), billing data.

Recipients & disclosure

Your data is only disclosed to: private medical billing centres with your consent, laboratories (anonymised or pseudonymised where possible), tax advisors within the scope of statutory obligations.

Booking services:

Bei Online-Terminbuchung über Doctolib werden Name, Kontaktdaten und Terminanfrage an Doctolib SAS, 54 quai Charles Pasqua, 92300 Levallois-Perret übertragen (Auftragsverarbeitung Art. 28 DSGVO).

Hosting: servers in Germany/EU, TLS encryption, regular backups.

Your rights

You have the right at any time to access (Art. 15), rectification (Art. 16), erasure (Art. 17, insofar as statutory retention does not preclude it), restriction (Art. 18), data portability (Art. 20) and objection (Art. 21).

Please address complaints to: Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit, Ludwig-Erhard-Str. 22, 20459 Hamburg.

Retention period:

Patient data 10 years after the last treatment (§ 630f BGB), accounting 10 years (§ 147 AO), contact enquiries without a treatment contract up to 6 months.