Privacy & data protection

1. Privacy at a glance

General information

The following notes give a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you could be personally identified. Detailed information on data protection can be found in our full privacy policy linked from the German original.

Last updated: 04.05.2026

2. Data collection and processing

Health data (Art. 9 GDPR)

As a medical practice, we process special categories of personal data (health data) where necessary for diagnosis, preventive care, and treatment, in line with applicable law (including GDPR and German medical law).

Retention

We retain data in accordance with statutory retention periods for medical documentation (typically up to 10 years after the end of treatment, subject to applicable rules).

3. Hosting and processors

We use specialized processors that meet high security standards, including (as applicable):

• Google Cloud Run: website hosting (EU region)
• Cloudflare, Inc.: edge hosting for our bridge service between Tally and Brevo (Cloudflare Workers), plus DNS management for the domain; registered office in the USA, processing in the EU edge location (Frankfurt), EU Standard Contractual Clauses in place
• Tresorit AG: encrypted file upload (prior findings, medical letters); registered office in Switzerland, zero-knowledge encryption, adequacy decision EU-Switzerland
• PayPal (Europe) S.a.r.l. et Cie, S.C.A.: payment processing for advance fee payments (registered office in Luxembourg, EU)
• Tally Forms (Tally BV): digital intake forms (registered office in Belgium, EU, GDPR-compliant); form submits are passed to our Cloudflare Worker via webhook and transferred there into our CRM (Brevo); Tally uses SendGrid (Twilio Inc., USA) as a sub-processor for confirmation emails, legal basis for the US transfer: EU-US Data Privacy Framework
• meetergo / meetergo connect: scheduling and video visits
• IONOS SE: email hosting ([email protected], [email protected]), registered office in Germany, EU
• Brevo: email communication / newsletter
• Google Ireland Limited (Google Analytics): web analytics

4. Web analytics - Google Analytics 4

We use Google Analytics 4 (Google Ireland Limited, Dublin, Ireland) to analyse website use in an anonymised way. We use Google Consent Mode: analytics cookies are only set after you give consent. Without consent, no personal analytics data is collected.

Legal basis: Art. 6(1)(a) GDPR (consent). You can withdraw consent at any time by deleting cookies in your browser; on your next visit you may be asked again.

5. Cookies and consent

Cookies

Our site may use cookies. Cookies are small files stored on your device. They can be session-based or persistent.

Cookie banner

On your first visit, a banner lets you choose whether to allow anonymised analytics (Google Analytics 4). Options are “Accept” (analytics enabled) or “Decline” (no analytics; the site remains fully usable). Your choice is stored in a cookie and is not asked again on every visit until you clear cookies.

Strictly necessary cookies required for basic site operation may be set without consent (legal basis: Art. 6(1)(f) GDPR, legitimate interest).

6. Plugins and tools

meetergo & meetergo connect

We integrate scheduling from meetergo GmbH (Cologne, Germany). When you book, data is transmitted to meetergo. Video visits may use meetergo connect. See meetergo’s privacy information for details.

Tally

Digital intake forms may be provided via Tally (Belgium). Processing is designed to comply with GDPR requirements.

Tresorit File Requests

For secure uploads of prior findings and medical documents, we use Tresorit File Requests (Tresorit AG, Switzerland). Transfer is protected with zero-knowledge encryption, and Tresorit does not have access to file contents. The uploader verifies her email address, and no additional data is collected. More information is available in Tresorit's privacy notice.

Cloudflare Workers

We use Cloudflare Workers (Cloudflare, Inc.) as a technical bridge service between Tally and Brevo. The worker receives the intake form submission event from Tally, extracts name and email address, and transfers these to our CRM Brevo. Medical intake answers are intentionally not transferred to Brevo and remain in Tally. Processing takes place in the EU edge location (Frankfurt).

7. Your rights

You have the right to obtain information about the origin, recipients, and purposes of stored personal data, and to request correction or erasure where applicable, subject to legal retention duties.