Privacy Policy

1. Basics

This privacy policy informs you about the nature, scope, and purpose of the collection and use of personal data on the website hausarztpraxis-weende.de (hereinafter “Website”).

The protection of your personal data is particularly important to us as a medical facility. We treat your data confidentially and in accordance with the statutory data protection regulations, in particular the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and the Telecommunications-Telemedia Data Protection Act (TTDSG).

Definitions of the terms used (e.g., “personal data” or “processing”) can be found in Art. 4 GDPR.

2. Data Controller

The data controller for data processing on this website within the meaning of the GDPR is:

3. Hosting and technical provision

This website is hosted by the following provider:

The servers are located in Germany. Your data will not be transferred to third countries as part of the hosting.

The hosting provider is used on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in a reliable and secure provision of our website. A corresponding data processing agreement pursuant to Art. 28 GDPR has been concluded with the hosting provider.

4. SSL or TLS encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

5. Server log files

Each time you access our website, information is automatically collected in so-called server log files, which your browser automatically transmits. These are:

• Browser type and browser version
• Operating System Used
• Referrer URL (previously visited page)
• Hostname of the accessing computer
• IP address
• Date and time of the server request
• Transferred data volume

Legal basis: The processing is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. The collection of data is technically necessary for the operation of the website and serves to ensure system security.

Storage period: The server log files are automatically deleted after 7 days, unless longer storage is required for evidentiary purposes (e.g., in case of suspected abuse).

This data is not merged with other data sources.

6. Cookies and consent management

6.1 What are cookies?

Cookies are small text files that are stored on your device and that your browser saves. They serve to make our website more user-friendly and secure.

6.2 Technically necessary cookies

We use technically necessary cookies that are essential for the operation of the website. These cookies are set on the basis of § 25 para. 2 no. 2 TTDSG in conjunction with Art. 6 para. 1 lit. f GDPR without your consent.

The technically necessary cookies include in particular:

• Session cookies to manage your session
• Cookies to store your cookie preferences
• Language setting cookies (WPML): wp-wpml_current_language, _icl_visitor_lang_js
• Security cookies (Wordfence): wfwaf-authcookie, wordfence_verifiedHuman – used to protect the website from unauthorized access

6.3 Optional cookies

Cookies that are not technically necessary (e.g., for analysis or marketing) are only set with your express consent in accordance with § 25 para. 1 TTDSG in conjunction with Art. 6 para. 1 lit. a GDPR. When you first visit our website, you will be asked for your consent via a cookie banner.

You can revoke your consent at any time with effect for the future by calling up the cookie settings via the corresponding link in the footer of our website.

6.4 Manage cookies in your browser

You can set your browser so that you are informed about the setting of cookies, allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or generally, and activate the automatic deletion of cookies when closing the browser.

Please note that disabling cookies may limit the functionality of this website.

7. Online appointment booking

On our website, we offer you the possibility to book appointments online. For this we use the service of the following provider:

When using the online appointment booking, the following data is processed:

• Name and contact details
• Desired appointment and type of appointment
• If applicable, further information provided by you

Legal basis: The processing takes place for the implementation of pre-contractual measures in accordance with Art. 6 para. 1 lit. b GDPR as well as on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Storage period: The data will be transferred to our practice management system after the appointment has been made and will then be subject to the retention periods applicable to patient data (usually 10 years after completion of treatment in accordance with § 630f BGB).

A data processing agreement has been concluded with T2med in accordance with Art. 28 GDPR. The servers of T2med are located in Germany.

Further information on data protection at T2med can be found at: https://t2med.de/datenschutz/

8. Website Security (Wordfence Security)

We use the Wordfence Security plugin to protect our website from unauthorized access, brute-force attacks, malware, and other cyber threats. The provider is:

8.1 Processed Data

Wordfence processes the following data to ensure website security:

• IP addresses of website visitors
• Information about the device and browser used
• Time and type of access
• Information about failed login attempts

This data is used to detect suspicious activity and block potential attackers. IP addresses classified as harmless are placed on a whitelist, while suspicious IP addresses are placed on a blacklist.

8.2 Wordfence Cookies

Wordfence uses the following cookies:

• wfwaf-authcookie-[hash] – Allows the firewall to recognize logged-in users and grant them extended access. Visitors who are not logged in receive limited access to protected areas.
• wordfence_verifiedHuman – Used to distinguish between human visitors and automated bots.
• wf_loginalerted_[hash] – Only set for administrators to inform them about logins from new devices.

8.3 Legal Basis and Data Transfer to the USA

Legal basis: Processing is carried out on the basis of our legitimate interest in protecting our website from cyberattacks in accordance with Art. 6 Para. 1 lit. f GDPR. IT security constitutes a legitimate interest in accordance with Recital 49 of the GDPR.

Note on data transfer: Defiant, Inc. is based in the USA. Data (especially IP addresses) may therefore be transferred to the USA. The USA is considered a third country without an adequate level of data protection. We have concluded a data processing agreement (Data Processing Agreement) with Defiant, including the EU standard contractual clauses, to ensure an adequate level of data protection.

Storage period: The data collected by Wordfence is stored in accordance with the configured settings and automatically deleted after the set period has expired.

Further information on data protection at Wordfence can be found at:

• Privacy policy: https://www.wordfence.com/privacy-policy/
• Terms of use: https://www.wordfence.com/terms-of-use/
• GDPR information: https://www.wordfence.com/help/general-data-protection-regulation/

9. Fonts (Google Fonts – locally hosted)

This website uses so-called web fonts for the uniform display of fonts. The Google Fonts are installed locally on our server. A connection to Google’s servers does not take place.

Due to the local integration, no data is transferred to Google. The use is in the interest of a uniform and appealing presentation of our website in accordance with Art. 6 para. 1 lit. f GDPR.

10. Multilingualism (WPML)

This website uses the WPML translation plugin to offer content in multiple languages. The provider is:

WPML uses technically necessary cookies to save your selected language setting:

• wp-wpml_current_language – saves the currently selected language
• _icl_visitor_lang_js – saves the language last used by the visitor

Legal Basis: These cookies are technically necessary for the multilingual functionality of the website and are set without consent on the basis of Section 25 (2) No. 2 TTDSG in conjunction with Art. 6 (1) lit. f GDPR.

No personal data is transferred to WPML or OnTheGoSystems. The language settings are stored exclusively locally in your browser.

Further information on data protection at WPML can be found at: https://wpml.org/documentation/privacy-policy-and-gdpr-compliance/

11. Linking to social networks

On our website there are links to social networks (Facebook). These links are integrated as simple hyperlinks.

By merely displaying our website, no data is transferred to the social networks. Only when you click on the corresponding link will you be redirected to the external page of the provider. The data protection regulations of the respective provider apply there.

Further information on data protection at Facebook can be found at: https://www.facebook.com/privacy/policy/

12. Contacting us by email

If you contact us by e-mail, your details, including the contact details you provide, will be stored by us for processing your request and in the event of follow-up questions.

Legal basis: The processing takes place for the implementation of pre-contractual measures or for the fulfillment of the contract in accordance with Art. 6 para. 1 lit. b GDPR or on the basis of our legitimate interest in answering your request in accordance with Art. 6 para. 1 lit. f GDPR.

Storage period: The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected and there are no legal storage obligations to the contrary.

13. Special notes for patient data

As a medical practice, we process special categories of personal data (health data) in accordance with Art. 9 GDPR as part of the treatment. This processing takes place:

• for the execution of the treatment contract (Art. 9 para. 2 lit. h GDPR in conjunction with § 22 para. 1 no. 1 lit. b BDSG)
• on the basis of your express consent, if required (Art. 9 para. 2 lit. a GDPR)

The processing of patient data does not take place via this website, but exclusively within the framework of our practice administration and is additionally subject to medical confidentiality in accordance with § 203 StGB.

14. Your rights as a data subject

You have the following rights towards us with regard to your personal data:

• Right to information (Art. 15 GDPR): You can request information about your personal data processed by us.
• Right to rectification (Art. 16 GDPR): You can request the correction of incorrect data or the completion of incomplete data.
• Right to erasure (Art. 17 GDPR): You can request the deletion of your data, provided that there are no legal storage obligations to the contrary.
• Right to restriction of processing (Art. 18 GDPR): Under certain conditions, you can request the restriction of the processing of your data.
• Right to data portability (Art. 20 GDPR): You can request to receive your data in a structured, common and machine-readable format.
• Right to object (Art. 21 GDPR): You can object to the processing of your data at any time if the processing is based on Art. 6 para. 1 lit. f GDPR.
• Right to withdraw consent (Art. 7 para. 3 GDPR): You can withdraw your consent at any time with effect for the future.
• Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority.

To exercise your rights, please contact: [email protected]

15. Responsible supervisory authority

The data protection supervisory authority responsible for us is:

16. Timeliness and amendment of this privacy policy

This data protection declaration is currently valid and has the status indicated below.

Due to the further development of our website or due to changed legal or official requirements, it may be necessary to change this data protection declaration. The current data protection declaration can be accessed on this website at any time.

Status: December 2025