• About Us

Language
Patient Information on Data Protection

According to the EU General Data Protection Regulation (GDPR)

Dear Patient,
The protection of your personal data is very important to us. We want you to feel safe and well looked after in our practice – this also applies to the handling of your data. According to the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG), we are obliged to inform you about the purpose for which our practice collects, stores, or transmits data. The following information also tells you what rights you have in the area of data protection.

1. Responsibility for data processing
The controller for data processing within the meaning of the GDPR is:

Dr. med. Sophie-Isabelle Karg & Dr. med. Sussan Rosenthal
Theatinerstr. 31
80333 Munich
Phone: 089 33066581
Email: Sophie.karg@drsophiekarg.de
Website: www.drsophiekarg.de

2. Data Protection Officer
Note: There is an obligation to appoint a data protection officer if at least 20 people are regularly involved in the automated processing of personal data (§ 38 BDSG).

3. Purpose of data processing
Your personal data is processed for the fulfillment of the treatment contract between you and your attending physician, as well as due to legal requirements. For this purpose, we process your data in particular for the following purposes:

3.1 Medical treatment and documentation

  • Collection and storage of your master data (name, date of birth, address, contact details, insurance data)
  • Collection and documentation of your health data (anamnesis, diagnoses, findings, allergies, medication)
  • Creation of therapy plans, treatment documentation, and surgical reports
  • Photo documentation (before/after images) for medical purposes
  • Video documentation of surgical procedures (e.g., hair transplantation)
  • Laboratory requests and findings management
  •  Creation of doctor's letters and referrals

3.2 Dermatological treatments

  • Documentation of skin findings including dermatoscopy and digital epiluminescence microscopy
  • Progression documentation for chronic skin diseases
  • Allergy tests and their documentation
  • Histological examinations and tissue samples

3.3 Aesthetic treatments

  • Documentation of aesthetic procedures (e.g., injection treatments, laser treatments, peels)
  • Photo documentation before, during, and after aesthetic treatments
  • Consent documentation according to the specific requirements for aesthetic procedures
  • Documentation of products used (e.g., fillers, toxins) including batch numbers

3.4 Hair transplantation

  • Comprehensive photo documentation of the donor and recipient areas before, during, and after the procedure
  • Surgical documentation including graft count, extraction technique, and implantation protocol
  • Progression documentation of the healing process
  • Long-term follow-up documentation

3.5 Billing and administration

  • Billing of medical services according to GOÄ (Fee Schedule for Physicians)
  • Invoicing and payment processing
  • Communication with private health insurance companies (only with your consent)
  • Dunning and receivables management
  • Bookkeeping and tax documentation

3.6 Appointment management and communication

  • Appointment scheduling and reminders (by phone, email, SMS, or practice app)
  • Recall system for check-up appointments and aftercare
  • Answering inquiries by phone, email, or contact form

3.7 Quality assurance

  • Internal quality assurance and treatment optimization
  • Anonymized statistical evaluations for treatment quality
  • Fulfillment of legal documentation obligations

Note: The collection and processing of your health data is a prerequisite for careful medical treatment. If the necessary information is not provided, proper treatment cannot be guaranteed.

4. Legal basis for processing
The processing of your personal data is based on the following legal grounds:

  • Art. 9 para. 2 lit. h GDPR in conjunction with § 22 para. 1 no. 1 lit. b BDSG – Processing of health data for the purpose of medical diagnosis, care, and treatment
  • Art. 6 para. 1 lit. b GDPR – Fulfillment of the treatment contract
  • Art. 6 para. 1 lit. c GDPR – Fulfillment of legal obligations (e.g., documentation obligations, tax retention obligations)
  • Art. 6 para. 1 lit. f GDPR – Protection of legitimate interests (e.g., assertion, exercise, or defense of legal claims)

Art. 6 para. 1 lit. a / Art. 9 para. 2 lit. a GDPR – Your explicit consent (e.g., for photo/video documentation beyond the medically required extent, for communication by email/SMS, for marketing)

5. Recipients of your data
We will only transmit your personal data to third parties if this is legally permitted or if you have consented. Any disclosure will only take place to the necessary extent. Recipients may include in particular:

  • Referring doctors and hospitals (with your consent or at your request)
  • Medical laboratories (e.g., for histological examinations, blood analyses)
  • Billing centers and clearing houses (within the scope of private medical billing)
  • Private health insurance companies and aid agencies (only with your consent)
  • Tax consultants and auditors (within the scope of tax obligations)
  • IT service providers and software providers (within the scope of commissioned processing according to Art. 28 GDPR)
  • Hosting and cloud service providers for practice software
  • Lawyers and collection agencies (for outstanding claims)
  • Authorities and supervisory bodies (where legally obliged, e.g., reporting obligations)

Note on commissioned processing: We have concluded commissioned processing agreements in accordance with Art. 28 GDPR with all external service providers who process personal data on our behalf.

6. Photo and video documentation
In our practice, we create photo and, if applicable, video recordings for various purposes:

6.1 Medically required documentation
Photo and video recordings that are necessary for medical documentation, diagnosis, and treatment planning are created on the basis of the treatment contract and are subject to medical confidentiality. This applies in particular to:

Clinical findings documentation

  • Dermatoscopic images
  • Progression documentation for treatment series
  • Surgical documentation for surgical procedures and hair transplants
  • Before/after comparisons to evaluate treatment success

6.2 Extended use (only with separate consent)
Any further use of photo or video recordings – for example, for training purposes, scientific publications, the practice website, or social media – will only take place with your explicit, written consent. This consent is voluntary and can be revoked at any time. When published, recordings are generally anonymized (no recognizable facial features), unless you have explicitly consented to an identifiable representation.

7. Website and online services
7.1 Website usage
When you visit our website, technical data is automatically collected (e.g., IP address, browser type, time of access). This data is necessary for the technical operation of the website and is processed on the basis of Art. 6 para. 1 lit. f GDPR. Further information can be found in the privacy policy on our website.

7.2 Online appointment booking
If you use our online appointment booking, the data you enter (name, contact details, desired service) will be processed for appointment planning. The processing is based on Art. 6 para. 1 lit. b GDPR (pre-contractual measures) or your consent.

7.3 Contact form and email communication
If you contact us by email or contact form, your information will be processed to handle your request. Please note that the transmission of emails can be unencrypted and therefore complete protection of the transmission cannot be guaranteed. For the transmission of sensitive health data, we recommend sending it by post or handing it over in person.

7.4 Communication via SMS/Messenger
If you have consented to communication via SMS or messenger services (e.g., WhatsApp), we will use these channels exclusively for appointment reminders and organizational messages. Please note that when using messenger services, data may be transmitted to the respective provider, possibly also to third countries.

8. Video surveillance (if available)
If video surveillance is used in our practice rooms or in the entrance area, it is for the protection of our patients, employees, and practice facilities. The legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest in security). The recordings are automatically deleted after a maximum of 72 hours, unless there are indications of security-relevant incidents. Video surveillance is indicated by appropriate signs.

9. Storage and retention periods
We store your personal data only for as long as is necessary for the respective processing purposes or as required by legal retention periods:

  • Treatment documents: at least 10 years after completion of treatment (§ 630f BGB, § 10 MBO-Ä)
  • X-ray images and radiation protection documentation: 10 years or 30 years for persons under 18 years (StrlSchV)
  • Records of aesthetic procedures and medical devices: 10 years (possibly longer for implants)
  • Tax-relevant documents: 6 or 10 years (§ 147 AO)
  • Billing documents: 10 years
  • Consent declarations: for the duration of the consent plus the statutory limitation periods
  • Website log files: maximum 7 days
  • Video surveillance: maximum 72 hours

In individual cases, longer retention periods may apply, particularly in connection with ongoing legal disputes or on the basis of special legal regulations.

10. Data transfer to third countries
Your personal data will generally not be transferred to countries outside the European Union (EU) or the European Economic Area (EEA). Should such a transfer be necessary in individual cases (e.g., through the use of certain IT services), we ensure that an adequate level of data protection is guaranteed (e.g., through an adequacy decision by the EU Commission, standard contractual clauses, or your explicit consent).

11. Automated decision-making / profiling
There is no automated decision-making including profiling according to Art. 22 GDPR that produces legal effects concerning you or similarly significantly affects you.

12. Your rights as a data subject
You have the following rights concerning your personal data:

  • Right to information (about your data stored with us, Art. 15 GDPR)
  • Right to rectification (of inaccurate or incomplete data, Art. 16 GDPR)
  • Right to erasure (under certain conditions, Art. 17 GDPR – please note that legal retention periods may prevent deletion)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)
  • Right to withdraw consent given at any time with effect for the future (Art. 7 para. 3 GDPR) – the lawfulness of processing carried out before the withdrawal remains unaffected

To exercise your rights, please contact the responsible body named above.

13. Right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint with the competent data protection supervisory authority if you believe that the processing of your data violates data protection regulations.

Competent supervisory authority:

  • The Bavarian State Commissioner for Data Protection (BayLfD)
  • Wagmüllerstraße 18, 80538 Munich
  • Phone: 089 212672-0
  • Email: poststelle@datenschutz-bayern.de
  • Website: www.datenschutz-bayern.de
  • Note: For non-public bodies (private practices), the Bavarian State Office for Data Protection Supervision (BayLDA) is alternatively responsible:
  • Bavarian State Office for Data Protection Supervision (BayLDA)
  • Promenade 18, 91522 Ansbach
  • Phone: 0981 180093-0
  • Email: poststelle@lda.bayern.de

14. Obligation to provide data
Within the scope of the treatment relationship, you must provide the personal data that is necessary for the performance and billing of the treatment and the fulfillment of the associated contractual and legal obligations. Without this data, we cannot conclude the treatment contract and carry out the treatment.

Appointment Booking

Wird geladen...