Privacy Policy
1. An overview of data protection
1. Controller
The controller responsible for data processing on this website and within the scope of digital patient communication is:
Neuro Praxis Düsseldorf
Prof. Dr. med. Christina Haubrich
im Pradus am Kaiserteich
Reichsstr. 59
40217 Düsseldorf
Germany
Phone: +49 211 229 575 59
E-mail: info@neuro-praxis-dus.de
2. Data Protection at a Glance
The protection of your personal data and, in particular, your health data is one of our highest priorities.
We process personal data exclusively in accordance with applicable laws, including the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), professional regulations governing physicians, and other applicable legal requirements.
Our practice follows a digitally supported healthcare concept. To achieve this, we use modern practice software, digital communication channels, and selected artificial intelligence (AI) systems. Responsibility for diagnoses, treatment recommendations, and all medical assessments remains entirely with qualified healthcare professionals at all times.
3. Data Protection Officer
We have appointed a Data Protection Officer:
IITR Datenschutz GmbH
Dr. Sebastian Kraska
Marienplatz 2
80331 Munich
Germany
E-mail: email@iitr.de
4. Your Rights
You have the following rights under applicable data protection laws:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to withdraw consent at any time
- Right to lodge a complaint with a supervisory authority
The competent supervisory authority is generally the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia.
5. Website Hosting and Technical Operation
Our website is hosted by IONOS SE.
When you visit our website, certain technical information is processed automatically, including:
- IP address
- Date and time of access
- Browser type
- Operating system
- Referrer URL
- Pages visited
This processing is necessary to ensure the secure and reliable operation of our website.
The legal basis is Art. 6(1)(f) GDPR.
6. Cookies
Our website uses technically necessary cookies.
We currently do not use analytics cookies or marketing cookies.
Where technically necessary cookies are used, processing is based on our legitimate interest in providing a secure and functional website pursuant to Art. 6(1)(f) GDPR and Section 25(2) TDDDG.
7. Contacting Our Practice
If you contact us, we process the information you provide in order to handle your request.
This may occur through:
- Telephone
- Online reception
- Patient portal
- Appointment booking systems
- Video consultations
The legal basis is Art. 6(1)(b) GDPR and, where health data is involved, Art. 9(2)(h) GDPR.
8. AI Telephone Assistant MIKA
To improve our telephone accessibility, we use the AI-powered telephone assistant MIKA.
The technical infrastructure is provided through Placetel.
When you contact our practice by telephone, conversation content, contact information, and organizational information may be recorded, structured, and transmitted to our practice team.
MIKA is used solely to support communication and administrative processes.
Like any software system and like any human being, MIKA may occasionally make mistakes or misunderstand information. Therefore, all patient requests are subsequently reviewed and handled by qualified members of our team.
MIKA does not make diagnoses, provide treatment recommendations, or make medical decisions.
The legal basis is Art. 6(1)(b) GDPR and Art. 9(2)(h) GDPR.
9. Documentation Support Through Heidi Health
To support medical documentation, we may use Heidi Health.
Heidi Health can analyze conversation content and generate draft medical documentation.
The software is used exclusively to support documentation processes.
Heidi Health:
- does not make diagnoses,
- does not provide treatment recommendations,
- does not make medical decisions.
All documentation drafts are reviewed and, where necessary, corrected by qualified healthcare professionals before use.
Responsibility for all medical documentation remains entirely with our staff.
We use the German-language version of Heidi Health with particular consideration for European data protection requirements.
The legal basis is Art. 6(1)(b) GDPR in conjunction with Art. 9(2)(h) GDPR.
10. Online Reception and Patient Portal
We have integrated a link to the "Online Reception" (Online-Rezeption) service on our website.
The Online Reception is a service provider designed for uncomplicated patient and customer communication.
It enables the digitization of various reception services.
For example, users can schedule appointments digitally or submit medical findings, referrals, and medication requests.
Operating Company and Data Controller
The operating company of Online Reception is Docmedico GmbH, Ehrengutstraße 7, 80469 Munich, Germany.
The data controller responsible for data processing is Docmedico GmbH, Ehrengutstraße 7, 80469 Munich, Germany.
Legal Basis and Consent
The legal basis for transferring data to Online Reception is your consent pursuant to Art. 6 (1) (a) GDPR, which you grant by clicking "Accept" to agree to the use of the Online Reception.
Note: If you do not wish for your data to be processed in this manner, you can prevent the transfer by not clicking the "Accept" button or by selecting "Reject".
Further Information
Additional information and the applicable privacy policy of Online Reception can be accessed at:
Datenschutzerklärung | Docmedico GmbH (docmedico-rezeption.de)
11. Electronic Medical Records and Practice Software (medatixx)
For treatment management, appointment scheduling, medical documentation, video consultations, and billing, we use systems provided by medatixx GmbH & Co. KG.
The following categories of data may be processed:
- Personal details
- Contact information
- Health data
- Diagnoses
- Medical findings
- Test results
- Medication information
- Medical reports
- Appointment information
Processing takes place exclusively for medical treatment and to fulfill legal documentation and billing obligations.
The legal basis is Art. 6(1)(b) GDPR and Art. 9(2)(h) GDPR.
12. Online Appointment Booking
For online appointment booking, we use x.webtermin provided by medatixx GmbH & Co. KG.
When using this service, the personal data required for appointment scheduling is processed.
Further information can be found at:
https://medatixx.de/datenschutz
13. Video Consultations
Our practice offers video consultations where medically appropriate.
The technical service is provided through systems operated by medatixx GmbH & Co. KG.
During video consultations, personal data and health data are processed to the extent necessary for medical consultation and treatment.
The legal basis is Art. 6(1)(b) GDPR and Art. 9(2)(h) GDPR.
14. Use of Artificial Intelligence
Our practice uses selected AI-based systems to support:
- Communication
- Documentation
- Practice administration
- Structuring medical information
These systems serve exclusively as support tools.
Diagnoses, treatment decisions, interpretation of findings, and all medical decisions are made and supervised exclusively by qualified healthcare professionals.
No automated decision-making within the meaning of Art. 22 GDPR takes place in our practice.
15. Recipients of Personal Data
Where necessary, personal data may be disclosed to external service providers or cooperation partners, including:
- IONOS (hosting provider)
- Placetel (telephony infrastructure)
- Docmedico (digital patient communication)
- Heidi Health (documentation support)
- medatixx GmbH & Co. KG (practice software, appointment scheduling, and video consultations)
- IT service providers
- Medical laboratories
- Referring and treating physicians
- Hospitals and medical institutions
- Billing service providers
- Public authorities where required by law
Where legally required, external service providers are engaged on the basis of data processing agreements pursuant to Art. 28 GDPR.
16. YouTube
Our website may contain videos provided by YouTube.
Provider:
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland
Further information is available at:
https://policies.google.com/privacy
17. Google Maps
Our website may contain maps provided by Google Maps.
Provider:
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland
Further information is available at:
https://policies.google.com/privacy
18. International Patients and English-Language Communication
Neuro Praxis Düsseldorf regularly treats international patients.
Communication and documentation may therefore be provided in English.
To improve communication, digital support systems and AI-based tools may be used.
However:
- Diagnoses are made exclusively by qualified healthcare professionals.
- Treatment recommendations are provided exclusively by qualified healthcare professionals.
- Medical decisions are made and supervised exclusively by qualified healthcare professionals.
Despite careful review, misunderstandings or translation inaccuracies cannot be entirely excluded in multilingual communication.
In case of doubt, the German-language original documentation contained in the medical record shall prevail for medical and legal purposes.
19. SSL/TLS Encryption
Our website uses modern SSL/TLS encryption technologies to ensure the secure transmission of your data.
20. Changes to This Privacy Policy
We reserve the right to amend this Privacy Policy where necessary due to technical, organizational, or legal developments.
The current version published on our website shall apply.