Privacy Policy

Status: 19.11.2025

1. Name and address of the responsible party

GSK Practice – Vein Center Königstein im Taunus
Owner: Taher Nazary
Frankfurter Str. 9a
61462 Königstein im Taunus

2. Contact options

Telephone: 06174-961870
E-mail: mail@gsk-praxis.de

3. General information on data processing

We process personal data in accordance with the GDPR and the TDDDG.

• Legal basis: Consent (Art. 6 para. 1 lit. a in conjunction with Art. 7 GDPR), contract/pre-contractual measures (Art. 6 para. 1 lit. b GDPR), legal obligation (Art. 6 para. 1 lit. c GDPR), legitimate interest (Art. 6 para. 1 lit. f GDPR), vital interests (Art. 6 para. 1 lit. d GDPR). For the storage/reading of non-essential information on end devices, Section 25 of the German Telemedia Act (TDDG) applies (consent).
• Storage duration/deletion: We adhere to the principles of data minimization (Art. 5 para. 1 lit. c GDPR) and storage limitation (Art. 5 para. 1 lit. e GDPR). Data is deleted as soon as the purpose for which it was collected no longer applies and there are no legal obligations to retain it.
• Recipient categories: Hosting/IT service providers, analytics/marketing service providers, communications providers, human resources management.
• Third-country transfers: Insofar as data is transferred to third countries (especially the USA), we base this on adequacy decisions (EU-US Data Privacy Framework) and/or EU Standard Contractual Clauses (SCCs) including any supplementary measures.
• External links: External links are clearly identifiable as such. Data (e.g., IP address, time, referrer) is only transmitted to the target provider when clicked. This may also occur outside the EEA.

4. Individual processing activities

4.1 Provision of the website (hosting and server log files)

Purposes: Technical operation, IT security, content delivery
Data: IP address, device/hostname, operating system, browser type/version, accessed file/URL, date/time, amount of data transferred, status codes
Legal basis: Article 6 paragraph 1 letter f GDPR (legitimate interest in secure, stable operation); in the case of contract initiation/fulfillment, additionally Article 6 paragraph 1 letter b GDPR.
Recipient: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, GermanyData protection)
Order processing: Data processing agreement with Hetzner pursuant to Art. 28 GDPR
Storage duration: Server logs are typically kept for 7–14 days, longer only for evidentiary purposes in the event of security incidents.

4.2 Local/Session Storage and Cookies

Purposes: Technically necessary functions, comfort, statistics, marketing
Legal basis: Necessary: Art. 6 para. 1 lit. f GDPR; all others: Art. 6 para. 1 lit. a GDPR in conjunction with § 25 TDDDG
Cancellation: Manageable at any time via the consent banner

4.3 Consent Management (Compliance GDPR/CCPA Cookie Consent)

Purpose: Obtaining, documenting and managing consents
Legal basis: Article 6 paragraph 1 letter c GDPR (legal obligation) and Article 6 paragraph 1 letter f GDPR (verifiability)
Data/Device: Consent status, policy ID, timestamp (cookie/local/session storage)
Recipient: Complianz BV, NL – local integration, no transfer to third countries
Storage duration (examples): cmplz_banner-status, cmplz_preferences, cmplz_statistics, cmplz_marketing, cmplz_policy_id up to 365 days each; cmplz_cookie_data session

4.4 Content Delivery/External Content Delivery

Purpose: Performance, availability, secure delivery of static content
Legal basis: Article 6 paragraph 1 letter f GDPR (legitimate interest in fast, secure provision)
Recipient: Google User Content / possibly CDN provider (see provider's privacy policy for details)
Third country: USA; Coverage via EU-US DPF/SCC

4.5 Website builder (Elementor)

Purpose: Content creation/layout/display
Legal basis: Article 6 paragraph 1 letter f GDPR (functional, consistent presentation)
A notice: Elementor is used for technical presentation; independent processing of visitor data beyond mandatory web server protocols is not intended.

4.6 Tag management (Google Tag Manager)

Purpose: Technical administration/integration of tags
Legal basis: Article 6 paragraph 1 letter a GDPR (if tools requiring consent are loaded), otherwise Article 6 paragraph 1 letter f GDPR
Recipient/Third country: Google Ireland/USA (EU-US DPF/SCC)

4.7 Webfonts

4.7.1 Google Fonts (remote integration)

Purpose: Uniform font display
Data: IP address, browser/device, font resources retrieved
Legal basis: Article 6 paragraph 1 letter a GDPR (consent) in conjunction with, where applicable, Section 25 TDDDG
Recipient/Third country: Google Ireland/USA (EU-US DPF/SCC)
Alternative: Local integration eliminates the need for transmission (see 4.7.2).

4.7.2 Local Webfonts

Purpose/Legal basis: Uniform presentation, Art. 6 para. 1 lit. f GDPR; no transfer to third countries

4.8 Advertising/Conversion Tracking (Google Ads)

Purpose: Advertising placement and success measurement
Legal basis: Article 6 paragraph 1 letter a GDPR in conjunction with Section 25 TDDDG (consent)
Data: Online identifiers, IP address (truncated), device/browser data, interactions, timestamps
Recipient/Third country: Google Ireland/USA (EU-US DPF/SCC)
Cancellation: at any time in the consent banner

4.9 Contact form

Purpose: Handling of requests
Data: Contact and content data from the form
Legal basis: Article 6 paragraph 1 letter a GDPR (consent) and/or Article 6 paragraph 1 letter b GDPR (pre-contractual/contractual); additionally Article 6 paragraph 1 letter f GDPR (general communication)
Storage duration: until the processing of the request is completed, and subsequently in accordance with retention obligations.

4.10 Contact by telephone / email

Purpose: Communication, initiation/processing of orders
Legal basis: Article 6(1)(b) GDPR; otherwise, Article 6(1)(f) GDPR
Storage duration: in accordance with statutory retention periods or requirements

4.11 Applications

Purpose: Conducting the application process, possibly establishing an employment relationship
Legal basis: Article 6 paragraph 1 letter b GDPR; in the case of consent, Article 6 paragraph 1 letter a GDPR (revocation possible at any time); for the defense of claims, Article 6 paragraph 1 letter f GDPR
Storage duration: In case of rejection, the data is stored for 6 months; if consent is given for inclusion in the applicant pool, for a maximum of 2 years (until revoked); if hired, the data is stored for the purpose of the employment relationship.

5. Your rights

• Right of access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR) to processing pursuant to Art. 6 para. 1 lit. e or f GDPR; in the case of direct marketing, at any time
• Complaint to a supervisory authority

Revocation of consent: Previously granted consent can be revoked at any time with effect for the future. The lawfulness of the processing carried out until the revocation remains unaffected.

6. Competent supervisory authority

The Hessian Commissioner for Data Protection and Freedom of Information
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Website: https://datenschutz.hessen.de