Privacy Policy

1. Data Controller

Phönix Hair Trans GmbH
Am Kai 10, 44263 Dortmund
E-Mail: info@phoenix-hairtrans.de

4. Hosting & Infrastructure

SSL/TLS Encryption: This site uses SSL encryption to protect confidential medical inquiries.

Hosting: Our website is hosted by Netlify (Netlify Inc., USA). We have concluded a Data Processing Agreement (DPA). Data transfer to the USA is based on the EU-US Data Privacy Framework.

2. Data Collection on our Website

Angaben durch den Nutzer:

• Name, E-Mail, Telefon
• Health data (e.g., hair loss status) is only processed with your explicit consent pursuant to Art. 9 (2) (a) GDPR.

Server-Log-Files:

IP-Adresse, Browsertyp und Zeitstempel werden zur Betriebssicherheit automatisch durch den Hoster erfasst.

3. Purpose and Legal Basis

• Art. 6 (1) (b) GDPR: For pre-contractual measures (booking consultations).
• Art. 9 (2) (a) GDPR: Processing of medical health data (with consent).
• Art. 6 (1) (c) GDPR: Compliance with legal tax/medical obligations.

5. Data Sharing & Confidentiality

Medical staff are subject to professional medical confidentiality (§ 203 StGB).

Data is shared with: IT service providers (hosting), medical staff, and tax advisors only when legally necessary.

6. Storage & Medical Retention Periods

Medical records are kept for at least 10 years after treatment in accordance with medical professional codes.

7. Your Rights

You have the right to access, correction, and deletion of your data. You may lodge a complaint with the:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)

Kavalleriestr. 2-4, 40213 Düsseldorf