Privacy Policy

Foreword

Firstly, I strictly adhere to the provisions of data protection laws and, secondly, I do not engage in many practices that other institutions or website operators consider “permissible.” Here you will find detailed information about what data I process and why.

I. Scope:

This privacy policy applies to the use of this website, communication when contacting me, requests for care and the start of care, registration and participation in courses, documentation of midwifery services, and billing with statutory health insurance companies and private invoicing.
The persons affected by this privacy policy include interested parties, clients, business partners, and contractual partners.

II. Responsibility:

Elina Eichel
Midwife B.Sc.
Mittelstr. 1, 14163 Berlin, Germany
info@hebamme-ellie-eichel.de

III. How I handle your data:

  1. Legal basis and purpose of processing
    The main basis for processing your data is the fulfillment of the treatment contract (Art. 6 (1) (b) GDPR) in combination with the permission for health data (Art. 9 (2) (h) GDPR).
    On this legal basis, I collect, store, and process your data for the following purposes: care requests and communication, provision of contractual services, fulfillment of the treatment contract, documentation, and remuneration for my midwifery services. As your midwife, it is my duty to ensure the confidentiality, integrity, and availability of the data I collect and to maintain my confidentiality obligation.

  2. Types of data processed
    Personal data (e.g., name, date of birth, gender)
    Contact details (e.g., email, phone number)
    Social data (e.g., health insurance status)
    Health data (e.g., medical history, findings)
    Financial data (e.g., bank details, invoices)
    Contract data (e.g., contract start and end dates)
    Communication content (e.g., text messages, phone calls)
    Technical data (e.g., IP addresses of website visitors, entries in the contact form)
    Content data (e.g., entries in online forms)
    Usage data (only in anonymized form at the server level)

  3. Cookies and tracking I do not use cookies, any other form of tracking (e.g., advertising banners and web bugs), or active content (Java, Active-X) on my website.

  4. Contacting me via Signal I offer the option of communicating with me via the Signal messenger service: Signal Messenger LLC, 650 Castro Street, Suite 120-223, Mountain View, CA 94041, USA (from now on “Signal”).
    The message content is protected by end-to-end encryption and, as things stand, can only be viewed by the communication partners involved. Please note that certain technical connection data may be processed via servers in the USA. For contact queries, Signal processes the telephone numbers stored in the address book in cryptographically protected form. According to the provider, this data is used exclusively for comparison purposes and is then deleted. Signal states that it does not store any communication content on its servers.
    Further information can be found in Signal's privacy policy at https://signal.org/legal/#privacy-policy and https://support.signal.org/hc/en-us/articles/360007059412-Signal-and-the-General-Data-Protection-Regulation-GDPR. By actively contacting me via Signal (e.g., clicking the Signal button, scanning the QR code, or texting to my Signal account), you give your consent in accordance with Art. 6 (1) (a) GDPR to the processing of your personal data via this service. You can revoke this consent at any time with future effect.

  5. Use of the contact form: If you provide me with personal data in the context of an inquiry via the contact form (with optional PGP encryption if you upload your public key), I will use this data exclusively for the purpose for which you provide it to me: for example, to answer questions. By contacting me via the contact form, you consent to the processing of your data in accordance with Art. 6, para. 1, lit. a – GDPR.

  6. Contact by email, letter, or telephone:
    Please note that I prefer messages and phone calls via Signal as an uncomplicated, encrypted means of communication throughout the entire period of care.
    If you contact me via unencrypted email, letter, or telephone, I will process your data solely for the purpose of responding to you. Emails and letters are always stored in accordance with the requirements for business correspondence and are not passed on to third parties. I treat emails (whether encrypted or unencrypted) with the utmost care. Emails with special confidentiality requirements should be sent to me in encrypted form if possible.
    The processing of your data to respond to your inquiry is based on my legitimate interest in communicating with interested parties and clients (Art. 6 (1) (f) GDPR).

IV. Hosting:

My website is hosted by IP-Projects GmbH & Co. KG, Am Vogelherd 14, 97295 Waldbrunn, Germany. The servers are located exclusively in highly certified data centers in the greater Frankfurt am Main area, Germany.
The processing of your data by the hosting provider is carried out within the framework of order processing on the basis of my legitimate interests in providing a secure, stable, and technically flawless online presence (Art. 6 (1) lit. f GDPR).

As part of the hosting service, so-called server log files are automatically collected, which your browser transmits to the server: browser type and browser version, operating system used, referrer URL (the previously visited page), host name of the accessing computer (IP address), time of the server request. This data is required to ensure system security, to optimize the website technically, and to serve as evidence in the event of legitimate requests from authorities (e.g., in the event of cyber attacks). I do not merge this data with other personal data sources or directly assign it to a specific person.

V. Storage duration and storage periods:

I adhere to the principles of data avoidance and data minimization. I therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as provided for by the various storage periods stipulated by law. Once the respective purpose has ceased to apply or these periods have expired, the corresponding data will be routinely blocked or deleted in accordance with the statutory provisions.

VI. Recipients or categories of recipients

  1. Disclosure of your data to processors
    I do not disclose your personal information to third parties unless you expressly permit me to do so. If I pass on data to service providers within the scope of order data processing, they are bound by the GDPR, the BDSG, the TTDSG, and other legal regulations and contractually bound to my privacy policy. Such service providers include, for example, my billing and documentation service provider AZH, your health insurance company, and the laboratory with which I cooperate. I limit the data transmitted to the minimum necessary. The transfer of your data to the above-mentioned processors is necessary for me to be able to provide you with my services.

  2. Disclosure of your data to authorities
    I do not disclose your data to authorities. Data will only be disclosed to authorities entitled to receive such information if I am required to do so by law or court order.

VII. Your rights:

  1. Legal basis and obligations
    As a user of my services, you have various rights under the GDPR, which arise in particular from Articles 15 to 18 and 21 of the GDPR.
    As a midwife, I am subject to professional regulations, e.g., the Midwifery Act (HebG) and state regulations, which require me to carefully document my activities and keep this documentation for 30 years. This obligation takes precedence over the general rights of the persons concerned and may, for example, restrict your right to have your personal data deleted (Article 6(1)(c) GDPR in conjunction with Article 9(2)(b) GDPR).

  2. Withdrawal of consent:
    If you have given me your consent, you can withdraw it at any time with future effect in accordance with Art. 7, para. 3 GDPR.

  3. Right to information:
    You can request information about your personal data processed by me in accordance with Art. 15 GDPR.

  4. Right to rectification:
    If the information concerning you is no longer accurate, you may request rectification in accordance with Art. 16 GDPR. If your data is incomplete, you may request that it be completed.

  5. Right to data portability:
    According to Art. 20 GDPR, you have the right to receive the automatically processed data concerning you in a common, machine-readable format or to request its transfer to another midwife or doctor if you wish to change providers.

  6. Right to erasure:
    You may request the erasure of your personal data under the conditions of Art. 17 GDPR.

  7. Right to restriction of processing:
    Within the framework of the provisions of Art. 18 GDPR, you have the right to request a restriction on the processing of data concerning you.

  8. Right to object:
    Under Article 21 of the GDPR, you have the right to object to the processing of data concerning you at any time for reasons arising from your particular situation.

  9. Right to lodge a complaint:
    You can lodge a complaint with your competent supervisory authority at any time. Your competent supervisory authority depends on the state in which you reside or where the alleged infringement occurred. A list of supervisory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html