Privacy Policy
Last updated on: October 12, 2025
Intro
We are pleased to welcome you to our website and thank you for your interest in our practice. The protection of your personal data is very important to us. Below, we inform you about the processing of your data when visiting our website, when making an appointment through Doctolib, and in the context of your treatment in our practice.
Responsible
Responsible in accordance with Art. 4 No. 7 GDPR
Practice Community Neuropsych
Dr. Jos Göhler
Carmerstraße 2, 10623 Berlin
Phone: +49 1514 6461662
Email: Neuropsychberlin@gmail.com
Website: www.neuropsych.berlin
2. General Information on Data Processing
We process personal data only to the extent necessary to provide a functional website, to communicate with you, and to carry out and bill for your treatment.
Legal bases for processing include, in particular:
Art. 6 para. 1 lit. a GDPR – Consent
Art. 6 para. 1 lit. b GDPR – Performance of a contract / pre-contractual measures
Art. 6 para. 1 lit. c GDPR – Legal obligation
Art. 6 para. 1 lit. f GDPR – Legitimate interest
Art. 9 para. 2 lit. h GDPR in conjunction with the relevant national provisions – Processing of health data for the purpose of medical care
3. Provision of the website and server log files
3.1 Collected Data
When accessing our website, information is automatically collected by the web server we use, which is transmitted to us by your browser, including:
IP address of the requesting device
Date and time of the request
requested page/file (URL)
Referrer URL (previously visited page)
browser type and version used
operating system used
amount of data transmitted
HTTP status code (e.g. “200” = successful)
3.2 Purpose of Processing
The temporary storage of the IP address is necessary in order to deliver the website to your device and to ensure the stability and security of the website, e.g., to defend against attacks.
3.3 Legal Basis
The legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in the error-free technical presentation and optimization of our website as well as in ensuring security and stability.
3.4 Storage Duration
The log files are usually stored for a maximum of [XX days/weeks] and are automatically deleted afterwards, unless longer storage is required in individual cases (e.g., for the clarification of security incidents).
3.5 Hosting by IONOS
Our website is operated by:
IONOS SE
Elgendorfer Straße 57
56410 Montabaur
Germany
A contract for data processing according to Article 28 GDPR exists with IONOS.
4. Cookies and similar technologies
Our website may use cookies and similar technologies (e.g. local storage).
4.1 Technically Necessary Cookies
These cookies are required to provide basic functions of the website, such as:
Language and display settings
Remembering consents (cookie banner / consent management)
Security features (e.g. protection against misuse)
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in a secure and functional website).
4.2 Optional Analysis or Marketing Cookies (only if used)
Variant A – if you do not use analysis/marketing cookies (standard for many practice sites):
We do not use cookies on our website for analysis or marketing purposes.
Variant B – if you use analysis tools (e.g. Matomo or Google Analytics):
Please specify here:
Name of the tool and provider
If applicable, third country reference (e.g. USA)
Processed data (IP address, usage behavior, etc.)
Storage duration of the cookies
Consent mechanism via cookie banner
Legal basis: Art. 6 para. 1 lit. a GDPR (consent)
Right of withdrawal (e.g. link "Cookie Settings")
5. Contact by email, phone, or contact form
You can contact us by e-mail, by phone, or – if available on the website – via a contact form.
5.1 Processed Data
The following data may be processed, in particular:
Name
Contact details (phone number, e-mail address)
Date and time of the request
Content of your message
Any further information you voluntarily provide
Please do not send sensitive health data by e-mail or general contact form if possible. For medical inquiries, we recommend contacting us by phone or making an appointment.
5.2 Purpose of Processing
The processing of your data is carried out to handle your request and, if necessary, to prepare for treatment.
5.3 Legal Basis
Art. 6 para. 1 lit. b GDPR, insofar as your request relates to the conclusion or execution of a treatment contract
Art. 6 para. 1 lit. f GDPR for other inquiries (legitimate interest in responding to inquiries)
for health data additionally Art. 9 para. 2 lit. h GDPR in conjunction with the relevant national regulations (e.g., § 22 BDSG)
5.4 Storage Duration
We only store inquiries as long as is necessary for processing. If messages become part of your patient file, the statutory retention periods for medical documentation apply (see Section 7).
6. Online appointment booking via Doctolib
On our website, we offer you the opportunity to schedule appointments online through an external service provider. For this purpose, we use the service Doctolib.
6.1 Redirect to Doctolib
When you click on the appointment booking link or button on our website, you will be redirected to the page or app of Doctolib. From this point on, data processing is carried out by:
Doctolib GmbH
Mehringdamm 51
10961 Berlin
Germany
Doctolib is independently responsible for the setup and management of your Doctolib user account as well as for the technical provision of online appointment booking (data controller in the sense of Art. 4 No. 7 GDPR). The privacy notices of Doctolib apply, which you can view directly on the Doctolib website.
6.2 Our use of Doctolib as an appointment management system
We also use Doctolib as an appointment management system (calendar software) in our practice. In this context, Doctolib GmbH acts as a processor in the sense of Art. 28 GDPR for us.
Processed data may include:
First name, last name
Contact details (address, phone number, email address)
Date of birth
Type and time of appointment
If applicable, treating doctor
If applicable, insurance status (public/private)
Reason for visit (e.g., check-up, first consultation)
The exact categories of data arise from the input fields during appointment scheduling as well as from Doctolib's privacy notices.
Purposes of processing:
Online appointment allocation and management of our appointment calendars
Organization of your practice visit
If applicable, sending appointment confirmations and reminders (e.g., via email or SMS), if activated
Legal bases:
Art. 6 para. 1 lit. b GDPR (Implementation of pre-contractual measures and fulfillment of the treatment contract)
Art. 9 para. 2 lit. h GDPR in conjunction with the relevant national provisions (Health data for the purposes of health care)
Note:
Our privacy policy applies only to our own data processing. In addition, the privacy notices of Doctolib apply to the use of the Doctolib platform (website/app, user account).
7. Processing of patient data in our practice
The following information applies regardless of whether you have made your appointment by phone, in person, or online (e.g., via Doctolib).
7.1 Categories of Data
In the context of treatment, we process in particular:
Master data (name, address, date of birth, gender)
Contact details (phone, email)
Insurance data (e.g., health insurance, insurance number)
Health data (medical history, diagnoses, findings, treatment data, medication plans, reports)
Billing data (e.g., services rendered, fee items)
7.2 Purposes of Processing
Planning, execution, and documentation of medical treatment
Compliance with legal documentation obligations
Billing to statutory and private health insurance or other payers
Internal organization and quality management
7.3 Legal Bases
Article 6(1)(b) GDPR (treatment contract)
Article 6(1)(c) GDPR (legal obligations, e.g., retention obligations)
Article 9(2)(h) GDPR in conjunction with the relevant national regulations (e.g., BDSG, professional code)
7.4 Recipients
As far as necessary and legally permissible or required, we transmit data to:
statutory and private health insurances
Association of Statutory Health Insurance Physicians / Medical Association (if applicable)
Laboratories and other medical service providers
Pharmacies, hospitals, or other treating physicians, as far as necessary for your treatment
external billing offices (if used)
IT and software service providers (e.g., practice software providers) who operate within the scope of contract processing
7.5 Storage Duration
Patient records are kept for at least the legally required duration (typically at least 10 years after the completion of treatment; in individual cases, even longer, e.g., for certain examinations or relevant documents). The specific deadlines result from professional and special legal regulations.
8. Other recipients and order processors
To provide our services and to operate our IT infrastructure, we engage service providers. They process personal data only on our instructions and were contractually obligated under Art. 28 GDPR.
These include, in particular:
IT and maintenance service providers
Hosting providers (IONOS SE)
Providers of practice management software and appointment management (e.g., Doctolib)
Email and telecommunications service providers
if applicable, tax advisors / auditors
9. Data transmission to third countries
The transmission of personal data to countries outside the EU or EEA ("third countries") generally does not take place.
If, in individual cases, a transmission to a third country is necessary (e.g. due to the use of certain IT service providers), this only occurs if the specific conditions of Art. 44 et seq. GDPR are met (e.g. adequacy decision of the EU Commission, conclusion of EU standard contractual clauses, and if necessary, additional protective measures).
10. Duration of storage and criteria for storage
As long as not expressly stated otherwise in this privacy policy, the following applies:
We process and store personal data only as long as it is necessary for the respective purpose.
In addition, storage occurs as long as there are statutory retention periods (e.g., from tax and commercial law or professional documentation obligations).
After the purpose of processing has ceased and the statutory retention periods have expired, the data will be deleted or anonymized.
11. Your rights as a data subject
You have the following rights depending on the situation:
Right of access (Art. 15 GDPR)
Right to rectify inaccurate or incomplete data (Art. 16 GDPR)
Right to erasure (“right to be forgotten”, Art. 17 GDPR), unless there are obligations to retain data
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object (Art. 21 GDPR) against processing based on Art. 6 para. 1 lit. e or lit. f GDPR
Right to withdraw consent (Art. 7 para. 3 GDPR) with effect for the future
To exercise your rights, you can contact us at any time using the contact details provided in Section 1.
12. Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 GDPR, in particular in the member state of your habitual residence, your place of work, or the place of the alleged infringement.
13. Obligation to provide data
As part of the treatment, you must provide the personal data necessary for the initiation and execution of the treatment as well as for fulfilling the associated obligations. Without this data, treatment is generally not possible.
There is no legal obligation to provide data when simply visiting our website. However, certain functions can only be used with the provision of specific data (e.g., IP address for delivering the website, technically necessary cookies).
14. Automated decision-making / profiling
There is no automated decision-making including profiling within the meaning of Art. 22 of the GDPR that has legal effect on you or significantly affects you in a similar way.
15. Changes to this Privacy Policy
We may occasionally adjust this privacy policy, for example, in the event of changes to legal requirements or changes to our services or IT systems. The current version available on our website always applies.