Privacy policy

Dr. med. Mariatu Binta Leigh – Gynecology Practice Steglitz

1. Controller for data processing

The controller within the meaning of the General Data Protection Regulation and other national data protection laws as well as other data protection regulations is:

Dr. med. Mariatu Binta Leigh
Specialist in Gynecology and Obstetrics
Schloßstraße 19
12163 Berlin-Steglitz
Germany
Telephone: +49 30 79740007
E-mail: kontakt@frauenaerztin-steglitz.de
Website: https://frauenaerztin-steglitz.de

2. General information on data processing

The protection of your personal data is an important concern for us. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. Personal data is all data that can be used to identify you personally.

We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

3. Legal bases of data processing

The processing of personal data takes place on the basis of the following legal bases:

• Art. 6 para. 1 lit. a GDPR: Consent of the data subject
• Art. 6 para. 1 lit. b GDPR: Fulfillment of a contract or pre-contractual measures
• Art. 6 para. 1 lit. c GDPR: Fulfillment of a legal obligation
• Art. 6 para. 1 lit. f GDPR: Protection of legitimate interests
• Art. 9 para. 2 lit. h GDPR in conjunction with § 22 para. 1 no. 1 lit. b BDSG: Processing of health data

for the purposes of preventive health care or occupational medicine, for the assessment of the employee’s ability to work, for medical diagnostics, care or treatment in the health sector

4. Data processing in the medical practice
4.1 Purposes of data processing

We process your personal data for the following purposes:

• Implementation of medical treatment and care
• Billing of services rendered (to health insurance companies, private patients)
• Communication with other treating doctors and facilities (with your consent)
• Fulfillment of legal documentation obligations
• Quality assurance and practice organization

4.2 Categories of data processed

The following categories of personal data are processed in our practice:

• Master data: Name, date of birth, address, telephone number, e-mail address
• Insurance data: Health insurance, insurance number, insurance status
• Health data: Anamnesis, diagnoses, findings, therapies, laboratory results, medication
• Billing data: Service data, invoice data

4.3 Storage period

Your personal data will only be stored for as long as this is necessary for the fulfillment of the treatment contract or as long as statutory retention obligations exist. According to § 10 para. 3 MBO-Ä, a retention period of 10 years after completion of the treatment applies to medical documentation. Longer retention periods of up to 30 years apply to certain documents (e.g. X-rays, records of X-ray treatments).

4.4 Recipients of the data

Your personal data will only be transmitted to third parties:

• With your express consent (e.g. to doctors providing further treatment, laboratories)
• For billing to your health insurance or the Association of Statutory Health Insurance Physicians
• Within the scope of legal reporting obligations (e.g. Infection Protection Act)
• To processors commissioned by us (e.g. IT service providers, billing centers)

5. Data processing on our website
5.1 Server log files

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:

• IP address of the requesting computer
• Date and time of access
• Name and URL of the file accessed
• Website from which the access is made (referrer URL)
• Browser used and, if applicable, the operating system
• Name of the access provider

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. The legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest in the technical functionality of the website).

5.2 SSL/TLS encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

5.3 Cookies

Our website uses cookies. These are small text files that are stored on your device. Some cookies are technically necessary for the function of the website, others are used to analyze user behavior. You can find detailed information in our cookie policy. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally, and activate the automatic deletion of cookies when closing the browser.

5.4 Contact form and e-mail contact

If you contact us via contact form or e-mail, the data you provide (e.g. name, e-mail address, message) will be stored by us in order to process your request. The processing takes place on the basis of Art. 6 para. 1 lit. b GDPR (initiation of a contract) or Art. 6 para. 1 lit. f GDPR (legitimate interest in answering inquiries). The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.

5.5 Online appointment booking (Doctolib)

We use the Doctolib service for online appointment booking. The following data is collected when booking an appointment: Name, e-mail address, telephone number, reason for visit, new/existing patient. This data is transmitted to Doctolib and processed there in accordance with the Doctolib data protection declaration. The legal basis is Art. 6 para. 1 lit. b GDPR (fulfillment of contract).

Provider: Doctolib GmbH, Mehringdamm 51, 10961 Berlin, Germany
Privacy policy: https://www.doctolib.de/datenschutz

6. Your rights as a data subject

You have the following rights towards us with regard to your personal data:

• Right to information (Art. 15 GDPR): You have the right to request information about your personal data processed by us.
• Right to rectification (Art. 16 GDPR): You have the right to demand the immediate correction of incorrect data or the completion of your personal data stored by us.
• Right to erasure (Art. 17 GDPR): You have the right to demand the deletion of your personal data stored by us, provided that there are no legal
  retention obligations to the contrary.
• Right to restriction of processing (Art. 18 GDPR): You have the right to demand the restriction of the processing of your personal data.
• Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, common and machine-readable format.
• Right to object (Art. 21 GDPR): You have the right to object to the processing of your personal data at any time for reasons arising from your particular situation.
• Right to withdraw consent (Art. 7 para. 3 GDPR): You have the right to withdraw your consent at any time. The lawfulness of the processing carried out on the basis of the consent until withdrawal is not affected.

7. Right to lodge a complaint with a supervisory authority

You have the right to complain to a data protection supervisory authority about the processing of your personal data. The supervisory authority responsible for us is:

Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstraße 219
10969 Berlin
Telephone: +49 30 13889-0
E-mail: mailbox@datenschutz-berlin.de
Website: https://www.datenschutz-berlin.de

8. Changes to this privacy policy

We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy. The new privacy policy then applies to your next visit.

Status: December 2025