Acupuncture  ●  Chiropractic  ●  Osteopathy


We are very pleased about your interest in our company. Privacy has a high priority for the Management of the practice A use of the web pages of the practice is basically without any indication personal data possible. If an affected person special services of our company through our website However, processing of personal data may be required. Is the processing personal data is required and there is no legal basis for such processing, we generally get consent of the data subject.

The processing of personal data, such as name, address, e-mail address or telephone number a data subject, is always in accordance with the General Data Protection Regulation and in for the practice valid national data protection regulations. By means of this privacy policy would like Our companies inform the public about the nature, scope and purpose of the information we collect, use and process inform personal data. Furthermore, data subjects are informed about the the rights to which they are entitled. practice has numerous technical and organizational responsibilities as a controller Implemented measures to ensure the most complete protection possible for users of this website personal data. Nevertheless, Internet-based data transfers can basically Vulnerabilities, so that absolute protection can not be guaranteed. That's why personal data also in alternative ways, for example by telephone, to forward to us.

1. Definitions

The privacy policy of the Dr. med.Rahimi practice is based on the terms used by the European and the legislature were used in the adoption of the General Data Protection Regulation (DS-GVO). Our privacy policy is intended for the public as well as our customers and Business partners are easy to read and understand. To ensure this, we would like to explain in advance the terminology used.

Among other things, we use the following terms in this privacy policy:

a) personal data

Personal information is any information that relates to an identified or identifiable natural person (hereinafter referred to as "data subject"). Identifiable is a natural person, directly or indirectly indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to a Online identification or one or more specific features expressing the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person can be identified.

b) the person concerned

Affected person is any identified or identifiable natural person whose personal data is separate from that for the processing controllers are processed.

c) processing

Processing is any process performed with or without the aid of automated procedures or any such series of operations in connection with personal data such as collecting, collecting, organizing, organizing, storing, the adaptation or modification, the reading, the querying, the use, the disclosure by transmission, dissemination or any other form of provisioning, matching, or linking, restriction, deletion, or annihilation.

d) Restriction of processing

Limitation of the processing is the marking of stored personal data with the aim of their future Restrict processing.

e) Profiling

Profiling is any kind of automated processing of personal data that consists of these Personal Information may be used to identify certain personal aspects relating to a natural person. in particular, aspects of work performance, economic situation, health, personal preferences, To analyze or predict interests, reliability, behavior, whereabouts, or location of this natural person.

f) Pseudonymisation

Pseudonymisation is the processing of personal data in a manner in which the personal data is processed Data can not be assigned to a specific data subject without the need for additional information provided that such additional information is kept separate and technical and organizational Are subject to measures that ensure that the personal data is not one identified or be assigned to an identifiable natural person.

(g) controller or controller

The controller or controller is the natural or legal person Authority, institution or other body that, alone or in concert with others, over the purposes and means the processing of personal data. Are the purposes and means of this processing prescribed by EU or national law, the person responsible or the specific criteria of its designation may be provided for under Union or national law.

h) processor

The processor is a natural or legal person, public authority, body or body, the personal data processed on behalf of the person responsible.

i) receiver

Recipient is a natural or legal person, public authority, body or other body which personal information, regardless of whether it is a third party or not. Authorities which, under a specific investigation, are required to comply with Union law or Member States may receive personal data but are not considered to be recipients.

j) third parties

Third is a natural or legal person, public authority, institution or other body except the data subject, the controller, the processor and the persons under the direct responsibility of the person responsible or the processor are authorized to process the personal data.

k) Consent

Consent is voluntarily informed by the person concerned for the particular case in question Wise and unequivocal statements of intent in the form of a statement or otherwise unambiguous affirmative action by which the person concerned indicates that they are in contact with the person Processing of personal data concerning them.

2. Name and address of the controller

Responsible within the meaning of the General Data Protection Regulation, others in the Member States of the European Union Union data protection laws and other provisions of a data protection nature is:
Practice Dr. med. Nasrin Rahimi
Lindenschmitstraße 35
81371 München
Phone: 089-772929
Responsible: Dr. M. Ali Memar

3. Collecting general data and information

The website of the practice recorded with each call of the website by an affected Person or an automated system a set of general data and information. This general data and information is stored in the log files of the server. Detected the (1) used browser types and versions, (2) can be used by the accessing system Operating system, (3) the website from which an accessing system accesses our website (so-called referrers), (4) the sub-web pages, which have an accessing system on our (5) the date and time of access to the website, (6) an internet protocol address (IP address); (7) the accessing Internet service provider Systems and (8) other similar data and information, the security in the event of attacks to serve our information technology systems.
When using this general data and information, the practice Dr. med.Rahimi draws no conclusions the affected person. Rather, this information is required to (1) the contents of our To deliver the website correctly, (2) the contents of our website as well as the advertisement for these (3) the long-term viability of our information technology systems and to ensure the technology of our website as well as (4) to law enforcement agencies in case a cyberattack to provide the information necessary for law enforcement. This anonymous collected data and information are therefore statistically and by the practice on the one hand evaluated with the aim to increase privacy and data security in our company, to ultimately ensure an optimal level of protection of the personal data we process. The anonymous data of the server log files are separated from all specified by an affected person personal data stored.

4. Contact via the website

The practice website contains information required by law the fast electronic contact to our company as well as an immediate Communication with us, which is also a general address of the so-called electronic Post (e-mail address) includes. If an affected person by e-mail or through a contact form the contact with the controller is made by the data subject transmitted personal data automatically stored. Such on a voluntary basis of one the person concerned to the data controller provided to the controller are stored for purposes of processing or contacting the data subject. There is no disclosure of this personal data to third parties.

5. Routine deletion and blocking of personal data

The controller processes and stores personal data of the data subject Person only for the period required to achieve the purpose of storage or if so provided by the European legislator or other legislator in laws or regulations, provided for by the controller.
If the purpose of the storage is omitted or if it is being used by the European directive and regulatory authority or a storage period prescribed by other relevant legislators, the personal data becomes routine and blocked or deleted in accordance with legal regulations.

6. Rights of the data subject

a) Right to confirmation

Each data subject has the right accorded by the European Di- to ask the controller for confirmation of their concern personal data is processed. Would like an affected person this confirmation right in At any time, they can contact an employee of the controller for assistance.

b) Right to information

Any person affected by the processing of personal data shall comply with the requirements of the European Directive and The legislature, at any time free of charge by the controller To receive information about the personal data stored about him and to receive a copy of this information. In addition, the European legislator and regulator has provided the data subject with the following information:

the processing purposes

the categories of personal data being processed

the recipients or categories of recipients to whom the personal data have been disclosed or yet to be disclosed, in particular to beneficiaries in third countries or international organizations

if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for setting this duration

the existence of a right to rectification or erasure of personal data concerning them or Restriction of processing by the controller or a right to object to this processing

the existence of a right of appeal to a supervisory authority

if the personal data are not collected from the data subject: All available information about the origin of the data

the existence of automated decision-making, including profiling, in accordance with Article 22 (1) and (4) DS-GVO and - at least in these cases - meaningful information about the logic involved and the The scope and intended impact of such processing on the data subject

Furthermore, the data subject has a right of access to personal data Third country or to an international organization. If this is the case, the person concerned is, moreover, entitled to provide information on the appropriate guarantees in Related to the transmission.

If an affected person wishes to avail himself of this right to information, she can do so at any time to an employee of the controller.

c) Right to rectification

Any person affected by the processing of personal data has to comply with the requirements of the European and the legislature grant the right to correct the incorrect personal To request data. Furthermore, the data subject has the right, taking into account the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary statement. If an affected person wishes to exercise this right of rectification, they can do so at any time contact an employee of the controller.

d) Right to cancellation (right to be forgotten)

Any person affected by the processing of personal data has the same rights as the European Union Granting the right to the controller to demand that the Personal data concerning you are deleted immediately if any of the following: Reasons and if the processing is not required: The personal data were collected or otherwise processed for such purposes for which they are no longer necessary.
The data subject revokes their consent to the processing referred to in Article 6 (1) (a) a DS-GVO or Article 9 (2) (a) of the GDPR and there is no other legal basis for processing. The data subject appeals against processing according to Art. 21 para. 1 DS-GVO, and there are no high-level legitimate grounds for the processing or the data subject lays down objection to the processing pursuant to Art. 21 (2) DS-GVO.
The personal data was processed unlawfully.
The deletion of personal data is required to fulfill a legal obligation under EU law or the law of the Member States to which the controller is subject.
The personal data were collected in relation to information society services offered pursuant to Art. 8 para. 1 DS-GVO.
If any of the above reasons are true and an affected person removes personal data, the If you wish to have Dr. med.Rahimi registered in practice, you can do so at any time to an employee the controller. The employee practice will arrange that the extinguishing request will be fulfilled immediately.
Have the personal data been made public by the practice and is our company as Responsible person according to Art. 17 Abs. 1 DS-GVO obligated to delete the personal data Practice taking into account the technology available and the implementation costs appropriate Measures, including technical ones, to other data controllers who publish process personal information, informing the person concerned of these others responsible for the data processing the deletion of all links to these personal data or of copies or replicas of this personal data has requested, as far as the processing is not is required. The employee of the practice will cause the necessary in individual cases.

e) Right to restriction of processing

Any person affected by the processing of personal data has the right granted by the European Di- to require the controller to restrict processing if any of the following conditions apply:
The accuracy of the personal data is contested by the data subject for a period of time enables the person responsible to check the accuracy of the personal data.
The processing is unlawful, the data subject refuses to delete the personal data and instead demands the restriction of the use of personal data.
The controller no longer needs the personal data for processing purposes, however, the data subject requires them to assert, exercise or defend legal claims.
The person concerned has objection to the processing acc. Art. 21 para. 1 DS-GVO and it is not yet determines whether the legitimate reasons of the controller outweigh those of the data subject.
If one of the above conditions is met and an affected person has the restriction of personal data that are stored in the practice, they can ask for this at any time to an employee of the controller. The employee of Practice will cause the restriction of processing.

f) Data transferability

Any person affected by the processing of personal data has to comply with the requirements of the European and the legislature, the personal data concerning them, which is covered by the Person in charge of a responsible person, in a structured, common and machine-readable Format to receive. She also has the right to transfer this data to another person without hindrance to provide the person responsible for providing the personal data, if the processing on the basis of the consent pursuant to Article 6 (1) (a) of the GDPR or Article 9 (2) (a) of the GDPR or on a Article 6 (1) (b) of the GDPR and that the processing is carried out by automated means, unless the processing is necessary for the performance of a task of public interest or in the exercise of public authority, which has been delegated to the controller.
Furthermore, the data subject has exercised his right to data portability under Article 20 (1) DS-GMO the right to obtain the personal data directly from a person responsible be transmitted to another person responsible, as far as this is technically feasible and if so does not affect the rights and freedoms of others.
To assert the right to data portability, the data subject may at any time contact a member of the practice.

g) Right to object

Any person affected by the processing of personal data is subject to the provisions of the European directive and regulatory authority granted, for reasons arising from its particular situation, at any time against the processing personal data, which takes place on the basis of Article 6 (1) (e) or (f) of the GDPR, to lodge an objection. this is also valid for a profiling based on these provisions.
The practice Dr. med.Rahimi does not process the personal data in case of opposition, unless we can demonstrate compelling legitimate grounds for processing, those of interests, rights and freedoms the data subject, or the processing serves to assert, exercise or defend legal claims. Does the practice of process personal information in order to operate direct mail, Thus, the data subject has the right at any time to object to the processing of personal information Insert data for the purpose of such advertising. This also applies to profiling, as far as such Direct mail is related. Does the data subject contradict the practice the Processing for direct marketing purposes,'s practice will no longer process the personal data for these purposes.
In addition, the person concerned has the right, for reasons that arise from their particular situation, against them concerning the processing of personal data used in the practice of to scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 DS-GVO, contradiction unless such processing is necessary to fulfill a public interest task.
In order to exercise the right of opposition, the data subject may directly contact any employee of the Practice or another employee. The person concerned is also free to in connection with the use of information society services, notwithstanding Directive 2002/58 / EC, exercise their right of appeal by means of automated procedures using technical specifications.

h) Automated decisions in individual cases including profiling

Any person affected by the processing of personal data has the right granted by the European Di- not subject to a decision based solely on automated processing - including profiling - which has a legal effect on it or which, in a similar way, seriously impairs it, provided that the decision (1) is not required for the conclusion or performance of a contract between the data subject and the controller, or (2) is permitted by Union or Member State legislation to which the controller is subject and that such legislation shall take appropriate measures to safeguard the rights and freedoms and legitimate interests of or (3) with the express consent of the data subject.
Is the decision (1) for the conclusion or performance of a contract between the person concerned and the Responsible or (2) it is done with the express consent of the data subject the practice appropriate measures to protect the rights and freedoms as well as the legitimate interests of the affected Person, including at least the right to obtain the intervention of a person by the person responsible, listening to its own position and contesting the decision.
If the data subject wishes to assert rights with respect to automated decisions, she can At any time, contact an employee of the controller.

i) Right to revoke a data protection consent

Any person affected by the processing of personal data has the same rights as the European Union Granting of the right to consent to the processing of personal data Revoke data at any time. Would like the person concerned their right to revoke a consent For this purpose, they may at any time contact an employee of the controller.

7. Legal basis of processing

Art. 6 I lit. a DS-GMO serves our company as the legal basis for processing operations, where we obtain consent for a particular processing purpose. Is the processing personal data for the performance of a contract to which the data subject is a party, required, as is the case, for example, with processing operations for a delivery goods or the provision of any other service or consideration, the Processing on Art. 6 I lit. b DS-GMO. The same applies to such processing operations as to Implementation of pre-contractual measures, such as in cases of ours Products or services. Is our company subject to a legal obligation by which processing of personal data is required, such as fulfillment tax obligations, the processing is based on Art. 6 I lit. c DS-GMO. In rare cases The processing of personal data might be necessary to vital interests the affected person or another natural person. This would be the example Case, if a visitor were injured in our factory and then his name, his age, his health insurance or other vital information to a doctor, hospital or other third parties would have to be passed on. Then the processing would be based on Art. 6 I lit. d DS GMOs are based. Ultimately, processing operations could be based on Art. 6 I lit. f DS GMOs are based. On this legal basis Processing operations which are not covered by any of the abovementioned legal bases, if the Processing is necessary to safeguard the legitimate interests of our company or a third party, provided the interests, fundamental rights and fundamental freedoms of the person concerned do not predominate. Such processing operations We are particularly allowed because they have been specifically mentioned by the European legislator. In that regard, it considered that a legitimate interest could be accepted if the party concerned Person is a customer of the person responsible (Recital 47, sentence 2 DS-GVO).

8. Qualifying interests in the processing that are being pursued by the controller or a third party

Is the processing of personal data based on Article 6 I lit. f DS-GMO is our legitimate interest in the implementation our business for the benefit of all of our employees and our shareholders.

9. Duration for which the personal data is stored

The criterion for the duration of the storage of personal data is the respective statutory Retention period. After the deadline, the corresponding data will be routinely deleted, if they are no longer required for contract fulfillment or contract initiation.

10. Legal or contractual provisions for the provision of personal data

Necessity for the conclusion of the contract; Obligation of the data subject who provide personal information; possible consequences of non-provision
We clarify that the provision of personal information is partly legal mandatory (for example, tax regulations) or even under contractual arrangements (eg information about the contracting party). Sometimes it can lead to a contract be necessary for a data subject to provide us with personal data, which must be processed by us in the sequence. The affected person is for example obliges us to provide personal information when our company with her Contracts. Failure to provide personal data would result in that the contract with the person concerned could not be closed. Before a deployment Personal data by the person concerned must be the person affected to one of our employees turn. Our coworker clarifies the concerning on a case-by-case basis whether the supply the personal data required by law or contract or for the conclusion of the contract it is necessary to establish whether there is an obligation to provide the personal data, and the consequences of non-provision of personal data.

11. Existence of automated decision-making

As a responsible company, we refrain from automatic decision-making or profiling. This Privacy Policy has been provided by the Privacy Policy Generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, which acts as External Data Protection Officer Ingolstadt, Created in cooperation with the IT and data protection lawyer Christian Solmecke.