Privacy Policy
1. Data Protection at a Glance
​
General Information
The following information provides an overview of what happens to your personal data when you visit this website. Personal data means all data by which you can be personally identified. Detailed information on data protection can be found in the privacy policy below.
​
Data Collection on This Website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. The contact details can be found in the section “Information on the Responsible Party” in this privacy policy.
How do we collect your data?
Your data is collected, on the one hand, when you provide it to us. This may, for example, include data that you enter into a contact form, provide as part of an appointment booking or submit for the newsletter. Other data is collected automatically or after your consent when you visit the website by our IT systems or by integrated services. This primarily includes technical data, e. g. internet browser, operating system, time of page access, referrer URL or shortened IP address.
What do we use your data for?
Some of the data is collected to ensure error-free provision of the website. Other data may be used to process your request, arrange appointments, communicate with you, measure reach, statistically analyze user behavior or optimize advertising measures. If an appointment booking or other treatment request is made via the website, the transmitted data may also be processed for the implementation of pre-contractual measures or for the preparation of treatment.
What rights do you have regarding your data?
You have the right at any time to obtain information free of charge about the origin, recipients and purpose of your stored personal data. You also have the right to rectification, deletion, restriction of processing and data portability. You may revoke any consent already given at any time with effect for the future. You also have the right to lodge a complaint with the competent data protection supervisory authority.
​​
2. Hosting and Website System
​
We host and operate this website via Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel, or via affiliated companies and subcontractors used by Wix. Wix states that, depending on the configuration and services used, data of website visitors may also be processed across borders and separately lists subprocessors and international data flows for this purpose.
The use of Wix is based on Art. 6 Abs. 1 lit. f DSGVO, as we have a legitimate interest in the most reliable, secure and professional presentation of our website possible. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 Abs. 1 lit. a DSGVO and § 25 Abs. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the end device. We have concluded a data processing agreement with service providers where required under data protection law.
​​
3. General Information and Mandatory Information
​
Data Protection
The protection of your personal data is of particular concern to us. We treat your personal data confidentially and in accordance with the applicable data protection regulations and this privacy policy. When you use this website, various personal data is collected. This privacy policy explains which data we collect, what we use it for and on what legal basis this is done. We point out that data transmission on the internet, e. g. communication by e-mail, may have security gaps. Complete protection of data against access by third parties is not possible.
Information on the Responsible Party
Responsible for data processing on this website is:
Dr. med. Zhixiong Chang
German Academy of Aesthetic Medicine & Anatomy
Speditionstraße 6
Media-Harbour
Düsseldorf
Germany
Phone: +4917623599132
E-Mail: info@gaama.org
The responsible party is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.
Storage Period
Unless a more specific storage period has been stated within this privacy policy, personal data will remain with us until the purpose for data processing no longer applies. If you submit a legitimate request for deletion or revoke consent, your data will be deleted unless there are other legally permissible reasons for storage, such as retention obligations under commercial, tax or professional law.
​
General Information on the Legal Bases of Data Processing
If you have consented to data processing, we process your data on the basis of Art. 6 Abs. 1 lit. a DSGVO. If special categories of personal data, in particular health data, are concerned, processing is additionally carried out on the basis of Art. 9 Abs. 2 DSGVO, in particular lit. a or lit. h, where applicable.
If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process it on the basis of Art. 6 Abs. 1 lit. b DSGVO. Insofar as we are legally obliged to process data, this is carried out on the basis of Art. 6 Abs. 1 lit. c DSGVO. Data processing may also be carried out on the basis of our legitimate interest pursuant to Art. 6 Abs. 1 lit. f DSGVO.
Insofar as cookies or comparable technologies are used, their use is additionally governed by § 25 TDDDG.
Recipients of Personal Data
As part of our activities, we work with external technical and organizational service providers, e. g. for hosting, appointment organization, newsletters, analytics, maps, video content or marketing. Personal data is only passed on if this is legally permitted, necessary for the performance of a contract, we are entitled or obliged to do so, or you have consented.
​
Information on Data Transfer to Third Countries
We use services from companies whose parent companies or technical infrastructure may be located in whole or in part outside the European Union or the European Economic Area. In particular with services from Google, Meta and other internationally active providers, the transfer of personal data to third countries, especially to the USA, cannot be excluded. Google and Meta each provide information on their relevant data protection and transfer mechanisms; Google refers to its participation in the Data Privacy Framework, as does Meta.
Revocation of Your Consent to Data Processing
Many data processing operations are only possible with your express consent. You may revoke consent already given at any time with effect for the future.
Right to Object Pursuant to Art. 21 DSGVO
Where processing is based on Art. 6 Abs. 1 lit. e or f DSGVO, you have the right at any time, for reasons arising from your particular situation, to object to the processing of your personal data. If personal data is processed for the purpose of direct advertising, you have the right at any time to object to the processing for the purpose of such advertising.
​
Right to Lodge a Complaint with the Competent Supervisory Authority
In the event of data protection violations, you have the right to lodge a complaint with the competent supervisory authority.
Right to Data Portability
You have the right to receive data that we process automatically on the basis of your consent or in performance of a contract in a commonly used, machine-readable format or to have it transferred to a third party, insofar as this is technically feasible.
Information, Rectification and Deletion
You have the right at any time to obtain free information about your stored personal data as well as to have this data rectified or deleted within the framework of the statutory provisions.
​
Right to Restriction of Processing
You have the right to request the restriction of the processing of your personal data, provided that the legal requirements are met.
​
SSL or TLS Encryption
For security reasons and to protect the transmission of confidential content, this website uses SSL or TLS encryption.
​
4. Data Collection on This Website
​
Cookies
Our websites use cookies and comparable technologies. Cookies are small files or technical information that are stored on or read from your end device. They serve either the technically necessary provision of the website or – following your consent – analysis, convenience or marketing purposes. The legal basis for necessary cookies is Art. 6 Abs. 1 lit. f DSGVO; where consent is required, their use is based on Art. 6 Abs. 1 lit. a DSGVO in conjunction with § 25 Abs. 1 TDDDG.
You may revoke or adjust your consent at any time via the cookie settings.
​
Consent Management / Cookie Banner
To obtain, manage and document your cookie and tracking consents, we use the consent solution implemented on our website. Wix provides data protection and consent functions for this purpose; depending on the technical configuration, additional consent tools may also be used. Wix points out that website operators must themselves ensure legal compliance.
​
Server Log Files
The provider of the website or the hosting infrastructure automatically collects and stores information in so-called server log files, which your browser automatically transmits. These include in particular:
Browser type and browser version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of the server request
IP address
​
This data is not merged with other data sources without further action. Collection takes place on the basis of Art. 6 Abs. 1 lit. f DSGVO.
​
Contact Form
If you send us inquiries via the contact form, your details from the form, including the contact data you provide, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions.
The processing of this data is carried out on the basis of Art. 6 Abs. 1 lit. b DSGVO, provided your inquiry is related to the initiation or performance of a contract. In all other cases, processing is carried out on the basis of our legitimate interest in the efficient handling of inquiries pursuant to Art. 6 Abs. 1 lit. f DSGVO or – where requested – on the basis of your consent pursuant to Art. 6 Abs. 1 lit. a DSGVO.
​
Inquiry by E-Mail or Telephone
If you contact us by e-mail or telephone, your inquiry and the resulting personal data will be stored and processed for the purpose of handling your request.
​
Contact via WhatsApp
​You also have the option of contacting us via the WhatsApp messenger service. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
If you contact us via WhatsApp, the following data in particular may be processed:
Your telephone number
Your name (if stored in WhatsApp)
Contents of the communication
Technical metadata (e. g. timestamps)
​
Please note that WhatsApp may also process personal data outside the European Union and may transfer data to affiliated companies, in particular Meta Platforms Inc.
The use of WhatsApp is voluntary. Alternatively, you may contact us at any time through other communication channels (e. g. telephone or e-mail).
Processing is carried out on the basis of:
Art. 6 Abs. 1 lit. b DSGVO (processing your inquiry)
Art. 6 Abs. 1 lit. a DSGVO (consent through the use of WhatsApp)
​
Please note that we do not have complete control over data processing by WhatsApp.
​
5. Appointment Booking Portals and Review / Physician Portals
​
Calendly
​For online appointment scheduling, we use the Calendly service provided by Calendly LLC, 271 17th St NW, Atlanta, GA 30363, USA.
If you book an appointment via Calendly, the data you enter (e. g. name, telephone number, e-mail address, preferred appointment date and, where applicable, additional information) will be transmitted to Calendly and processed there to enable appointment booking and organization.
​
The use of Calendly is in the interest of simple and user-friendly appointment scheduling pursuant to Art. 6 Abs. 1 lit. b DSGVO (performance of a contract or pre-contractual measures) and on the basis of our legitimate interest in efficient appointment management pursuant to Art. 6 Abs. 1 lit. f DSGVO.
​
A transfer of personal data to the USA cannot be excluded. According to its own statements, Calendly uses appropriate data protection safeguards, in particular the Standard Contractual Clauses of the European Commission.
Further information on data protection at Calendly can be found at:
https://calendly.com/privacy
​
If you do not wish your data to be transmitted via Calendly, you may alternatively arrange appointments with our practice by telephone or e-mail.
Wix Bookings
Wix Bookings may be used on this website for online appointment scheduling. The service is provided through Wix. The data you enter, in particular your name, contact details, preferred appointment date and any additional voluntary information, will be processed. Wix provides information regarding cross-border data processing and privacy functions for website operators.
Processing is carried out for appointment organization and on the basis of Art. 6 Abs. 1 lit. b DSGVO. Where health-related information is involved, processing is additionally carried out pursuant to Art. 9 Abs. 2 lit. h DSGVO or on the basis of your explicit consent.
Google Reviews
Our website may display content or links relating to reviews via the Google service. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit our website and access content related to Google Reviews or click corresponding links, a connection to Google servers may be established. In this process, your IP address may be transmitted. Where reviews are directly embedded (e. g. widgets), Google may use cookies or similar technologies.
The use serves the interest of a transparent presentation of our services and constitutes a legitimate interest within the meaning of Art. 6 Abs. 1 lit. f DSGVO.
Where consent is required (e. g. for cookies), processing is carried out on the basis of Art. 6 Abs. 1 lit. a DSGVO in conjunction with § 25 TDDDG.
Further information can be found in Google’s privacy policy.
​
Trustpilot
Our website may include content or links relating to reviews via the Trustpilot platform. The provider is Trustpilot A/S, Pilestræde 58, 1112 Copenhagen, Denmark.
When you access a page on which Trustpilot is integrated, a connection to Trustpilot servers may be established. Personal data, in particular your IP address, may be transmitted in this process.
The use serves the presentation of reviews and the improvement of our public image.
Processing is carried out on the basis of Art. 6 Abs. 1 lit. f DSGVO.
Where consent is required, it is based on Art. 6 Abs. 1 lit. a DSGVO.
Further information can be found in Trustpilot’s privacy policy.
​
Publication of Patient Reviews and Testimonials on Our Website
Our website may publish testimonials, reviews or customer feedback from patients or users of our services.
These may include both written and verbal reviews that are subsequently presented on our website in an edited format.
Such content is published exclusively with the express consent of the data subject and is voluntary and revocable at any time.
​​
Depending on the individual case, the following data may be published:
First name or initials
Age or general information (e. g. “Patient, 34”)
Testimonial or review
Where applicable, anonymized treatment information
​
Publication is generally carried out:
Anonymously or under a pseudonym
Without allowing conclusions to be drawn regarding the specific identity, unless expressly requested
​
Processing is carried out on the basis of:
Art. 6 Abs. 1 lit. a DSGVO (consent)
Where applicable, Art. 9 Abs. 2 lit. a DSGVO (where health-related information is involved)
​
The data subject may revoke consent at any time with effect for the future. In this case, the corresponding contribution will be removed immediately.
​
6. Social Media
​
Social Media Links and Icons
Our website may contain links to our profiles on Instagram, Facebook, TikTok, YouTube or other social networks. These are generally simple links. Merely visiting our website does not in itself result in any data being transmitted to these platforms. Only when you actively click on a corresponding link will you leave our website and the privacy policies of the respective provider will apply.
​
Facebook and Instagram
The provider of the Facebook and Instagram platforms is generally Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Meta explains in its privacy information how data is collected, used, stored and transferred; Meta also provides information about its DPF participation and joint controllership in connection with certain business tools.
​
TikTok
Where we link to TikTok or provide content there, the privacy policies of the respective TikTok provider apply. By clicking on corresponding links, you leave our website.
YouTube / YouTube Channel
Where we link to YouTube or operate a YouTube channel, the privacy policies of Google and/or YouTube apply. Information regarding the embedding of YouTube content and privacy options is provided directly by Google/YouTube.
​
7. Analytics Tools and Advertising
​
Google Tag Manager
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used for the management and integration of additional tools on our website. According to Google, the service itself does not create its own user profiles like a traditional analytics tool, but may process data such as IP addresses for technical reasons. Google also provides information regarding international data transfers and its participation in the DPF.
The use of Google Tag Manager is based on Art. 6 Abs. 1 lit. f DSGVO. Where consent is required for downstream services, such services will only be used with your consent.
​
Google Analytics
This website uses Google Analytics, a web analytics service provided by Google. Google states that data from websites and apps on or in which Google services such as Analytics are used may be processed.
With Google Analytics, we can analyze the behavior of website visitors. In particular, page views, duration of visits, devices used, traffic sources and user interactions may be evaluated. Where technically configured, IP anonymization is used.
The use of Google Analytics is carried out exclusively on the basis of your consent pursuant to Art. 6 Abs. 1 lit. a DSGVO in conjunction with § 25 Abs. 1 TDDDG.
​
Google Ads and Conversion Tracking
We use Google Ads and, where applicable, Google Conversion Tracking to measure the effectiveness of advertisements and to display interest-based advertising. This enables us to determine whether a user has reached our website through an advertisement and which actions were subsequently performed.
The use of these services is carried out exclusively on the basis of your consent pursuant to Art. 6 Abs. 1 lit. a DSGVO in conjunction with § 25 Abs. 1 TDDDG. Google provides information regarding data processing on websites using Google services and international data transfers.
​
Meta Pixel / Facebook and Instagram Ads / Meta Ads
This website may use the Meta Pixel to measure conversions, optimize advertisements and create audiences for Facebook and Instagram advertising. The provider is Meta Platforms Ireland Limited. Meta explains in its Privacy Policy and Joint Controller Addendum how data is processed when Meta Business Tools are used.
This enables us to determine whether users have reached our website after clicking on an advertisement and which actions they subsequently performed there. The use of the Meta Pixel is carried out exclusively on the basis of your consent pursuant to Art. 6 Abs. 1 lit. a DSGVO in conjunction with § 25 Abs. 1 TDDDG.
Where joint controllership pursuant to Art. 26 DSGVO exists in connection with Meta Business Tools, such joint responsibility is limited to the collection and transmission of data to Meta; further processing by Meta falls within Meta’s sphere of responsibility. Meta provides further information on this in its Controller Addendum.
​
8. Newsletter
​
Brevo
Brevo may be used for the distribution of newsletters and, where applicable, marketing automation. The provider is Sendinblue GmbH / Brevo or the Brevo Group. Brevo provides information regarding data protection, DSGVO compliance, double opt-in procedures and privacy-compliant forms.
If you subscribe to our newsletter, we process your e-mail address and, where applicable, additional voluntary information. Registration takes place using the double opt-in procedure. The legal basis is Art. 6 Abs. 1 lit. a DSGVO. Consent may be revoked at any time, for example via the unsubscribe link contained in the newsletter.
Where this function is activated, we may evaluate whether newsletters are opened and which links are clicked. This also takes place on the basis of your consent or within the framework of the selected newsletter service.
​
9. Plugins and Tools
​
YouTube
This website may embed videos from YouTube. The operator is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. YouTube explains the embedding of videos in its support documentation, and Google provides information regarding data processing on websites using Google services within its privacy documentation.
When you visit a page containing an embedded YouTube video, a connection to YouTube servers may be established. In this process, YouTube may learn which page you have visited. If you are logged into your YouTube account, YouTube may associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account before visiting the website.
Where possible, we use YouTube's enhanced privacy mode. Nevertheless, the processing of personal data cannot be completely excluded. The use of YouTube takes place – unless technically necessary – only after your consent has been obtained.
​​
Instagram, Facebook and TikTok
This website may integrate functions and content from the social networks Instagram and Facebook (provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) as well as TikTok (provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland).
This may include posts, videos, feeds or links to our profiles. When accessing a page containing such content, a connection to the servers of the respective providers may be established. In this process, personal data (e. g. IP address, browser information or user behavior) may be transmitted to the providers.
If you are logged into one of these services, the respective provider may associate your visit to this website with your user account. We have no influence over the data processing carried out by these providers.
Where such integration is not technically necessary, it is carried out only on the basis of your consent pursuant to Art. 6 Abs. 1 lit. a DSGVO.
Please note that the use of these services may result in the transfer of personal data to third countries (in particular the USA) where a level of data protection comparable to that of the EU may not exist.
Further information can be found in the privacy policies of the respective providers.
​
Google Maps
This website may use Google Maps to display locations. The provider is Google Ireland Limited. When a Google Maps map is loaded, your IP address may be transmitted to Google; Google provides information on this in its privacy documentation.
The use of Google Maps serves the interest of presenting our locations in an attractive manner and making our practice easy to find. Where corresponding consent is requested, Google Maps is used exclusively on the basis of your consent.
​
Google Fonts
Where Google Fonts are used on this website, they are integrated locally whenever possible. If Google Fonts are loaded externally, a connection to Google servers may be established.
​
10. Chatbots and Communication
​
Wix Chat
​We use the chat function ("Wix Chat") provided by Wix.com Ltd. on this website for direct communication with website visitors.
When you use the chat function, the following data may be processed:
Name (if provided)
Contact details (e. g. e-mail address, if entered)
Contents of the communication
Technical data (e. g. IP address, device, time of access)
​
The data is used to process your inquiry and to facilitate rapid communication.
Processing is carried out on the basis of:
Art. 6 Abs. 1 lit. b DSGVO (pre-contractual measures / communication)
Art. 6 Abs. 1 lit. f DSGVO (legitimate interest in efficient communication)
​
Where consent is required (e. g. for cookies or tracking in connection with the chat function), processing additionally takes place on the basis of Art. 6 Abs. 1 lit. a DSGVO in conjunction with § 25 TDDDG.
​
​We offer you the possibility of contacting us via the WhatsApp messenger service.
The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
If you contact us via WhatsApp, the following data will be processed:
Telephone number
Name (if stored)
Contents of the communication
Metadata (e. g. time of the message)
​
Please note that WhatsApp also processes personal data on servers outside the European Union and may transfer data to affiliated companies, in particular Meta Platforms Inc.
The use of WhatsApp is voluntary. If you do not wish to use WhatsApp, you may use alternative contact options (e. g. telephone or e-mail).
Processing is carried out on the basis of:
Art. 6 Abs. 1 lit. b DSGVO (processing your inquiry)
Art. 6 Abs. 1 lit. a DSGVO (consent through use of the service)
​
Please note that we do not have complete control over data processing by WhatsApp.
Further information can be found in WhatsApp’s Privacy Policy.
​
11. Images and Videos of Patients, Employees and Other Persons
​
This website may publish images or videos of patients, employees, colleagues, cooperation partners, events and other individuals. Such publication is carried out exclusively on the basis of the prior, explicit and informed consent of the respective data subject, unless another legal basis applies.
In such cases, processing is carried out on the basis of Art. 6 Abs. 1 lit. a DSGVO and – where health data is concerned – additionally on the basis of Art. 9 Abs. 2 lit. a DSGVO. Where applicable, the provisions of the Kunsturhebergesetz (KUG) shall also apply.
When using image and video material of patients, a particularly high level of confidentiality and protection of privacy is ensured. Any identifiable presentation takes place exclusively on the basis of a separate, explicit written consent. Without such consent, patients will not be presented in an identifiable manner or appropriate anonymization will be applied.
The use of image and video material may, in addition to publication on this website, also be used for marketing and communication purposes, in particular on social media (e. g. Instagram, Facebook, LinkedIn), third-party platforms, online campaigns, newsletters and print media (e. g. brochures, flyers, advertisements).
Within the scope of such use, it cannot be excluded that content may be redistributed, stored or otherwise processed by third parties, particularly in connection with publications on social networks. We have no complete control over such processing.
Where necessary for the implementation of marketing measures, processing may also be carried out by external service providers (e. g. agencies, photographers, IT and marketing service providers) within the framework of data processing pursuant to Art. 28 DSGVO. These providers are carefully selected and contractually obligated to comply with applicable data protection regulations.
Any consent granted is voluntary and may be revoked at any time with effect for the future. The lawfulness of processing carried out prior to the revocation remains unaffected.
​
12. Recipients, Processors and Contracts
​
Where we use external service providers that process personal data on our behalf, we conclude – where legally required – data processing agreements pursuant to Art. 28 DSGVO. This applies in particular to technical service providers such as hosting, newsletter, appointment scheduling and analytics providers.
​
13. Storage Period
​
Personal data is stored only for as long as necessary to fulfill the respective purpose or as required by statutory retention obligations. Health-related data and treatment-related records may be subject to special professional and legal retention periods.
​
14. Data Security
​
We implement appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction or unauthorized access by third parties.
​
15. Objection to Advertising E-Mails
​
The use of contact data published in the legal notice (Impressum) for the purpose of sending unsolicited advertising and informational materials is hereby expressly objected to.
​
16. Currency and Amendments to this Privacy Policy
​
We reserve the right to amend this privacy policy so that it always complies with current legal requirements or to implement changes to our website, services or technologies used.