Home → Privacy Policy

Privacy Policy

Information on the processing of personal data according to GDPR (DSGVO)

Last updated: April 2026

1. Controller

The controller for data processing within the meaning of the GDPR is:
dr. med. univ. Albrecht Wenzel
Internistische Hausarztpraxis (Internal Medicine Practice)
Georg-Schumann-Straße 257
04159 Leipzig, Germany
Phone: +49 341 5210871
E-mail: info@internist-wenzel.de

2. Supervisory Authority

Saxon Data Protection and Transparency Commissioner
Devrientstraße 5, 01067 Dresden, Germany
www.saechsdsb.de

The Saxon State Chamber of Physicians (Sächsische Landesärztekammer, Schützenhöhe 16, 01099 Dresden) is additionally responsible for professional supervision.

3. Principles and Purposes of Data Processing

We process personal data exclusively on the basis of statutory provisions (GDPR, German Federal Data Protection Act, Social Code Book V, Code of Conduct of the Saxon State Chamber of Physicians) and only for the purposes set out below.

4. Data Processing as part of Medical Treatment

As part of medical treatment, we process your master data (name, date of birth, address, insurance details) and health data (medical history, diagnoses, findings, therapy, prescriptions, correspondence with co-treating practitioners, laboratory results, etc.).

Legal bases: Art. 6 (1) (b) and (c) GDPR as well as Art. 9 (2) (h) GDPR in conjunction with § 22 (1) No. 1 (b) BDSG (treatment by personnel subject to medical confidentiality). Where required by law, data is transmitted to statutory health insurance funds, the Association of Statutory Health Insurance Physicians, co-treating physicians/therapists, billing offices, laboratories and, where applicable, the Medical Service (MD).

Retention: Patient records are retained for at least 10 years after the conclusion of treatment (§ 630f (3) BGB). Longer retention periods may apply under radiation protection and other statutory provisions.

5. Server Log Files when Accessing the Website

When you access this website, the hosting provider records technically necessary data in so-called server log files:

  • URL accessed
  • date and time of access
  • volume of data transferred
  • browser, browser version and operating system
  • referrer URL
  • anonymised IP address (truncated)

Purpose: ensuring stable and secure operation, error analysis and defence against attacks.
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest).
Retention period: generally 7 days; evaluation only takes place if there are concrete indications of misuse.

6. Contact via E-mail or Telephone

When you contact us, we process the data you provide solely to handle your request. The legal basis is Art. 6 (1) (b) GDPR (pre-contractual or treatment-related measures) or Art. 6 (1) (f) GDPR. Please note that unencrypted e-mails are an insecure means of transmission — please do not send sensitive health data to us by e-mail.

7. Online Appointment Booking via Doctolib

For online appointment booking we use the Doctolib service, operated by Doctolib GmbH, Mehringdamm 51, 10961 Berlin (affiliated with Doctolib SAS, Levallois-Perret, France). When you book an appointment, Doctolib processes your name, contact details and reason for the appointment.

Processing is based on Art. 6 (1) (b) GDPR and Art. 9 (2) (h) GDPR in conjunction with § 22 (1) No. 1 (b) BDSG. With regard to appointment data, Doctolib acts as our processor (Art. 28 GDPR); for booking and user-account functions, Doctolib acts as a separate controller. Further information: doctolib.de/terms/privacy.

8. Map (Google Maps) — only with your Consent

A map of the practice location is embedded on the home page. The map is only loaded after you have actively clicked the consent button (two-click solution). No data is transmitted to Google before that.

The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When activated, data (in particular IP address) is also transferred to Google LLC in the United States. For the USA, the European Commission has adopted an adequacy decision based on the EU-US Data Privacy Framework (Decision (EU) 2023/1795); Google is certified under the framework.

Legal bases: Art. 6 (1) (a) GDPR (consent) and § 25 (1) TDDDG. You can withdraw your consent at any time with effect for the future by reloading the page.

9. Fonts and Media

Fonts (Inter) are loaded exclusively from our own server. There is no connection to Google Fonts or comparable third-party providers. Images are hosted locally.

10. Cookies and Tracking

This website does not set any tracking, analytics or marketing cookies. No web analytics services, social media pixels or advertising trackers are integrated.

Strictly necessary cookies may occasionally be set by the content management system (e.g. to store your language preference). The legal basis for this is § 25 (2) No. 2 TDDDG.

11. Encrypted Transmission (TLS/SSL)

This website is delivered exclusively via a TLS-encrypted connection (HTTPS).

12. Recipients of your Data

Your data is generally not passed on to third parties. Recipients in the context of treatment may include: statutory health insurance funds, the Association of Statutory Health Insurance Physicians of Saxony, co- and follow-up treating physicians and therapists, external laboratories, billing offices, the Medical Service, and, where applicable, notaries, courts and public authorities subject to legal reporting obligations. Processors (hosting provider, practice IT, Doctolib for appointments) are bound by contract under Art. 28 GDPR.

13. Your Rights as a Data Subject

You have the following rights with regard to us:

  • access (Art. 15 GDPR)
  • rectification of inaccurate data (Art. 16 GDPR)
  • erasure (Art. 17 GDPR) — to the extent that statutory retention obligations do not preclude this
  • restriction of processing (Art. 18 GDPR)
  • data portability (Art. 20 GDPR)
  • objection to processing (Art. 21 GDPR)
  • withdrawal of consent given, with effect for the future (Art. 7 (3) GDPR)
  • complaint to the competent supervisory authority (Art. 77 GDPR; see point 2)

14. Changes to this Privacy Policy

We reserve the right to adapt this privacy policy as soon as the legal situation or our processing activities change. The current version published on this page applies in each case.

Book appointment →