Privacy Policy

Translation of the German original — in case of doubt, the German privacy policy (Datenschutzerklärung) applies.

Controller

Bioptisches Institut Berlin
Eugen-Schönhaar-Str. 2, 10407 Berlin
info(at)bioptisches-institut-berlin.de · Phone +49 30 9210959-70

Hosting & server log files

When you access this website, our host automatically processes technically necessary data (e.g. IP address, date/time, page requested, browser type) in server log files. This serves the secure and stable operation of the website (Art. 6(1)(f) GDPR). The logs are deleted or anonymised after a short time.

Cookies (strictly necessary only), no tracking

This website uses no analytics, advertising or tracking services and sets no tracking cookies. Fonts (Roboto Condensed) and all other resources are served locally from our server – there is no third-party retrieval (e.g. Google Fonts).

The only cookie set is a strictly necessary session cookie, and only on the pages with a contact/enquiry form (Contact, New Clients): when the form loads, our server issues a session cookie (PHPSESSID; first-party, HttpOnly, Secure, SameSite=Strict). It stores only the security question (arithmetic task) and the CSRF token on the server side and thus serves to protect against form abuse, not to recognise you; it is deleted when the browser session ends. As it is technically necessary (Section 25(2) no. 2 TDDDG, Art. 6(1)(f) GDPR), no consent is required for it.

Contacting us via our forms

Our forms are aimed at professionals – referring practices as well as physicians – and not at patients. We process professional or practice-related contact data; no patient or health data is collected via these forms. Which data is collected depends on the respective form:

  • Contact form: name, email address, message.
  • New-client enquiry (“Write to us!”): practice name, specialty, name(s) of the practising physician(s), establishment number (BSNR), lifelong physician number (LANR), email address, message.
  • Call-back request: phone number, – optionally – an email address (only for an acknowledgement of receipt) and your preferred availability.
  • Contract cancellation (“Cancel a contract”): practice name, contract number, email address and – optionally – reason/notes.

Purpose and legal basis: We process this data exclusively to handle your enquiry or call-back request and to contact you. The legal basis is your consent via the mandatory checkbox (Art. 6(1)(a) GDPR), and, when initiating a collaboration, additionally Art. 6(1)(b) GDPR as well as our legitimate interest in responding to enquiries (Art. 6(1)(f) GDPR). Providing the data is voluntary; however, without the mandatory information marked with *, we cannot process the enquiry.

Transmission & technical protection: Transmission is encrypted (HTTPS). To protect against abuse (spam), we use a server-side security question (arithmetic task), a CSRF token and an invisible spam trap. A technically necessary session cookie is used for this (see the “Cookies” section); no tracking cookies are set. In the case of clear abuse (spam trap filled or too many submissions), the IP address concerned is temporarily blocked for 24 hours; the block then expires automatically.

Logging & technical metadata (abuse prevention): For each form submission we log technical metadata – IP address, timestamp, browser type (user agent) as well as an automatically calculated spam score and the validation result. The purpose is spam and abuse prevention; the legal basis is our legitimate interest therein (Art. 6(1)(f) GDPR). The full IP address is automatically anonymised after 14 days (e.g. 203.0.113.50 → 203.0.113.XXX).

Recipients / processors: Your details are forwarded to the responsible staff of the institute. For provision, delivery and storage, IT service providers are involved as processors (Art. 28 GDPR) – typically separately: the web hosting provider (provision of the website and form backend) and a separate email / mail-server provider (delivery and storage of the messages); possibly also an office/groupware environment used in operations. A data processing agreement (DPA) must be in place with each of these providers.

Storage period: We store the data until your enquiry has been finally processed and no statutory retention obligations conflict; it is then deleted. (Specific period to be added by the operator.)

Note on call-back requests: Where call-back requests are recorded for internal scheduling, this takes place as part of handling the enquiry in an internal system; an external calendar service (e.g. Google Calendar) is not used for this. (System in use to be named by the operator.)

Map display (directions)

The directions map on the contact page is a static, locally stored image – no retrieval from a map service takes place when the page loads, and no data is transmitted to third parties. Only when you click the links “Larger map on OpenStreetMap” or “Plan a route” are you forwarded to the respective external service (OpenStreetMap Foundation or Google Maps); their privacy policies then apply.

Your rights

You have the right to access, rectification, erasure, restriction of processing, data portability and objection. You also have the right to lodge a complaint with the competent supervisory authority (Berlin Commissioner for Data Protection and Freedom of Information).

Contact

Bioptisches Institut Berlin
Specialists in Pathology

Eugen-Schönhaar-Str. 2
10407 Berlin

Physicians

more

Office hours

Monday to Friday, 7:00 a.m. to 4:00 p.m.

Telephone diagnostic enquiries (medical)

Monday to Friday, 9:00 a.m. to 4:00 p.m.

Specimens and reports

Specimen pick-up by the Sommer courier service

  • Reports within 48 h
  • Cito cases within 24 h
  • Ultra-cito cases same day

Report delivery via

  • Mail
  • Courier service
  • Phone/Fax
  • LDT

We provide all materials for preparing and submitting specimens free of charge.