Politica de privacidad

Last updated: [16/04/2026]

In compliance with Regulation (EU) 2016/679 of 27 April 2016, the General Data Protection Regulation (“GDPR”), and Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (“LOPDGDD”), users of the website https://die-orthopaedin.com are hereby informed about the processing of their personal data.

 

1. Data Controller

Controller: Dr. Ulrike Göpel
Email: info@die-orthopaedin.com
Website: https://die-orthopaedin.com

 

2. What personal data we process

Through this website, we may process the following categories of data:

  • Identification data: first name and surname.
  • Contact data: email address, telephone number.
  • Basic location data: town/municipality of residence.
  • Data voluntarily provided by the user in the message or enquiry field.
  • Technical data relating to navigation, security and use of the website.
  • Data associated with cookie preferences, where applicable.

 

3. Health data

As this website is linked to the practice of a specialist in orthopaedic surgery and traumatology, users may include in their messages information relating to their state of health, injuries, medical history or symptoms.

Such data shall be considered special categories of personal data and will be processed with the enhanced safeguards required by applicable legislation.

Users are advised not to submit excessive clinical information, medical reports or unsolicited medical documentation via the form, unless strictly necessary to respond to the enquiry or manage an appointment.

 

4. Purposes of processing

Personal data collected through the website may be processed for the following purposes:

  • Handling information requests, enquiries or communications submitted by the user.
  • Managing appointment requests, pre-appointments or professional contact requests.
  • Responding to requests related to the medical services offered.
  • Maintaining communications arising from pre-contractual or professional relationships.
  • Ensuring website security and preventing abuse, spam or unauthorised access.
  • Managing consent preferences and the technical operation of the website.
  • Complying with legal obligations applicable to the controller.

 

5. Legal basis for processing

The legal basis for processing shall be, depending on each case:

  • Pre-contractual measures, when the user requests information or an appointment.
  • Consent of the data subject, when they voluntarily provide their data via the form or accept certain non-essential cookies or technologies.
  • Compliance with legal obligations, when processing is necessary to fulfil applicable regulatory obligations.
  • Legitimate interest of the controller, in relation to website security, fraud prevention, technical control and defence against claims.
  • Where health data is communicated, processing shall be limited to what is strictly necessary to handle the enquiry, appointment request or communication made by the data subject.

 

6. Source of data

Personal data is generally obtained directly from the data subject through:

  • Contact or appointment forms on the website;
  • Emails sent to the published addresses;
  • Calls or communications initiated by the user;
  • Navigation and technical use of the website.

 

7. Data retention

Personal data will be retained for as long as necessary to fulfil the purpose for which it was collected and, subsequently, for the legally required periods or for as long as liabilities may arise.

As a general guideline:

  • Web enquiries and contact forms: for the time necessary to handle the request and, thereafter, for the applicable legal limitation periods.
  • Appointment requests or professional communications: during the handling of the request and the corresponding administrative or legal periods.
  • Technical and security data: for the period strictly necessary to ensure website security.
  • Cookie-related data: as indicated in the Cookie Policy and until consent is withdrawn where applicable.

 

8. Recipients of data

Data will generally not be disclosed to third parties except where required by law or when necessary for the provision of services linked to the operation of the website.

The following service providers may have access to personal data as data processors:

  • Web hosting provider;
  • Email provider;
  • Technical maintenance or web development provider;
  • Anti-spam tools or form verification provider;
  • Other technology providers necessary for the operation of the website.

In all required cases, such access will be covered by the corresponding data processing agreements.

 

9. International data transfers

Some technological services integrated into the website may involve access to or processing of data by providers located outside the European Economic Area or by international entities, particularly when using third-party services such as security tools, external fonts, analytics or form-related services.

In such cases, the controller shall adopt the appropriate safeguards required by data protection regulations.

 

10. Links to third-party websites

This website may contain links to third-party pages or services. The controller accepts no responsibility for the content, privacy policies or practices of such external sites.

 

11. Minors

The contact form is not intended for use by minors. Should it be detected that personal data of a minor has been collected without valid authorisation, appropriate measures will be taken to delete it.