Centre Médical Bonnevoie Annexe

Data Controller Group medical practice – Centre Médical Bonnevoie Annexe 88, rue du Cimetière, Résidence New York L-1338 Luxembourg E-mail: annexe@centre-medical-bonnevoie.lu Telephone: +352 28 57 18 The data controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data. Data Retention Period We retain your personal data only for as long as necessary to achieve the purposes for which it was collected or otherwise processed. Data is deleted in particular in the following cases: • when the data is no longer necessary for the purposes pursued; • when you withdraw your consent and no other legal basis justifies the processing; • when you validly object to the processing and there are no overriding compelling legitimate grounds that prevail over your rights and freedoms; • when you object to processing for direct marketing purposes or to related profiling. Where immediate deletion is not possible due to statutory retention obligations or for the establishment, exercise, or defence of legal claims, the processing of the data is restricted in accordance with Article 18 GDPR. Specific information regarding retention periods is provided in the relevant sections of this policy. Your Rights In accordance with Regulation (EU) 2016/679 (GDPR), you have the following rights: • right of access to your personal data; • right to rectification of inaccurate or incomplete data; • right to erasure (“right to be forgotten”); • right to restriction of processing; • right to object to processing; • right to data portability. • Right to Object You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(e) or (f) GDPR. In the event of an objection, we will stop processing unless there are compelling legitimate grounds or the processing is necessary for the establishment, exercise, or defence of legal claims. Where your data is processed for direct marketing purposes, you may object at any time, including to profiling insofar as it is related to such direct marketing. Withdrawal of Consent Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal. Right to Lodge a Complaint You have the right to lodge a complaint with the competent supervisory authority, in particular with: National Commission for Data Protection (CNPD) 15, boulevard du Jazz L-4370 Belvaux Luxembourg www.cnpd.lu Provision of Your Personal Data Providing your personal data is generally neither legally nor contractually required, and it is not necessary for concluding a contract. Where certain data is required, we will inform you at the time of collection (for example by marking mandatory fields). Refusal to provide certain data may prevent access to specific services or features (e.g., we may be unable to respond to a request without contact details). Website Hosting The website is hosted by: Checkdomain GmbH Große Burgstraße 27/29 23552 Lübeck – Germany The legal basis for processing is Article 6(1)(f) GDPR (legitimate interest in ensuring reliable and secure hosting). A data processing agreement compliant with Article 28 GDPR has been concluded with the provider, ensuring that personal data is processed only according to our instructions. Mapping Services We use external mapping services to display our location and improve the user experience. Legal basis: • consent (Article 6(1)(a) GDPR), or • legitimate interest (Article 6(1)(f) GDPR). Use of these services may involve profiling operations, including cross-device profiling. Detailed information is provided in the specific sections below. Google Maps Provider: Google Ireland Limited, Ireland Data may be transferred to third countries, including the United States, on the basis of the European Commission’s Standard Contractual Clauses. Google is certified under the EU–US Data Privacy Framework, ensuring an adequate level of protection. Google Customer Reviews The same rules apply to Google services relating to customer reviews. Processing of personal data may take place for evaluation purposes and online visibility. Job Applications Data submitted as part of a job application is processed exclusively for managing the recruitment procedure. After completion of the procedure, the data is deleted or destroyed no later than six months after communication of a negative decision, unless you expressly consent to longer retention. The legal basis for processing is: • Article 6(1)(a) GDPR (consent), or • Article 6(1)(f) GDPR (legitimate interest in managing the procedure and preventing potential disputes). Withdrawal of Your Consent to Data Processing Many processing operations are only possible with your explicit consent. You may withdraw a consent already given at any time. Withdrawal does not affect the lawfulness of processing carried out up to that point. SSL / TLS Encryption The website uses SSL/TLS encryption to protect transmitted data. A secure connection is indicated by a URL beginning with “https://” and the padlock icon in the browser. Cookies The website uses cookies necessary for proper functioning and, where applicable, cookies subject to consent. • Strictly necessary cookies: Article 6(1)(f) GDPR • Consent-based cookies: Article 6(1)(a) GDPR You can configure your browser to accept, reject, or delete cookies. Disabling cookies may limit certain website functions. Log Files (Server Logs) The following data is collected automatically: • browser type and version • operating system used • referrer URL • host name of the accessing computer • time of the server request • IP address Retention period: maximum 8 weeks Legal basis: Article 6(1)(f) GDPR. Contact Form and Communications Data transmitted via the contact form, by e-mail, or by telephone is used exclusively to process your request. Legal basis: • Article 6(1)(b) GDPR (pre-contractual measures), or • Article 6(1)(f) GDPR (legitimate interest), or • Article 6(1)(a) GDPR (consent). Data is deleted once the purpose has been achieved, unless statutory obligations require otherwise. Google Analytics Google Analytics is used only on the basis of your consent. Data may be transferred to third countries on the basis of appropriate safeguards (Standard Contractual Clauses / DPF). Consent may be withdrawn at any time. Fonts (Local Hosting) • Google Fonts: locally hosted; no connection to Google servers • Font Awesome: locally hosted; no transmission to Fonticons Inc.

Annexe

DE

Data Controller Group medical practice – Centre Médical Bonnevoie Annexe 88, rue du Cimetière, Résidence New York L-1338 Luxembourg E-mail: annexe@centre-medical- bonnevoie.lu Telephone: +352 28 57 18 The data controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data. Data Retention Period We retain your personal data only for as long as necessary to achieve the purposes for which it was collected or otherwise processed. Data is deleted in particular in the following cases: • when the data is no longer necessary for the purposes pursued; • when you withdraw your consent and no other legal basis justifies the processing; • when you validly object to the processing and there are no overriding compelling legitimate grounds that prevail over your rights and freedoms; • when you object to processing for direct marketing purposes or to related profiling. Where immediate deletion is not possible due to statutory retention obligations or for the establishment, exercise, or defence of legal claims, the processing of the data is restricted in accordance with Article 18 GDPR. Specific information regarding retention periods is provided in the relevant sections of this policy. Your Rights In accordance with Regulation (EU) 2016/679 (GDPR), you have the following rights: • right of access to your personal data; • right to rectification of inaccurate or incomplete data; • right to erasure (“right to be forgotten”); • right to restriction of processing; • right to object to processing; • right to data portability. • Right to Object You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(e) or (f) GDPR. In the event of an objection, we will stop processing unless there are compelling legitimate grounds or the processing is necessary for the establishment, exercise, or defence of legal claims. Where your data is processed for direct marketing purposes, you may object at any time, including to profiling insofar as it is related to such direct marketing. Withdrawal of Consent Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal. Right to Lodge a Complaint You have the right to lodge a complaint with the competent supervisory authority, in particular with: National Commission for Data Protection (CNPD) 15, boulevard du Jazz L-4370 Belvaux Luxembourg www.cnpd.lu Provision of Your Personal Data Providing your personal data is generally neither legally nor contractually required, and it is not necessary for concluding a contract. Where certain data is required, we will inform you at the time of collection (for example by marking mandatory fields). Refusal to provide certain data may prevent access to specific services or features (e.g., we may be unable to respond to a request without contact details). Website Hosting The website is hosted by: Checkdomain GmbH Große Burgstraße 27/29 23552 Lübeck – Germany The legal basis for processing is Article 6(1)(f) GDPR (legitimate interest in ensuring reliable and secure hosting). A data processing agreement compliant with Article 28 GDPR has been concluded with the provider, ensuring that personal data is processed only according to our instructions. Mapping Services We use external mapping services to display our location and improve the user experience. Legal basis: • consent (Article 6(1)(a) GDPR), or • legitimate interest (Article 6(1)(f) GDPR). Use of these services may involve profiling operations, including cross- device profiling. Detailed information is provided in the specific sections below. Google Maps Provider: Google Ireland Limited, Ireland Data may be transferred to third countries, including the United States, on the basis of the European Commission’s Standard Contractual Clauses. Google is certified under the EU–US Data Privacy Framework, ensuring an adequate level of protection. Google Customer Reviews The same rules apply to Google services relating to customer reviews. Processing of personal data may take place for evaluation purposes and online visibility. Job Applications Data submitted as part of a job application is processed exclusively for managing the recruitment procedure. After completion of the procedure, the data is deleted or destroyed no later than six months after communication of a negative decision, unless you expressly consent to longer retention. The legal basis for processing is: • Article 6(1)(a) GDPR (consent), or • Article 6(1)(f) GDPR (legitimate interest in managing the procedure and preventing potential disputes). Withdrawal of Your Consent to Data Processing Many processing operations are only possible with your explicit consent. You may withdraw a consent already given at any time. Withdrawal does not affect the lawfulness of processing carried out up to that point. SSL / TLS Encryption The website uses SSL/TLS encryption to protect transmitted data. A secure connection is indicated by a URL beginning with “https://” and the padlock icon in the browser. Cookies The website uses cookies necessary for proper functioning and, where applicable, cookies subject to consent. • Strictly necessary cookies: Article 6(1)(f) GDPR • Consent-based cookies: Article 6(1)(a) GDPR You can configure your browser to accept, reject, or delete cookies. Disabling cookies may limit certain website functions. Log Files (Server Logs) The following data is collected automatically: • browser type and version • operating system used • referrer URL • host name of the accessing computer • time of the server request • IP address Retention period: maximum 8 weeks Legal basis: Article 6(1)(f) GDPR. Contact Form and Communications Data transmitted via the contact form, by e-mail, or by telephone is used exclusively to process your request. Legal basis: • Article 6(1)(b) GDPR (pre-contractual measures), or • Article 6(1)(f) GDPR (legitimate interest), or • Article 6(1)(a) GDPR (consent). Data is deleted once the purpose has been achieved, unless statutory obligations require otherwise. Google Analytics Google Analytics is used only on the basis of your consent. Data may be transferred to third countries on the basis of appropriate safeguards (Standard Contractual Clauses / DPF). Consent may be withdrawn at any time. Fonts (Local Hosting) • Google Fonts: locally hosted; no connection to Google servers • Font Awesome: locally hosted; no transmission to Fonticons Inc.

Annexe

Contact us:

Opening hours:

Privacy Policy (Luxembourg - GDPR / CNPD)

DE

Contact us:

Opening hours:

Privacy Policy

(Luxembourg - GDPR /

CNPD)