Privacy Policy
The German version is legally authoritative. This translation is provided for convenience and better understanding.
Effective: July 2026
1. Privacy at a Glance
General Information
The following information provides an overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you.
Data Collection on This Website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the controller named in the section “Information on the Controller.”
How do we collect your data?
Your data is collected, on the one hand, when you provide it to us, e.g., via the appointment cancellation form, the application form, by email, by phone, or by fax.
Other data is collected automatically or with your consent when you visit the website through our IT systems. This primarily includes technical data, such as your IP address, internet browser, operating system, referrer URL, date and time of the page view.
What do we use your data for?
Some of the data is collected to ensure the website operates without technical errors and remains secure. We use other data to process your inquiries, appointment cancellations, online appointment bookings, or job applications. External content such as Google Maps is only loaded with your consent.
What rights do you have regarding your data?
You have the right at any time to obtain information about the origin, recipients, and purpose of your stored personal data. You also have the right to rectification, erasure, restriction of processing, data portability, withdrawal of consent, and objection to certain processing activities. You also have the right to file a complaint with a data protection supervisory authority.
2. General Information and Mandatory Disclosures
Data Protection
We treat your personal data confidentially and in accordance with applicable data protection laws, in particular the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), the Telecommunications and Digital Services Data Protection Act (TDDDG), and this Privacy Policy.
Information on the Data Controller
Data Controller:
Dr. med. Johanne Graftiaux
Private Gynecology Practice
Kehler Women’s Clinic
Hauptstraße 95
77694 Kehl
Germany
Phone: +49 (0) 7851 8699040
Fax: +49 (0) 7851 8699049
Email: info@kehler-frauen-aerztin.de
Website: https://kehler-frauen-aerztin.de
Data Protection Officer
A Data Protection Officer has not been appointed, as there is currently no legal obligation to do so. If you have any questions regarding data protection, you may contact the responsible party listed above at any time.
Processing of Special Categories of Personal Data
Since this is a medical practice’s website, health data may be processed when using certain features, particularly when booking appointments, canceling appointments, or making medical inquiries, health data may be processed. Health data constitutes special categories of personal data within the meaning of Article 9 of the GDPR and is subject to enhanced protection.
Please use general contact methods, such as email or free-form fields, to provide only the information necessary for your inquiry. This website is not intended for medical emergencies.
Legal Basis for Processing
To the extent that we obtain consent for processing operations, the processing is based on Article 6(1)(a) of the GDPR and, where special categories of personal data are involved, Article 9(2)(a) of the GDPR.
If processing is necessary for the performance of a contract or for the implementation of pre-contractual measures, it is carried out on the basis of Article 6(1)(b) of the GDPR.
To the extent that processing is necessary to comply with legal obligations, it is based on Article 6(1)(c) of the GDPR.
To the extent that processing is necessary to protect legitimate interests, it is carried out on the basis of Art. 6(1)(f) of the GDPR. Our legitimate interest lies, in particular, in the secure, stable, and user-friendly provision of this website, as well as in the processing of inquiries.
To the extent that health data is processed in the context of medical care, appointment scheduling, or communication with the practice, this is also based, where applicable, on Article 9(2)(h) of the GDPR in conjunction with the relevant professional and social law regulations.
Retention Period
Unless a more specific retention period is stated in this Privacy Policy, we store personal data only for as long as necessary for the respective purpose or as required by statutory retention periods. If the purpose no longer applies or a statutory retention period expires, the data will be deleted or blocked.
Recipients of Personal Data
Personal data may, where necessary, be transferred to technical service providers, hosting providers, IT service providers, appointment scheduling service providers, website security services, government agencies, or other entities, provided there is a legal basis for doing so. Where service providers are engaged as data processors, this is done on the basis of a data processing agreement pursuant to Article 28 of the GDPR.
Withdrawal of Your Consent
You may withdraw any consent you have already given at any time with future effect. The lawfulness of the processing carried out prior to the withdrawal remains unaffected by the withdrawal.
Right to Object to Data Collection in Specific Cases
If data processing is based on Article 6(1)(e) or (f) of the GDPR, you have the right at any time to object to the processing of your personal data on grounds relating to your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing or the processing is necessary for the establishment, exercise, or defense of legal claims.
Right to File a Complaint with the Competent Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for Baden-Württemberg is:
The State Commissioner for Data Protection and Freedom of Information in Baden-Württemberg
Heilbronner Straße 35
70191 Stuttgart
Phone: 0711 / 61 55 41 – 0
Email: poststelle@lfdi.bwl.de
Website: https://www.baden-wuerttemberg.datenschutz.de
Access, Deletion, Correction, and Other Rights
Under applicable legal provisions, you have the right at any time to access your stored personal data, including its origin, recipients, and the purpose of data processing. In addition, you may have the right to rectification, erasure, restriction of processing, data portability, and to object to the processing.
Right to Data Portability
You have the right to have data that we process automatically—based on your consent or in fulfillment of a contract—provided to you or a third party in a commonly used, machine-readable format.
Automated Decision-Making and Profiling
Automated decision-making, including profiling as defined in Article 22 of the GDPR, does not take place on this website.
SSL or TLS Encryption
For security reasons and to protect the transmission of confidential content, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the browser’s address bar begins with “https://” and by the padlock icon in the browser bar.
3. Hosting, Email, and Technical Infrastructure
Hosting by ALL-INKL
This website is hosted by:
ALL-INKL.COM – Neue Medien Münnich
Owner: René Münnich
Hauptstraße 68
02742 Friedersdorf
Germany
When you visit this website, the hosting provider processes technical data, in particular so-called server log files. The data collected may include, in particular, your IP address, the date and time of access, the file accessed, the amount of data transferred, access status, referrer URL, browser used, operating system, and language settings.
This data is processed to ensure the secure and reliable provision of the website, to analyze errors, to defend against attacks, and to ensure the website’s operation. The legal basis is Article 6(1)(f) of the GDPR. Our legitimate interest lies in the secure and stable provision of this website.
Server log files are deleted after seven days at the latest, according to the hosting provider, unless longer storage is required in individual cases, e.g., to investigate attacks or misuse.
Where necessary, a contract for data processing has been entered into with ALL-INKL in accordance with Art. 28 of the GDPR.
For more information, please see ALL-INKL’s privacy policy: https://all-inkl.com/datenschutzinformationen/
Email Hosting with ALL-INKL
This practice’s email address is also hosted by ALL-INKL. When you contact us via email, the communication data you provide is processed through the email provider’s servers. This includes, in particular, the sender’s and recipient’s addresses, the date and time, the subject line, the content of the message, and technical transmission data.
This processing is carried out to handle your inquiry and to facilitate email communication. Depending on the content of the inquiry, the legal basis is Article 6(1)(b) of the GDPR, Article 6(1)(f) of the GDPR, and, insofar as health data is involved, Article 9(2)(h) of the GDPR.
Please note that communication via unencrypted email may pose security risks. For particularly confidential medical matters, we recommend contacting us by phone or discussing the matter in person at the practice.
Domain Registration via webgo
This website’s domain is registered through webgo GmbH. webgo does not host this website. The website and email address are hosted by ALL-INKL.
The domain registration provider is:
webgo GmbH
Heidenkampsweg 81
20097 Hamburg
Germany
In connection with domain registration and domain administration, personal data of the domain owner or administrative contact may be processed. webgo, as the website host, does not process website traffic data.
For more information, please see webgo’s privacy policy: https://www.webgo.de/datenschutz/
4. Cookies, Consent Management, and External Content
No Web Analytics or Tracking
Based on the current configuration, this website does not use services such as Google Analytics, Matomo, Meta Pixel, newsletter tracking, YouTube embeds, Instagram embeds, or similar tracking and marketing services.
Cookies and Similar Technologies
This website uses cookies and similar technologies. Cookies are small files that are stored on your device. Some cookies are technically necessary for the website to function. Other cookies or external services are used only with your consent.
Technically necessary cookies are used on the basis of Art. 6(1)(f) of the GDPR and § 25(2) of the TDDDG. Our legitimate interest lies in providing the website in a technically error-free and user-friendly manner.
Cookies and similar technologies that require your consent are used only on the basis of your consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You can revoke or change your consent at any time via the cookie settings.
For further details, please see our Cookie Policy: https://kehler-frauen-aerztin.de/cookie-richtlinie-eu/
Complianz Consent Management
This website uses a consent management tool to manage your cookie and privacy settings. Technically necessary cookies are set to save your selections. In particular, your consent decision, the selected categories, and technical information regarding the display of the consent banner may be stored.
The legal basis is Article 6(1)(c) of the GDPR, insofar as the consent decision is stored to fulfill legal documentation requirements, as well as Article 6(1)(f) of the GDPR. Storage on your device is required under Section 25(2) of the TDDDG to save the privacy settings you have selected.
WordPress
This website is powered by WordPress. WordPress may set technically necessary cookies, e.g., to display website functions or for logged-in administrators. For regular visitors, these cookies are used only to the extent necessary for the technical operation of the website.
Polylang
This website uses Polylang to manage multilingual content. A cookie may be stored to save your selected language setting. The legal basis is Art. 6(1)(f) GDPR and § 25(2) of the TDDDG. Our legitimate interest lies in providing a user-friendly, multilingual presentation of the website.
Google Maps
This website may use Google Maps to display maps and directions. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The parent company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
When Google Maps is activated, personal data—in particular your IP address as well as technical information about your device and browser—may be transmitted to Google. This may also involve a transfer to the United States.
Google Maps is loaded only with your consent. The legal basis is Art. 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You can revoke your consent at any time via the cookie settings.
For more information, please see Google’s privacy policy: https://policies.google.com/privacy?hl=de
5. Contacting Us and Forms
Contacting Us by Phone, Fax, or Email
If you contact us by phone, fax, or email, we will process the data you provide to handle your inquiry. This may include, in particular, your name, contact information, the time of contact, the content of the communication, and, if applicable, health-related data.
Depending on the nature of your inquiry, the legal basis is Article 6(1)(b) of the GDPR, Article 6(1)(f) of the GDPR, and, insofar as health data is involved, Article 9(2)(h) of the GDPR. Our legitimate interest lies in processing your inquiry.
Canceling an Appointment via the Form
On this website, you can use a form to cancel an appointment. In doing so, we process the following information in particular: name, email address, phone number, date and time of the appointment, as well as any additional information you voluntarily provide.
This data is processed to handle your appointment cancellation and to organize the practice’s operations. The legal basis is Art. 6(1)(b) of the GDPR, insofar as the processing is necessary for the performance or initiation of a treatment or appointment relationship, as well as Art. 6(1)(f) of the GDPR. To the extent that health data is involved, processing is additionally based on Article 9(2)(h) of the GDPR.
The data submitted via the form will be deleted as soon as it is no longer required for processing the appointment cancellation, provided that no statutory retention or documentation requirements preclude this.
Online Appointment Scheduling via medatixx x.webtermin
We use the x.webtermin appointment booking service provided by medatixx GmbH & Co. KG for online appointment scheduling.
The provider is:
medatixx GmbH & Co. KG
Im Kappelhof 1
65343 Eltville/Rhein
Germany
When you book an online appointment through our website, the data you enter and select for the appointment booking will be processed. This may include, in particular, your first and last name, date of birth, gender, insurance type, notes for the practice, information “new patient,” doctor’s name, appointment type, appointment start and end times, email address, and phone number.
The data is processed to complete the online appointment booking, to transmit it to the practice, and to organize the appointment. The legal basis is Art. 6(1)( b of the GDPR. To the extent that health data or health-related information is processed, the processing is additionally based on Article 9(2)(h) of the GDPR and, where consent is obtained, Article 9(2)(a) of the GDPR.
According to medatixx, the data is transmitted in encrypted form during the booking process and stored in encrypted form on servers in the EU. If the booking is not confirmed, the confirmation link expires after a maximum of one hour. According to medatixx, once the booking is confirmed, the data is deleted from the medatixx servers and forwarded to the practice in encrypted form.
Where necessary, a data processing agreement with medatixx is in place in accordance with Article 28 of the GDPR.
For more information, please visit medatixx: https://medatixx.de/datenschutz
Application Form
If you apply using the application form on this website, we will process the application data you submit. The application form does not currently allow for file uploads. In particular, we process the text and contact information you enter, such as the position you are applying for, your name, email address, phone number, mailing address, application text, and any other information you voluntarily provide to us.
This processing is carried out to conduct the application process and to decide whether to establish an employment, training, internship, or other working relationship. The legal basis is Art. 6(1)(b) of the GDPR and § 26 of the BDSG, where applicable.
If you are not hired, we will delete your application data no later than six months after the conclusion of the application process, unless longer storage is necessary to assert, exercise, or defend legal claims, or you have consented to longer storage.
If you are hired, the necessary application data will be transferred to your personnel file and further processed within the scope of the employment relationship.
6. Security Plugins and Website Protection
Wordfence
This website uses Wordfence, a security plugin for WordPress. The provider is Defiant Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA.
Wordfence is used to protect the website against attacks, malware, unauthorized access, and other security-related events. In particular, IP addresses, accessed URLs, times of access, browser and header information, as well as login and security events.
The use of Wordfence is based on Article 6(1)(f) of the GDPR. Our legitimate interest lies in protecting the website, the IT systems, and user data.
Personal data may be transferred to the United States. According to Defiant, it provides standard contractual clauses to safeguard international data transfers.
For more information, visit Wordfence: https://www.wordfence.com/privacy-policy/ and https://www.wordfence.com/help/general-data-protection-regulation/
7. Patient and Treatment Data Outside the Website
This Privacy Policy applies to the processing of personal data in connection with the use of this website. For the processing of patient and treatment data at the practice—e.g., in the context of treatment, documentation, billing, laboratory requests, referrals, and communication with health insurance companies or other service providers, the practice’s supplementary privacy information applies.
8. Validity and Changes to This Privacy Policy
We reserve the right to amend this privacy policy in the event of legal, technical, or organizational changes.

