Privacy Policy

We are pleased about your interest in our website. The protection of your personal data is of particular importance to us. We treat your personal data confidentially and in accordance with the applicable data protection laws, in particular the General Data Protection Regulation (GDPR), as well as this Privacy Policy.
The use of our website is generally possible without providing personal data. However, if you make use of special services on our website (e.g. contact or new patient forms), the processing of personal data may become necessary.

1. Controller
The controller within the meaning of Art. 4 (7) GDPR is:
VITALITY – Practice for Physiotherapy & Training
Owner: Franziska Kurzrock
Schillerstraße 30–40
60313 Frankfurt am Main
Germany
Phone: +49 69 153 43 443
Email: info@physio-vitality-frankfurt.de

2. General Information on Data Processing
We process personal data exclusively in compliance with statutory provisions. Processing is carried out only if at least one of the following legal bases applies:

  • Art. 6 (1) (a) GDPR – consent
  • Art. 6 (1) (b) GDPR – performance of a contract or pre-contractual measures
  • Art. 6 (1) (f) GDPR – legitimate interests


3. Server Log Files (Visiting the Website)
When you access our website, the hosting provider (STRATO AG) automatically collects and stores information in so-called server log files. This information includes:

  • IP address (shortened or anonymised)
  • date and time of access
  • accessed page or file
  • amount of data transferred
  • browser type and version
  • operating system

These data are used exclusively to ensure the technical operation, system security and error analysis of the website.

Legal basis:
Art. 6 (1) (f) GDPR (legitimate interest)
Storage period:
The data are deleted after a maximum of 7 days.


4. Contact and Form Requests

4.1 Contact Forms / Standard Forms (STRATO)
If you contact us via a contact form, the information you provide (e.g. name, email address, phone number) will be processed in order to handle your enquiry.
Legal basis:
Art. 6 (1) (a) GDPR (consent)


The transmitted data are used exclusively to process your enquiry and will not be passed on without your consent.


4.2 New Patient Form (Server-Side PHP Processing)
We provide a new patient form on our website. Personal data, including uploaded documents (e.g. medical prescriptions), may be processed in this context. Processing is carried out server-side via a PHP script. The data are transmitted in encrypted form and stored in protected areas.

Legal basis:
Art. 6 (1) (a) GDPR (explicit consent)


5. Storage via Dropbox
For the technical storage of certain data transmitted via the new patient form, we use Dropbox as an external data processor.

  • Provider: Dropbox Inc.
  • Processing based on a data processing agreement pursuant to Art. 28 GDPR
  • Storage in protected, access-restricted environments

No data are disclosed to other third parties.


6. Data Security (Technical and Organisational Measures)
We implement appropriate technical and organisational measures (TOMs) in accordance with Art. 32 GDPR to protect your personal data against loss, manipulation, unauthorised access or misuse.
These measures include in particular:

  • encrypted data transmission (SSL/TLS)
  • server-side processing of sensitive data
  • restricted access to internal systems
  • regular security and software updates
  • access strictly limited on a need-to-know basis

Our security measures are continuously adapted to technological developments.


7. Storage and Deletion of Personal Data
We store personal data only for as long as is necessary to fulfil the respective purpose or as required by statutory retention obligations.

  • Contact and form enquiries are deleted once the purpose of processing has ceased.
  • Medical treatment data are subject to specific statutory retention periods and are archived accordingly.


8. Cookies
Our website uses only technically necessary cookies that are required to ensure the secure and error-free operation of the website.

  • no tracking
  • no analytics
  • no marketing
  • no profiling

Legal basis:
Art. 6 (1) (f) GDPR
A separate cookie banner is not required.


9. External Services and Content

9.1 Social Media Links
Our website contains links to external platforms such as:

  • Facebook
  • Instagram
  • Jameda
  • Google
  • YouTube

These are pure external links. A data transfer to the respective provider only takes place when the link is actively clicked.


9.2 Bing Maps
To display our practice location, we use Bing Maps (Microsoft Corporation). When loading the map, personal data (e.g. IP address) may be transmitted to Microsoft.

Legal basis:
Art. 6 (1) (f) GDPR (legitimate interest in user-friendly directions)

9.3 Structured Data (Schema.org / Google Markups)
Our website uses structured data to provide search engines with information about our practice. No personal data are independently stored or analysed in this context.

10. Rights of Data Subjects
You have the right at any time to:

  • access (Art. 15 GDPR)
  • rectification (Art. 16 GDPR)
  • erasure (Art. 17 GDPR)
  • restriction of processing (Art. 18 GDPR)
  • data portability (Art. 20 GDPR)
  • object to processing (Art. 21 GDPR)

You also have the right to lodge a complaint with a data protection supervisory authority.


11. Withdrawal of Consent
You may withdraw any consent you have given at any time with effect for the future, for example by email to
info@physio-vitality-frankfurt.de

12. Updates and Amendments
We reserve the right to amend this Privacy Policy in the event of legal or technical changes. The current version is always available on our website.
Last updated: January 2026