Privacy Policy
Last updated: December 2025
Protection of Your Data
We take the protection of your data very seriously. Protecting your data is of the highest importance to us, and compliance with applicable data protection law is a matter of course.
The following information explains how data are used on the website www.schulter-ellenbogen.de.
This Privacy Policy informs you, in particular in accordance with Article 13 GDPR, about the nature, scope and purposes of the processing of personal data and about your rights.
1 Information on the Collection of Personal Data and Contact Details of the Controller
1.1 Personal Data
We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how we handle your personal data when you use our website. Personal data means any information by which you can be personally identified.
1.2 Data Controller / Contact Details of the Controller
The controller responsible for the collection, processing and use of your personal data within the meaning of Article 4(7) GDPR is:
Dr. med. Harris Georgousis
Specialist in Shoulder and Elbow Surgery
Oststrasse 137, 40210 Düsseldorf, Germany
Tel.: +49 211 86069630
Email:
If you wish to object to the processing of your data by us, either in full or in relation to individual measures under this Privacy Policy, you may address your objection to the controller.
Data protection enquiries may be sent to the email address above or by post to the address above.
Based on the current assessment, no data protection officer has been appointed.
You may save and print this Privacy Policy at any time.
2 General Use of the Website
2.1 Hosting
The hosting services we use are provided for the purpose of making the following services available: infrastructure and platform services, computing capacity, storage space, database services, security services and technical maintenance services used to operate the website.
In this context, we and/or our hosting provider process inventory data, contact data, content data, contract data, usage data, metadata and communication data of patients, prospective patients and visitors to this online offering on the basis of our legitimate interests in the efficient and secure provision of this online offering pursuant to Article 6(1)(f) GDPR in conjunction with Article 28 GDPR.
The hosting provider is: ENARTIA Single-Member S.A., Ionias 66, 71305 Heraklion, Crete, Greece, GEMI Registration No.: 77785727000, Tel.: +30 2810 229000. Web server location: Germany.
Where required, a data processing agreement pursuant to Article 28 GDPR is in place with the hosting provider.
2.2 Access Data
We collect, store and use data relating to each access to our online offering, known as server log files. Access data include:
- name and URL of the file accessed
- date and time of access
- amount of data transferred
- notification of successful access, such as the HTTP response code
- browser type and browser version
- operating system
- referrer URL, meaning the previously visited page
- websites accessed by the user's system via our website
- the user's internet service provider
- IP address and requesting provider
We use server log files to ensure the technical operation of the website, to analyse errors and to detect and prevent attacks. The legal basis is Article 6(1)(f) GDPR; our legitimate interest is the secure and uninterrupted operation of the website.
No personal evaluation or combination with other data takes place unless this is necessary to clarify unlawful use or a security incident.
We reserve the right to review log data retrospectively if there are specific indications giving rise to a justified suspicion of unlawful use.
2.3 Cookies
We use session cookies to optimise our online offering. A session cookie is a small text file sent by the relevant servers when an internet page is visited and temporarily stored on your device. These cookies are deleted after you close your browser. They are used, for example, to enable the technical operation of the website and, where applicable, the enquiry form.
We use technically necessary cookies on the basis of Section 25(2) TDDDG and Article 6(1)(f) GDPR. Non-essential cookies or comparable technologies, in particular for analytics, marketing or external media, are used only with your consent pursuant to Section 25(1) TDDDG and Article 6(1)(a) GDPR. You may change or withdraw your consent at any time with effect for the future.
Cookies may store, for example, the following data and information:
- language settings
- information about the number of visits to our website and the use of individual functions of our website
You can configure your browser to inform you in advance about the setting of cookies and to decide in each individual case whether to accept cookies in certain cases or generally, or to prevent cookies completely. This may restrict the functionality of the website.
You can manage your settings here: Cookie settings (GDPR)
2.4 Email Contact / Appointment Request
If you contact us, for example by contact form, appointment request or email, we store the information you provide in order to process the enquiry and in case follow-up questions arise. This is also our legitimate interest pursuant to Article 6(1)(f) GDPR; where the enquiry is directed at arranging an appointment or treatment, Article 6(1)(b) GDPR may also apply.
The appointment request form processes, in particular, your name, age, email address, mobile phone number, insurance status, preferred location/doctor and details of your concern. Since health data may also be involved, the processing of such data is carried out on the basis of Article 9(2)(h) GDPR by, or under the responsibility of, a professional bound by professional confidentiality.
Please send by email only such health data as are necessary for processing your enquiry. Medical advice, diagnosis or treatment is not provided solely via the website.
We store and use additional personal data only if you have given your consent or if this is legally permitted without separate consent.
2.5 Google Analytics
If Google Analytics is used, this takes place only with your consent. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Google LLC, USA, may be involved as a further recipient. The legal basis is Article 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG. You may withdraw your consent at any time via the cookie settings.
You may also prevent the storage of cookies by selecting the appropriate settings in your browser software. Please note that, in that case, you may not be able to use all functions of this website in full.
2.6 Use of Google Ads Conversion Tracking
This website may use Google Ads Conversion Tracking. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. It is used only with your consent pursuant to Article 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.
2.7 Google Maps
We use Google Maps on our website to display our location and make it easier for you to plan your route.
The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When the map is accessed or activated, in particular the IP address, device data and usage data may be processed and transmitted to Google. The legal basis for loading the map is your consent pursuant to Article 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG, unless the map is loaded only after separate activation.
2.8 Google Web Fonts
If fonts are hosted locally on our server, no connection to Google servers is established when you visit our website.
If Google Fonts are loaded from Google servers, the following information must be provided: provider Google Ireland Limited; purpose of displaying the font; data transmitted, including the IP address; legal basis and, where applicable, consent/technical necessity; and any transfer to third countries.
2.9 Use of YouTube Videos
This website may use the YouTube embedding function to display and play videos.
The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
2.10 Retention Period
Unless specified otherwise, we store personal data only for as long as is necessary to fulfil the purposes pursued.
2.11 Legal Bases and Retention Period
The relevant legal basis is stated in the sections above. Where health data are processed, processing is additionally carried out pursuant to Article 9(2)(h) GDPR, insofar as the processing is necessary for healthcare, appointment preparation or treatment and is carried out by, or under the responsibility of, a professional bound by professional confidentiality.
Unless specified otherwise, we store personal data only for as long as is necessary to fulfil the purposes pursued or as required by law.
3 Your GDPR Data Subject Rights and How to Exercise Them
Under the applicable laws, you have various rights in relation to your personal data. If you wish to exercise these rights, please send your request by email or by post to the address stated in Section 1, clearly identifying yourself.
Below is an overview of your rights.
3.1 Right to Confirmation and Access
You have the right at any time to obtain confirmation from us as to whether personal data concerning you are being processed. If this is the case, you have the right to obtain access to those personal data and to the information referred to in Article 15 GDPR.
- the purposes of the processing
- the categories of personal data processed
- the recipients or categories of recipients to whom the personal data have been or will be disclosed
- the planned retention period or, if this is not possible, the criteria used to determine that period
- the existence of the rights to rectification, erasure, restriction of processing, objection and complaint to a supervisory authority
3.2 Right to Rectification
You have the right to request without undue delay the rectification of inaccurate personal data concerning you and the completion of incomplete personal data.
3.3 Right to Erasure
You may request the erasure of your personal data under the conditions of Article 17 GDPR. This right does not apply, in particular, where processing is necessary to comply with statutory retention obligations or for the establishment, exercise or defence of legal claims.
3.4 Right to Restriction of Processing
You may request restriction of the processing of your personal data under the conditions of Article 18 GDPR.
3.5 Right to Data Portability
Where processing is based on your consent or on a contract and is carried out by automated means, you have the right to data portability under the conditions of Article 20 GDPR.
3.6 Withdrawal of Consent
Where processing is based on your consent, you may withdraw that consent at any time with effect for the future. The lawfulness of processing carried out before withdrawal remains unaffected.
3.7 Right to Object
You have the right, on grounds relating to your particular situation, to object at any time to processing based on Article 6(1)(f) GDPR. You may object to direct marketing at any time.
3.8 Right to Lodge a Complaint with a Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority. In particular, the competent authority is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia, Kavalleriestraße 2-4, 40213 Düsseldorf, Germany, www.ldi.nrw.de.
3.9 Automated Decision-Making
Automated decision-making, including profiling within the meaning of Article 22 GDPR, does not take place.
4 Recipients, Third-Country Transfers and Updates
Personal data are transferred to recipients only insofar as this is stated in this Privacy Policy, is necessary to provide the website and process your enquiry, or is required by law. For services involving possible transfers to third countries, appropriate safeguards or an adequacy decision are used only where they are actually applicable.
We reserve the right to amend this Privacy Policy so that it always complies with current legal requirements or to reflect changes to our services in the Privacy Policy.









