Privacy on ibi-doc.de
How we handle your data — an overview for patients, clients and third parties.
Notice — non-binding English translation. The German version of this privacy policy is legally binding. In case of doubt or legal questions, please refer to the German version at /datenschutz.
The essential point in one sentence. Enquiries submitted via our website are not stored. They are forwarded directly to our practice inbox and, technically, never sit on a server for more than a few seconds.
1. Responsible body
Institut für Betriebsmedizin Isernhagen
Dr. Kirsten Witzak-Agah
Burgwedeler Straße 128, 30916 Isernhagen, Germany
Email: post@ibi-doc.de · Phone: +49 511 800 958 46
2. Where is my data stored when I fill in a form?
Strictly speaking: nowhere permanently. When you submit a form on ibi-doc.de, the following process runs:
- Your input is transmitted encrypted (HTTPS) to a server in Frankfurt am Main
- The server generates a PDF from your data and sends it as an email attachment to our practice inbox
- Afterwards the data is removed from the server's working memory
- There is no database, no cloud storage, no backup of these enquiries outside our inbox
Your data therefore only exists in our inbox after processing — exactly where it belongs.
3. Where is the server that runs the website?
The website is operated in a data centre in Frankfurt am Main. Only EU servers are used, no servers in the USA or outside the EU. The responsible provider (Vercel) has a data processing agreement with us in which GDPR compliance is contractually assured.
4. Do you use cookies or tracking tools?
No. Specifically:
- No Google Analytics, Plausible, Matomo or similar web analytics
- No Meta pixel, Google Ads or other advertising trackers
- No marketing cookies
- No cookie banner needed — we set no consent-requiring cookies
The only technical cookie the website sets is the login cookie for our internal editorial system, which concerns only our practice team and not you as a visitor.
5. Fonts, maps and images
- Fonts: we use the typefaces „Inter" and „Inter Tight", both hosted on our own server, not from the Google Fonts service. No request goes to Google when our site is loaded.
- Google Maps: there is a map on the contact page. It does not load automatically. You have to actively click „Load map" — before that, not a single data point is transmitted to Google. By clicking you give explicit consent.
- Images: all photos of the practice, the team and the examination rooms are hosted on our own server.
6. Are medical data captured in the enquiry forms?
Deliberately not. Our online forms only ask for contact data and the type of examination requested. Specifically:
- Name, first name, address
- Email, phone
- Examination type (e.g. „driving/operating", „HGV fitness", „offshore") as a category, not as a finding
- Optional remarks in free text
We do not ask for diagnoses, prior conditions or medication. Such information falls under the „special categories of personal data" under Art. 9 GDPR and is collected exclusively in personal conversation or on the traditional medical history form.
7. Who has access to my enquiry?
- The finished PDF enquiry goes directly to our practice inbox post@ibi-doc.de
- Only the practice team has access to this inbox
- The email delivery provider (Resend) only logs technically whether delivery worked — they have no access to the content in plain text (TLS transport)
- The website developer (Tammo Studios) has no insight into the received enquiries
8. Data processing agreements
With the following service providers there are GDPR-compliant data processing agreements under Art. 28 GDPR:
- Vercel Inc. (hosting), servers in the EU (Frankfurt)
- Resend (email delivery of enquiries), servers in the EU
9. How can I request that my data be deleted?
Because your enquiry only exists in our practice inbox, a short email to post@ibi-doc.de with the request for deletion is enough. We then remove the relevant correspondence from our inbox. A technically more elaborate deletion request is not necessary — there are no central databases from which your data would first have to be exported or deleted.
10. Job applications
Job applications currently go directly by email to post@ibi-doc.de. The website does not route your email through an intermediate service — it opens your own email client, so your application data goes directly from your mail client to us, without third-party detour. We keep application materials for a maximum of six months after the application process ends, unless you consent to a longer retention period.
11. Your rights under GDPR
You have the following rights regarding your personal data:
- Access (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Erasure (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Objection to processing (Art. 21 GDPR)
To exercise these rights, please send an email to post@ibi-doc.de.
12. Right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority. For IBI Isernhagen the responsible authority is:
The Lower Saxony Data Protection Commissioner
Prinzenstraße 5, 30159 Hannover, Germany
lfd.niedersachsen.de
In summary
- No databases, no central storage — enquiries only live in the practice inbox
- Server in Frankfurt, no US data flows
- No tracking, no cookie banner, no advertising pixels
- Self-hosted fonts and images, maps load only after active click
- No medical data in online forms, only contact and examination type
- With Vercel (hosting) and Resend (email delivery), GDPR-compliant data processing agreements are in place