Privacy Policy

We operate an AI-powered voice assistant named "Anna" that handles patient phone calls and assists with appointment booking, prescription renewals, sick-note requests, referral requests, and basic information. At the start of every call you are explicitly informed that you are talking to an AI and can say "human" at any time to be connected directly to a staff member.

Data processed: voice recording (transient, NOT stored), textual transcript of the conversation (max. 30 days), intent category, and patient master data (first/last name, date of birth, insurance number) for identification when needed.

Pseudonymization: Personal data (name, date of birth, insurance number, phone number, address) are replaced with non-reversible tokens before any transmission to AI speech-processing (Azure OpenAI, West Europe). The mapping table token↔plaintext remains exclusively on our servers and is fully destroyed at call end.

Legal basis: Art. 6 (1) (b) GDPR (initiation/performance of treatment contract), Art. 9 (2) (h) GDPR (health data, medical treatment), and Art. 6 (1) (a) GDPR (consent through continued participation after the disclosure announcement).

Storage duration: voice recording 0 seconds (live-processed); transcript and conversation data max. 30 days; resulting appointments/orders in the practice software per medical record retention obligation (10 years, § 630f BGB).

Through our website you can independently book appointments with one of our doctors without calling the practice. Transmission is encrypted (TLS 1.2+).

Data processed: first and last name, date of birth, phone number, desired appointment slot, optional reason. The data is stored in our internal practice database and assigned to the corresponding doctor's calendar.

Legal basis: Art. 6 (1) (b) GDPR (contract initiation). Storage duration: per medical record retention obligation (10 years, § 630f BGB) or until explicit deletion request.

Existing patients can request follow-up prescriptions, sick notes (max. 3 days), and referrals via our online form. Every request is reviewed by the treating physician before the document is issued.

Data processed: patient identification, requested medication/concern, pickup or delivery preference. Legal basis: Art. 9 (2) (h) GDPR (medical treatment). Storage duration: 10 years per record retention obligation.

Our practice has a self check-in terminal ("Kiosk") where you can register independently using your electronic health card (eGK). The card is only read, NOT stored.

Data processed: master data read from eGK (insurance number, name, date of birth, address, health insurance), generated waiting ticket. Optional: photo capture for first-contact identification (only with explicit on-screen consent).

The kiosk PC is locked exclusively to practice functions (kiosk mode); other applications are inaccessible. Data processing occurs entirely on practice-owned hardware — no cloud transfer. Legal basis: Art. 6 (1) (b) and Art. 9 (2) (h) GDPR.

In our waiting room there is a screen displaying called patient ticket numbers and the corresponding treatment room, along with an audio announcement.

Data processed: exclusively anonymized ticket numbers and room labels. NO names, NO dates of birth, NO diagnoses are displayed or announced in the waiting room. The voice output runs locally on the display device (Piper Text-to-Speech); NO cloud service is involved.

Storage duration: live display only, no persistence. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in efficient patient flow management in the waiting room).

Our doctors and medical assistants use an internal web dashboard to manage patient data, appointments, orders, invoices, and practice inventory. Access is password-protected with two-factor authentication; every action is logged in a tamper-resistant audit log.

Data processing occurs exclusively on practice-owned servers in Germany. Data processed: complete medical records per treatment documentation. Legal basis: Art. 9 (2) (h) GDPR. Storage duration: 10 years per retention obligation.

We have signed Data Processing Agreements (DPAs) per Art. 28 GDPR with the following external services:

• Microsoft Ireland Operations Ltd. — Azure OpenAI (speech processing for the AI phone assistant, region West Europe / EU)
• Microsoft Ireland Operations Ltd. — Azure Speech Services (speech synthesis, region West Europe / EU)
• Deepgram Ltd. — Speech-to-text processing for AI telephony (region EU/Frankfurt)
• Telnyx LLC — SIP telephony connection (region EU/Frankfurt)
• Netlify Inc. — Hosting of website praxiskerim.de (region EU)
• Amazon Web Services EMEA SARL — Software update distribution for practice devices (S3, region eu-north-1)

Upon request, we will provide the respective DPA documents for inspection. Third-country transfers occur only to regions with an adequacy decision or under standard contractual clauses.

All data transmission is encrypted (TLS 1.2+, WSS, SRTP for audio). Practice-owned servers are protected by firewall, access restrictions, and 2-factor authentication. Patient data in databases is encrypted at rest (AES-256).

Personal data is systematically pseudonymized before transmission to cloud AI services: names, dates of birth, insurance and phone numbers are replaced with tokens. The mapping table remains exclusively on our servers and is automatically deleted after each operation (call end, session end).

We implement appropriate technical and organizational measures (TOM) per Art. 32 GDPR, including regular penetration tests, staff training, and a documented Data Protection Impact Assessment (DPIA) for AI-supported services.