Privacy Policy (in compliance with the EU General Data Protection Regulation)

Dear patient,

Protecting your privacy is important to us. According to the EU General Data Protection Regulation (GDPR) we are obliged to tell you for what purposes we collect, retain and/or disclose personal data. This privacy policy is also meant to inform you about your data protection-related rights.

Who is the data controller?

Joint surgical practice
Dr. med. Matthias Brandt
Dr. med. Jürgen Kochhan


Venloer Straße 5a
D-40477 Düsseldorf
Telephone: (+49) 0211 / 98 94 49-0

Data Protection Officer

Herr Marc Zwierkowski
BBmedica medizinische Vertriebs- und Ingenieurgesellschaft mbH
Neuköllner Str. 2
D-52068 Aachen

Data processing occurs based on statutory rules to be able to fulfil the treatment contract concluded between you and your medical doctor and to perform the related duties.

This is why we process your personal data, in particular your health-related data. Such data may include medical histories, diagnoses, therapy proposals and reports captured by us or by other medical doctors. It also happens that other doctors or psychotherapists, who have been treating you, provide us with data (e.g. in referral letters) for these purposes.

Collecting health-related information is a basic requirement for treating you. If the necessary data are not made available, an effective treatment cannot be ensured.

We only disclose your personal data to third parties, if this is legally permitted or if we have your consent to do so.

Possible recipients of your personal data are primarily other doctors / psychotherapists, associations of statutory health insurance physicians, health insurances, the Medical Service of the Health Funds (MDK), chambers of medical doctors and/or private medical clearing houses.

The disclosure of such data mainly occurs for the purpose of billing services rendered to you, for sorting out medical issues or any other question resulting from your insurance contract. On a case-to-case basis, data may also be supplied to other entitled recipients.

We only retain your personal data for the period required to provide your treatment.

As a result of legal requirements we are obliged to retain such data until at least 10 years after the treatment has been completed. Under other provisions even longer retention periods may be applicable, e.g. 30 years for radiographies pursuant to section 28 (3) of the German X-Ray Regulation. Where the purpose of collecting the information ceases to exist or the retention period has expired, we will block or erase the data.

In general, you can use our online services without disclosing your identity.

Whenever someone visits this website, we and/or our web space provider automatically collect information. These data, also called server log files, are of a general nature and do not identify individual users.

The following information is recorded automatically: name of the website, file, date, amount of data, browser and browser version, operating system, your internet provider’s domain name, referrer URL (the page from where you accessed our site) and IP address, etc.

Without collecting these data it would be technically impossible to deliver and show the content of the website. In this regard the data collection is absolutely necessary.

This website uses SSL/TLS encryption for security reasons and to protect the transmission of sensitive content, like e.g. requests that you may send to the website operator. You recognise a secure connection when the address bar changes from ‘http://’ to ‘https://’ and when the ‘lock’ sign is displayed in the browser bar.

When the SSL/TLS encryption is activated, data that you send us cannot be read by third parties.

We do not carry out statistical analyses of the data collected when you access our website. In particular, we do not use statistical tools like Google Analytics or others.

In part, our website uses cookies. Cookies cause no harm to your computer and contain no viruses. Cookies are meant to make our website service more user-friendly, effective and secure. Cookies are small text files that are placed on your computer and that your browser stores.

Most of the cookies that we use are session cookies. They are automatically deleted when you end your session. Other cookies remain stored on your device until you remove them. These cookies make it possible to recognise your browser when you access the website again.

You can set your browser to prompt you each time a cookie is offered, to accept cookies on a case-to-case basis, or to reject cookies in certain cases or altogether, or you can activate the automatic removal of all cookies once you close the browser. When cookies are disabled the functionality of this website may be restricted.

Cookies required for performing electronic communication or providing certain functions desired by you (e.g. change of language), are retained on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest to retain cookies for the technically smooth and optimised provision of services.

This website uses a plugin of Google Maps, operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you use Google Maps on our website, information about how you use this website and your IP address are transmitted to and stored on one of Google’s servers in the United States. We have no knowledge about the exact content of the disclosed data nor about how Google uses the data. In this context, the company denies linking such data with information from other Google services and thus recording personal data. However, Google may pass the information to third parties. By disabling JavaScript in your browser, you deactivate the Google Maps service. Yet, as a result, you will not be able to view the maps on our website. By using this plugin on our website, you give consent to this sort of data collection and processing by Google Inc. Full information about data protection and the terms of use for Google Maps is available here:

This website uses so-called web fonts, made available by Google, for a consistent delivery of fonts. When accessing a page, your browser loads the required web fonts into the browser cache to be able to show the texts and fonts correctly.

For this purpose your browser must establish a connection with Google’s servers. Thus Google will know that our website was requested from your IP address. The use of Google Web Fonts is meant to ensure a consistent and appealing presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.

If your browser does not support web fonts, your computer will use a standard font.

For further information about Google Web Fonts please refer to and Google’s Privacy Policy:

In principle, we do not supply personal data to third parties. Specifically, we do not provide data to third parties for advertising purposes.

We assume no liability for the content of external links. It is the operators of these external links who are exclusively responsible for their content.

You have a right to obtain information, free of costs, regarding the data that we retain about you and/or to request rectification, blocking or erasure. Exceptions: It is mandatory to retain these data in the context of our professional activities, or the data are subject to legal retention duties. Please contact us for these purposes.

Moreover, under certain circumstances, you have a right to request the erasure of data or the restriction of processing and a right to data portability.

Processing of your data occurs based on legal provisions most of the time. Your consent is required in exceptional cases only. In these cases you have a right to withdraw consent for the future handling of your data.

You also have a right to file a complaint with the responsible data protection supervisory authority if you are of the opinion that the processing of your personal data is unlawful.

The legal basis for processing your data is provided by item (h) of Art. 9 (2) GDPR in conjunction with item (1) (b) of section 22 (1) of the German Data Protection Act.

Please contact us in any case of questions.