Department for
Plastic Surgery
and Hand Surgery
Department for Plastic Surgery
and Hand Surgery
Director: Univ.-Prof. Dr. H.-G. Machens
Tel: +49 89 414 021 71

Privacy Protection

Data protection statement

The entity responsible for managing compliance with data protection laws, in particular the EU’s General Data Protection Regulation (GDPR), is:

Klinikum rechts der Isar der Technischen Universität München

Klinik und Poliklinik für Plastische Chirurgie und Handchirurgie

Ismaninger Straße 22
81675 Munich, Germany

Phone: (0 89) 41 40 - 2171
Fax: (0 89) 41 40 - 48 69

Responsible for content as per paragraph 6 of the MDStV (German Interstate Media Services Agreement): Prof. Hans-Günther Machens

Your rights as a data subject

You may exercise the following rights at any time by contacting our data protection officer using the contact details provided:

  • The right to be informed about your data that we have stored and about how it is processed
  • The right to rectification of incorrect personal data
  • The right to the erasure of your data that we have stored
  • The right to restriction of the processing of your data in circumstances where we are not allowed to erase your data yet because of legal requirements
  • The right to object to the processing of your data in our possession, and
  • Data portability, if you have consented to the processing of your data or have signed a contract with us.

If you have consented to our use of your data, you may at any time withdraw this consent with future effect.

You can lodge a complaint with the competent supervisory authority at any time. Your competent supervisory authority depends on the federal state in which you live, your job or the alleged breach. You will find a list of the supervisory authorities (for non-public entities) and their addresses here:

Purposes of data processing by the responsible entity and third parties

We process your personal data only for the purposes specified in this data protection statement. Your personal data will not be disclosed to third parties for any purposes other than those specified. We will forward your personal data to third parties only if:

  • You have consented explicitly to this
  • Processing is required in order to manage a contract with you
  • Processing is required in order to meet a legal obligation
  • Processing is required in order to protect legitimate interests and there is no reason to assume that you have an overriding interest in the nondisclosure of your data.

Date erasure or quarantine

We uphold the principles of data avoidance and data parsimony, which means we will store your personal data only for as long as is necessary to achieve the purposes specified here or for as long as required in accordance with the various data retention periods provided for by law. Once a purpose no longer applies or the deadline expires, the data in question will be routinely quarantined or erased as required by law.


Collection of general information when you visit our website

When you visit our website, general information is automatically collected using a cookie. This information (in server log files) may include the type of web browser and operating system you are using, your internet service provider’s domain name and similar. None of this information allows your identity to be traced.

These items of information are necessary for technical reasons so that any website content you request is delivered properly, and their creation is an inevitable part of using the internet. The information is used for the following purposes, without limitation:

  • To ensure that the website connection is established without any problems
  • To improve your user experience on our website
  • To evaluate system security and stability and
  • For other administrative purposes

Your personal data is processed because of our legitimate interest in collecting data for the above purposes. We will not use your data to trace your identity. The only recipients of the data are employees of the responsible entity and contract processors, as the case may be.

We may use anonymous information of this kind for statistical analysis to improve our website and the technology behind it.


Like many other websites, we use so-called “cookies”. Cookies are small text files that are placed on your hard drive by a website server. This automatically gives us certain data including your IP address, the browser and operating system you use, and your internet connection.

Cookies cannot be used to start programs or transfer viruses to a computer. With the information contained in cookies, we can make navigation easier for you and make sure our websites are displayed properly.

We will never forward the data we collect to third parties and will never link that information to personal data without your consent.

Naturally, you can always choose to view our website without cookies. Internet browsers are usually set by default to accept cookies. In general, you have the option at any time to change your browser settings to deactivate the use of cookies. Please use your internet browser’s help features to learn how to change these settings. However, you should be aware that some of our website’s features may not work if you deactivate cookies.

SSL encryption

We use state-of-the-art encryption methods (e.g. SSL) via HTTPS to protect the security of your data during transmission.

Contact form

If you contact us by email or using the contact form for any reason, you voluntarily permit us to contact you. You need to state a valid email address for this purpose. This is necessary so that we know who the query is from and are able to reply. The provision of further details is optional. The details you provide will be stored for the purpose of processing your query and for any necessary follow-up. Personal data is erased automatically once your query is closed.

Updating of our data protection policy

We reserve the right to modify this data protection statement to keep it up to date with the latest legal requirements or to implement changes in our services in the data protection statement, for example when we launch new services. The new data protection statement then applies the next time you visit.

Questions for the data protection officer

If you have questions about data protection, please write us an e-mail or contact the person in our organization responsible for data protection directly:

Stephan Weiß