This data protection declaration clarifies the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within my online offer and the websites, functions and content associated with it as well as external online presences, such as our social media profile. (hereinafter jointly referred to as “online offer”). With regard to the terms used, such as “processing” or “person responsible”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).


Dr (med.) Katrin Flohr



The data is processed on the basis of legal requirements in order to fulfill the treatment contract between you and your doctor and the associated obligations.

For this purpose I process your personal data, in particular your health data. This includes anamnesis, diagnoses, therapy suggestions and findings that I or other doctors collect. For these purposes, other doctors or psychotherapists who are treating you can also provide me with data (e.g. doctor’s letters). The collection of health data is a prerequisite for your treatment. If this information is not provided, careful treatment is not possible.


I only transfer your personal data to third parties if this is permitted by law or if you have given your consent.

Recipients of your personal data can primarily be other doctors and psychotherapists, but also associations of statutory health insurance physicians, health insurance companies, the medical service of health insurance, medical associations and private medical clearing houses. Other possible recipients are the medical service of the employment agency, the pension office and the health department or Robert Koch Institute within the framework of the Infection Protection Act (IfSG).

The transmission takes place mainly for the purpose of billing the services provided to you, to clarify medical questions and questions arising from your insurance relationship. In individual cases, data is transmitted to other authorized recipients.


I only keep your personal data for as long as is necessary to carry out the treatment. Due to legal requirements, I am obliged to keep this data for at least 10 years after completion of the treatment. According to other regulations, there may be longer retention periods, for example 30 years for X-ray recordings according to Section 28 Paragraph 3 of the X-ray Ordinance.


You have the right to obtain information about the personal data concerning you. You can also request the correction of incorrect data. In addition, under certain conditions, you have the right to have data deleted, the right to restrict data processing and the right to data portability.

Your data is processed on the basis of legal regulations. I only need your consent in exceptional cases. In these cases, you have the right to withdraw consent for future processing. You also have the right to complain to the competent supervisory authority for data protection if you believe that your personal data is not being processed lawfully. The address of the supervisory authority responsible for us is:

The Hamburg Commissioner for Data Protection and Freedom of Information

Klosterwall 6, 20095 Hamburg

Phone: 040.42854-4062 (ext.) -4040 (office)

Fax: 040.42854-4000


The legal basis for the processing of your data is Article 9 Paragraph 2 lit. h) GDPR in conjunction with Section 22 Paragraph 1 No. 1 lit. b) Federal Data Protection Act. If you have any questions, please feel free to contact me.


In order to offer you a comprehensive range of functions and to make the use of our website comfortable, we can use temporary and permanent cookies on our website. Cookies are text files containing information to identify returning visitors solely for the duration of the visit to the website.

The cookies on the website contain personal data. Cookies save you from having to enter data multiple times, facilitate the transmission of specific content and help us to identify particularly popular areas of our website. They enable us to constantly improve the structure and content of our website.

You have the option of deactivating the acceptance of cookies in your internet browser. However, you may not be able to use our website or only use it to a limited extent.


The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to me. This applies in particular to browser type and browser version, operating system used, referrer URL, host name of the accessing computer, time of server request and the IP address. This data is not merged with other data sources. The basis for data processing is Art. 6 Paragraph 1 lit. b GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures.


If you contact me by e-mail, the data you provide (your e-mail address, possibly your name and telephone number) will be stored by me in order to answer your questions. I delete the data arising in this context after the storage is no longer necessary, or the processing is restricted if there are statutory storage obligations. I would like to point out that communication by e-mail involves security risks.


As part of the appointment agreement, your data will be stored and processed by a commissioned company (Terminland). The processing is subject to the data protection of the companies involved and can be read here.


To carry out the video consultation, your e-mail address will be forwarded to the company “”, stored and processed. The processing is subject to the data protection of the company involved and can be read here.