Email communication
Email service provider
- mailbox.org — Heinlein Support GmbH, Schwedter Str. 8/9B, 10119 Berlin, Germany. Email hosting location: Germany (Berlin). DPA pursuant to Art. 28 DSGVO.
Until April 2026, the email service was operated via Amazon Web Services (AWS WorkMail, location EU Ireland). On 5 April 2026, mailbox.org was put into operation and the transfer of existing emails was started. From 5 April to 18 April 2026, both providers ran in parallel operation. On 9 April 2026, mailbox.org was set as the primary email server for the domain neuropraxis-kleinmachnow.de. The AWS WorkMail accounts were permanently deleted on 18 April 2026.
Data processing on email contact
When you contact us by email, the following data is processed:
- Email address (sender and recipient)
- Name (if provided)
- Subject and content of the email
- Date and time the email was sent
- Technical transmission data (header information)
Email encryption and security
- Transmission: Emails are transmitted in encrypted form (TLS encryption)
- End-to-end encryption: mailbox.org optionally supports PGP and S/MIME encryption for end-to-end encrypted communication
- Storage: Emails are stored in encrypted form on servers in Germany
External communication: When communicating with email servers of other providers, different security standards may apply over which we have no influence.
Retention period and deletion concept
Emails are a means of communication, not an archive. Medically relevant content from emails is transferred to the patient file and retained there in accordance with the statutory retention obligations (10 years, § 630f para. 3 BGB). The email itself is not additionally retained after being transferred to the file.
The following periods apply to the deletion of emails:
- General inquiries (appointment requests, organizational correspondence): deletion after fulfillment of purpose, at the latest after 6 months (Art. 5 para. 1 lit. e DSGVO — principle of storage limitation)
- Emails with medical content (findings, medical letters, patient inquiries about treatments): relevant content is transferred to the patient file, the email is subsequently deleted
- Business letters with tax relevance (invoices, payment receipts): 10 years (§ 147 para. 1 no. 1 AO, § 257 para. 1 no. 1 HGB)
- Other business letters (general business correspondence without receipt character): 6 years (§ 147 para. 1 no. 2 AO, § 257 para. 1 no. 2 HGB)
Deletion procedure: Deleted emails are first moved to the mailbox’s trash folder. This serves to protect against accidental deletion. The trash folder is regularly emptied permanently.
Note: Please do not send us any sensitive health data by unencrypted email. Where possible, discuss medical concerns by phone or in person at the practice.
Legal basis for email communication
The processing is carried out on the basis of Art. 6 para. 1 lit. b DSGVO (contract fulfillment/pre-contractual measures) or Art. 6 para. 1 lit. f DSGVO (legitimate interest in communication). Insofar as retention obligations under tax or commercial law exist, storage is carried out on the basis of Art. 6 para. 1 lit. c DSGVO (legal obligation).