How to reach the DPO
Data Protection Officer
Christina Webersohn
Dipl.-Ing. — Senior Consultant, Datenschutzbeauftragte (TÜV-Süd), AI-Officer (DEKRA)
Co-signatory: Kemal Webersohn, LL.M.
WS Compliance GmbH
Dircksenstraße 51, 10178 Berlin, Germany
Tel. +49 30 88 72 07 88-6
WS Compliance GmbH · Managing directors: Kemal Webersohn & Christian Scholtz · Handelsregister Amtsgericht Berlin Charlottenburg HRB 185725 B
Country-specific privacy mailboxes
- Luxembourg — privacy-luxembourg@doctena.com
- Belgium — privacy-belgium@doctena.com
- Netherlands — privacy-netherlands@doctena.com
- Germany — privacy-germany@doctena.com
- Austria — privacy-austria@doctena.com
- Switzerland — privacy-switzerland@doctena.com
For data-subject requests under Articles 15-22 GDPR, see /data-subject-rights. For complaints, see /complaints.
The DPO mission
Doctena's DPO performs the tasks set out in Article 39 of the GDPR:
- Inform and advise Doctena and its employees about their obligations under the GDPR and the national data protection laws of the countries we serve.
- Monitor compliance with the GDPR, with this Trust Center's stated commitments, with Doctena's policies, and with the contracts we sign with controllers.
- Provide advice on the Data Protection Impact Assessment process and monitor its performance.
- Cooperate with the supervisory authorities and act as the contact point for them.
- Act as the contact point for data subjects on all matters relating to the processing of their personal data and the exercise of their rights under the GDPR.
The DPO has direct reporting access to the CEO and a standing invitation to every Information Security Steering Committee. Doctena does not instruct the DPO on the performance of these tasks (Article 38(3) GDPR).
Why an external DPO
Doctena has designated an external DPO, served by a specialist privacy firm (WS Compliance GmbH, Berlin — formerly trading as WS Datenschutz GmbH), since 2019. The external model gives Doctena:
- Multi-jurisdiction expertise across LU, BE, NL, DE, AT and CH from a single team.
- A documented absence of conflict of interest with any operational role.
- Continuity independent of internal staffing.
- Visibility on best practice from a portfolio of comparable health and SaaS clients.
Designation per entity
Every Doctena legal entity in the EU has a written DPO designation on file. The designation is registered with the competent supervisory authority where the local law requires it (LU, DE, AT). Switzerland's regime under the revised FADP does not require registration but Doctena's Swiss entity is covered by the same designation for consistency.
| Entity | Country | Designation date |
|---|---|---|
| Doctena S.A. | Luxembourg | 2019-11-13 (initial); renewed in cycle |
| Doctena Belgium Sprl | Belgium | 2019-11-13 (initial); renewed in cycle |
| Doctena Afspraken BV | Netherlands | 2019-11-13 (initial); renewed in cycle |
| Doctena Germany GmbH | Germany | 2019-11-13 (initial); renewed in cycle |
| Doctena Austria GmbH | Austria | 2019-11-13 (initial); renewed in cycle |
| Doctena Switzerland GmbH | Switzerland | 2019-11-13 (initial); renewed in cycle |
DPO certificates
Once renewed, the per-country certificate PDFs will be linked from this page. Subscribers to the site changelog will receive a notification.
EU representative
Doctena S.A. is established in the European Union and is therefore not required to designate a separate EU representative under Article 27 GDPR. The Luxembourg controller acts as the relevant contact for the lead supervisory authority (CNPD). For data subjects, the DPO above is the single point of contact regardless of country.
Source of truth: Claude-Workspace/ISMS/GDPR/RoPA/_template/00-ropa-company-metadata.md (v1.0.0, reviewed 2026-05-15).