April 8, 2023
The data controller within the meaning of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) is:
Simon Rothe
trading under the name PsyDix
Winterhuder Weg 29
22085 Hamburg
+49 (0) 40 25 76 50 79
@
(1) Personal data is processed only to the extent necessary for the provision of a functional website, including all content, features, and services. Processing is carried out based on the consent of the data subject or another legal basis mentioned below.
(2) Art. 6(1)(a) of the GDPR serves as the legal basis for the processing of personal data if the data subject has given consent for a specific purpose.
Art. 6(1)(b) of the GDPR serves as the legal basis for the processing of personal data necessary for the performance of a contract to which the data subject is a party. This also applies to processing operations required for the performance of pre-contractual measures.
Art. 6(1)(c) of the GDPR serves as the legal basis for the processing of personal data necessary for compliance with a legal obligation to which the company is subject.
Art. 6(1)(f) of the GDPR serves as the legal basis for the processing of personal data necessary for the purposes of the legitimate interests pursued by the company or a third party, except where such interests are overridden by the interests, fundamental rights, and freedoms of the data subject.
(3) We store personal data only for as long as the purpose of the storage continues. This means that personal data is deleted or blocked as soon as the purpose of storage ceases. We may be obligated to store personal data beyond this period due to legal obligations (especially tax retention periods). In this case, data will be blocked or deleted once the respective legal retention period expires, provided there are no other mandatory obligations to store the data.
(1) When you visit our website, data and information are automatically collected from the computer system of the device you use to access it. The following data is collected:
The data is stored in the system's log files. No storage of this data together with other personal user data takes place.
(2) The legal basis for this is Art. 6(1)(f) of the GDPR.
(3) The collection and temporary storage of the IP address is necessary to enable the display of the website on your device. For this purpose, your IP address must be stored for the duration of the website visit.
(4) The data is deleted as soon as this is legally permissible. Due to legal regulations at the service location, this occurs after six months.
(5) The collection of data for the provision of the website and the storage of data in log files is mandatory for the provision of the online presence. There is therefore no option to object.
(1) The website uses cookies and stores information in the so-called local storage.
(a) Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. Cookies cannot transmit viruses to the device or execute programs themselves.
Cookies are used to make a website more user-friendly. Some elements of the website require the calling browser to be identified even after a page change.
Unless cookies are technically necessary, they are only loaded after the user's consent. The information about the existence of consent is stored in a cookie itself. However, no personal data is collected in this process.
Transient cookies are automatically deleted when the session is closed. This includes, among other things, session cookies that store the so-called session ID and can be assigned to the joint session based on the various requests of the web browser. This allows the device to be recognized again in a new session. If technically possible, the contents of the cookies are not stored in plain text but only as a hash value.
Persistent cookies are automatically deleted after a predefined storage period, which may vary depending on the cookie. The associated settings can be deleted at any time in the settings of the web browser.
(b) Information stored in local storage is functionally similar to persistent cookies. They serve to save the user from entering data multiple times.
(2) Cookies and local storage elements are used to make a website more user-friendly. Some elements of the website require the calling browser to be identified even after a page change.
The following data is stored:
(3) The legal basis for the use of technically necessary cookies and local storage elements is Art. 6(1)(f) of the GDPR. The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of the website cannot be offered without the use of cookies or local storage elements. For these functions, it is necessary for the browser to be recognized even after a page change. The user data collected through technically necessary cookies is not used to create user profiles.
The legal basis for the use of technically unnecessary cookies is Art. 6(1)(a) of the GDPR if the user has given consent for the respective cookie. The purpose of using technically unnecessary cookies is to analyze the use of the website and continuously improve individual functions and offers as well as the user experience. By statistically evaluating user behavior, the offering can be improved and made more interesting for the user. This also constitutes a legitimate interest in processing. Further details can be found in the respective explanations of this privacy policy.
(4) Cookies are stored on the user's computer and transmitted to the operator of the website. Local storage objects are also stored on the user's computer but not transmitted to the operator of the website. The user has full control over the use of cookies and local storage objects. By changing the settings in the internet browser, the user can disable or restrict the transmission of cookies. Stored cookies and local storage objects can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, not all functions of the website may be fully usable.
(1) If you contact us electronically (e.g., via the email address provided in the privacy policy or imprint), the data entered during this contact will be transmitted to us and stored. This data includes:
No data is disclosed to third parties in this context. The data is used exclusively for processing the conversation.
(2) The legal basis for processing the data, if the user has given consent, is Art. 6(1)(a) of the GDPR.
If the email contact aims to conclude or fulfill a contract, an additional legal basis for the processing is Art. 6(1)(b) of the GDPR.
(3) The processing of personal data from the email is solely for the purpose of handling the contact. This also constitutes the necessary legitimate interest in processing the data.
(4) The data is deleted as soon as it is no longer necessary to achieve the purpose of its collection. For personal data sent via email, this is the case when the respective conversation with the individual concerned is concluded. The conversation is deemed concluded when it can be inferred from the circumstances that the matter at hand has been finally resolved.
(5) The data subject has the option to revoke their consent to the processing of personal data at any time. When contacting us via email, storage of personal data can be objected to at any time by contacting the support. In such a case, however, the conversation cannot be continued.
All personal data stored as part of the contact will be deleted in this case.
(1) If you, as our customer or therapist, have login access to the web interface, we process additional data, which may include personal data, in addition to the other information in this privacy policy:
Account data in the customer account, especially email address, phone number, address, practice name
First and last name of the contact person provided by the customer, including position
Date-based logs
For the processing of data, consents are obtained as part of the registration process, if necessary, and reference is made to this privacy policy.
(2) The legal basis for the processing of data when using our services, provided that the user has given consent, is Art. 6(1)(a) GDPR. In addition, for the processing of data aimed at the conclusion or performance of a contract, an additional legal basis is Art. 6(1)(b) GDPR.
(3) The collection of customer's account data is for contacting within the contractual relationship, especially for transmitting contract-relevant documents and providing support services.
(4) The data will be deleted as soon as they are no longer necessary for the purpose of their collection. This is the case for data collected during the registration process or for the performance of a contract when the data is no longer necessary for the performance of the contract. This is the earliest the case upon termination of the contractual relationship. Even after the termination of the contractual relationship, there may be a need to store personal data of the contracting party in order to comply with contractual or legal obligations (in particular, tax retention periods).
The other personal data collected during the registration process is typically deleted after a period of seven days.
(5) Data subjects can modify or delete the stored data at any time. To do this, the user can click on "My Data" in the menu and delete individual information.
If the data is necessary for the performance of the contract or for the implementation of pre-contractual measures or if there are legal obligations for proof and retention, premature deletion of the data is only possible to the extent that contractual or legal obligations do not prevent deletion.
(6) For the processing of our payments, we cooperate with the payment service provider Digistore24 GmbH, St.-Godehard-Straße 32, 31139 Hildesheim, Germany. If you enter data during the payment process, it will be transmitted to the payment service provider via an interface. The legal basis for this is Art. 6(1)(b) GDPR, as the processing is necessary for the performance of a contract in which the data subject is a party. In addition, the data protection policies of our payment service provider apply when the processing is carried out by Digistore24 GmbH. Their privacy policy can be found here: https://www.digistore24.com/page/privacy/1/en. The terms of use can be found here: https://www.digistore24.com/page/terms/1/en.
(1) When using the testing function, it is not possible for the website operator to establish a connection between the code assigned by the therapist and the test subject. During the tests, the data entered by the user is processed by us on behalf and under the instruction of the respective therapist. In this regard, the privacy policy or professional regulations of the respective therapist apply.
(1) The website uses "Smartlook," a web analytics service provided by Smartlook.com, s.r.o., Šumavská 524/31, Veveří, 602 00 Brno, Czech Republic. Smartlook is a GDPR-compliant service that allows for anonymous analysis of user behavior. Smartlook uses cookies, among other things, which are small text files stored locally in the web browser cache on the end device. This enables the evaluation of website usage and the compilation of reports on website usage.
The website uses Smartlook only with IP anonymization and GDPR-compliant default settings, ensuring that personal identification is excluded.
(2) Smartlook is activated only with the user's consent through a cookie banner. Therefore, the legal basis for processing is the user's consent under Art. 6(1)(a) GDPR.
(3) The website uses Smartlook to analyze the usage of the website and to continuously improve individual functions, offerings, and user experience. By statistically analyzing user behavior, the offering can be improved and made more interesting for the user.
(4) The storage of cookies generated by Smartlook can be prevented by adjusting the settings of the web browser. It should be noted that in this case, not all functions of the website may be available. Additionally, the service can be disabled using the link https://www.smartlook.com/opt-out/. Please note that this setting will also be deleted if the cookies are cleared. You can access Smartlook's privacy policy here: https://help.smartlook.com/en/articles/3244452-privacy-policy/.
All data is transmitted via IP technology using an encrypted connection. The required certificate installed on the servers has been issued by an independent organization.
An encrypted connection can be recognized by the change of the browser's address bar from http:// to https://.
Once the encrypted TLS connection is established, your inputs transmitted to us cannot be read by third parties anymore.
If personal data is processed, the users are "data subjects" within the meaning of the GDPR, and they have the following rights against the controller:
The data subject can request the controller to confirm whether personal data is being processed.
If such processing exists, the data subject can request the following information from the controller:
The right exists to request information on whether the personal data is transferred to a third country or to an international organization. In this context, it can be requested to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.
There is a right to request the rectification and/or completion of personal data from the controller if the processed personal data is inaccurate or incomplete. The controller must carry out the rectification without undue delay.
The restriction of processing of personal data can be requested under the following conditions:
If the processing of personal data has been restricted, these data may only be processed – apart from their storage – with the consent of the data subject or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the processing restriction has been restricted according to the aforementioned conditions, the data subject shall be informed by the controller before the restriction is lifted.
The data subject has the right to request the controller to erase personal data without undue delay, and the controller is obliged to erase such data without undue delay if one of the following reasons applies:
Where the controller has made the personal data public and is obliged pursuant to Art. 17(1) of the GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erasure does not apply to the extent that processing is necessary for:
If the right to rectification, erasure, or restriction of processing has been asserted against the controller, the controller is obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
The data subject has the right to be informed about these recipients from the controller.
The data subject has the right to receive the personal data concerning him or her, which he or she has provided to the controller, in a structured, commonly used, and machine-readable format. Furthermore, the data subject has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where
The data subject has the right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her which is based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.
Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
The data subject has the right to withdraw his or her consent to the processing of personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless
However, these decisions must not be based on special categories of personal data referred to in Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and suitable measures to safeguard the data subject's rights and freedoms and legitimate interests are in place.
With regard to the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view, and to contest the decision.
Without prejudice to any other administrative or judicial remedy, the data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work, or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
This is a translation of German Privacy Policy.