top of page

Data protection

This privacy policy informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offering and the associated websites, functions and content (hereinafter collectively referred to as "online offering"). With regard to the terms used, such as "processing" or "controller", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Controller:

Service provider Yasmin Benaleten, see legal notice

Types of data processed:

  • Inventory data (e.g. names, addresses).

  • Contact data (e.g. e-mail, telephone numbers).

  • Content data (e.g. text entries, photographs, videos).

  • Usage data (e.g. websites visited, interest in content, access times).

  • Meta/communication data (e.g. device information, IP addresses).

Categories of data subjects:

Visitors and users of the online offer (hereinafter we also refer to the data subjects collectively as "users").

Purpose of processing:

  • Provision of the online offer, its functions and content.

  • Responding to contact inquiries and communicating with users.

  • Security measures.

  • Range measurement/marketing

  • Hashtags: - systemic counseling - counseling - Heidelberg - psychologist - psychology

Terms used:

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

"Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and encompasses virtually any handling of data.

The "controller" is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Relevant legal bases:

In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing for the performance of our services and execution of contractual measures as well as responding to inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR. If the processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, Art. 6 para. 1 lit. e GDPR serves as the legal basis.

Cooperation with processors and third parties:

If we disclose data to other persons and companies (processors or third parties) as part of our processing, transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, pursuant to Art. 6 para. 1 lit. b GDPR is necessary for contract performance), if you have consented to it, if a legal obligation provides for it or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

This is a privacy policy in German that outlines the handling of personal data by a company. The policy states that personal data will only be processed in a third country (i.e. outside the European Union or the European Economic Area) if it is necessary to fulfill contractual obligations, based on the user's consent, legal obligations, or the company's legitimate interests. The company will only process data in a third country if certain conditions specified in Art. 44 ff. of the EU General Data Protection Regulation are met, such as the existence of official guarantees of an appropriate level of data protection or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

The policy also outlines the rights of data subjects, including the right to confirmation of whether their data is being processed and to receive information and copies of the data (Art. 15 DSGVO), the right to correct or complete inaccurate data (Art. 16 DSGVO), the right to request the deletion or restriction of processing of their data (Art. 17 and 18 DSGVO), the right to receive and transmit their data to other responsible parties (Art. 20 DSGVO), and the right to file a complaint with the competent supervisory authority (Art. 77 DSGVO).

The policy also explains the right of users to revoke their consent (Art. 7 para. 3 DSGVO) and to object to the processing of their data in the future (Art. 21 DSGVO), particularly with regard to direct marketing. The use of cookies is also addressed, including the definition of cookies, the types of cookies used, and the option for users to disable cookies in their browser settings, with the caveat that doing so may result in reduced functionality of the online service. The policy also provides information on how to opt-out of online marketing cookies.

Deletion of Data:

The data we process will be deleted or restricted in processing in accordance with Art. 17 and 18 of the GDPR. Unless explicitly stated in this Privacy Policy, data stored with us will be deleted as soon as it is no longer necessary for its intended purpose and there are no legal retention obligations preventing deletion. If the data is not deleted because it is necessary for other legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

According to legal requirements in Germany, data must be stored, in particular, for 6 years in accordance with § 257 (1) of the German Commercial Code (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with § 147 (1) of the German Fiscal Code (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).

According to legal requirements in Austria, data must be stored, in particular, for 7 years in accordance with § 132 (1) of the Austrian Federal Tax Code (accounting documents, invoices/receipts, accounts, receipts, business papers, income and expenditure statements, etc.), for 22 years in connection with real estate, and for 10 years for documents relating to electronically provided services, telecommunications, radio and television services, which are provided to non-entrepreneurs in EU member states and for which the Mini-One-Stop-Shop (MOSS) is used.

Hosting:

The hosting services we use are used to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services that we use to operate this online service. In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta, and communication data of customers, interested parties, and visitors to this online offer based on our legitimate interests in providing an efficient and secure online offer in accordance with Art. 6 (1) lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of a contract processing agreement).

Collection of Access Data and Log Files:

We or our hosting provider collect data on every access to the server on which this service is located (so-called server log files) based on our legitimate interests within the meaning of Art. 6 (1) lit. f. GDPR. The access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (previously visited page), IP address, and requesting provider. For security reasons (e.g., to investigate misuse or fraud), log file information is stored for a maximum of 14 days and then deleted. Data whose further retention is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

Contact:

When contacting us (e.g. via contact form, email, telephone, or social media), the user's information will be processed according to Art. 6 para. 1 lit. b) GDPR for the purpose of processing the contact request and its handling. The users' information may be stored in a customer relationship management system ("CRM system") or comparable request organization. We delete requests as soon as they are no longer necessary. We review the necessity every two years; statutory archiving obligations also apply.

Integration of Third-Party Services and Content:

We use content or service offerings from third-party providers within our online offering based on our legitimate interests (i.e. interest in analyzing, optimizing and economically operating our online offering within the meaning of Art. 6 para. 1 lit. f. GDPR) in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content"). This always requires that the third-party providers of this content perceive the IP address of the users, since without the IP address, they could not send the content to the users' browser. The IP address is therefore necessary for the display of this content. We endeavor to use only such content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the users' device and may include technical information about the browser and operating system, referring web pages, visit time, and other information about the use of our online offering, as well as be linked to such information from other sources.

Youtube:

We embed videos from the "YouTube" platform of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Google Maps:

We embed the maps of the service "Google Maps" of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Google Analytics:

We use the services of "Google Analytics" from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Join the mailing list

bottom of page