according to the General Data Protection Regulation (GDPR)
This data privacy statement has been derived from a model template by Professor Dr. med. Thomas Hoeren, who developed it in collaboration with employees of the Research Center Law of the DFN-Verein (including Johannes Baur and Charlotte Röttgen).As of May 2018
I. Name and address of the controller
The controller in the sense of the General Data Protection Regulation and other national data protection laws of the member states of the European Union as well as other data protection regulations is the practice for psychotherapy
Dipl.-Psych. Matthias Glöckner
Telephone: 0371 - 28 333 64
Psychologischer Psychotherapeut
Georg-Landgraf-Straße 22
09112 Chemnitz
Telefax: 0371 - 28 333 65
II. Name and address of the data protection officer
The practice has no data protection officer because it has less than 9 employees.
III. General information about data processing
1. Scope of processing of personal data
As a matter of principle, I process personal data of my users only insofar as it is necessary for the provision of a functional website and my content and services. The processing of personal data of my users takes place regularly only with the consent of the users. An exception applies in cases in which prior consent is not possible for compulsory reasons and the processing of the data is permitted by law.
2. Legal basis for the processing of personal data
As far as I obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as legal basis.In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as legal basis. This also applies to processing operations required to carry out pre-contractual actions.
As far as the processing of personal data is required to fulfill a legal obligation that is subject to my practice, Art. 6 para. 1 lit. c GDPR serves as legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as legal basis.
If the processing is necessary to safeguard the legitimate interest of my practice or of a third party and if the interests, fundamental rights and freedoms of the person concerned do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as legal basis for processing.
3. Data erasure and storage duration
The personal data of the data subject will be erased as soon as the purpose of the storage is no longer applicable. In addition, such storage may take place if it is allowed by European or national legislation which the controller is subject to. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.
IV. Provision of the website and creation of log files
1. Description and scope of data processing
Every time you visit my website https://www.matthias-gloeckner.de/ or https://www.matthias-glöckner.de/ respectively, the following data and information are automatically collected from the computer system of the client machine:
| (1) | information about the browser type and the version used; | |
| (2) | information about the type and version number of the user's operating system; | |
| (3) | information about the user's internet service provider; | |
| (4) | the user's IP address; | |
| (5) | date, time and requested page of each access; | |
| (6) | websites from which the user accesses my website; | |
| (7) | websites that are accessed by the user from my website. |
Storage or processing of this data together with other personal data of the user does not take place. These data are stored in the log files of my webhost Strato AG. The data transmission between Strato AG's servers and your web browser is encrypted end-to-end with the Secure Sockets Layer (SSL) protocol and the Transport Layer Security (TLS) protocol based thereupon. Thus, no data can be read by third parties. For more detailed information, please refer to the information provided by Strato AG (in German): https://www.strato.de/faq/article/2763/Fragen-zur-Auftragsverarbeitungsvertrag-AVV-und-der-neuen-EU-Datenschutzgrundverordnung-GDPR.html#verarbeitung.
2. Legal basis for data processing
The legal basis for the temporary storage of data and for log files is Art. 6 para. 1 lit. f GDPR.
3. Purpose of the data processing
The temporary storage of the IP address by the system is necessary to allow delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.Storage in log files is done to ensure the functionality and security of the website. For these purposes, my legitimate interest in the processing of data pursuant to Art. 6 para. 1 lit. f GDPR. An evaluation of the data for marketing or other purposes does not take place.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. This is the case when collecting the site provisioning data when the session ends. When storing the data in log files, this is the case after no more than seven days.Storage exceeding this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
5. Possibility of objection and erasure
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
6. Use of cookies and Google Fonts
My website uses neither cookies nor Google Fonts. Therefore, no data is collected or stored. This also applies to the blog https://www.matthias-gloeckner.de/blog/, which has predominantly private character. The blog's WordPress installation, like the rest of my website, is hosted by Strato AG and run by myself. The blog uses the »Polylang« extension, the cookies of which have been disabled: https://www.polylang.pro/doc/is-polylang-compatible-with-the-eu-cookie-law/.
7. Newsletter
My website does not offer a newsletter. Therefore, no data is collected or stored.
8. Registration
There is neither the possibility nor need to register on my website. Therefore, no data is collected or stored.
9. Contact form and e-mail contact
On my website there is no contact form that can be used for electronic contacting. Therefore, no data is collected or stored.
There is the possibility to contact me under the e-mail address 
. It can not be ruled out that e-mails will be read by third parties during their transport through the internet. The mere fact that a psychotherapeutic treatment relationship exists is subject to confidentiality. Therefore, I can answer your emails - even for appointments - only by phone. Therefore, please include your phone number in your email.
If contact via telephone, e-mail, letter or fax does not lead to a psychotherapeutic consultation, trial session or psychotherapy, the data will be deleted within 4 weeks. If you wish to be added to the waiting list for a psychotherapy place, the data will be deleted within 4 weeks after my offer of a free psychotherapy place, if it is not taken up by you.
Otherwise, any electronic or written communication will become part of the treatment record and together with the latter will be destroyed at the end of the statutory retention period, i.e. 10 years after the end of treatment.
10. Web analytics
My website does not use web analytics like Google Analytics, or others. Therefore, no data is collected, stored, processed or passed on to third parties.
V. Rights of the person concerned
If your data have been processed, you are a person concerned in the sense of the GDPR and you have the following rights against the controller:
1. Right to information
You may ask the controller for a confirmation as to whether personal data concerning you will be processed by me.If such processing exists, you can request information from me about the following information:
| (1) | the purposes for which your personal data are being processed; | |
| (2) | the categories of personal data being processed; | |
| (3) | the recipients or the categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed; | |
| (4) | the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage; | |
| (5) | the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing; | |
| (6) | the existence of a right of appeal to a supervisory authority; | |
| (7) | all available information on the source of the data if the personal data is not collected from the data subject; | |
| (8) | the existence of automated decision-making including profiling under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject. |
You have the right to request information about whether your personal information is passed on to a third country or an international organization. In this context you can request the appropriate guarantees in accordance with. Art. 46 GDPR in relation to the transfer.
2. Right to rectification
You have a right to rectification and / or completion to the controller, if the personal data you process is incorrect or incomplete. The controller must make the correction without delay.
3. Right to restriction of processing
You may request the restriction of the processing of your personal data under the following conditions:
| (1) | if you contest the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information; | |
| (2) | if the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data; | |
| (3) | if the controller no longer needs the personal data for the purposes of the processing, but you need them to assert, exercise or defend legal claims, or | |
| (4) | if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the controller outweigh your reasons. |
If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest Union or a Member State.
Was the processing restricted according to the above conditions, you will be informed by the controller before the restriction is lifted.
4. Right to erasure
a) Obligation to erasure
You may require the controller to erase your personal information without delay, and the controller is required to delete that information immediately if at least one of the following is true:
| (1) | Personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed. | |
| (2) | You revoke your consent, to which the processing acc. Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. GDPR and there is no other legal basis for processing. | |
| (3) | According to. Art. 21 para. 1 GDPR objection to the processing and there are no prior justifiable reasons for the processing, or you lay gem. Art. 21 para. 2 GDPR Opposition to processing. | |
| (4) | Your personal data have been processed unlawfully. | |
| (5) | The deletion of personal data concerning you shall be required to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject. | |
| (6) | The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR. |
b) Information to third parties
If the controller has made personal data concerning you public and is required to erase it according to Article 17 (1) GDPR, with due regard to available technology and implementation costs, he will take appropriate measures (including technical ones) to inform the third party responsible for data processing that you, as the data subject, requested of the aforesaid third party the deletion of any links to such personal data or copies or replications of such personal data.
c) Exceptions
There is no right to erasure if the processing is necessary
| (1) | to exercise the right to freedom of expression and information; | |
| (2) | to fulfill a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or to carry out a task which is in the public interest or in the exercise of official authority conferring on the controller has been; | |
| (3) | for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR; | |
| (4) | for archival purposes of public interest, scientific or historical research purposes or for statistical purposes acc. Article 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or | |
| (5) | to assert, exercise or defend legal claims. |
5. Right to information
If you have asserted the right to rectify, delete or limit the processing to the controller, he is obliged to notify all recipients to whom the personal data you have disclosed this rectification or deletion of the data or restriction of processing because, this proves to be impossible or is associated with a disproportionate effort.You have the right to be informed about these recipients by the controller.
6. Right to data portability
You have the right to receive personally identifiable information you provide to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the controller for providing the personal data, provided that
| (1) | the processing on a consent acc. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract acc. Art. 6 para. 1 lit. b GDPR is based and | |
| (2) | the processing is done by automated means. |
In exercising this right, you also have the right to obtain that personal data relating to you be transmitted directly from one controller to another, as far as technically feasible. Freedoms and rights of other persons may not be affected.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.
7. Right to objection
You have the right at any time, for reasons that arise from your particular situation, to raise an objection against the processing of your personal data being carried out pursuant to Art. 6 para. 1 lit. e or f GDPR.The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending legal claims.
Regardless of Directive 2002/58/EC, you have the option, in the context of the use of information society services, of exercising your right to object through automated procedures that use technical specifications.
a) Right to revoke the data protection declaration of consent
You have the right to revoke your data protection declaration of consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
b) Automated decision on an individual basis including profiling
You have the right not to be subjected to a decision based solely on automated processing - including profiling - that will have legal effect or similarly affect you in a similar manner. Neither one nor the other is being applied by me.This does not apply if the decision
| (1) | is required for the conclusion or performance of a contract between you and the controller, | |
| (2) | is permitted by Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or | |
| (3) | is taking place with your express consent. |
However, these decisions must not be based on special categories of personal data under Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to uphold the rights and freedoms and their legitimate interests, including at least the right to obtain the intervention of a person by the controller, to express his / her own position and heard on challenge of the decision.
8. Right to complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of its residence, place of work or place of alleged infringement, if you believe that the processing of your personal data against you GDPR violates.The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
VI. Duties of the person concerned
No cease and desist without contact
In the event of asserting any claims arising out of copyright, competition, trademark and data law matters, I request that you contact me immediately to avoid unnecessary litigation, cease and desists and costs. If claims of the above-mentioned type are lodged, I hereby declare a remedy before a final legally binding clarification by which a possible risk of repetition is bindingly excluded. If the content or the presentation of these pages infringe third-party rights or statutory provisions, I ask for a message without cost note.
VII. Severability
Legal effect of this declaration
If sections or individual terms of this statement are not legal or correct, the content and validity of all other parts remain untouched by this fact.
| continue to: German original of this statement |
