Privacy Notice | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
according to the General Data Protection Regulation (GDPR)This data privacy statement has been derived from a model template by Professor Dr. med. Thomas Hoeren, who developed it in collaboration with employees of the Research Center Law of the DFN-Verein (including Johannes Baur and Charlotte Röttgen).As of May 2018 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
I. Name and address of the controllerThe controller in the sense of the General Data Protection Regulation and other national data protection laws of the member states of the European Union as well as other data protection regulations is the practice for psychotherapy
Dipl.-Psych. Matthias Glöckner
Telephone: 0371 - 28 333 64
II. Name and address of the data protection officerThe practice has no data protection officer because it has less than 9 employees.
III. General information about data processing1. Scope of processing of personal dataAs a matter of principle, I process personal data of my users only insofar as it is necessary for the provision of a functional website and my content and services. The processing of personal data of my users takes place regularly only with the consent of the users. An exception applies in cases in which prior consent is not possible for compulsory reasons and the processing of the data is permitted by law.
2. Legal basis for the processing of personal dataAs far as I obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as legal basis.In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as legal basis. This also applies to processing operations required to carry out pre-contractual actions. As far as the processing of personal data is required to fulfill a legal obligation that is subject to my practice, Art. 6 para. 1 lit. c GDPR serves as legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as legal basis. If the processing is necessary to safeguard the legitimate interest of my practice or of a third party and if the interests, fundamental rights and freedoms of the person concerned do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as legal basis for processing.
3. Data erasure and storage durationThe personal data of the data subject will be erased as soon as the purpose of the storage is no longer applicable. In addition, such storage may take place if it is allowed by European or national legislation which the controller is subject to. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.
IV. Provision of the website and creation of log files1. Description and scope of data processingEvery time you visit my website https://www.matthias-gloeckner.de/ or https://www.matthias-glöckner.de/ respectively, the following data and information are automatically collected from the computer system of the client machine:
Storage or processing of this data together with other personal data of the user does not take place. These data are stored in the log files of my webhost Strato AG. The data transmission between Strato AG's servers and your web browser is encrypted end-to-end with the Secure Sockets Layer (SSL) protocol and the Transport Layer Security (TLS) protocol based thereupon. Thus, no data can be read by third parties. For more detailed information, please refer to the information provided by Strato AG (in German): https://www.strato.de/faq/article/2763/Fragen-zur-Auftragsverarbeitungsvertrag-AVV-und-der-neuen-EU-Datenschutzgrundverordnung-GDPR.html#verarbeitung. 2. Legal basis for data processingThe legal basis for the temporary storage of data and for log files is Art. 6 para. 1 lit. f GDPR.
3. Purpose of the data processingThe temporary storage of the IP address by the system is necessary to allow delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.Storage in log files is done to ensure the functionality and security of the website. For these purposes, my legitimate interest in the processing of data pursuant to Art. 6 para. 1 lit. f GDPR. An evaluation of the data for marketing or other purposes does not take place.
4. Duration of storageThe data will be deleted as soon as it is no longer necessary for the purpose of its collection. This is the case when collecting the site provisioning data when the session ends. When storing the data in log files, this is the case after no more than seven days.Storage exceeding this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
5. Possibility of objection and erasureThe collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
6. Use of cookies and Google FontsMy website uses neither cookies nor Google Fonts. Therefore, no data is collected or stored. This also applies to the blog https://www.matthias-gloeckner.de/blog/, which has predominantly private character. The blog's WordPress installation, like the rest of my website, is hosted by Strato AG and run by myself. The blog uses the »Polylang« extension, the cookies of which have been disabled: https://www.polylang.pro/doc/is-polylang-compatible-with-the-eu-cookie-law/.
7. NewsletterMy website does not offer a newsletter. Therefore, no data is collected or stored.
8. RegistrationThere is neither the possibility nor need to register on my website. Therefore, no data is collected or stored.
9. Contact form and e-mail contactOn my website there is no contact form that can be used for electronic contacting. Therefore, no data is collected or stored.There is the possibility to contact me under the e-mail address . It can not be ruled out that e-mails will be read by third parties during their transport through the internet. The mere fact that a psychotherapeutic treatment relationship exists is subject to confidentiality. Therefore, I can answer your emails - even for appointments - only by phone. Therefore, please include your phone number in your email. If contact via telephone, e-mail, letter or fax does not lead to a psychotherapeutic consultation, trial session or psychotherapy, the data will be deleted within 4 weeks. If you wish to be added to the waiting list for a psychotherapy place, the data will be deleted within 4 weeks after my offer of a free psychotherapy place, if it is not taken up by you. Otherwise, any electronic or written communication will become part of the treatment record and together with the latter will be destroyed at the end of the statutory retention period, i.e. 10 years after the end of treatment.
10. Web analyticsMy website does not use web analytics like Google Analytics, or others. Therefore, no data is collected, stored, processed or passed on to third parties.
V. Rights of the person concernedIf your data have been processed, you are a person concerned in the sense of the GDPR and you have the following rights against the controller:
1. Right to informationYou may ask the controller for a confirmation as to whether personal data concerning you will be processed by me.If such processing exists, you can request information from me about the following information:
You have the right to request information about whether your personal information is passed on to a third country or an international organization. In this context you can request the appropriate guarantees in accordance with. Art. 46 GDPR in relation to the transfer.
2. Right to rectificationYou have a right to rectification and / or completion to the controller, if the personal data you process is incorrect or incomplete. The controller must make the correction without delay.
3. Right to restriction of processingYou may request the restriction of the processing of your personal data under the following conditions:
If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest Union or a Member State. Was the processing restricted according to the above conditions, you will be informed by the controller before the restriction is lifted.
4. Right to erasurea) Obligation to erasureYou may require the controller to erase your personal information without delay, and the controller is required to delete that information immediately if at least one of the following is true:
b) Information to third partiesIf the controller has made personal data concerning you public and is required to erase it according to Article 17 (1) GDPR, with due regard to available technology and implementation costs, he will take appropriate measures (including technical ones) to inform the third party responsible for data processing that you, as the data subject, requested of the aforesaid third party the deletion of any links to such personal data or copies or replications of such personal data.
c) ExceptionsThere is no right to erasure if the processing is necessary
5. Right to informationIf you have asserted the right to rectify, delete or limit the processing to the controller, he is obliged to notify all recipients to whom the personal data you have disclosed this rectification or deletion of the data or restriction of processing because, this proves to be impossible or is associated with a disproportionate effort.You have the right to be informed about these recipients by the controller.
6. Right to data portabilityYou have the right to receive personally identifiable information you provide to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the controller for providing the personal data, provided that
In exercising this right, you also have the right to obtain that personal data relating to you be transmitted directly from one controller to another, as far as technically feasible. Freedoms and rights of other persons may not be affected. The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.
7. Right to objectionYou have the right at any time, for reasons that arise from your particular situation, to raise an objection against the processing of your personal data being carried out pursuant to Art. 6 para. 1 lit. e or f GDPR.The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending legal claims. Regardless of Directive 2002/58/EC, you have the option, in the context of the use of information society services, of exercising your right to object through automated procedures that use technical specifications.
a) Right to revoke the data protection declaration of consentYou have the right to revoke your data protection declaration of consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
b) Automated decision on an individual basis including profilingYou have the right not to be subjected to a decision based solely on automated processing - including profiling - that will have legal effect or similarly affect you in a similar manner. Neither one nor the other is being applied by me.This does not apply if the decision
However, these decisions must not be based on special categories of personal data under Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests. With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to uphold the rights and freedoms and their legitimate interests, including at least the right to obtain the intervention of a person by the controller, to express his / her own position and heard on challenge of the decision.
8. Right to complaint with a supervisory authorityWithout prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of its residence, place of work or place of alleged infringement, if you believe that the processing of your personal data against you GDPR violates.The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
VI. Duties of the person concernedNo cease and desist without contactIn the event of asserting any claims arising out of copyright, competition, trademark and data law matters, I request that you contact me immediately to avoid unnecessary litigation, cease and desists and costs. If claims of the above-mentioned type are lodged, I hereby declare a remedy before a final legally binding clarification by which a possible risk of repetition is bindingly excluded. If the content or the presentation of these pages infringe third-party rights or statutory provisions, I ask for a message without cost note.
VII. SeverabilityLegal effect of this declarationIf sections or individual terms of this statement are not legal or correct, the content and validity of all other parts remain untouched by this fact.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
letzte Änderung: |