Privacy policies

Data protection declaration

1) Introduction and contact details of the controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.

1.2 The controller in charge of data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is Manuela Santner, Kirchenstraße 28, 83454 Anger, Deutschland, Tel.: 0049 176 531 69026, E-Mail: info@psychotherapie-santner.com. The controller in charge of the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data collection when visiting our website

2.1 When using our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to the site server (so-called „server log files“). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

  • Our visited website
  • Date and time at the time of access
  • Amount of data sent in bytes
  • Source/reference from which you reached the page
  • Browser used
  • Operating system used
  • IP address used (if applicable: in anonymised form)
  • The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.

    2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller). You can recognise an encrypted connection by the character string „https://“ and the lock symbol in your browser line.

    3) Cookies

    In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your end device. Some of these cookies are automatically deleted after closing the browser (so-called „session cookies“), others remain on your end device for longer and enable page settings to be saved (so-called „persistent cookies“). In the latter case, you can find the storage period in the cookie settings overview of your web browser.

    If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 Para. 1 lit. b GDPR either for the fulfilment of the contract, in accordance with Art. 6 Para. 1 lit. a GDPR in the case of consent given or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.

    You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general.

    Please note that if you do not accept cookies, the functionality of our website may be limited.

    4) Making contact

    4.1 Microsoft Bookings

    For the provision of an online appointment booking function, we use the services of the following provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

    For the purpose of organising appointments, first name, surname and email address (and telephone number if a telephone appointment is requested) are collected in accordance with Art. 6 para. 1 lit. b GDPR and transmitted to the provider in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in effective customer management and efficient appointment management to the provider and stored there for the organisation of appointments.

    After the appointment has been held or after the agreed appointment period has expired, your data will be deleted by the provider.

    We have concluded an order processing contract with the provider that ensures the protection of our website visitors' data and prohibits unauthorised disclosure to third parties.

    For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

    4.2 WhatsApp business

    We offer visitors to our website the opportunity to contact us via the WhatsApp messaging service provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the so-called „business version“ of WhatsApp.

    If you contact us via WhatsApp regarding a specific transaction (e.g. a completed order), we will store and use the mobile phone number you use on WhatsApp and, if provided, your first and last name in accordance with Art. 6 para. 1 lit. b. GDPR to process your request. GDPR to process and respond to your request. On the same legal basis, we may ask you to provide further data (order number, customer number, address or email address) via WhatsApp in order to be able to assign your enquiry to a specific process.

    If you use our WhatsApp contact for general enquiries (e.g. about our range of services, availability or our website), we store and use the mobile phone number you use on WhatsApp and, if provided, your first and last name in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the efficient and timely provision of the requested information.

    Your data will only ever be used to respond to your request via WhatsApp. It will not be passed on to third parties.

    Please note that WhatsApp Business receives access to the address book of the mobile device we use for this purpose and automatically transmits telephone numbers stored in the address book to a server of the parent company Meta Platforms Inc. in the USA. To operate our WhatsApp Business account, we use a mobile device whose address book only stores the WhatsApp contact data of those users who have also contacted us via WhatsApp.

    This ensures that every person whose WhatsApp contact details are stored in our address book has already consented to the transmission of their WhatsApp telephone number from the address books of their chat contacts in accordance with Art. 6 para. 1 lit. a GDPR when using the app on their device for the first time by accepting the WhatsApp terms of use. In this respect, the transfer of data of users who do not use WhatsApp and/or have not contacted us via WhatsApp is excluded.

    The purpose and scope of the data collection and the further processing and use of the data by WhatsApp as well as your rights and setting options to protect your privacy can be found in WhatsApp's privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy

    Data may be transferred to Meta Platforms Inc. servers in the USA as part of the above-mentioned processing.

    For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.

    4.3 Personal data is collected when you contact us (e.g. via contact form or email). The data collected when a contact form is used can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your enquiry or for contacting you and the associated technical administration.

    The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after your enquiry has been processed. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

    5) Page functionalities

    5.1 Facebook plugins

    Our website uses plugins from the social network of the following provider: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

    These plugins enable direct interactions with content on the social network.

    In order to increase the protection of your data when you visit our website, the plugins are initially deactivated by means of a so-called "2-click" or "Shariff" solution integrated into the page.

    This integration ensures that no connection to the provider's servers is established when a page of our website containing such plugins is accessed.

    Only when you activate the plugins and thus give your consent to the data transfer in accordance with Art. 6(1)(a) GDPR does your browser establish a direct connection to the provider's servers. Irrespective of whether you have logged into an existing user profile, a certain amount of information about the device you are using (including your IP address), your browser and your page history will be transmitted to the provider and processed there if necessary.

    If you are logged into an existing user profile on the provider's social network, information about interactions carried out via the plugins will also be published there and displayed to your contacts. You can revoke your consent at any time by deactivating the activated plugin by clicking on it again. However, the revocation has no influence on the data that has already been transmitted to the provider.

    Data can also be transferred to: Meta Platforms Inc., USA

    We have concluded an order processing contract with the provider that ensures the protection of our website visitors' data and prohibits unauthorised disclosure to third parties.

    For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.

    5.2 Instagram plugins

    Our website uses plugins from the social network of the following provider: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland

    These plugins enable direct interactions with content on the social network.

    In order to increase the protection of your data when you visit our website, the plugins are initially deactivated by means of a so-called „2-click“or „Shariff“solution integrated into the page.

    This integration ensures that no connection to the provider's servers is established when a page of our website containing such plugins is accessed.

    Only when you activate the plugins and thus give your consent to the data transfer in accordance with Art. 6(1)(a) GDPR does your browser establish a direct connection to the provider's servers. Regardless of whether you have logged into an existing user profile, a certain amount of information about the device you are using (including your IP address), your browser and your page history will be transmitted to the provider and processed there if necessary.
    If you are logged into an existing user profile on the provider's social network, information about interactions carried out via the plugins will also be published there and displayed to your contacts. You can revoke your consent at any time by deactivating the activated plugin by clicking on it again. However, the revocation has no influence on the data that has already been transmitted to the provider.

    Data can also be transferred: Meta Platforms Inc., USA

    We have concluded an order processing contract with the provider that ensures the protection of our website visitors' data and prohibits unauthorised disclosure to third parties.

    For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

    5.3 LinkedIn plugins

    Our website uses plugins from the social network of the following provider LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

    These plugins enable direct interactions with content on the social network.

    In order to increase the protection of your data when you visit our website, the plugins are initially deactivated by means of a so-called „2-click“or „Shariff“solution integrated into the page.

    This integration ensures that no connection to the provider's servers is established when a page of our website containing such plugins is accessed.

    Only when you activate the plugins and thus give your consent to the data transfer in accordance with Art. 6(1)(a) GDPR does your browser establish a direct connection to the provider's servers. Regardless of whether you have logged into an existing user profile, a certain amount of information about the device you are using (including your IP address), your browser and your page history will be transmitted to the provider and processed there if necessary.
    If you are logged into an existing user profile on the provider's social network, information about interactions carried out via the plugins will also be published there and displayed to your contacts. You can revoke your consent at any time by deactivating the activated plugin by clicking on it again. However, the revocation has no influence on the data that has already been transmitted to the provider.

    Data can also be transferred to: LinkedIn Inc., USA

    We have concluded an order processing contract with the provider that ensures the protection of our website visitors' data and prohibits unauthorised disclosure to third parties.

    For the transfer of data to the USA, the provider refers to standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.

    5.4 FontAwesome

    This site uses so-called web fonts from the following provider for the uniform display of fonts: Fonticons, Inc, 710 Blackhorn Dr, Carl Junction, 64834, MO, USA

    When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly and establishes a direct connection to the provider's servers. In the process, certain browser information, including your IP address, is transmitted to the provider.

    The processing of personal data in the course of establishing a connection with the provider of the fonts is only carried out if you have given us your express consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service via the „Cookie-Consent-Tool“ provided on the website. If your browser does not support web fonts, a standard font will be used by your computer.

    For the transfer of data to the USA, the provider refers to standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.

    5.5 Google Web Fonts

    This site uses so-called web fonts from the following provider for the standardised display of fonts: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

    When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly and establishes a direct connection to the provider's servers. In the process, certain browser information, including your IP address, is transmitted to the provider.

    Data can also be transmitted to: Google LLC, USA

    The processing of personal data in the course of establishing a connection with the provider of the fonts is only carried out if you have given us your express consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service via the „Cookie-Consent-Tool“ provided on the website. If your browser does not support web fonts, a standard font will be used by your computer.

    For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

    5.6 Google Customer Reviews (formerly Google Certified Dealer Programme)

    We work with Google as part of the „Google Customer Reviews“ programme. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This programme gives us the opportunity to obtain customer reviews from users of our website. After making a purchase on our website, you will be asked whether you would like to take part in an email survey from Google.

    If you give your consent in accordance with Art. 6 para. 1 lit. a GDPR, we will transmit your e-mail address to Google. You will receive an email from Google Customer Reviews asking you to rate the purchase experience on our website. The review you provide will then be aggregated with our other reviews and displayed in our Google Customer Reviews logo and in our Merchant Centre dashboard. In addition, your review will be used for Google seller reviews. As part of the use of Google Customer Reviews, personal data may also be transmitted to the servers of Google LLC. in the USA.

    You can withdraw your consent at any time by sending a message to the controller responsible for data processing or to Google.

    For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

    5.7 Google Meet

    We use this provider to conduct online meetings, video conferences and/or webinars: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

    This may also result in a transmission to the servers of Google LLC. in the USA.

    The provider processes different data, whereby the scope of the processed data depends on which data you provide before or during participation in an online meeting, a video conference or a webinar. Your data will be processed as a communication participant and stored on the provider's servers. This may include, in particular, your login data (name, email address, telephone number (optional) and password) and session data (topic, participant IP address, device information, description (optional)).

    In addition, image and sound contributions from participants as well as voice input in chats can be processed.
    For the processing of personal data that is necessary for the fulfilment of a contract with you (this also applies to processing operations that are necessary for the implementation of pre-contractual measures), Art. 6 para. 1 lit. b GDPR serves as the legal basis. If you have given us your consent to process your data, the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future. In addition, the legal basis for data processing when conducting online meetings, video conferences or webinars is our legitimate interest in the effective conduct of the online meeting, webinar or video conference in accordance with Art. 6 para. 1 lit. f GDPR.

    We have concluded an order processing contract with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorised disclosure to third parties.

    For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

    5.8 Microsoft Teams

    We use this provider to conduct online meetings, video conferences and/or webinars: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA

    The provider processes different data, whereby the scope of the processed data depends on which data you provide before or during participation in an online meeting, a video conference or a webinar. Your data will be processed as a communication participant and stored on the provider's servers. This may include, in particular, your login data (name, email address, telephone number (optional) and password) and session data (topic, participant IP address, device information, description (optional)).

    In addition, image and sound contributions from participants as well as voice input in chats can be processed.
    For the processing of personal data that is necessary for the fulfilment of a contract with you (this also applies to processing operations that are necessary for the implementation of pre-contractual measures), Art. 6 para. 1 lit. b GDPR serves as the legal basis. If you have given us your consent to process your data, the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future. In addition, the legal basis for data processing when conducting online meetings, video conferences or webinars is our legitimate interest in the effective conduct of the online meeting, webinar or video conference in accordance with Art. 6 para. 1 lit. f GDPR.

    We have concluded an order processing contract with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorised disclosure to third parties.

    For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

    5.9 Zoom

    We use this provider to conduct online meetings, video conferences and/or webinars: Zoom Video Communications Inc, 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA

    The provider processes different data, whereby the scope of the processed data depends on which data you provide before or during participation in an online meeting, a video conference or a webinar. Your data will be processed as a communication participant and stored on the provider's servers. This may include, in particular, your login data (name, email address, telephone number (optional) and password) and session data (topic, participant IP address, device information, description (optional)).

    In addition, image and sound contributions from participants as well as voice input in chats can be processed.
    For the processing of personal data that is necessary for the fulfilment of a contract with you (this also applies to processing operations that are necessary for the implementation of pre-contractual measures), Art. 6 para. 1 lit. b GDPR serves as the legal basis. If you have given us your consent to process your data, the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future. In addition, the legal basis for data processing when conducting online meetings, video conferences or webinars is our legitimate interest in the effective conduct of the online meeting, webinar or video conference in accordance with Art. 6 para. 1 lit. f GDPR.

    We have concluded an order processing contract with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorised disclosure to third parties.

    For the transfer of data to the USA, the provider refers to standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.

    6) Tools and other

    6.1 Cookie consent tool

    This website uses a so-called „cookie consent tool“ to obtain effective user consent for cookies and cookie-based applications that require consent. The „Cookie Consent Tool“ is displayed to users when they access the website in the form of an interactive user interface on which consent for certain cookies and/or cookie-based applications can be given by ticking a box. By using the tool, all cookies/services requiring consent are only loaded if the respective user grants the corresponding consent by ticking the box. This ensures that such cookies are only set on the user's end device if consent has been granted.

    The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed in the process.

    If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website.

    Another legal basis for the processing is Art. 6 para. 1 lit. c GDPR. As the controller, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.

    If necessary, we have concluded an order processing contract with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorised disclosure to third parties.

    Further information on the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.

    6.2 Wordfence

    For security purposes, this website uses the service of the following provider: Defiant Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA

    The provider protects the website and the associated IT infrastructure from unauthorised third-party access, cyberattacks, viruses and malware. The provider collects the IP addresses of users and, if necessary, other data on your behaviour on our website (in particular URLs accessed and header information) in order to detect and prevent illegitimate page access and threats. The recorded IP address is compared with a list of known attackers. If the recorded IP address is recognised as a security risk, the provider can automatically block it for page access. The information collected in this way is transmitted to a server of the provider and stored there.

    The data processing described is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interests in protecting the website from harmful cyber attacks and in maintaining structural and data integrity and security.

    If visitors to the website have login rights, the provider also sets cookies (= small text files) on the visitor's end device. With the help of cookies, certain location and device information can be read out, which enables an assessment of whether the login-authorised access originates from a legitimate person. At the same time, access rights can be evaluated via the cookies and released via a site-internal firewall according to the authorisation level. Finally, the cookies are used to register irregular access by site administrators from new devices or new locations and to notify other administrators of this.
    These cookies are only set if a user has login authorisation. The provider does not set cookies for site visitors without login authorisation.
    If personal data is processed via the cookies, the processing is carried out in accordance with Art. 6 para. 1 lit. f. GDPR on the basis of our legitimate interest in preventing illegal access to the site administration and defence against unauthorised administrator access. GDPR on the basis of our legitimate interest in preventing illegitimate access to the site administration and preventing unauthorised access by administrators.

    We have concluded an order processing contract with the provider that ensures the protection of our website visitors' data and prohibits unauthorised disclosure to third parties.

    For the transfer of data to the USA, the provider refers to standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.

    7) Rights of the data subject

    7.1 The applicable data protection law grants you the following data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the legal basis stated for the respective conditions for exercising these rights:

  • Right to information pursuant to Art. 15 GDPR;
  • Right to rectification pursuant to Art. 16 GDPR;
  • Right to data protection pursuant to Art. 17 GDPR;
  • Right to restriction of processing pursuant to Art. 18 GDPR;
  • Right to information pursuant to Art. 19 GDPR;
  • Right to data portability pursuant to Art. 20 GDPR;
  • Right to withdraw consent granted pursuant to Art. 7 (3) GDPR;
  • Right to lodge a complaint pursuant to Art. 77 GDPR
  • .

    7.2 RIGHT OF OBJECTION

    if we process your personal data on the basis of our legitimate interest in the context of a solicitation of interest, you have the right to object to this processing at any time on grounds relating to your particular situation.for reasons arising from your particular situation, to object to this processing with effect for the future.

    IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. FURTHER PROCESSING WILL BE RESERVED IF WE CAN PROVE COMPULSORY PROTECTIVE REASONS FOR THE PROCESSING;NOBODY WHO HAS THEIR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS DEDICATED TO THE ENFORCEMENT, EXPLOITATION OR DEFENCE OF LEGAL CLAIMS.

    If your personal data is processed by us for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing. YOU MAY EXPRESS YOUR OBJECTION AS DESCRIBED ABOVE.

    IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL TERMINATE THE PROCESSING OF THE DATA CONCERNED FOR DIRECT ADVERTISING PURPOSES.

    8) Duration of the storage of personal data

    The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and, if applicable, the respective statutory retention period (e.g. retention periods under commercial and tax law).

    Where personal data is processed on the basis of express consent pursuant to Art. 6(1)(a) GDPR, the data concerned will be stored until you withdraw your consent.

    If there are statutory retention periods for data that is processed within the scope of legal or commercial obligations on the basis of Art. 6 para. 1 lit. b GDPR, this data is routinely deleted after the retention periods have expired, provided that it is no longer required for the fulfilment of the contract or the initiation of a contract and/or we no longer have a legitimate interest in its continued storage.

    Where personal data is processed on the basis of Art. 6(1)(f) GDPR, this data is stored until you exercise your right to object in accordance with Art. 21(1) GDPR. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

    Where personal data is processed for the purpose of direct marketing on the basis of Art. 6(1)(f) GDPR, this data will be stored until you exercise your right to object in accordance with Art. 21(2) GDPR.

    Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will be deleted if they are no longer necessary for the purposes for which they were collected or otherwise processed.

    Privacy policy

    We respect your privacy and are committed to protecting it through our compliance with this privacy policy (“Policy”). This Policy describes the types of information we may collect from you or that you may provide (“Personal Information”) on the psychotherapie-santner.com website (“Website” or “Service”) and any of its related products and services (collectively, “Services”), and our practices for collecting, using, maintaining, protecting, and disclosing that Personal Information. It also describes the choices available to you regarding our use of your Personal Information and how you can access and update it.

    This Policy is a legally binding agreement between you (“User”, “you” or “your”) and this Website operator (“Operator”, “we”, “us” or “our”). If you are entering into this agreement on behalf of a business or other legal entity, you represent that you have the authority to bind such entity to this agreement, in which case the terms “User”, “you” or “your” shall refer to such entity. If you do not have such authority, or if you do not agree with the terms of this agreement, you must not accept this agreement and may not access and use the Website and Services. By accessing and using the Website and Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Policy. This Policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.

    Collection of information

    Our top priority is customer data security and, as such, we exercise the no logs policy. We may process only minimal user data, only as much as it is absolutely necessary to maintain the Website and Services. Information collected automatically is used only to identify potential cases of abuse and establish statistical information regarding the usage and traffic of the Website and Services. This statistical information is not otherwise aggregated in such a way that would identify any particular user of the system.

    Privacy of children

    We do not knowingly collect any Personal Information from children under the age of 13. If you are under the age of 13, please do not submit any Personal Information through the Website and Services. If you have reason to believe that a child under the age of 13 has provided Personal Information to us through the Website and Services, please contact us to request that we delete that child’s Personal Information from our Services.

    We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide Personal Information through the Website and Services without their permission. We also ask that all parents and legal guardians overseeing the care of children take the necessary precautions to ensure that their children are instructed to never give out Personal Information when online without their permission.

    Use and processing of collected information

    We act as a data controller and a data processor when handling Personal Information, unless we have entered into a data processing agreement with you in which case you would be the data controller and we would be the data processor.

    Our role may also differ depending on the specific situation involving Personal Information. We act in the capacity of a data controller when we ask you to submit your Personal Information that is necessary to ensure your access and use of the Website and Services. In such instances, we are a data controller because we determine the purposes and means of the processing of Personal Information.

    We act in the capacity of a data processor in situations when you submit Personal Information through the Website and Services. We do not own, control, or make decisions about the submitted Personal Information, and such Personal Information is processed only in accordance with your instructions. In such instances, the User providing Personal Information acts as a data controller.

    In order to make the Website and Services available to you, or to meet a legal obligation, we may need to collect and use certain Personal Information. If you do not provide the information that we request, we may not be able to provide you with the requested products or services. Any of the information we collect from you may be used for the following purposes:

    – Send administrative information
    – Respond to inquiries and offer support
    – Run and operate the Website and Services

    Processing your Personal Information depends on how you interact with the Website and Services, where you are located in the world and if one of the following applies: (i) you have given your consent for one or more specific purposes; (ii) provision of information is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof; (iii) processing is necessary for compliance with a legal obligation to which you are subject; (iv) processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in us; (v) processing is necessary for the purposes of the legitimate interests pursued by us or by a third party.

    Note that under some legislations we may be allowed to process information until you object to such processing by opting out, without having to rely on consent or any other of the legal bases. In any case, we will be happy to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Information is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

    Disclosure of information

    Depending on the requested Services or as necessary to complete any transaction or provide any Service you have requested, we may share your information with our affiliates, contracted companies, and service providers (collectively, “Service Providers”) we rely upon to assist in the operation of the Website and Services available to you and whose privacy policies are consistent with ours or who agree to abide by our policies with respect to Personal Information. We will not share any personally identifiable information with third parties and will not share any information with unaffiliated third parties.

    Service Providers are not authorized to use or disclose your information except as necessary to perform services on our behalf or comply with legal requirements. Service Providers are given the information they need only in order to perform their designated functions, and we do not authorize them to use or disclose any of the provided information for their own marketing or other purposes.

    Retention of information

    We will retain and use your Personal Information for the period necessary to comply with our legal obligations, to enforce our agreements, resolve disputes, and unless a longer retention period is required or permitted by law.

    We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, but not in a manner that would identify you personally. Once the retention period expires, Personal Information shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification, and the right to data portability cannot be enforced after the expiration of the retention period.

    Cookies

    Our Website and Services use “cookies” to help personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.

    We may use cookies to collect, store, and track information for security and personalization, and for statistical purposes. Please note that you have the ability to accept or decline cookies. Most web browsers automatically accept cookies by default, but you can modify your browser settings to decline cookies if you prefer.

    Do Not Track signals

    Some browsers incorporate a Do Not Track feature that signals to websites you visit that you do not want to have your online activity tracked. Tracking is not the same as using or collecting information in connection with a website. For these purposes, tracking refers to collecting personally identifiable information from consumers who use or visit a website or online service as they move across different websites over time. The Website and Services do not track its visitors over time and across third-party websites. However, some third-party websites may keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. For a description of Do Not Track protocols for browsers and mobile devices or to learn more about the choices available to you, visit internetcookies.com

    Social media features

    Our Website and Services may include social media features, such as the Facebook and Twitter buttons, Share This buttons, etc (collectively, “Social Media Features”). These Social Media Features may collect your IP address, what page you are visiting on our Website and Services, and may set a cookie to enable Social Media Features to function properly. Social Media Features are hosted either by their respective providers or directly on our Website and Services. Your interactions with these Social Media Features are governed by the privacy policy of their respective providers.

    Links to other resources

    The Website and Services contain links to other resources that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of such other resources or third parties. We encourage you to be aware when you leave the Website and Services and to read the privacy statements of each and every resource that may collect Personal Information.

    Information security

    We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We maintain reasonable administrative, technical, and physical safeguards in an effort to protect against unauthorized access, use, modification, and disclosure of Personal Information in our control and custody. However, no data transmission over the Internet or wireless network can be guaranteed.

    Therefore, while we strive to protect your Personal Information, you acknowledge that (i) there are security and privacy limitations of the Internet which are beyond our control; (ii) the security, integrity, and privacy of any and all information and data exchanged between you and the Website and Services cannot be guaranteed; and (iii) any such information and data may be viewed or tampered with in transit by a third party, despite best efforts.

    Data breach

    In the event we become aware that the security of the Website and Services has been compromised or Users’ Personal Information has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the User as a result of the breach or if notice is otherwise required by law. When we do, we will post a notice on the Website, send you an email.

    Changes and amendments

    We reserve the right to modify this Policy or its terms related to the Website and Services at any time at our discretion. When we do, we will revise the updated date at the bottom of this page, post a notification on the main page of the Website, send you an email to notify you. We may also provide notice to you in other ways at our discretion, such as through the contact information you have provided.

    An updated version of this Policy will be effective immediately upon the posting of the revised Policy unless otherwise specified. Your continued use of the Website and Services after the effective date of the revised Policy (or such other act specified at that time) will constitute your consent to those changes. However, we will not, without your consent, use your Personal Information in a manner materially different than what was stated at the time your Personal Information was collected.

    Acceptance of this policy

    You acknowledge that you have read this Policy and agree to all its terms and conditions. By accessing and using the Website and Services and submitting your information you agree to be bound by this Policy. If you do not agree to abide by the terms of this Policy, you are not authorized to access or use the Website and Services. This privacy policy was created with the help of https://www.websitepolicies.com/privacy-policy-generator

    Contacting us

    If you have any questions, concerns, or complaints regarding this Policy, the information we hold about you, or if you wish to exercise your rights, we encourage you to contact us using the details below:

    https://www.psychotherapie-santner.com/contact
    info@psychotherapie-santner.com
    Kirchenstraße 28, 83454 Anger

    We will attempt to resolve complaints and disputes and make every reasonable effort to honor your wish to exercise your rights as quickly as possible and in any event, within the timescales provided by applicable data protection laws.

    This document was last updated on July 10, 2023