Privacy Policy

Controller

The controller responsible for data processing on this website is: therapie.digital Email: support@therapie.digital

Overview of Data Processing

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations (GDPR, BDSG) and this privacy policy. When you use this website, various personal data are collected. This privacy policy explains what data we collect and what we use it for.

Data Collection on Our Website

When you visit our website, our servers automatically collect technical information sent by your browser. This includes: • IP address (anonymized) • Date and time of the request • Browser type and version • Operating system • Referrer URL This data is collected on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation of their website.

Account and Organization Data

When you create an account, we store your email address, name, and organization information. This data is processed on the basis of Art. 6(1)(b) GDPR for the performance of the contract. Your account data is stored until you delete your account or request deletion.

Assessment Data

Patient assessments are identified exclusively by anonymous codes. No personally identifiable patient information (names, dates of birth, insurance numbers) is stored on our servers. Assessment responses and scores are stored encrypted and associated only with the anonymous patient code. This data is processed on the basis of Art. 6(1)(b) GDPR.

Cookies

Our website uses cookies. These are small text files that are stored on your device. We use strictly necessary cookies for authentication and session management, as well as a preference cookie for your selected language. These cookies are set on the basis of Art. 6(1)(f) GDPR. No tracking or advertising cookies are used.

Analytics

We do not use third-party analytics or tracking services. No data is shared with advertising networks or social media platforms.

Hosting

This website is hosted on servers within the European Union. We use Vercel (Vercel Inc.) for hosting, which processes data in accordance with GDPR requirements. A Data Processing Agreement (DPA) is in place.

Third-Party Services

We use the following third-party services: • Mollie B.V. (Netherlands) — Payment processing for subscriptions. Mollie processes payment data in accordance with PCI DSS standards and GDPR. • Resend (US) — Transactional email delivery (password reset emails). Processing is covered by Standard Contractual Clauses.

Data Retention

We store your data only as long as necessary for the purposes for which it was collected, or as required by law. Account data is deleted upon account deletion. Assessment data is retained for the duration of your subscription. After subscription cancellation, data is deleted within 90 days unless legal retention periods apply.

Your Rights

Under the GDPR, you have the following rights: • Right of access (Art. 15 GDPR) • Right to rectification (Art. 16 GDPR) • Right to erasure (Art. 17 GDPR) • Right to restriction of processing (Art. 18 GDPR) • Right to data portability (Art. 20 GDPR) • Right to object (Art. 21 GDPR) • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR) The competent supervisory authority is the Berliner Beauftragte für Datenschutz und Informationsfreiheit.

Changes to This Policy

We reserve the right to update this privacy policy to reflect changes in our practices or for legal, regulatory, or operational reasons. We will notify registered users of material changes via email.

Privacy Contact