Imprint and Privacy Policy

Psychologist, member of the Professional Association of Psychologists of Emilia-Romagna (no. 11656)

Tax number: FLDLNE95R54Z112P

Partita-IVA: 04168301200

E-mail: psychology@leoniefeldmann.com

Phone: +393513636422

Services in accordance with the Professional Code of Conduct of Italian Psychologists (https://www.psy.it/codice-deontologico)

Professional indemnity insurance with Allianz S.p.A., Milano; Cassa di Assistenza Mutua tra gli Psicologi Italiani, Roma;

Responsible for the content of this website pursuant to art. 5 D.Lgs. 70/2003: Leonie Feldmann.

The contents of this website are for informational purposes only. My online counselling is a psychological service, I do not carry out any medical treatment. My service is not a substitute for medical, psychiatric or psychotherapeutic treatment. The Services are accessible to users from countries outside the EU, unless local laws restrict it.

For out-of-court dispute resolution, the EU's online dispute resolution platform is available for EU consumers: https://ec.europa.eu/consumers/odr."

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is all data that can be used to identify you personally (e.g. name, address, e-mail addresses). Detailed information on the subject of data protection can be found in our privacy policy listed below this text. We would like to use them to inform you about the processing operations and at the same time to comply with our legal obligations, in particular under the EU General Data Protection Regulation (GDPR).

The GDPR and Legislative Decree 101/2018 provide for and strengthen the protection and processing of personal data, taking into account the principles of correctness, lawfulness, transparency, protection of confidentiality and the rights of the data subject in relation to their data.

I would like to expressly point out that as a psychologist I am subject to confidentiality. Therefore, I will not pass on any personal information that you share with me during our consultations with third parties unless you expressly allow me to do so. We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) may have security gaps. It is not possible to completely protect the data from access by third parties. So proceed with caution when composing e-mails, for example, and you may refrain from passing on specific data such as your address via such communication channels.

As a psychologist and member of the Professional Association of Psychologists of the Emilia-Romagna Region, I am strictly obliged to comply with the Code of Ethics of Italian Psychologists: Testo vigente del Codice Deontologico degli psicologi italiani - CNOP

Data processing on this website is carried out by the website operator Leonie Feldmann. Their contact details can be found in the section "Note on the Responsible Body" in this privacy policy.

On the one hand, your data is collected when you provide it to us. This can be, for example, data that you enter into a contact form or send to us by e-mail.

Other data is collected automatically or with your consent when you visit the website by our IT systems.

Technical data (e.g. internet browser, operating system or time of page access). The collection of this data takes place automatically as soon as you enter this website.

Personal data (e.g. name, date of birth, place of birth, address)

Contact details (e-mail, telephone number)

Payment information (e.g. credit/debit card number)

For Italian customers: tax identification number

Data on health status: Specific data relating to physical or mental health (or any other data or information referred to in Articles 9 and 10 of the GDPR) will be collected directly in connection with the request to carry out assessments, examinations, diagnostic tests, rehabilitation measures and any other type of professional service related to the performance of the task assigned to the psychologist.

Data in the context of psychological services: I collect and process personal data for the implementation of psychological counselling services (see above). The data processing of this personal data is carried out on the basis of your consent (Art. 6 para. 1 lit. a GDPR) and for the fulfilment of contractual obligations (Art. 6 para. 1 lit. b GDPR). The professional reflections/evaluations/interpretations translated into data by the psychologist represent professional data managed/owed in accordance with all the principles of the GDPR and, in the first place, in accordance with the provisions of the Code of Ethics.

The consultations are NOT recorded by audio or video. Otherwise, explicit consent from the psychologist and the user/client is required.

Part of the data is collected to ensure that the website is provided without errors. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the transmitted data will also be processed for contract offers, orders or other order requests. Furthermore, your data, especially those relating to your state of health and personal data, will be used to provide you with appropriate psychological counselling. Personal, contact and payment data will be used to communicate with the client, to create invoices and, if necessary, will be forwarded to the relevant health authorities (more on this below under "Recipients of personal data").

You have the right at any time to obtain information free of charge about the origin, recipient and purpose of your

stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data in certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time for this and other questions on the subject of data protection.

When you visit this website, your surfing behaviour can be statistically evaluated. This is mainly done with so-called analysis programs.

Detailed information about these analysis programs can be found in the following privacy policy.

We host the content of our website with the following external providers:

The provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur (hereinafter referred to as IONOS). When you visit our website, IONOS collects various log files, including your IP addresses. Details can be found in IONOS' privacy policy: https://www.ionos.de/terms-gtc/terms-privacy.

The use of IONOS is based on Art. 6 (1) (f) GDPR. We have a legitimate interest in presenting our website as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

Order processing

We have concluded a contract processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law that ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR. However, we have no direct influence on data processing by IONOS in the context of website use.

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

When you use this website, various personal data is collected.

Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) may have security gaps. It is not possible to completely protect the data from access by third parties.

The person responsible for data processing on this website is:

Leonie Feldmann

Via Agucchi 32/4, 40133 Bologna, Italy

Phone: +393513636422

E-mail: psychology@leoniefeldmann.com

The controller is the natural or legal person who, alone or jointly with others, decides on the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

Personal data will only be stored for as long as is necessary to achieve the purposes for which it was collected, namely:

- Personal, contact and payment data: they will be kept for as long as necessary to fulfil contractual obligations, i.e. for a period of 10 years;

- Data relating to the state of health: they will be kept for as long as necessary for the execution of the assignment and the pursuit of its purposes and, in any case, for a period of at least 5 years (art. 17 of the Code of Ethics of Italian Psychologists) and no longer than the retention period provided for personal data and payment data.

Personal data that is no longer needed or for which there is no longer a legal basis for its storage will be irrevocably anonymised or securely destroyed.

If you assert a justified request for erasure or revoke consent to data processing, your data will be deleted, unless we have other legally permissible grounds for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the deletion takes place after these reasons have ceased to exist.

If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, insofar as special categories of data are processed in accordance with Art. 9 (1) GDPR. In the case of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 (1) (a) GDPR. If you consent to the storage of cookies or to access information in

your device (e.g. via device fingerprinting), data processing is also carried out on the basis of Section 25 (1) TDDDG. The consent can be revoked at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 (1) (b) GDPR. Furthermore, we process your data if it is necessary to comply with a legal obligation on the basis of Art. 6 (1) (c) GDPR.

Data processing may also be carried out on the basis of our legitimate interest in accordance with Art. 6 (1) (f) GDPR. Information on the relevant legal bases in each individual case is provided in the following paragraphs of this data protection declaration.

As part of our business activities, we work together with various external bodies. In some cases, it is also necessary to transmit personal data to these external bodies. We only pass on personal data to external bodies if this is necessary in the context of the performance of a contract, if we are legally obliged to do so (e.g. disclosure of data to tax authorities), if we have a legitimate interest in the disclosure in accordance with Art. 6 (1) (f) GDPR or if another legal basis allows the data transfer. When using processors, we only share our customers' personal data on the basis of a valid data processing agreement. In the case of joint processing, a joint processing contract is concluded.

Personal data may need to be made available to health and/or judicial authorities on the basis of certain legal obligations. In all other cases, communication may only take place with your explicit consent, in particular:

Personal, contact and payment data: it may also be accessible to all employees, as well as to external suppliers who support the provision of services;

Data on the state of health: will generally be disclosed only to the interested party and only to third parties with written consent (art. 12 C.D.). All appropriate means are used to prevent unauthorized access by third parties, including those present at the time of disclosure. They may be passed on to NHS structures/services/operators or other public authorities in the event of legal obligations; In the case of collaboration with other persons who are also subject to professional secrecy (supervision, intervisions and/or team meetings), only the information strictly necessary in relation to the nature of the collaboration will be disclosed with this consent (art. 15 C.D.).

For Italian clients: In accordance with current Italian legislation, the accounting information related to health expenses will be transmitted to the Agency for Revenue through the electronic flow of the health card system in order to process the pre-filled Form 730/UNICO and will also be accessible to the people on whom you are dependent for tax purposes (spouse, parents, etc.). In the event of an objection to the transmission of data, the data will be transmitted to the health card system without providing the tax number. This objection has no influence on the deduction of expenses, but only implies that the invoice is not automatically included in the pre-filled declaration

Many data processing operations are only possible with your explicit consent. You can revoke any consent you have already given at any time. The lawfulness of the data processing carried out up to the time of revocation remains unaffected by the revocation.

Right to object to data collection in special cases as well as to direct marketing (Art. 21 GDPR)

IF THE DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 PARA. 1 LIT. E OR F GDPR

YOU HAVE THE RIGHT AT ANY TIME TO WITHDRAW FROM THE

SITUATION AGAINST THE PROCESSING OF YOUR PERSONAL DATA

TO LODGE AN OBJECTION; THIS SHALL ALSO APPLY TO AN APPLICATION BASED ON THESE PROVISIONS

PROFILING. THE RESPECTIVE LEGAL BASIS ON WHICH THE PROCESSING IS BASED,

PLEASE REFER TO THIS PRIVACY POLICY. IF YOU FILE AN OBJECTION,

IF WE WILL NO LONGER PROCESS YOUR PERSONAL DATA CONCERNED, IT WILL BE

UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING OF

EVIDENCE THAT OUTWEIGHS YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR).

YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING,

YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOU AT ANY TIME

CONCERNING PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING

; THIS ALSO APPLIES TO PROFILING, INSOFAR AS IT IS RELATED TO SUCH DIRECT ADVERTISING IN

CONNECTION. IF YOU OBJECT, YOUR PERSONAL DATA WILL THEN NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a

supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged infringement. The right of appeal exists without prejudice to other administrative or judicial remedies.

It is possible to forward your complaints or reports to the following Data Protection Authority using the appropriate contact details: Garante per la protezione dei dati personali - Piazza di Montecitorio n.121 - 00186 ROMA - Fax: (+39) 06.696773785 - Telephone: (+39) 06.696771 PEO: garante@gpdp.it - PEC: protocollo@pec.gpdp.it .

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.

Within the framework of the applicable legal provisions, you have the right to free use of the

Information about your stored personal data, its origin and recipients and the purpose of the data processing and, if applicable, a right to rectification or deletion of this data. You can contact us at any time for this and other questions on the subject of personal data.

You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this. The right to restriction of processing exists in the following cases:

If you contest the accuracy of your personal data held by us, we will usually need time to verify this. For the duration of the audit, you have the right to request the restriction of the processing of your personal data.

If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.

If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure.

If you have filed an objection in accordance with Art. 21 (1) GDPR, a balancing of your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may only be processed with your consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or of a Member State.

For security reasons and to protect the transmission of confidential content, such as

For example, orders or inquiries that you send to us as the site operator use SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address bar of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

The use of contact details published in the context of the imprint obligation for the sending of unsolicited advertising and information material is hereby contradicted. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example by spam e-mails.

Our websites use so-called "cookies". Cookies are small data packets and do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or until your web browser automatically deletes them.

Cookies can come from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain third-party services within websites (e.g. cookies for processing payment services).

Cookies have different functions. Many cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies may be used to evaluate user behavior or for advertising purposes.

Cookies that are necessary to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping cart function) or to optimise the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 (1) (f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close the browser. If you disable cookies, the functionality of this website may be limited.

You can find out which cookies and services are used on this website in this privacy policy.

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

- Browser type and browser version, operating system used

- Referrer URL

- Hostname of the accessing computer

- Time of the server request IP address

This data is not merged with other data sources.

This data is collected on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – for this purpose, the server log files must be recorded.

If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.

The processing of this data is carried out on the basis of Art. 6 (1) (b) GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), if this has been requested; consent can be revoked at any time.

The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to the storage or the purpose for which the data is stored no longer applies (e.g. after your enquiry has been processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.

Enquiry by e-mail or phone

If you contact us by e-mail or telephone, your enquiry, including all personal data resulting from it (name, enquiry), will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

The processing of this data is carried out on the basis of Art. 6 (1) (b) GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), if this has been requested; consent can be revoked at any time.

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to its storage or the purpose for which it was stored no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

Functions of the Instagram service are integrated into this website. These features are provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram will receive information about your visit to this website.

If you are logged in to your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. The consent can be revoked at any time.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited exclusively to the collection of the data and its disclosure to Facebook or Instagram. The processing by Facebook or Instagram after the transfer is not part of the joint responsibility. Our joint obligations have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for the provision of data protection information when using the Facebook or Instagram tool and for the implementation of the tool on our website in a manner that is secure under data protection law. Facebook is responsible for the data security of the Facebook and Instagram products. You can assert the rights of data subjects (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert your rights as a data subject with us, we are obliged to forward them to Facebook.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here:

https://www.facebook.com/legal/EU_data_transfer_addendum,

https://privacycenter.instagram.com/policy/ and https://de-de.facebook.com/help/566994660333381.

For more information, please see Instagram's privacy policy: https://privacycenter.instagram.com/policy/.

The company is certified according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF is committed to complying with these data protection standards. Further information on this can be obtained from the provider under the following link:

https://www.dataprivacyframework.gov/participant/4452.

Functions of the Instagram service are integrated into this website. These features are offered by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland: About Us/Imprint

When the social media element is active, a direct connection is established between your device and the LinkedIn server. LinkedIn thus receives information about your visit to this website.

If you are logged in to your LinkedIn account, you can link the content of this website to your LinkedIn profile by clicking on the LinkedIn button. This allows Instagram to associate the visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. The consent can be revoked at any time.

For more information, please refer to LinkedIn's privacy policy:

Europe-wide: European Regional Hub

Worldwide: LinkedIn Privacy Policy

The following cloud meeting solutions and cloud services are used to carry out our psychological services:

For our psychological services, we use the cloud meeting solution "Zoom for Business" from Zoom Video Communications, Inc., 55 Almaden Blvd., Suite 600, San Jose, CA 95113, USA. For more information on data protection at Zoom Video Communications, please visit https://www.zoom.com/de/trust/privacy/ . For the English version: https://www.zoom.com/en/trust/privacy/ .

The implementation of our psychological services via Zoom Video Communications is largely possible without providing personal information, i.e. personal data is only collected to the extent that it is voluntarily communicated by users or absolutely necessary for the performance of the contract. The legal basis for the processing is then Art. 6 I 1 a), b), Art. 7 GDPR with the right of revocation already listed under the general information.

As you can see from Zoom Video Communications' privacy policy, various personal data is processed when conducting a Zoom conference. How much data is processed depends on what data is requested during such a conference (e.g. login data), what data is provided by the participant himself (e.g. use of the chat tool or a whiteboard) and whether you are a registered customer or participate as an occasional user in video or audio conference via Zoom. Data is also processed for security purposes or for service optimization. Personal data that could be collected is the following:

Account information, profile and attendee information, contact information, preferences (e.g., audio settings), registration information, device information, content and context from meetings, webinars, messaging and other collaboration features, meeting usage information, webinars, chat, collaboration features, and the website.

The data collected by Zoom Video Communications will be retained for as long as necessary for the use of the service offered, unless applicable law requires a longer retention period. Criteria include the length of time Zoom products are used, whether account holders change information or delete their account, and legal obligations to retain data. For more information on how to retain your information, please see the Zoom Video Communications Privacy Policy.

Processing of data outside the EU: Zoom Video Communications is based in the USA, so when using Zoom, your data will be processed in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)). This is only done if it is done for the fulfilment of our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will only process or have the data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to the EU (in this case, the EU-US data protection agreement or the Data Privacy Framework). In the case of Zoom, there is certification according to that data protection agreement.

To learn more about Zoom Video Communications' efforts to comply with the GDPR, please visit the following link: https://www.zoom.com/de/trust/gdpr/

The online consultation will not be recorded. You can revoke your consent to the use of this cloud meeting solution at any time, even during an ongoing Zoom conference.

Order processing

We have concluded a contract processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law that ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

For our psychological services, we use the cloud solution One Drive for Business from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA. For more information about data protection at Microsoft Corporation, please visit https://www.microsoft.com/de-de/privacy/privacystatement.

Microsoft Corporation's servers are located within the EU: https://www.microsoft.com/de-de/trust-center/privacy/european-data-boundary-eudb?utm_source=chatgpt.com

This cloud service is used to store the personal data necessary for the performance of the psychological service. This is mainly invoice data and data collected during the psychological service, such as questionnaire data or written records of the state of health prepared by the psychologist. Information on the storage of your data and your rights in relation to this data can be found at the top of this privacy policy under "3. General information and mandatory information". Personal data is only collected to the extent that it is voluntarily communicated by users or is absolutely necessary for the performance of the contract. The legal basis for the processing is then Art. 6 I 1 a), b), Art. 7 GDPR with the right of revocation already listed under the general information.

Personal data that could be collected is the following:

- Personal data (e.g. name, date of birth, place of birth, address)

- Contact details (e-mail, telephone number)

- Payment information (e.g. credit/debit card number)

- For Italian customers: tax identification number

- Data on health status: Specific data relating to physical or mental health (or any other data or information referred to in Articles 9 and 10 of the GDPR) will be collected directly in connection with the request to carry out assessments, examinations, diagnostic tests, rehabilitation measures and any other type of professional service related to the performance of the task assigned to the psychologist.

Order processing

We have concluded a contract processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law that ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

For our psychological services, we use an online platform for the generation of electronic invoices from Fiscozen S.p.A., Via XX Settembre 27, 20123 Milan, Italy. For more information on data protection at Fiscozen S.p.A., please visit https://www.fiscozen.it/privacy/

Personal data is only collected to the extent that it is voluntarily communicated by users or is absolutely necessary for the performance of the contract. This only applies to data that is absolutely necessary for the invoicing of the psychological service. The legal basis for the processing is then Art. 6 I 1 a), b), Art. 7 GDPR with the right of revocation already listed under the general information.

The following data is collected:

Identification data: e.g. name, tax code (only in the case of Italian clients);

Contact details: e.g. telephone number, email address, postal address;

Payment data: e.g. information about payments and payment methods used.

Information on the type of service used: psychological service

Personal data is stored on servers within the European Economic Area (EEA). The storage period of this personal data depends on the respective statutory retention periods and the periods required for processing. After these periods have expired, the data will be securely deleted or anonymized.

Your personal data will not be disclosed to third parties unless this is necessary for the provision of the services or required by law. In such cases, Fiscozen will ensure that the relevant third parties adhere to appropriate data protection standards and use your information only to the extent necessary. You can also find more information about recipients of your personal data under "Recipients of personal data" in this privacy statement.

7. Analytics Tools and Advertising

This website uses the analysis services of IONOS WebAnalytics (hereinafter: IONOS). The provider is 1&1 IONOS SE, Elgendorfer Straße 57, D – 56410 Montabaur. As part of the analyses with IONOS, visitor numbers and behavior (e.g., number of page views, duration of a website visit, bounce rates), visitor sources (i.e., from which page the visitor comes), visitor locations, and technical data (browser and operating system versions) can be analyzed, among other things. For this purpose, IONOS stores the following data in particular:

- Referrer (previously visited web page), requested web page or file, browser type and browser version, operating system used, device type used

- Time of access

- IP address in anonymized form (used only to determine the location of access)

According to IONOS, the data collection is completely anonymized so that it cannot be traced back to individual persons. Cookies are not stored by IONOS WebAnalytics.

The storage and analysis of the data is carried out on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the statistical analysis of user behaviour in order to optimise both its website and its advertising. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

For more information on data collection and processing by IONOS WebAnalytics, please refer to IONOS' privacy policy at the following link: https://www.ionos.de/terms-gtc/index.php?id=516

Order processing

We have concluded a contract processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law that ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

In the context of contractual and other legal relationships, on the basis of legal obligations or otherwise on the basis of our legitimate interests, I offer my clients efficient and secure payment options and use other service providers in addition to banks and credit institutions for this purpose. In the initial consultation, I will give you the opportunity to choose whether you want to pay the bill by bank transfer or other service providers.

The data processed by the payment service providers includes inventory data, such as name and address, bank data such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, sum and recipient-related information. The information is necessary to carry out the transactions. However, the data entered is not stored by me, it is only processed and stored by the service providers. I only receive information to confirm the payment.

The terms and conditions and data protection notices of the respective service providers apply to the payment transactions, which can be viewed on their websites. We also refer to them for the purpose of further information and assertion of rights of revocation, information and other data subjects.

Data that is collected: personal details and contact details (e.g. names, addresses, e-mail); Payment data (e.g. bank details, invoices, payment history); Contract data (e.g. subject matter of the contract, term, customer category); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status)

Purposes of processing: Provision of contractual services and customer service.

The legal basis for the processing of your data is Art. 6 I 1 a), b), Art. 7 GDPR with the right of revocation already listed under the general information.

The following are the service providers we work with:

To pay for our psychological services, we use the "Pay Pal" payment method of PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. For more information on data protection at PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, please contact https://www.paypal.com/de/legalhub/paypal/privacy-full.

Personal data is only collected to the extent that it is voluntarily communicated by users or is absolutely necessary for the performance of the contract. The legal basis for the processing of your data is Art. 6 I 1 a), b), Art. 7 GDPR with the right of revocation already listed under the general information.

Data collected by Pay Pal are:

Login and Contact Data, Identification and Signature Data, Payment Information, Data in your account profile (e.g., username, profile photo), Device Data, Inferred Data (e.g., behavioral patterns and personal preferences), Data from the third-party accounts you have linked, Information from credit reference agencies, Transaction Data (e.g., information about orders and purchases), Technical Usage Data, Information from your device, Location Information.

Pay Pal uses the following criteria for the storage of the collected data:

Personal data used for the ongoing relationship between you and PayPal will be stored for the duration of the relationship plus a period of ten years

Personal data relating to a legal obligation will be retained in accordance with applicable law, such as applicable insolvency law and AML obligations.

Personal data will be retained for as long as necessary if retention is advisable in light of litigation, investigations, audit and compliance practices, or to protect against legal claims.

Processing of your data outside the EU:

PayPal (Europe) S.à r.l. et Cie has servers outside the EU, so when using Pay Pal, your data will be processed in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)). This is only done if it is done for the fulfilment of our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will only process or have the data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to the EU (in this case, the EU-US data protection agreement or the Data Privacy Framework).

Pay Pal points out that "users share their personal data with group members worldwide in order to use the services offered by the group. Most user personal data is collected and stored in the United States. PayPal's global business requires that user personal information be shared with other PayPal entities in the U.S. and other countries where PayPal currently has or intends to have a presence." "When transferring your personal data between PayPal companies, we rely on binding corporate rules approved by the relevant supervisory authorities. Other transfers will be based on standard contractual clauses approved by the European Commission to ensure that your data is protected by a high standard of protection and that your data protection rights are respected."

Corresponding information can be found under the following links: https://www.paypal.com/at/legalhub/paypal/bcr?locale.x=de_AT

https://www.paypal.com/de/legalhub/paypal/privacy-full