I. Concerning my psychotherapy practice
This declaration describes how I process your personal data. The declaration is aimed at my existing, former and potential future patients.
1. Purposes of data processing
I will process your personal data on the basis of legal requirements for the following purposes: (i) to fulfill the treatment contract, (ii) for psychotherapeutic training and supervision, (iii) for accounting, (iv) for payment processing, and (v) to fulfill legal obligations due to legal regulations or official orders to which I am subject as the person responsible, if these do not contradict my absolute statutory obligation of confidentiality. I collect the following personal data from you at the start of treatment: first name, family name, title, social insurance number, date of birth, gender, address, email address, telephone number. The provision of your data is fundamentally voluntary. However, if you do not provide your personal data, I will not be able to do my job, or treat you adequately. For the purpose of fulfilling the treatment contract, I also use the Latido patient database (https://latido.at/datenschutzerklaerung) and the email provider ProtonMail (https://protonmail.com/de/gdpr) each of which I have concluded a processor agreement. ProtonMail is a Swiss company and processes the data in Switzerland, which, according to the decision of the European Commission, is a safe third country. Among other things, you have the option of paying your bill by ATM or credit card. For these cases I use a SumUp terminal. They are themselves responsible for data processing under data protection law and are PCI-DSS certified. You can find your data protection declaration here (https://sumup.at/datenschutzbestimmungen).
2. Legal basis for processing
I process your personal data on the basis of Article 9 Paragraph 2 lit. h GDPR (health and social area) and because this is necessary in order to fulfill the treatment or training contract concluded with you (Art. 6 Paragraph 1 lit. b GDPR). In addition, I process your personal data on the legal basis of the protection of vital interests (Art. 6 Para. 1 lit.d GDPR).
3. Transmission of your personal data
I will only transfer your personal data to the following recipients if this is required by law, if it is necessary for accounting purposes or in emergencies: (i) administrative authorities, courts and corporations under public law, (ii) tax advisors and legal representatives working for me, (iii) legal representatives, (iv) other recipients designated by patients (e.g. authorities, courts, insurance companies), (v) my supervisors. These recipients are based in Austria or in the EEA.
4. Storage period
I generally save your personal data until the contract and my obligations under the Psychotherapy Act have been fulfilled, which is ten years after the end of the psychotherapeutic services. In addition, I store your personal data until the end of any legal disputes in which this data is required as evidence. If you have sent me an e-mail as an interested party and there is no treatment contract, I will delete this e-mail after three months.
5. Your rights in relation to personal data
According to the Psychotherapy Act, the person being treated or their legal representative is to be given all information about the documentation as well as inspection of the documentation on request, with special attention to the therapeutic relationship, or to enable the production of copies for reimbursement of costs, provided this does not endanger the relationship of trust with the person being treated. As part of this, you are entitled, among other things, (i) to request information to check whether and which personal data I process about you, (ii) to request the correction, addition, or deletion of your personal data, insofar as these are incorrect or not legally compliant are processed, (iii) to require me to restrict the processing of your personal data insofar as this does not conflict with higher legal interests, (iv) under certain circumstances to object to the processing of your personal data, (v) to know the identity of third parties to whom your personal data will be transmitted, and (vi) to lodge a complaint with the data protection authority. Data that is processed on the basis of a legal obligation (e.g. contracts with members of the health professions) are not subject to the right to data portability.
II. Concerning my website
This declaration is aimed at the visitors and users of my website.
The protection of your personal data is very important to me. I therefore process your data exclusively on the basis of the statutory provisions (GDPR, TKG 2003). In this data protection information I inform you about the most important aspects of data processing within the framework of my website.
When you visit my website, your IP address and the beginning and end of the session are recorded for the duration of this session. This is due to technical reasons and thus represents a legitimate interest within the meaning of Art 6 Paragraph 1 lit f GDPR. Unless otherwise regulated in the following, I will not process this data further.
You have the right to information, correction, deletion, restriction, data portability, revocation and objection with regard to your stored data. If you believe that the processing of your data violates data protection law or that your data protection claims have been violated in any other way, you can complain to me at email@example.com or to the data protection authority.
III. My contact details
If you have any questions about this declaration or would like to make requests, please contact: