Datenschutzerklärung

1. Verantwortlicher / Data Controller

Robert Rozek, MSc, MA
Praxis für Psychotherapie nach Heilpraktikergesetz
Augsburgerstraße 6
80337 München, Deutschland
E-Mail: rozek.therapy@pm.me

2. Overview

This privacy policy explains how personal data is collected and processed when you visit this website. No tracking occurs without your explicit consent via the cookie banner.

3. Hosting

This website is hosted on Vercel Inc. (340 S Lemon Ave #4133, Walnut, CA 91789, USA). Vercel may process your IP address and technical metadata to deliver the site. Vercel's privacy policy applies to hosting-related data processing.

4. Cookies and Analytics

If you consent via the cookie banner, the following services are activated:

4a. Google Analytics 4 (GA4)

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. GA4 collects anonymized usage data including pages visited, session duration, approximate geographic location (from anonymized IP), device type, and traffic source. Data is processed on the basis of your consent (Art. 6(1)(a) DSGVO). You can revoke consent at any time by clearing your cookies.

4b. Microsoft Clarity

Provider: Microsoft Corporation. Clarity collects anonymized interaction data including click heatmaps, scroll depth, and session recordings. No personally identifiable information is captured. Processing is based on your consent (Art. 6(1)(a) DSGVO).

4c. Google Ads

If Google Ads conversion tracking is active (only with your consent), Google may set cookies to measure the effectiveness of ad campaigns. No personal health data is shared with Google.

4d. Google Fonts

This site loads fonts from Google Fonts (Google Ireland Limited). When you visit a page, your browser downloads font files from Google's servers, transmitting your IP address. Processing is based on legitimate interest (Art. 6(1)(f) DSGVO) in a consistent visual presentation. Google's privacy policy: policies.google.com/privacy.

5. Booking & Scheduling (Cal.com)

This site embeds Cal.com (Cal.com Inc.) for appointment scheduling. When you use the booking widget, Cal.com processes your name, email address, and selected time slot to confirm the appointment. Processing is based on your consent and pre-contractual measures (Art. 6(1)(a) and (b) DSGVO). Cal.com's privacy policy applies to data entered into the booking form.

6. Payment Processing (Stripe)

Prepayment for sessions is handled by Stripe Inc. (510 Townsend Street, San Francisco, CA 94103, USA). When you pay, Stripe processes your payment details (card number, billing address). No payment data is stored on this website. Processing is based on contract performance (Art. 6(1)(b) DSGVO). Stripe is certified under the EU-US Data Privacy Framework.

7. Video Sessions (RED Medical)

Video sessions are conducted via RED connect plus by RED Medical Systems GmbH, a KBV-certified, DSGVO-compliant video platform. Connections are peer-to-peer with end-to-end encryption — no third party can access or store the video stream. Sessions are not recorded. RED Medical's privacy policy applies to data processed during the video connection.

8. Electronic Signature (OpenAPI S.p.A.)

If e-signature functionality is enabled, intake documents may be sent for digital signature via OpenAPI S.p.A. (Rome, Italy). OpenAPI processes your name, email address, and phone number (for OTP verification) to facilitate the signing process. Signed documents are stored for 3 months; the audit trail is retained for 10 years. Data is hosted on Google Cloud infrastructure within the European Union. Processing is based on contract performance (Art. 6(1)(b) DSGVO). OpenAPI is certified under ISO/IEC 27001, ISO 9001, and ISO/IEC 25012. A Data Processing Agreement (Art. 28 DSGVO) is in place.

9. External Links

This site links to third-party platforms (Google Scholar). When you follow these links, the respective platform's privacy policy applies. No personal data is transmitted by this site when you click an external link.

9a. Data Transfers to Third Countries

Some service providers are based in the United States: Vercel Inc. (hosting), Stripe Inc. (payments), Google LLC (analytics, fonts), and Microsoft Corporation (Clarity). These providers participate in the EU-US Data Privacy Framework and/or use Standard Contractual Clauses (SCCs) approved by the European Commission as the legal basis for transatlantic data transfers (Art. 46(2)(c) DSGVO). Data Processing Agreements (Art. 28 DSGVO) are in place with all processors.

10. Contact

If you contact me via email, your data (name, email address, message content) will be processed solely to respond to your inquiry. Legal basis: Art. 6(1)(b) DSGVO (pre-contractual measures) or Art. 6(1)(f) DSGVO (legitimate interest in responding to inquiries).

11. Your Rights

Under the GDPR/DSGVO, you have the right to:

Access your personal data (Art. 15 DSGVO)
Rectification of inaccurate data (Art. 16 DSGVO)
Erasure of your data (Art. 17 DSGVO)
Restriction of processing (Art. 18 DSGVO)
Data portability (Art. 20 DSGVO)
Object to processing (Art. 21 DSGVO)
Lodge a complaint with a supervisory authority: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach — www.lda.bayern.de

12. Data Retention

Analytics data is retained according to the default retention periods of each service (GA4: 14 months, Clarity: 30 days for session recordings). No personal health or session data from therapeutic consultations is stored on this website.

13. SSL/TLS Encryption

This site uses SSL/TLS encryption (HTTPS) for all data transmitted between your browser and the server.

14. Changes

This privacy policy may be updated periodically. The current version is always available at this URL.