Datenschutzerklärung

1. Verantwortlicher / Data Controller

Robert Rozek, MSc, MA
Praxis für Psychotherapie nach Heilpraktikergesetz
Augsburgerstraße 6
80337 München, Deutschland
E-Mail: rozek.therapy@pm.me

2. Overview

This privacy policy explains how personal data is collected and processed when you visit this website. No tracking occurs without your explicit consent via the cookie banner.

3. Hosting

This website is hosted on Vercel Inc. (340 S Lemon Ave #4133, Walnut, CA 91789, USA). Vercel may process your IP address and technical metadata to deliver the site. Vercel's privacy policy applies to hosting-related data processing.

4. Cookies and Analytics

If you consent via the cookie banner, the following services are activated:

4a. Google Analytics 4 (GA4)

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. GA4 collects anonymized usage data including pages visited, session duration, approximate geographic location (from anonymized IP), device type, and traffic source. Data is processed on the basis of your consent (Art. 6(1)(a) DSGVO). You can revoke consent at any time by clearing your cookies.

4b. Microsoft Clarity

Provider: Microsoft Corporation. Clarity collects anonymized interaction data including click heatmaps, scroll depth, and session recordings. No personally identifiable information is captured. Processing is based on your consent (Art. 6(1)(a) DSGVO).

4c. Google Ads

If Google Ads conversion tracking is active (only with your consent), Google may set cookies to measure the effectiveness of ad campaigns. No personal health data is shared with Google.

4d. Fonts

This site uses self-hosted web fonts. Font files are served directly from our own server — no connection to external font services (such as Google Fonts) is made. No personal data is transmitted to third parties in connection with font loading.

5. Booking & Scheduling (Cal.com)

This site embeds Cal.com (Cal.com Inc.) for appointment scheduling. When you use the booking widget, Cal.com processes your name, email address, and selected time slot to confirm the appointment. Processing is based on your consent and pre-contractual measures (Art. 6(1)(a) and (b) DSGVO). Cal.com's privacy policy applies to data entered into the booking form.

6. Payment Processing (Stripe & PayPal)

Prepayment for sessions is handled by one of the following payment providers, depending on your choice at checkout:

Stripe: Stripe Inc. (510 Townsend Street, San Francisco, CA 94103, USA). Stripe processes your payment details (card number, billing address). Stripe is certified under the EU-US Data Privacy Framework.

PayPal: PayPal (Europe) S.à r.l. et Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg). PayPal processes your payment details according to its own privacy policy and user agreement.

No payment data from either provider is stored on this website. Processing is based on contract performance (Art. 6(1)(b) DSGVO).

7. Video Sessions (Cal Video)

Video sessions are conducted via Cal Video, a feature of Cal.com Inc. (San Francisco, CA, USA). Connections are encrypted. Sessions are not recorded. Cal.com's privacy policy applies to data processed during the video connection. Processing is based on contract performance (Art. 6(1)(b) DSGVO).

8. Electronic Signature (OpenAPI S.p.A.)

If e-signature functionality is enabled, intake documents may be sent for digital signature via OpenAPI S.p.A. (Rome, Italy). OpenAPI processes your name, email address, and phone number (for OTP verification) to facilitate the signing process. Signed documents are stored for 3 months; the audit trail is retained for 10 years. Data is hosted on Google Cloud infrastructure within the European Union. Processing is based on contract performance (Art. 6(1)(b) DSGVO). OpenAPI is certified under ISO/IEC 27001, ISO 9001, and ISO/IEC 25012. A Data Processing Agreement (Art. 28 DSGVO) is in place.

9. External Links

This site links to third-party platforms (Google Scholar). When you follow these links, the respective platform's privacy policy applies. No personal data is transmitted by this site when you click an external link.

9a. Data Transfers to Third Countries

Some service providers are based in the United States: Vercel Inc. (hosting), Stripe Inc. (payments), Google LLC (analytics, fonts), and Microsoft Corporation (Clarity). These providers participate in the EU-US Data Privacy Framework and/or use Standard Contractual Clauses (SCCs) approved by the European Commission as the legal basis for transatlantic data transfers (Art. 46(2)(c) DSGVO). Data Processing Agreements (Art. 28 DSGVO) are in place with all processors.

10. Contact

If you contact me via email, your data (name, email address, message content) will be processed solely to respond to your inquiry. Legal basis: Art. 6(1)(b) DSGVO (pre-contractual measures) or Art. 6(1)(f) DSGVO (legitimate interest in responding to inquiries).

11. Your Rights

Under the GDPR/DSGVO, you have the right to:

Access your personal data (Art. 15 DSGVO)
Rectification of inaccurate data (Art. 16 DSGVO)
Erasure of your data (Art. 17 DSGVO)
Restriction of processing (Art. 18 DSGVO)
Data portability (Art. 20 DSGVO)
Object to processing (Art. 21 DSGVO)
Lodge a complaint with a supervisory authority: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach — www.lda.bayern.de

12. Data Retention

Analytics data is retained according to the default retention periods of each service (GA4: 14 months, Clarity: 30 days for session recordings). No personal health or session data from therapeutic consultations is stored on this website.

13. SSL/TLS Encryption

This site uses SSL/TLS encryption (HTTPS) for all data transmitted between your browser and the server.

14. Changes

This privacy policy may be updated periodically. The current version is always available at this URL.