Privacy Policy

1. Introduction and Contact Details of the Data Controller

1.1 We are very pleased that you are visiting our website and are interested in our work. Below, we would like to inform you about which personal data is processed when you use our website. Personal data includes all information that can be used to identify you as an individual, either directly or indirectly.

1.2 The party responsible for processing your personal data on this website within the meaning of the General Data Protection Regulation (GDPR) is:
Julia Grotepaß
Brummerforth 50
26160 Bad Zwischenahn, Germany
Phone: +49 176 76663017
Email: info@psychotherapie-grotepass.com

The term “Controller” refers to the person who decides, either alone or jointly with others, on the purposes and means of processing personal data.

1.3 The Controller has also appointed a Data Protection Officer, who can be contacted as follows:
Julia Grotepaß

2. Collection of Data When Visiting Our Website

2.1 If you use our website purely for informational purposes, i.e., without registering or actively transmitting information to us, certain data will automatically be transmitted by your browser to our server. These so-called “server log files” include, among other things:

  • The page accessed on our website

  • Date and time of access

  • Amount of data transferred

  • The website from which you were referred (referrer URL)

  • The type and version of your browser

  • The operating system used

  • Your IP address (possibly shortened/anonymized)

The processing of this data is carried out on the basis of Art. 6(1)(f) GDPR. Our legitimate interest lies in ensuring the technical stability as well as the secure and error-free presentation of our website. The data will not be shared or used for other purposes. However, we reserve the right to subsequently review the log data if there are concrete indications of unlawful use.

2.2 To protect your data, we use modern encryption technology (SSL or TLS) when you visit our website. You can recognize an encrypted connection by the “https://” prefix in your browser’s address bar and the padlock symbol.

3. Hosting and Content Delivery Network

Our website is operated using the services of Squarespace Ireland Ltd., Squarespace House, Ship Street Great, Dublin 8, D08 N12C, Ireland. All data collected when visiting our website is stored and processed on the provider’s servers.

We have concluded a Data Processing Agreement with Squarespace to ensure that personal data is processed exclusively according to our instructions and protected against unauthorized disclosure to third parties.

In the course of providing its services, data may also be transferred to the parent company Squarespace Inc. in the USA. Squarespace participates in the EU–US Data Privacy Framework. Based on this adequacy decision by the European Commission, it is ensured that an adequate level of data protection equivalent to EU standards is maintained for transfers to the USA.

4. Cookies

To make your visit to our website more user-friendly and to enable certain functions, we use “cookies.” These are small text files that are stored on your device.

Some of these cookies are automatically deleted at the end of your session (“session cookies”). Other cookies remain on your device for a certain period and allow us to store your settings or preferences for future visits (“persistent cookies”). The storage duration can be viewed in your browser settings.

Where cookies involve the processing of personal data, this is done on the following legal bases:

  • Art. 6(1)(b) GDPR: if necessary for fulfilling a contract or pre-contractual measures

  • Art. 6(1)(a) GDPR: if you have given us your consent

  • Art. 6(1)(f) GDPR: to protect our legitimate interest in providing a functional and user-friendly website

You can configure your browser to inform you about the setting of cookies, to allow them only in individual cases, or to generally refuse them. Please note that disabling cookies may limit the functionality of our website.

5. Contact

5.1 Online Appointment Booking via Doctolib
For online appointment scheduling, we use the service of Doctolib GmbH, Mehringdamm 51, 10961 Berlin. Depending on your input, your first and last name, email address, and possibly your phone number will be collected. Processing is based on Art. 6(1)(b) GDPR (necessary for appointment scheduling) and Art. 6(1)(f) GDPR (legitimate interest in efficient appointment management). Your data will be transmitted to Doctolib for appointment administration and stored there.

5.2 Contact via Form or Email
If you contact us via contact form or email, we process the personal data you provide in this context. The specific data collected depends on the respective form or your message. Processing serves solely to handle your request and the related technical administration. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries). If your request aims at concluding a contract, Art. 6(1)(b) GDPR also applies. Your data will be deleted once your request has been fully resolved and no statutory retention requirements prevent deletion.

6. Website Functionalities

6.1 Google Maps
Our website uses the map service Google Maps (API) provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. This service enables interactive display of maps and easier route planning.

When accessing subpages with embedded Google Maps, certain data (e.g., IP address) is automatically transferred to Google servers and stored, including possible transfer to Google LLC servers in the USA. If logged into a Google account, this data may be directly linked to your account. To avoid this, log out before using Google Maps.

Google also stores this data in user profiles for purposes such as personalized advertising, market research, and improving its services. Processing is based on Art. 6(1)(f) GDPR (Google’s legitimate interest). You can object directly to Google.

If you do not wish data to be transmitted to Google, you can disable Google Maps by turning off JavaScript in your browser, but this will make the map unusable on our site.

Where required, the use of Google Maps is based on your consent under Art. 6(1)(a) GDPR, which you may revoke at any time.

Google participates in the EU–US Data Privacy Framework, ensuring an adequate level of protection for data transfers to the USA.

For more information, see Google’s privacy policy: https://business.safety.google/intl/de/privacy/

6.2 Google reCAPTCHA
We use the CAPTCHA service from Google Ireland Limited. Data may also be transferred to Google LLC in the USA.

reCAPTCHA helps determine whether inputs on our website are made by a human or an automated program (bot), protecting against spam and abuse. Google collects data such as:

  • IP address

  • Browser and OS identifiers

  • Date and duration of visit

This information is evaluated by Google. Cookies may also be stored, and “Google Fonts” may be loaded to display the captcha window.

Legal bases:

  • Art. 6(1)(a) GDPR (with your consent via the cookie consent tool)

  • Art. 6(1)(f) GDPR (legitimate interest in preventing misuse and spam)

You may withdraw consent at any time. A processing agreement with Google ensures that data is handled only according to our instructions. Google also participates in the EU–US Data Privacy Framework.

For more information, see Google’s privacy policy: https://business.safety.google/intl/de/privacy/

7. Cookie Consent Tool

We use a cookie consent tool on our website to obtain legally required consents for cookies and comparable technologies.

When you visit our site, this tool appears as an interface allowing you to select categories of cookies/services by ticking boxes. Non-essential cookies are only activated after you give explicit consent.

The tool itself sets technically necessary cookies to store your choices. Generally, no personal data is processed. If, in exceptional cases, IP addresses or similar data are processed, this is based on Art. 6(1)(f) GDPR (legitimate interest in legally compliant and user-friendly consent management).

Additionally, Art. 6(1)(c) GDPR applies since we are legally obliged to obtain your consent for non-essential cookies.

Where necessary, we have concluded data processing agreements with the provider of the tool.

8. Rights of Data Subjects

According to data protection law, you have the following rights regarding the processing of your personal data:

  • Right of access (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure (Art. 17 GDPR, “right to be forgotten”)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to notification (Art. 19 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to withdraw consent (Art. 7(3) GDPR)

  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

8.2 Right to Object
If we process your personal data on the basis of Art. 6(1)(f) GDPR (legitimate interest), you may object at any time for reasons relating to your particular situation. We will then stop processing your data unless we demonstrate compelling legitimate grounds overriding your interests or the processing serves legal claims.

If your data is processed for direct marketing, you can object at any time, and your data will no longer be used for advertising.

9. Storage Duration of Personal Data

The storage duration depends on the legal basis, purpose of processing, and statutory retention obligations (e.g., commercial or tax laws).

  • Consent (Art. 6(1)(a) GDPR): data is stored until you withdraw consent.

  • Contractual/pre-contractual processing (Art. 6(1)(b) GDPR): data is deleted after legal retention periods unless still needed or legitimate interest applies.

  • Legitimate interest (Art. 6(1)(f) GDPR): data is stored until objection under Art. 21(1) GDPR unless overriding reasons exist.

  • Direct marketing (Art. 6(1)(f) GDPR): data is stored until objection under Art. 21(2) GDPR.

Unless otherwise specified, personal data will be deleted once it is no longer required for the purposes for which it was collected or processed.