Privacy Policy

General Information

This data protection declaration explains what personal data (hereinafter referred to as “data”) is collected on this website and the associated web pages, functions and content (hereinafter referred to as “online offer”) and what it is used for. It also explains how and for what purpose this is done. With regard to the terms used, such as “processing” or “responsible person”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (DSGVO).

1. Responsible Person

The responsible person for data processing on this website is:

Ina Echterhof, Psychologist (Master of Science)
Kreuzstr. 13b
52080 Aachen

E-mail address: info@beratung-echterhof.de
Imprint: https://www.beratung-echterhof.de/en/imprint

2. Data Protection

Data collection on this website

Data processing on this website is carried out by the website operator Ina Echterhof. You will find the contact details under “Responsible person” as well as in the imprint. Your personal data will be processed confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

When you access this website, some technical data is automatically collected (e.g. internet browser and operating system) in order to ensure the error-free provision of the website. Some of this data may be used to analyse user behaviour. You actively share further data when you use the contact form.

You have the right at any time to receive information free of charge about the origin, recipient and purpose of your personal data. You also have the right to demand the correction and deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority. If you have any questions about data protection, you can contact the website operator at any time.

Analysis tools and third-party tools

When visiting this website, your surfing behaviour may be statistically analysed. This is mainly done with so-called analysis programmes. Detailed information on the analysis programmes used can be found further down in this data protection declaration.

Types of data processed

The following data is processed for the operation and provision of our online services:

Inventory data (e.g. names, addresses)
Contact data (e.g. e-mail, telephone numbers)
Content data (e.g. text entries in the contact form)
Usage data (e.g. web pages visited within the online offer, processing of contents, access times)
Meta/communication data (e.g. device information, IP addresses)

For business-related processes, the following additional data is collected from clients, customers and business partners for the purpose of providing contractual services and customer care:

Contract data (e.g. subject matter of contract, addresses, term)
Payment data (e.g. payment history, date of service provision)

Categories of data subjects

Data subjects are the visitors and users of this online service (hereinafter “users”).

Purpose of processing

Data is used for the provision of the online offer, its functions and content:

Responding to contact enquiries, making appointments and communicating with users
Security measures
Reach measurement/marketing

Storage period

Unless a more specific storage period is specified within this data protection declaration, your data will remain with the data controller until the purpose for processing the data no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless there are other legally permissible reasons for storing your personal data (e.g. retention periods under tax law); in the latter case, the data will be deleted once these reasons no longer apply.

3. Hosting

This website is hosted externally. The personal data collected on this website is stored on the hoster’s servers. This may be inventory data, contact data, content data, usage data, contract data and meta/communication data of users of this online service generated via a website.

External hosting is carried out for the purpose of contract fulfilment vis-à-vis potential and existing customers (Art. 6 par. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of this online offer by a professional provider (Art. 6 par. 1 lit. f DSGVO) who provides the following services: Infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatch, security services and technical maintenance services used for the purpose of operating this online offer.

Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 par. 1 lit. a DSGVO and § 25 par. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device as defined by the TTDSG. The consent can be revoked at any time. The hoster will only process your data insofar as this is necessary for the fulfilment of its service obligations and will follow the instructions of the website operator with regard to this data.

The website operator hosts the contents of this website with the following provider:

netcup GmbH
Daimlerstrasse 25
D-76185 Karlsruhe

The website operator has concluded an order processing agreement (AVV) with the hoster for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the latter only processes the personal data of the website visitors in accordance with the instructions of the website operator and in compliance with the DSGVO. (Conclusion of order processing contract, Art. 28 DSGVO).

4. Legal Basis

General information on the legal basis for data processing on this website

In accordance with Art. 13 DSGVO, we inform you about the legal basis of our data processing. If the legal basis is not stated in the data protection declaration, the following applies:

The legal basis for obtaining consent is Art. 6 par. 1 lit. a and and Art. 7 DSGVO, the legal basis for processing in order to fulfil our services and carry out contractual measures and respond to enquiries is Art. 6 par. 1 lit. b DSGVO, the legal basis for processing in order to fulfil our legal obligations is Art. 6 par. 1 lit. c DSGVO, and the legal basis for processing in order to protect our legitimate interests is Art. 6 par. 1 lit. f DSGVO. In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 par.1 lit. d DSGVO serves as the legal basis. If you have consented to data processing, your personal data will be processed on the basis of Art. 6 par. 1 lit. a DSGVO or Art. 9 par. 2 lit. a DSGVO if special categories of data pursuant to Art. 9 par. 1 DSGVO exist. Information on the relevant legal basis in each individual case is provided in the following paragraphs of this data protection declaration. If you have consented to the storage of cookies or to the access to information in your terminal device, the data processing is additionally carried out on the basis of Section 25 par. 1 TTDSG. This consent can be revoked at any time.

Terminology used

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers virtually any handling of data.

“Pseudonymisation” means the processing of personal data in such a way that personal data can no longer be related to a specific data subject without additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.

“Profiling” means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.

“Responsible person” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Security measures

We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with Art. 32 DSGVO, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons.

The measures shall include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input of, disclosure of, ensuring availability of and segregation of the data. Special categories of data according to Art. 9 par.1 DSGVO are pseudonymised or encrypted in accordance with Art. 32 par.1 lit. a DSGVO. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, deletion of data and reaction to data compromise. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 DSGVO).

Cookies

Cookies” are small files that are stored on users’ computers. Cookies have various functions. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his or her visit to an online service. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online service and closes his or her browser. In such a cookie, for example, the contents of a shopping basket in an online shop or a login status can be stored. Cookies that remain stored even after the browser is closed are referred to as “permanent” or “persistent”. For example, the login status can be stored if users visit them after several days. Likewise, the interests of users can be stored in such a cookie, which is used for range measurement or marketing purposes. Third-party cookies” are cookies that are offered by providers other than the responsible party that operates the online offer (otherwise, if they are only the latter’s cookies, they are referred to as “first-party cookies”).

Many cookies are technically necessary, as certain website functions would not work without them (e.g. they are needed for the responsive design of a website, i.e. the readable display on large monitors compared to small screens of mobile devices). Other cookies are used to analyse user behaviour or to display advertising.

We may use temporary and permanent cookies and explain this in our privacy policy (see section “Data collection on this website”). If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

A general objection to the use of cookies for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that you may then not be able to use all the functions of this online service.

Cooperation with processors and third parties

Insofar as we disclose data to other persons and companies (order processors or third parties) in the course of our processing, transmit it to them or otherwise grant them access to the data, this is only done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6 par. 1 lit. b DSGVO), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties to process data on the basis of a so-called “order processing agreement”, this is done on the basis of Art. 28 DSGVO.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this is only done if it is done in order to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or allow the processing of data in a third country if the special requirements of Art. 44 ff. DSGVO are met. This means, for example, that the processing is carried out on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).

Rights of data subjects

You have the right to request confirmation as to whether data in question is being processed and to information about this data as well as further information and a copy of the data in accordance with Art. 15 DSGVO.
You have the right, in accordance with Art. 16 of the DSGVO, to request that the data concerning you be completed or that inaccurate data concerning you be corrected.
In accordance with Art. 17 of the DSGVO, you have the right to demand that the data in question be deleted without delay or, alternatively, to demand restriction of the processing of the data in accordance with Art. 18 of the DSGVO.
You have the right to request that the data concerning you that you have provided to us be received in accordance with Art. 20 of the DSGVO and to request that it be transferred to other data controllers.
You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 DSGVO.

Right of withdrawal

Many data processing operations are only possible with your expressed consent. You can revoke an already given consent in accordance with Art. 7 par. 3 DSGVO at any time with effect for the future. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right of objection

You may object to the future processing of data relating to you in accordance with Art. 21 DSGVO at any time. The objection can be made in particular against the processing for purposes of direct advertising.

If the data processing is based on Art. 6 par. 1 lit. e or Art. 6 par. 1 lit. f DSGVO, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, your personal data concerned will no longer be processed unless compelling legitimate grounds for the processing can be demonstrated which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection under Article 21 par. 1 DSGVO).

Right of appeal to the competent supervisory authority

In the event of violations of the DSGVO, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged violation. The right of appeal is without prejudice to any other administrative or judicial remedy.

Right to data portability

You have the right to have data that has been processed automatically on the basis of your consent or in performance of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done insofar as it is technically feasible.

Information, deletion and correction

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, a right to correction or deletion of this data. You can contact the website operator at any time for this purpose and for further questions on the subject of personal data.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. To do this, you can contact the website operator at any time. The right to restriction of processing exists in the following cases:

If you dispute the accuracy of your personal data stored by the website operator, time is usually needed to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of erasure.
If the website operator no longer requires your personal data, but you need it to exercise, defend or assert legal claims, you have the right to demand the restriction of the processing of your personal data instead of the deletion.
If you have lodged an objection pursuant to Art. 21 par. 1 DSGVO, a balancing of your interests and those of the website operator must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

Deletion of data

The data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 DSGVO. Unless expressly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.

According to legal requirements in Germany, data is stored in particular for 10 years in accordance with §§ 147 par. 1 AO, 257 par. 1 nos. 1 and 4, par. 4 HGB (books, records, management reports, accounting vouchers, commercial books, documents relevant for taxation, etc.) and 6 years in accordance with § 257 par. 1 nos. 2 and 3, par. 4 HGB (commercial letters).

5. Data Collection

L- or TLS-encryption

For security reasons and to protect the transmission of confidential content, such as when using the contact form, this website uses L- or TLS-encryption. You can recognise an encrypted connection by the https:// and the lock symbol in the address bar of the browser. If L- or TLS-encryption is activated, the data you transmit to the website operator cannot be read by third parties.

Cookies

This website uses so-called technically necessary cookies to ensure the functioning of the website functions (for example, for the responsive design, i.e. the appropriate display on different screen sizes). If cookies are used by third-party companies or for analysis purposes, you will be informed separately here within the framework of this data protection declaration and your consent may be requested.

Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping basket function) or to optimise the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 par. 1 lit. f DSGVO, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 par. 1 lit. a DSGVO and § 25 par. 1 TTDSG); the consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited (e.g. the readable display on different end devices).

Contact

When contact is made (e.g. by contact form, e-mail, telephone), the user’s details are used to process the contact enquiry and handle it in accordance with Art. 6 par. 1 lit. b. (in the context of contractual/pre-contractual relations), Art. 6 par. 1 lit. f. (other enquiries) DSGVO.

We delete the requests if they are no longer necessary. We review the necessity every two years; furthermore, the statutory archiving obligations apply.

The website operator points out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

Please do not write any personal data going beyond a mere appointment in the contact form and in e-mails. To send confidential content, please use only encrypted e-mails after prior communication.

Contact form of the website

If you send the website operator an enquiry via the contact form, your details from the contact form, including the contact data you have provided there, will be stored by the website operator for the purpose of processing the enquiry and in the event of follow-up questions. This data will not be passed on without your consent.

The processing of this data is based on Art. 6 par. 1 lit. b DSGVO if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on the legitimate interest in the effective processing of enquiries directed to the website operator (Art. 6 par. 1 lit. f DSGVO) or on your consent (Art. 6 par. 1 lit. a DSGVO) if this has been requested; the consent can be revoked at any time.

The data you enter in the contact form will remain with the website operator until you request it to be deleted, revoke your consent to storage or the purpose for storing the data no longer applies (e.g. after processing your enquiry has been completed). Mandatory legal provisions – in particular retention periods – remain unaffected.

Enquiry by e-mail or telephone

If you contact the website operator by e-mail or telephone, your enquiry including all resulting personal data (name, e-mail address, enquiry) will be stored and processed by the website operator for the purpose of processing your request. This data will not be passed on without your consent.

The processing of this data is based on Art. 6 par. 1 lit. b DSGVO if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on the legitimate interest of the website operator in the effective processing of the enquiries addressed to him (Art. 6 par. 1 lit. f DSGVO) or on your consent (Art. 6 par. 1 lit. a DSGVO) if this has been requested; the consent can be revoked at any time.

The data you send to the website operator by e-mail or telephone remains with the website operator until you request it to be deleted, revoke your consent to storage or the purpose for storing the data no longer applies (e.g. after processing your request has been completed). Mandatory legal provisions – in particular legal retention periods – remain unaffected.

Psychological Counseling and Coaching

We process the data of our clients, interested customers and contractual partners (uniformly referred to as “clients”) in accordance with Art. 6 par. 1 lit. b) DSGVO in order to provide them with our contractual or pre-contractual services. The data processed in this context, the type, scope and purpose and the necessity of their processing, are determined by the underlying contractual relationship. The processed data basically includes inventory and master data of clients (e.g. name, address, etc.), as well as contact data (e.g. e-mail address, telephone, etc.), contract data (e.g. services used, fees, names of contact persons, etc.) and payment data (e.g. bank details, payment history, etc.).

Within the scope of our services, we may also process special categories of data pursuant to Art. 9 par. 1 DSGVO, in particular information on the health of clients, possibly with reference to their sexual life or sexual orientation, ethnic origin or religious or ideological beliefs. For this purpose, we obtain, if necessary, pursuant to Art. 6 par. 1 lit. a., Art. 7, Art. 9 par. 2 lit. a. DSGVO, and otherwise process the special categories of data for health care purposes on the basis of Art. 9 par. 2 lit. h. DSGVO, § 22 par. 1 no. 1 b. BDSG.

If necessary for the fulfilment of the contract or required by law, we disclose or transmit client data in the context of communication with other professionals, third parties necessarily or typically involved in the fulfilment of the contract, such as billing offices or comparable service providers, if this serves the provision of our services according to Art. 6 par. 1 lit b. DSGVO, is required by law pursuant to Art. 6 par. 1 lit c. DSGVO, serves our interests or those of our clients in efficient and cost-effective healthcare as a legitimate interest pursuant to Art. 6 par. 1 lit f. DSGVO or is necessary pursuant to Art. 6 par. 1 lit. d. DSGVO in order to protect vital interests of the clients or another natural person or within the scope of consent pursuant to Art. 6 par. 1 lit. a., Art. 7 DSGVO.

Deletion of data takes place when the data is no longer required for the fulfilment of contractual or legal duties of care as well as dealing with any warranty and comparable obligations, whereby the necessity of keeping the data is reviewed every three years; otherwise, the statutory retention obligations apply.

Psychological Counseling and Coaching via Threema

Within the framework of psychological counseling, it can be agreed to conduct the counseling via the DSGVO-compliant messenger Threema with a personal identification code (Threema ID), which enables the corresponding encryption of the personal data transmitted. Threema Messenger is hosted by a Swiss company whose servers are operated in Switzerland:

Threema GmbH
Churerstrasse 82
8808 Pfäffikon SZ
Switzerland

Before the first counseling session via Threema, clients are informed which situational conditions must be created for online counseling in order to take into account the data protection of special categories of data pursuant to Art. 9 par. 1 DSGVO (e.g. no counseling in public spaces such as on buses and trains, creation of privacy, technical measures to be taken). Furthermore, the same provisions apply as for counseling in presence.

Administration, financial accounting, office organisation, contact management

We process data within the scope of administrative tasks as well as organisation of our business, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process in the context of providing our contractual services. The processing bases are Art. 6 par. 1 lit. c. DSGVO, Art. 6 par. 1 lit. f. DSGVO. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, i.e. tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information mentioned in these processing activities.

In this context, we disclose or transmit data to the tax authorities, consultants such as tax advisors or auditors as well as other fee offices and payment service providers.

Furthermore, we store information on suppliers, organisers and other business partners on the basis of our business interests, e.g. for the purpose of contacting them at a later date. This data, most of which is company-related, is stored permanently.

6. Analysis Tools and Advertising

Collection of access data and log files

We, or rather our hosting provider, collect on the basis of our legitimate interests within the meaning of Art. 6 par. 1 lit. f. DSGVO, we collect data on every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.

Reach measurement with Matomo

This website uses the open source web analysis service Matomo. With the help of Matomo, the website operator is able to collect and analyse data on the use of the website by website visitors. This makes it possible, among other things, to find out which page views were made when and from which region the page views are made. In addition, various log files are recorded (e.g. IP address, referrer, browsers and operating systems used) and it is measured whether website visitors perform certain actions (e.g. clicks).

IP anonymisation: IP anonymisation is used for analysis with Matomo. This means that your IP address is shortened before analysis so that it can no longer be clearly assigned to you.
Cookieless analysis: Matomo has been configured so that it does not save any cookies in your browser.
Hosting: Matomo is hosted exclusively on the website operator’s own server, so that all analysis data remains with him and is not passed on.

The use of this analysis tool is based on Art. 6 par. 1 lit. f DSGVO. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 par. 1 lit. a DSGVO and § 25 par. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device as defined by the TTDSG. The consent can be revoked at any time for the future. The logs with the users’ data are deleted after 6 months at the latest.