Privacy policy

This privacy policy informs you, in accordance with the GDPR, about how your personal data is processed on the website of Heilpraktikerin Lena Stoßberger.

1. Controller responsible for data processing

Lena Stoßberger (HP Psych)
Gollierstr. 37 | 80339 Munich | lena.stossberger@gmail.com

As the operator of this website, I am responsible for the collection and processing of personal data in accordance with the GDPR.

2. General information on data processing on this website

When you visit my website, technical data is automatically processed by the hosting server. These so-called server log files include, among other things:

IP address, date and time, accessed files
Browser type and version, operating system, referrer URL

Purpose: technical provision, security, optimization
Legal basis: Art. 6(1)(f) GDPR
Retention period: approx. 7–30 days

3. Cookies & cookie consent

This website uses both:

technically necessary cookies
optional cookies (e.g. for Google Analytics)

Non-essential cookies are only set with your consent.

Legal basis:

necessary cookies → Art. 6(1)(f) GDPR
tracking cookies → Art. 6(1)(a) GDPR

You may withdraw your consent at any time via the cookie banner.

4. Web analytics with Google Analytics

To improve this website, I use Google Analytics (Google Ireland Limited).

Google processes, among other things:

anonymized IP address (IP anonymization enabled)
usage behavior, device data, page views

Purpose: analysis and optimization of the website
Legal basis: consent pursuant to Art. 6(1)(a) GDPR

Data transfers to the USA may occur. Google safeguards such transfers using EU Standard Contractual Clauses.

Further information: https://policies.google.com/privacy

5. Contact form

Data submitted via the contact form (name, email address, message, possibly telephone number) is used exclusively to process your inquiry.

Purpose: contacting you, initiation of a treatment relationship
Legal basis: Art. 6(1)(b) GDPR
Retention period: until final processing / in accordance with statutory retention requirements

6. Online appointment scheduling (Acuity Scheduling)

For appointment bookings, I use Acuity Scheduling, a service provided by Squarespace Inc. (USA).

Processed data may include:

name, email address, phone number
requested appointment, submitted notes

Purpose: online appointment management
Legal basis: Art. 6(1)(b) GDPR

Data transfers to the USA may occur. Squarespace uses Standard Contractual Clauses (SCCs).

7. Payment processing with PayPal

For payments (e.g. for workshops, vouchers, etc.), PayPal is used.

PayPal processes, among other things:

name, address, payment information, transaction data

Legal basis: Art. 6(1)(b) GDPR
PayPal privacy information:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full

8. Disclosure of personal data

Personal data is only disclosed if:

required by law
necessary for contract performance
you have given consent
external service providers are engaged as processors (Art. 28 GDPR)

Typical recipients include hosting providers, payment service providers, and appointment booking services.

9. Your data protection rights under the GDPR

You have the right to:

access (Art. 15 GDPR)
rectification (Art. 16 GDPR)
erasure (Art. 17 GDPR)
restriction of processing (Art. 18 GDPR)
objection (Art. 21 GDPR)
data portability (Art. 20 GDPR)
withdrawal of consent (Art. 7(3) GDPR)

Right to lodge a complaint:
You may contact the data protection authority of your federal state.

10. Data security

I use technical and organizational measures to protect your data against loss, misuse, and unauthorized access. These include encrypted connections (SSL/HTTPS), secure servers, and internal access restrictions.

11. Data retention period

Data is stored only as long as necessary or as required by law.
For practitioners, a medical record retention period of 10 years generally applies (§ 630f BGB).

12. Updates to this privacy policy

This privacy policy is regularly updated to comply with legal requirements and technical developments.