Name and contact of the responsible person according to article 4 paragraph 7 GDPR

Alejandra Carmona Collado
Psychology, Therapy and Mindfulness
Immanuelkirchstr. 22
10405 Berlin

E: info@dralexcarmona.com
M: 0162 / 4199662

 

Security and protection of your personal data
We consider it our primary responsibility to protect the confidentiality of the personal information you provide to us and to protect it from unauthorized access. That is why we use the utmost care and state-of-the-art security standards to ensure maximum protection of your personal information.

As a private company, we are subject to the provisions of the European Data Protection Regulation (DSGVO) and the regulations of the Federal Data Protection Act (BDSG). We have taken technical and organizational measures to ensure that the data protection regulations are observed both by us and by our external service providers.

Definitions
The law requires that personal data is processed lawfully, in good faith and in a manner that is reasonable for the data subject ("lawfulness, fairness, transparency"). To ensure this, we inform you about the individual legal definitions that are also used in this privacy statement:

1. personal data
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"); as identifiable natural person is one who, directly or indirectly, in particular by assigning an identifier, such as a name, can be identified to an identification number, location data, to an online identifier or to one or more special characteristics reflecting the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.

2. Processing
"Processing" means any person, with or without the aid of automated procedures, procedures performed or any series of operations related to personal data, such as collection, compilation, organization, ordering, storage, adaptation or modification, reading, consultation. use, use, disclosure by transmission, dissemination or any other form of provision, pairing or linking, restriction, erasure or destruction.

3. Processing Restriction
"Restriction of processing" is the marking of stored personal data for the purpose of limiting their future processing.

4. Profiling
"Profiling" means any type of automated processing of personal data which consists in using such personal data to evaluate certain personal aspects related to a natural person, in particular aspects related to job performance, economic situation, health, to analyze or predict personal preferences, interests, trustworthiness, behavior, location or change of location of that natural person.

5. Pseudonymization
"Pseudonymization" means the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without providing additional information, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data The data cannot be assigned to an identified or identifiable natural person.

6. File System
"File System" means any structured collection of Personal Data accessible by specific criteria, whether the collection is centralized, decentralized, or organized according to functional or geographic considerations.

7. responsible person
"Responsible person" means a natural or legal person, public authority, body or body which alone or jointly with others decides on the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union law or by the law of the Member States, the controller or the specific criteria for his or her appointment may be provided for by national or Union law.

8. Processor
"Processor" means a natural or legal person, public authority, body or body processing personal data on behalf of the Controller.

9. Recipient
"Recipient" means a natural or legal person, public authority, agency or other body to whom personal data is disclosed, whether or not a third party. However, authorities that may receive personal data under Union or national law in connection with a particular mission are not considered recipients; the processing of such data by such authorities shall be carried out in accordance with the applicable data protection rules in accordance with the purposes of the processing.

10. Third party

By "third party" is a natural or legal person, public authority to process the personal data device or other body other than the data subject, the controller and persons who are authorized under the direct authority of the controller or processor.

11. Consent
The "consent" of the data subject is any expression of will voluntarily given in a specific, unambiguous and unequivocal manner in the form of a statement or other unambiguous confirmatory act indicating to the data subject that he or she is involved in the processing of the subject personal data. data subject.

Lawfulness of processing
The processing of personal data is only lawful if there is a legal basis for the processing. The legal basis for the processing may, in accordance with Article 6 (1)
lit. a - f GDPR in particular:

a. The data subject has consented to the processing of personal data concerning him/her for one or more specified purposes;

b. the processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures which are carried out at the request of the data subject;

c. the processing is necessary for compliance with a legal obligation to which the controller is subject;

d. the processing is necessary to protect the vital interests of the data subject or any other natural person;

e. the processing is necessary for the performance of a task which is in the public interest or in the exercise of public authority delegated to the controller;

f. the processing is necessary to safeguard the legitimate interests of the controller or a third party, unless overriding interests or fundamental rights and freedoms of data subjects require protection of personal data, in particular where the data subject is a child.

Information on the collection of personal data
(1) Below we provide information on the collection of personal data when using our website. Personal information is z. Name, address, e-mail addresses, user behavior.  

(2) When you contact us by e-mail or via a contact form, the information you provide (your e-mail address, your name and phone number, if applicable) will be stored by us to answer your questions. We will also use the information you provide to send you information about future MBSR courses (Mindfulness-Based Stress Reduction). 

Collection of personal data when visiting our website

In the case of purely informational use of the website, i.e. if you do not register or provide us with information, we only collect personal data that your browser transmits to our server. If you wish to view our website, we collect the following data that is technically necessary for us to be able to inform you about our website and to ensure its stability and security (legal basis is Art. 6 (1) sentence 1 lit. DSGVO):

IP address
Date and time of the request
Time zone difference to the Greenwich Mean Time (GMT)
Content of the request (concrete side)
Access status / HTTP status code
each transmitted amount of data
Web site from which the request arrives
browser
Operating system and its interface
Language and software version of the browser.
Use of cookies

(1) In addition to the data mentioned above, cookies are stored on your computer when using our website. Cookies are small text files that are stored on your hard drive, are assigned to the browser you are using and provide certain information to the body that sets the cookie. Cookies cannot run programs or deliver viruses to your computer. They serve to make the Internet offer more user-friendly and effective in general.

(2) This website uses the following types of cookies, the scope and function of which are explained below:

Transient cookies (in addition to a.)
a. Transient cookies are automatically deleted when you close your browser. These include in particular session cookies. These store a so-called session ID, with which several requests from your browser can be assigned to the common session. This allows your computer to be recognized when you return to our site. Session cookies are deleted when you log out or close your browser.

Children
Our offer is basically for adults. Persons under the age of 18 should not submit any personal data to us without the consent of their parents or guardians.

Rights of the person concerned
(1) Revocation of consent

If the processing of personal data is based on a given consent, you have the right to revoke the consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

For the exercise of the right of withdrawal, you can always contact us.

(2) Right to confirmation
You have the right to ask the person in charge to confirm that we are processing personal data concerning you. You can request confirmation at any time using the contact details above.

(3) Right to information
If personal data is processed, you may request information about this personal data and the following information at any time:

a. the purposes of processing;

b. the categories of personal data being processed;

c. the recipients or categories of recipients to whom the personal data have been disclosed or not disclosed, in particular in recipients in third countries or international organizations;

d. If possible, the intended duration for which the personal data are stored, or, if this is not possible, the criteria for determining such duration;

e. the existence of a right to rectification or erasure of personal data concerning him or her or to a restriction on processing by the controller or a right to object to such processing;

f. the existence of a right of appeal to a supervisory authority;

g. if the personal data are not collected from the data subject, all available information on the origin of the data;

h. the existence of automated decision making, including profiling in accordance with Article 22, paragraphs 1 and 4 DSGVO and - at least in these cases - meaningful information about the logic used and the scope and intended impact of this processing on the data subject.

If personal data is transferred to a third country or an international organization, you have the right to be informed of the appropriate safeguards under Article 46 GDPR in connection with the transfer. We provide a copy of the personal data that is the subject of the processing. For any additional copies you request from an individual, we may charge you a reasonable fee based on administrative costs. If the request is sent electronically, the information must be provided in a standard electronic format, unless otherwise stated. The right to receive a copy in accordance with paragraph 3 shall not affect the rights and freedoms of others.

(4) Right to rectification
You have the right to demand immediate correction of incorrect personal data concerning you. Taking into account the purposes of the processing, you have the right to request that incomplete personal data be completed, including by means of a supplementary declaration.

(5) Right to erasure ("right to be forgotten")
You have the right to request that the person responsible for your personal data be deleted immediately and we are obliged to delete personal data immediately if any of the following conditions are met:

a. The personal data is no longer necessary for the purposes for which it was collected or processed.

b. The data subject must withdraw his or her consent to the processing pursuant to Section 6(1)(a) or Section 9(2)(a) DSGVO supported, and there is a lack of basis in another legal form for the processing.

c. The person concerned in accordance with Article 21, paragraph 1 DSGVO object to the processing and there are no overriding legitimate grounds for processing prior to, or the person concerned in accordance with Article 21, paragraph 2 DSGVO object to process one.

d. The personal data were processed unlawfully.

e. The deletion of personal data is necessary to fulfill a legal obligation under national or Union law to which the controller is subject.

f. The personal data were collected in connection with information society services offered in accordance with Article 8 (1) of the GDPR.

The person in charge made the personal data public, is obliged under paragraph 1 to its deletion, which shall take appropriate measures taking into account the available technology and the cost of implementation, including technical order for data controllers processing personal data on informing that a data subject has requested that they delete all links to such personal data or copies or replicas of such personal data.

The right to erasure ("right to be forgotten") does not exist if processing is required:

to exercise the right to freedom of expression and information;
to comply with a legal obligation required by Union or Member State law to which the controller is subject, or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the field of public health in accordance with Article 9 (2) (h) and (i) and Article 9 (3) of the GDPR.
for archiving purposes in the public interest, scientific or historical research or for statistical purposes in accordance with Article 89, paragraph 1 DSGVO, whereby the right referred to in paragraph 1 makes the expected to achieve the purposes of this processing impossible or seriously impaired, or
to assert, exercise or defend legal claims.

(6) Right to restriction of processing.
You have the right to request that we restrict the processing of your personal data if any of the following conditions are met:

a. the accuracy of the personal data is disputed by the data subject for a period that allows the controller to verify the accuracy of the personal data;

b. the processing is unlawful and the data subject refuses to delete the personal data and instead requests restriction of the use of the personal data;

c. the controller no longer needs the personal data for the purposes of the processing, but the data subject requires them to assert, exercise or defend legal claims;

d. the individual to object to the processing in accordance with Article 21 paragraph 1 DSGVO submitted, provided that it is not yet clear whether the legitimate reasons for the charge against them outweigh the individual concerned.

If the restricted processing in accordance with the conditions set out above, these personal data are - apart from their storage - only with the consent of the individual or for the recognition, exercise or defense of a legal right or to protect the rights of any other person or entity, or for reasons of important public interest of the Union or of a Member State.

To exercise the right to restrict processing, the data subject may contact us at any time using the contact details provided above.

(7) Right to data portability
You have the right to the personal data relating to that you have provided to us to enter in a structured, consistent and machine-readable format, and you have the right to this information another charge without being hindered by data controllers, which personal data provided were to be transmitted, provided that:

a. the processing on a consent pursuant to Article 6 paragraph 1 letter a or Article 9 paragraph 2 on the basis of a letter or a contract in accordance with Article 6 paragraph 1 letter b and DSGVO.

b. the processing is carried out using automated procedures.

When exercising the right to data portability in accordance with paragraph 1, you have the right to obtain that personal data is transmitted directly from one controller to another, provided that this is technically possible. The exercise of the right to data portability is without prejudice to the right of erasure (the right to be forgotten). This right does not apply to processing necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.

(8) Right to object
You have the right, for reasons arising from your particular situation at any time to the processing of personal data concerning you, which is carried out a letter E or F DSGVO basis of Article 6, paragraph to appeal; this also applies to profiles based on these provisions. The person responsible shall no longer process the personal data, unless he or she can demonstrate legitimate grounds for the processing which outweigh the interests, fundamental rights and freedoms of the data subject, or the processing is for the recognition, exercise or defense of legal claims.

If personal data are processed to operate direct mail, you have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiles insofar as they are associated with such direct mail. If you object to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

Regarding the use of information society services, regardless of Directive 2002/58/EC, you can exercise your right to object through automated procedures using technical specifications.

You have the right, on grounds of your own particular situation, to object to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes under Article 89 (1), except where: processing is necessary for the performance of a task carried out in the public interest.

The right to object may be exercised at any time by contacting the responsible person.

(9) Automated case-by-case decisions, including profiling
You have the right, not a single only in an automated processing - to be subject to decisions based on that will be developed on legal effects or taken seriously in a similar way - including profiling. This does not apply if the decision:

a. necessary for the conclusion or performance of a contract between the data subject and the controller,

b. is permitted by Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject; or

c. with the data subject's express consent.

The controller shall take appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, at least the right to obtain the intervention of a person by the controllers, to a statement of his or her own position and to challenge the decision belongs.

This right may be exercised by the data subject at any time by contacting the person responsible.

(10) Right to complain to a supervisory authority
They also have, notwithstanding any other administrative or judicial remedy, the right to complain to a supervisory authority, in particular in the Member State of residence, their place of work or the location of the alleged breach, if the person concerned is of the opinion that the processing of that concern them personal data infringes this Regulation.

(11) Right to effective judicial remedy
They have, without prejudice to any available administrative or non-judicial remedies, including the right to appeal to an authority in accordance with Article 77 GDPR the right to an effective judicial remedy, if they consider that their, right to these regulatory rights, as a result of non-consistent with violated by this Regulation with respect to their personal data.

Use of script libraries (Google Webfonts)
To make our content attractive and graphically appealing in all browsers, we use script libraries and font libraries on this website, such as: Google Webfonts (https://www.google.com/webfonts/). Google Webfonts are transferred to your browser cache to avoid multiple loading. If your browser does not support Google Webfonts or prohibits access, the content will be displayed in a standard font.

Calling script libraries or font libraries automatically triggers a connection to the library operator. This is theoretically possible, but it is also currently unclear whether the operators of such libraries collect data and, if so, for what purposes.

The privacy policy of the library operator Google can be found here: https://www.google.com/policies/privacy/

Alejandra Carmona Collado
Dipl.-Psychologin
Heilpraktikerin für Psychotherapie
Mindfulness Trainer