updated 21 May 2018
1 - What is personal data
Personal data means any information relating to an identified or identifiable natural person, such as for instance your contact information, your browsing history or your clinical data.
2 – General principles for personal data processing by The Cove
We adhere to the following principles when processing your personal data:
- We will only collect personal data for specified, explicit and legitimate purposes
- We will not collect personal data beyond what is necessary to accomplish those purposes
- We will not use personal data for purposes other than that for which the data was collected, except as stated herein, or with prior consent
- We will not transfer personal data to third parties, except as stated herein, or with prior consent
- We will do our best to ensure that information is up to date by encouraging you to verify your personal data periodically
- We will maintain appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access and against all other unlawful forms of processing
- Except when stated herein, we will not store personal data longer than is necessary to accomplish the purpose for which the data were collected or for which they are further processed, or as is required by law
3 – Personal data we collect and process
We may collect and process the following data about you:
- Data you give us. You may give us information about you by filling in forms on our site http://www.thecove-therapy.com (our site) or by corresponding with us by phone, email or otherwise. This includes information you provide when you register to use our site, subscribe to any updates, request or receive therapy, counseling, coaching or attend workshops, through our site, participate in social media functions on our site, complete a survey or report a problem with our site. The information you give us may include your name, address, email address and phone number, financial and credit card information, personal description and medical history.
- Data we collect about you. With regard to each of your visits to our site we may automatically collect the following data:
- Technical data, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
- Data we receive from other sources. We may receive data about you from third parties we work closely with (including, without limitation, medical practitioners, business partners, sub-contractors in technical, payment and delivery services, analytics providers, search information providers).
4 – How we use your personal data
We use data held about you in the following ways:
- Data you give to us. We will use this data:
- To carry out our obligations arising from any contracts entered into between you and us relating to therapy, counseling, coaching or workshops, and to provide you with the information and services that you request from us
- To provide you with information about other services we offer that are similar to those that you have already received or enquired about
- To provide you with information about goods or services we feel may interest you. If you are an existing client, we will only contact you by electronic means (email or SMS) with information about services similar to those you have previously received or enquired about
- To notify you about changes to our services
- To ensure that content from our site is presented in the most effective manner for you and for your computer
- Data we collect about you. We will use this data:
- To administer our site and for internal operations including troubleshooting, data analysis, testing, research, statistical and survey purposes
- To improve our site to ensure that content is presented in the most effective manner for you and for your computer
- To allow you to participate in interactive features of our service, when you choose to do so
- As part of our efforts to keep our site safe and secure
- To measure or understand the effectiveness of marketing we serve to you and others, and to deliver relevant marketing to you
- To make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them
- Data we receive from other sources. We may combine this data with data you give to us and data we collect about you. We may use this data and the combined data for the purposes set out above.
5 - Where we store and process your personal data
As a general principle, your personal data is stored and processed within the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the processing of your payment details. By submitting your personal data, you agree to this transfer, storing or processing. In case of transfer of your personal data to any third countries, as defined in General Data Protection Regulation (GDPR), applicable legislation and regulations concerning such transfers are observed and relevant legal and security safeguards are ensured before such transfer.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
6 – Our disclosure of your personal data to third parties
We may disclose your personal data to third parties to the extent required by law, court order or a decision rendered by a competent public authority and for the purpose of law enforcement. In addition, we may share your personal data with the following third parties:
- Medical or psychological therapy practitioners for the purposes of furthering a contract between us and you for the provision of therapy, counseling, coaching or workshop attendance.
- Third party vendors carrying out services on our behalf, including billing, IT support, analytics, research, customer service, data storage, validation, security, fraud prevention, payment processing, and legal services. Such third-party vendors have access to perform these services but are prohibited from using your personal data for other purposes.
- Third parties in order to establish, exercise or defend legal rights of The Cove.
- Other third parties subject to your consent.
When we disclose your personal data to a third party, we take all reasonable steps to ensure that those third parties are bound by confidentiality and privacy obligations with respect to the protection of your personal data. The disclosure is conducted in compliance with legal requirements, including entering into data processing agreements with the relevant third parties, to ensure that personal data is only processed in accordance with our instructions, applicable law and regulations and for the purpose specified by us and to ensure adequate security measures.
7 – Retention of your personal data
We keep your information for no longer than necessary for the purposes for which it is collected. The length of time for which we retain information depends on the purposes for which we collected and use it.
Personal data related to our services is kept and processed for a period of five (5) years from the last date of service, unless such data is legitimately processed for other purposes, such as providing you with personal benefits or customized direct marketing upon your consent or for pursuing our legal claims, where maintaining such information is considered necessary.
Personal data related to our provision of direct marketing to you is kept and processed for a period of three (3) years from the date you last have been active in opening our marketing communication or otherwise showing interest in such communication.
Relevant personal information will be deleted after expiry of the above-mentioned periods, unless such data legitimately can be kept and processed for other processing purposes which we have legal basis for.
8 – Cookies
A cookie is a small text file that is placed on your computer or mobile device when you visit a site, that enables us to: (1) recognize your computer; (2) store your preferences and settings; (3) understand the web pages of www.thecove-therapy.comyou have visited; (4) enhance your user experience by delivering and measuring the effectiveness of content and advertising tailored to your interests; (5) perform searches and analytics; and (6) assist with security and administrative functions. Some cookies are placed in your browser cache while those associated with Flash technologies are stored with your Adobe Flash Player files.
Pixels are tiny electronic tags with a unique identifier embedded in websites, online ads and/or email that are designed to: (1) collect usage information like ad impressions or clicks and e-mail open rates; (2) measure popularity of advertising; and (3) access user cookies.
As we adopt additional technologies, we may also gather information through other methods.
Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether.
Please consult the “Help” section of your browser for more information. You can also manage the use of Flash technologies, including Flash cookies and local storage objects with the Flash management tools available at Adobe’s website. Please note that by blocking, disabling, or managing any or all cookies, you may not have access to certain features or offerings on our website.
9 – Responsible for processing
Melanie Stehmeier, The Cove, Schwanhildenweg 16, 81673, Munich, Germany, is data controller and is responsible for the processing of your personal data.
10 – Access to your personal data and data portability
You have the right to access the personal data concerning you which you have provided to The Cove in a structured, commonly used and machine-readable format and have the right to transmit those data to any third party you should choose to.
11 – Updating and/or deleting your personal data
We encourage you to update your personal data provided to The Cove any time there are changes in your personal data.
Your personal data can be deleted from The Cove servers unless we are entitled or obliged by applicable law and regulations to keep and process such information regardless of withdrawal of your consent.
Following your request for deletion of your personal data, these will be deleted from our servers without undue delay; please note it may take a period of up to three (3) months to ensure complete deletion of any information stored in our back-up.
You may also contact The Cove to review, update or delete personal data stored about you. For relevant contact details please see section 18 below. Please note that prior to accessing and requesting changes to your data, we will need to verify your identity properly.
12 – Right to withdraw your consent
Some of The Cove’s processing activities may be based on your consent. In these situations you will have the right to withdraw your consent at any time. Withdrawal of your consent will not affect the lawfulness of processing conducted prior to the withdrawal.
If you withdraw your consent, The Cove and third parties involved in personal data processing will cease to process your personal data, unless and to the extent the continued processing or storage is permitted or required according to the applicable personal data legislation or other applicable laws and regulations. Please note that as a consequence of your withdrawal of your consent, The Cove may not be able to meet your requests or provide you with our services.
13 – Right to restriction of processing and right to object
You have the right to restrict processing of your personal data if the personal data is not correct, or if the processing is unlawful, in the event that you oppose erasure of your personal data, if the Cove no longer needs your personal data for the purposes of processing but storing such data is requested by you for the establishment, exercise or defense of legal claims, or if you have objected to processing and verification and a decision about whether The Cove still has legitimate interest in the given personal data is pending. Please see section 18 for relevant contact details.
At any time you have the right to object to processing of your personal data that has been collected and processed for the purposes of legitimate interests pursued by The Cove, for instance when we provide you with relevant therapy materials, make your future bookings easier by remembering your details, or when we conduct analytics and statistics on your use of our services. Please see section 18 for relevant contact details.
Furthermore, you have the right to object to processing of your personal data for direct marketing purposes. You can do so by unsubscribing from our marketing information by clicking on the unsubscribe link in the bottom of marketing communication from The Cove.
14 – Right to complain
If you want to complain about a privacy breach, please contact The Cove by sending your complaint to The Cove, Schwanhildenweg 16, 81673, Munich, Germany or by sending an e-mail to firstname.lastname@example.org
We will acknowledge receipt of your complaint within five (5) business days. We will do our best to resolve it as quickly as possible and within one (1) month from the date of complaint. In case a response would require longer than one (1) month, we will let you know and inform you of the relevant reason(s).
If you are not satisfied with the outcome of your complaint or with our handling of your complaint at The Cove, you may refer your complaint to the Bayrisches Landesamt für Datenschutzaufsicht, Aufsichtsbehörde, Promenade 27 (Schloss) 91522 Ansbach (https://www.lda.bayern.de/de/index.html#).
15 – Third-party websites, plug-ins and services
16 – Use by children
The Cove does not target and is not intended to attract children. Accordingly, our online services that collect personal data are not directed at and should not be accessed by individuals under the age of sixteen (16) years, and we request that such individuals do not provide any personal data to The Cove. Minors must obtain express consent from parents or legal guardians prior to accessing or providing any personal data. If notified by a parent or guardian, or discovered by other means, that a child under the age of sixteen has provided his or her personal data to The Cove we will delete the child’s personal data that is in our possession.
18 – Contact details
The Cove, Schwanhildenweg 16, 81673, Munich, Germany
Alternatively please send an e-mail to email@example.com