Privacy policy
Status: June 2023
With the following data protection declaration, we want to inform you about the processing of your personal data when you visit our website https://my7steps.org and use the My7steps platform. In addition, we are obliged to provide the following notice:
The use of this platform takes place in a potentially insecure environment. Digital health applications like this come with security risks that cannot be fully addressed by the manufacturer of the digital health application.
We would like to inform you in advance as follows:
1. Contact details of the responsible person
Responsible for data processing is:
My7steps GmbH
Mainzer Straße 75
65189 Wiesbaden
Managing Director with power of representation: Dr. Ralph Grobecker
E-Mail: support@my7steps.org
(hereinafter “We”)
2. Contact details of the data protection officer
You can reach our data protection officer at the address mentioned in 1., for the attention of the data protection officer, or by e-mail at datenschutz@my7steps.org.
3. Collection, storage and deletion of personal data and the nature and purpose of their use
a) When visiting the website:
When you visit our website https://my7steps.org, information is automatically sent to our website server by the browser used on your end device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automatic deletion:
- IP address of the requesting computer,
- Date and time of access,
- Name and URL of the retrieved file,
- Website from which the access is made (referrer URL),
- The browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
The above data will be processed by us for the following purposes:
- Ensuring a smooth connection of the website,
- Ensuring a comfortable use of our website,
- Evaluation of system security and stability, and
- for other administrative purposes.
The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.
b) Registration to use the platform
In order for you to be able to use the platform to its full extent, we have to make sure that you meet certain requirements. We already ask for these before the actual registration process. We temporarily save the answers (until you leave the website) to your IP address. The legal basis for this processing is your voluntarily given consent according to Art. 9 para. 2 lit. a i.V.m. Art. 6 para. 1 p. 1 lit. a DSGVO, which you grant by clicking on the corresponding checkbox (“DSGVO consent”).
If you meet the access requirements, you will need a user account. In order to create such an account for you, we need the following information (“user data”):
- A valid telephone number and / or a valid e-mail address
- Your name,
- Your mother tongue,
- The time zone in which you are located;
- Your gender,
- Your country of residence,
- A password chosen by you.
In addition, we require information on the desired billing method (“billing data”) if you opt for a chargeable package. This includes the following information:
- First name, last name,
- Street,
- House number,
- Postcode,
- City.
If billing via your health insurance is possible, we need information on whether you are privately or statutorily insured, or whether you would like to pay for the treatment yourself, as well as, if applicable
- The name of your health insurance company,
- Your insurance number,
- Your date of birth,
- A prescription ID,
- Your payment information.
All information is stored in your user account and processed exclusively for the provision of the platform. We process your billing data exclusively for billing with your health insurance company or with you as a self-payer (see below, point 4.).
The legal basis for the processing is Art. 9 para. 2 lit. h) in conjunction with Art. 6 para. 1 lit. b) DSGVO. Art. 6 para. 1 lit. b) DSGVO, § 22 para. 1 no. 1 lit. b BDSG. The processing of your data to create a user account is necessary to fulfil the treatment contract with you.
c) When using the platform
As a registered user, you will receive access to the platform via our website. In order for you to be able to log in to the platform (“login”), we process the date and time of your login in addition to your access data (depending on which variant you choose, telephone number, e-mail address, your activation code, if applicable, and your PIN code).
On the platform, you have the possibility, for example, to answer questions about your state of mind via a question catalogue. The results are saved to your user profile and processed by our counsellor according to the treatment order (see section 4.). In your profile, under the menu item “Account settings”, you have the possibility to view or change your personal details at any time.
The legal basis for the processing is Art. 9 para. 2 lit. h) in conjunction with Art. 6 para. 1 lit. b) DSGVO. Art. 6 para. 1 lit. b) DSGVO, § 22 para. 1 no. 1 lit. b BDSG. The processing of your data to create a user account is necessary to fulfil the treatment contract with you.
d) When arranging a callback (info call)
You have the possibility to arrange a callback request via our website. In order to be able to guarantee a callback, we need the following information from you:
- Day and time of the callback,
- Callback number,
- Your language preference for the info call.
We request this data with the callback request form. We process your answers to process your request. The legal basis for this processing is your voluntarily given consent in accordance with Art. 9 para. 2 lit. a in conjunction with Art. 6 para. 1 p. 1 lit. a DSGVO. Art. 6 para. 1 p. 1 lit. a DSGVO, which you grant by clicking on the corresponding checkbox (“DSGVO consent”).
e) When contacting
You have the option of contacting us via our website. In order to process your request, we need the following information from you:
- Salutation,
- Last name,
- E-mail address,
- Reason for your request,
- Comment or message,
- Browser, if necessary,
- Error message, if applicable.
We request this data with the contact form. We process your answers exclusively for the purpose of processing your enquiry. The legal basis for this processing is your voluntarily given consent according to Art. 9 para. 2 lit. a in conjunction with Art. 6 para. 1 p. 1 lit. a DSGVO. Art. 6 para. 1 p. 1 lit. a DSGVO, which you grant by clicking on the corresponding checkbox (“DSGVO consent”).
f) Erasure of the data:
Your data stored with us will only be stored for as long as it is needed to process the corresponding enquiries. After that, we delete the data immediately. We only deviate from this in exceptional cases, insofar as legal retention periods exist; for example, within the scope of civil law claims.
4. Disclosure of data:
a) Disclosure of data to the counselor
Within the framework of the treatment contract, it is sometimes necessary to pass on some of your data to the counsellor looking after you. These are exclusively trained psychological professionals. They are all subject to professional secrecy and are obliged to maintain confidentiality about your affairs. Your data will only be passed on to your personal counsellor. You will find his or her name in your user account.
In detail, all data required for treatment will be passed on to your counselor. In particular, this includes the following information:
- Your name,
- Your gender,
- Your date of birth,
- The telephone number stored in the user account,
- The e-mail address stored in the user account,
- The language in which you would like to be treated,
- Your previous answers to the questions asked on the platform.
The legal basis for the transfer of your data to your counsellor is Art. 9 para. 2 lit. h) in conjunction with Art. 6 para. 1 lit. b) DSGVO. Art. 6 para. 1 lit. b) DSGVO, § 22 para. 1 no. 1 lit. b BDSG.
b. Disclosure of data to payment service providers (self-payers):
If you enter into a paid contract as a self-payer, we offer you payment via Mollie. The provider of this payment service is Mollie B.V, Keizersgracht 313, 1016 EE Amsterdam, the Netherlands (hereinafter “Mollie”). If you select payment via Mollie, the payment data you enter will be transmitted to Mollie and the correspondingly selected payment provider (SOFORT Überweisung, Giropay, PayPal, credit card provider Visa, Mastercard).
The legal basis for the transfer of your data to Mollie is based on Art. 6 para. 1 lit. a) DSGVO (consent) and Art. 6 para. 1 lit. b) DSGVO (processing for the performance of a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of past data processing operations.
c) Disclosure of data to health insurers
In order to bill your health insurance for your treatment costs, it may be necessary to pass on some billing and user data to your health insurance. The transfer of the data required for this purpose is strictly in accordance with Art. 9 para. 2 lit. h) i.V.m. Art. 6 para. 1 lit. b) DSGVO, § 22 para. 1 no. 1 lit. b BDSG and §§ 294 ff. SGB V. Sections 294 et seq. of the German Social Code, Book V (SGB V) regulate which data we are required to transmit.
In this context, we transmit your data exclusively to your health insurance company. For this purpose, we use the information that you have stored in your user account. You can find out which health insurance company your data will be transferred to in your user account.
Your personal data will not be transferred to third parties for purposes other than those mentioned. Data will only be passed on to third parties if:
- you have given your express consent to this in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO,
- the disclosure is necessary in accordance with Art. 6 (1) p. 1 lit. f DSGVO for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
- in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c DSGVO, as well as
- this is legally permissible and necessary according to Art. 6 para. 1 p. 1 lit. b DSGVO for the processing of contractual relationships with you.
5. Cookies:
We use cookies on our site. These are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware. Information is stored in a cookie that is related to the specific end device used. However, this does not mean that we gain direct knowledge of your identity. The use of cookies can serve different purposes. The cookies we use are absolutely necessary for the operation of the website. They serve to enable you to use our platform. The legal basis for the use of this type of cookie is Art. Abs. 1 S. 1 lit. f DSGVO.
These are primarily so-called session cookies, with the help of which it is registered that you have already visited individual pages of our website. These are automatically deleted after you leave our site. In detail, the following cookies are used on our website:
Name of the cookie | Function duration | Third party access | Intended use |
Required cookies: | |||
Session-ID | Session cookie | no | Identification of the registered user |
Most browsers accept cookies automatically. You can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.
6. Analysis tools:
The tracking measures listed below and used by us are carried out on the website on the basis of Art. 6 (1) p. 1 lit. f) DSGVO. No tracking measures are carried out when using the platform.
With the tracking measures used, we want to ensure a needs-based design and the ongoing optimisation of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.
The respective data processing purposes and data categories can be found in the corresponding tracking tools.
Matomo
We use the open source software Matomo to analyse and statistically evaluate the use of the website. No cookies are used for this purpose (see section 5). The information is used to evaluate the use of the website and to enable us to design our website in line with requirements. The information is not passed on to third parties.
Under no circumstances will the IP address be linked to other data relating to the user. The IP addresses are anonymised so that an assignment is not possible (IP masking).
Below you can prevent the analysis of your actions taken on this website via the tracking opt-out option of Matomo:
7. Data subject rights:
You have the right:
- to request information about your personal data processed by us in accordance with Art. 15 DSGVO. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
- to demand the correction of incorrect or incomplete personal data stored by us without delay in accordance with Art. 16 DSGVO;
- pursuant to Art. 17 DSGVO to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
- to request the restriction of the processing of your personal data in accordance with Art. 18 DSGVO, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO;
- pursuant to Art. 20 DSGVO to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
- to revoke your consent at any time in accordance with Art. 7 (3) DSGVO. This has the consequence that we may no longer continue the data processing based on this consent for the future and
- to complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.
8. Right to object:
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation. If you would like to make use of your right of revocation or objection, it is sufficient to send an e-mail to support@my7steps.org.
9. Data security:
We use the widespread SSL procedure (Secure Socket Layer) during your visit to https://my7steps.org. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is encrypted by the closed key or lock symbol in the status bar of your browser. We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
D. Validity and document handling
This document is final after release and persists the published status of the privacy policy with the version number indicated in the title.