PRIVACY POLICY

Name: Yevgeniya Savchenko Psychotherapie
Address: Werdertorgasse 15/7, Wien, 1010, AT
Telephone: +43 660 8469159

When using this website, personal data may be processed.

Data protection law requires website operators to inform users about this.

1. Data Controller

Yevgeniya Savchenko Psychotherapie

Werdertorgasse 15/7

1010 Wien

+43 660 8469159

y.savchenko.pth@gmail.com

2. Categories of Data Processed

Which personal data is processed depends on how our website and our services are used: On the one hand, this includes personal information that you provide, such as your name, telephone number, email address when using a contact form, or payment information when placing orders. On the other hand, information is collected automatically when accessing the website or through the use of cookies or related technologies, such as device and usage information (e.g., IP address, browser information, previously visited URL). As a rule, these pieces of information do not allow direct conclusions to be drawn about a person’s identity.

3. Purposes of Processing

Among other things, we process data for the following purposes:

- Provision & optimization of the online offering, its content and functions

- Provision of contractual services, services and customer care

- Responding to contact requests and communication with users

- Marketing and advertising

- Security measures

- Compliance with legal obligations, e.g. compliance with corporate, duties and tax-related retention obligations

4. Relevant Legal Bases

In accordance with Art. 13 GDPR, we inform you of the legal bases of our data processing:

Insofar as we obtain consent for processing operations involving personal data, Art. 6 (1) (a) GDPR serves as the legal basis for processing the data.

- For the processing of personal data necessary for the performance of a contract, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations necessary to carry out pre-contractual measures.

- Insofar as processing of personal data is necessary to comply with a legal obligation, Art. 6 (1) (c) GDPR serves as the legal basis.

- In the event that vital interests of you or another natural person require processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.

- If processing is necessary to safeguard a legitimate interest of our company or a third party, and your interests, fundamental rights and freedoms do not override the aforementioned interests, Art. 6 (1) (f) GDPR serves as the legal basis for processing.

5. Data Transfers

If we disclose personal data to other persons and companies (such as processors, in particular technical service providers for providing our website, affiliated companies, or other third parties), transmit it, or otherwise grant them access to the data, this is done only if permitted by law (e.g. transfers to a payment service provider for the performance of contracts), if you have consented, or if we are legally obliged to do so (e.g. authorities in the context of investigations), or on the basis of our legitimate interests (e.g. when using agents, etc.). If we commission third parties to process data on the basis of a so-called “data processing agreement”, this is done in accordance with Art. 28 GDPR.

The data is stored within the EU. Some data recipients are located outside your country or process your personal data there. The level of data protection in other countries may not correspond to that of your country. However, we transfer your personal data only to countries or (US) companies for which the EU Commission has decided that they have an adequate level of data protection (e.g. US companies certified under the EU-US Privacy Framework), or we implement measures to ensure that recipients commit to an adequate level of data protection. For example, we conclude Standard Contractual Clauses (SCC 2021) for the transfer of personal data to third countries in accordance with Regulation (EU) 2016/679, or ensure that such clauses are concluded by our service providers.

6. Description of Individual Processing Activities

6.1. Provision of the Website, Logging of Access

Purpose: The website should be usable and operable securely, quickly and stably. Web hosting is carried out via cloud-based servers in the EU.

Legal basis: legitimate interest (Art. 6 (1) (f) GDPR), technical necessity

Categories of data: usage data (e.g. pages visited, access times, entries), communication data (e.g. IP address, browser type, operating system)

Categories of recipients: web hosting/CDN provider (mono solutions ApS., Denmark, Amagerfælledvej 106 2300 Copenhagen), SSL certificate provider

Transfer to third countries: Not planned.

Retention period: max. 30 days

6.2. Processing of Inquiries

Purpose: Users should be able to ask questions or book appointments via forms.

Legal basis: legitimate interest in responding (Art. 6 (1) (f) GDPR)

Categories of data: contact data (e.g. name, email, telephone), contents of free-text fields

Categories of recipients: cloud and email service providers, contact form provider, booking tool provider

Transfer to third countries: Not planned.

6.3. Contact Management

Purpose: The contact data of our users and their interactions should be centrally available and easy to view and administer. If users are contacted for advertising purposes, the permission should be verifiable.

Legal basis: legitimate interest (Art. 6 (1) (f) GDPR), legal obligation to store consents

Categories of data: contact data (e.g. name, email, telephone), contents of free-text fields or messages, consent status

Transfer to third countries: Not planned.

6.4. Map Content

Purpose: Our users should be able to find our locations easily. Upon consent in the cookie banner or upon separate display of a consent layer, the map elements are loaded and the data is transmitted to a server of the map provider.

Legal basis: consent Art. 6 (1) (a) GDPR

Categories of data: usage data: e.g. pages visited, access times; communication data: e.g. browser type, operating system or IP addresses

Category of recipients: map tool provider

6.5. Our Online Presence on Social Media

We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the privacy policies of the respective social networks apply. We process users’ data when they communicate with us within social networks and platforms, e.g. by writing posts on our profile or sending us messages. Requests for information and the assertion of data subject rights can be made most effectively with the providers. Only the providers have access to users’ data and can take appropriate measures and provide information directly.

6.6. Cookies and Comparable Tracking Technologies

We may use cookies and similar tracking technologies (such as web beacons and pixels) to collect information about how our services are interacted with. Some online tracking technologies help us maintain the security of our services and your account, prevent crashes, fix errors, save your settings, and support basic website functions.

Based on the consent of our users, we also allow third parties and service providers to use online tracking technologies on our services for analytics and advertising, including managing and displaying ads, tailoring ads to your interests, or sending reminders about abandoned purchases. These third parties and service providers use their technologies to deliver advertisements for products and services tailored to your interests, which may appear either on our services or on other websites.

Specific information on how we use such technologies and how you can reject certain cookies can be found in our cookie notice.

To obtain and manage consents for cookies and comparable technologies, we use the consent management tool of mono solutions ApS., Denmark, Amagerfælledvej 106 2300 Copenhagen. The legal basis for processing is Art. 6 (1) (c) GDPR (legal obligation to obtain consents in a verifiable manner) or, alternatively, (f): our legitimate interests in processing lie in storing user settings and preferences regarding the use of cookies and additional functionalities. The consent declarations are stored for 180 days in the EU and contain the consent settings themselves (true/false for each category), date and time, a random user ID, an obfuscated IP address (not complete) and the browser string.

Data-minimizing integration of Google services via server-side tracking: Through this data-minimizing technical solution, when this website is accessed it is prevented that the IP address of your device is transmitted to Google LLC with locations in the USA (“Google”). We use Google Tag Manager (GTM) to control and manage website services. However, the technical solution behind the data processing works without a direct connection to Google servers, thus on the one hand without transferring personal data to unsafe third countries and on the other hand under anonymization of the IP address of website visitors (removal of the last octet). The IP addresses are collected for a logical second solely for the purpose of anonymization. Due to the measures described, neither we nor our service provider are able to draw individualized conclusions about individual website visitors. After you have consented to the setting of cookies, we use Google services (in particular Google Analytics, Google Tag Manager, Google Ads) for analysis and marketing purposes in the consent mode offered by Google in the Basic variant (more information: https://support.google.com/google-ads/answer/10031513 ), whereby the URL and title of our website, browser data [information about browser, operating system, screen resolution, language selection, date and time]) are assigned to an anonymized reference value and transmitted to Google LLC with locations in the USA (“Google”). We rely on Art. 6 (1) (a) GDPR as the legal basis.

Google Analytics 4 If you have given your consent (legal basis: Art. 6 (1) sentence 1
(a) GDPR and implementing laws for the European ePrivacy Directive), Google Analytics 4 is used on this website, a web analytics service provided by Google LLC. On behalf of the operator of this website, Google will use this information to evaluate your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Cookies are used that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is usually transmitted to a server of Google in the USA and stored there. With Google Analytics 4, IP address anonymization is activated by default. The IP address is anonymized on servers in the EU provided by our technical service providers before data is transmitted to Google. According to Google, the IP address transmitted by your browser within the scope of Google Analytics is not merged with other Google data. During your website visit, your user behavior is recorded in the form of “events”. Events can be: page views, first visit to the website, start of session, pages visited, your “click path”, interaction with the website, scrolls (whenever a user scrolls to the end of the page (90%)), clicks on external links, internal search queries, interaction with videos, file downloads, ads viewed/clicked, language setting. In addition, the following is recorded: your approximate location (region), date and time of the visit, your IP address (in shortened form), technical information about your browser and the devices you use (e.g. language setting, screen resolution), your internet service provider, the referrer URL (which website/which ad material you came to this website from). Recipients of the data are/can be: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR), Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. For the USA, the European Commission adopted its adequacy decision on 10 July 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example to Singapore) cannot be completely ruled out, we have also concluded the EU Standard Contractual Clauses with the provider. Under the cookie symbol on the left of each page, you can view the maximum lifetime of the Google Analytics cookies in our cookie consent tool and revoke your consent at any time with effect for the future. The lawfulness of processing carried out on the basis of consent until revocation remains unaffected. You can also prevent the storage of cookies from the outset by adjusting your browser software settings accordingly. However, if you configure your browser to reject all cookies, this may result in restrictions of functionalities on this and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by: not giving your consent to the setting of the cookie or downloading and installing the browser add-on to deactivate Google Analytics HERE . Further information on Google Analytics terms of use and on data protection at Google can be found at

https://marketingplatform.google.com/about/analytics/terms/de/

and at

https://policies.google.com/?hl=de

Google Ads

We advertise with Google Ads, the online advertising platform developed by Google, to draw attention to our offerings on external websites and in Google products such as Google Search or YouTube. In relation to the data of advertising campaigns, we can determine the success of individual campaigns. We pursue the interest of showing users ads that are likely to be of interest to them, making our website more individualized and therefore more interesting, and achieving a fair calculation of advertising costs. These advertising materials are delivered by Google via so-called “ad servers”. For this purpose, ad server cookies are used, through which certain parameters for measuring success, such as the display of ads or clicks by users, can be measured. If a user comes to our website via a Google ad and agrees to the setting of optional marketing cookies, Google Ads cookies are stored on the user’s device. These cookies enable Google to recognize your internet browser. If a user visits certain pages of an Ads customer’s website and the cookie stored on their device has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to that page. A different cookie is assigned to each Ads customer. Cookies therefore cannot be tracked across the websites of Ads customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can identify which advertising measures used are particularly effective. We do not receive any further data from the use of the advertising materials; in particular, we cannot identify users based on this information. The data transfer to Google with locations in the USA is based on active certification under the EU-US Privacy Framework. We have no influence on the scope and further use of the data collected by Google through the use of this tool.

7. Retention Period

We will retain your personal data only for as long as is necessary for the purposes stated in this Privacy Policy, unless a longer retention period is required or permitted by law (e.g. for tax, accounting, or other legal reasons).

If we no longer have a legitimate business need to process your personal data, we will either delete or anonymize it, or, if this is not possible (e.g. because your personal data is stored in backup archives), we will securely store your personal data and isolate it from any further processing until deletion is possible.

8. Rights Related to the Protection of Personal Data

Subject to the requirements of applicable law, you have the following rights:

- Right of access (Article 15 GDPR)

- Right to rectification (Article 16 GDPR)

- Right to erasure (“right to be forgotten”) (Article 17 GDPR)

- Right to restriction of processing (Article 18 GDPR)

- Right to data portability (Article 20 GDPR)

- Right to object (Article 21 GDPR)

- Right not to be subject to a decision based solely on automated processing — including profiling — (Article 22 GDPR)

- Right to lodge a complaint with the competent supervisory authority. You can find a list of the competent EU authorities here: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en

Last updated on 16/02/2026