Privacy Policy
Application Statement
Compliance with the General Data Protection Regulation (GDPR) is a priority for Clicktotherapy Ltd. (Clicktotherapy).
Data Processing Controller
- Company Name: CLICKTOTHERAPY PRIVATE COMPANY
- VAT Number: 801457731
- Email: info[at]clicktotherapy.com
Clicktotherapy I.K.E., hereafter Clicktotherapy, considers as personal data any information relating to individuals, identified or identifiable persons. This includes, but is not limited to, names, addresses, identification numbers, IP addresses, health and insurance information, employment status, and more.
Special categories of data, such as data concerning health, racial or ethnic origin, trade union membership, and others, receive special protection.
These rules apply when the collection, use, and storage of personal data of individuals are carried out digitally or in print through a structured filing system.
This policy complies with the European Union's General Data Protection Regulation (GDPR) and opinions/decisions issued by the Personal Data Protection Authority.
Definitions
- Personal Data: any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;
- Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;
- Restriction of Processing: the marking of stored personal data with the aim of limiting their processing in the future;
- Filing System: any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized, or dispersed on a functional or geographical basis;
- Data Controller: the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
- Processor: a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller;
- Recipient: a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
- Third Party: a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
- Consent: the data subject's freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
- Personal Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed;
- Special Categories of Data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person's sex life or sexual orientation.
Categories of Personal Data Collected
Clicktotherapy may collect personal data in the course of its activities and normal operations from its clients, partners, employees, and other individuals with whom it conducts business.
Depending on the form and purpose of processing, Clicktotherapy may collect and process personal data, including, but not limited to, the following:
CATEGORIES OF SUBJECTS | CATEGORIES OF DATA |
---|---|
Professional Therapists | These may include:
|
Clients | Data of Clicktotherapy clients, provided they are natural persons. These may include:
|
Data of Other Natural Persons | Data of other natural persons visiting Clicktotherapy facilities or collaborating with it. |
Employees (Active and Inactive) / Job Applicants | Data of Clicktotherapy employees under any employment relationship, as well as data of former and prospective employees, which are kept for the purposes of their employment relationship with Clicktotherapy. These may include:
|
Categories of Personal Data Collected
Clicktotherapy may collect and process personal data of natural persons mentioned in the above paragraph who use its services. In principle, Clicktotherapy may collect and process personal data for the following purposes, based on the respective legal grounds for processing:
PROCESSING PURPOSE | LEGAL BASES |
---|---|
Collection, processing, cross-referencing, and transmission of information to Tax, Insurance, and Labor Administration solely to support its operation |
|
Collection and processing of necessary data of employees and/or job applicants and collaborators for the proper service of existing employment relationships or collaboration relationships or the examination of potential future collaboration |
|
Service provision |
|
Improvement of provided services | Pursuit of legitimate interests [Article 6(1)(f) GDPR] |
For any other form of processing, Clicktotherapy requests the free and prior informed consent of the data subjects before the processing begins, if required. |
Reference to more than one legal basis does not imply that Clicktotherapy engages in lawful basis swapping, undermining the rights of data subjects, but that there are cases where more than one legal basis for processing is applicable.
Transfer/Disclosure of Data to Third Parties
Personal data collected may be disclosed or transferred to third parties when required by law or necessary for the fulfillment of our services, in compliance with applicable legal guarantees. We may engage natural or legal persons to perform certain services on our behalf. Only the personal data necessary for the fulfillment of the assigned services are transferred to these individuals, and they are bound to us regarding the confidentiality and secure processing of personal data.
Retention Period of Information
Clicktotherapy retains the personal data it collects in electronic and/or paper form for the period strictly necessary to fulfill the processing purposes (as defined above) and for as long as the retention of such data is necessary in compliance with our legal obligations or to defend our legal interests before the Courts.
Rights of Data Subjects
Clicktotherapy recognizes the rights of data subjects regarding the protection of their personal data. Thus, data subjects have the right to:
- Be informed about the processing of personal data.
- Access the personal data concerning them.
- Request correction of inaccurate, incomplete, or erroneous personal data.
- Submit a request for the deletion of personal data when it is no longer necessary or when processing is illegal. If Article 6(1)(f) GDPR is the legal basis for processing in most cases, the right to deletion is limited and will be assessed on a case-by-case basis under legal conditions. According to Recital 4 of the GDPR, the right to the protection of personal data is not an absolute right; it must be considered in relation to its role in society and balanced with other fundamental rights, in accordance with the principle of proportionality.
- Object to the processing of personal data for reasons related to their particular situation, subject to Article 21(6) GDPR.
- Submit a request for restriction of processing of personal data in certain cases.
- Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or significantly affects them, subject to Article 22(2) GDPR.
- Lodge a complaint with the supervisory authority of the EU Member State where they reside or work or the supervisory authority of the place of the alleged infringement.
Principles of Processing
Clicktotherapy adheres to the basic principles governing the processing of personal data. Personal data (Article 5):
- Are processed lawfully, fairly, and transparently in relation to the data subject ("lawfulness, fairness, and transparency").
- Are collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes is not considered incompatible with the initial purposes pursuant to Article 89(1) ("purpose limitation").
- Are adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed ("data minimization").
- Are accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified ("accuracy").
- Are kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, subject to the implementation of the appropriate technical and organizational measures required by the GDPR to safeguard the rights and freedoms of the data subject ("storage limitation").
- Are processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures ("integrity and confidentiality").
Record of Processing Activities
Clicktotherapy maintains a record of processing activities for which it is responsible. This record includes all the following information:
- The name and contact details of the data controller and, where applicable, the joint data controller, the data controller's representative, and the data protection officer,
- The purposes of the processing,
- Description of the categories of data subjects and the categories of personal data,
- The categories of recipients to whom the personal data have been or will be disclosed, including recipients in third countries or international organizations,
- Where applicable, transfers of personal data to a third country or international organization, including the documentation of suitable safeguards in accordance with Article 49(1) second subparagraph,
- Where possible, the envisaged time limits for erasure of the different categories of data,
- Where possible, a general description of the technical and organizational security measures referred to in Article 32(1).
Protection of Personal Data
Taking into account the nature, scope, context, and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, Clicktotherapy implements appropriate technical and organizational measures to ensure and be able to demonstrate that processing is performed in accordance with the General Data Protection Regulation (GDPR), adopting and implementing a comprehensive data security policy for personal data.
When assessing the appropriate level of security, Clicktotherapy takes into consideration the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.
To prevent data breaches, Clicktotherapy as the data controller has adopted and implemented policies against attacks on its information systems, as well as specific incident response management policies for potential personal data breaches.
Employee Training
Clicktotherapy acknowledges that the protection of personal data requires the sensitization of its human resources regarding the protection of personal data. In this direction, it accepts the adoption and implementation of the Fair Information Practices (FIP) principle for proper orientation through relevant training, summarizing a set of standards governing the collection and use of personal data and addressing privacy and accuracy issues. Clicktotherapy aims to raise awareness among its human resources regarding basic concepts of personal data protection.
Cookies
Cookies are small pieces of information stored on computers for the purpose of recognizing the web browser used during visits to various websites. Device identifiers are collected from available system elements, which may include IP addresses, user agent information (browser version, type, and operating system version), or identifiers created by devices, such as Apple identifiers for advertisers, Apple identifiers for vendors, Google's Android identifiers, or Google Play Store ad identifiers. Cookies and similar technologies may be used to memorize details such as user identifiers and preferences.
The use of cookies facilitates our website in remembering information about your visit, collecting useful information about your search preferences. This enables an enhanced and personalized browsing experience during your next visit.
Additionally, our cookies help us monitor the performance and traffic of our website, enhancing its presentation and content according to our visitors' preferences.
Some or all of the cookies described below may be stored in the browser. You can view and manage cookies in the browser (however, mobile device browsers may not offer this visibility).
From the various types of cookies, Clicktotherapy collects the above-described information through the following cookies:
- Strictly Necessary Cookies: Technical essential cookies are crucial for the proper functioning of the website, allowing you to navigate and use its features. These cookies do not recognize your individual identity. Without these cookies, we cannot provide efficient operation of the website. Additionally, these cookies allow our website to remember your choices, such as font size, providing enhanced and personalized features.
- Performance Cookies: At Clicktotherapy, we use services from Google, Facebook, Ahrefs, and Crazy Egg to record traffic statistics and display targeted advertisements. These cookies collect information about how you use the website, such as which pages you visit most frequently. These cookies collect aggregated, anonymous information that does not identify any visitor. They are solely used to improve the website's performance.
If you do not wish to disable cookies, you can enable, disable, or delete cookies entirely through the website settings or your browser options. For example, in Chrome, you can click on the Chrome menu and then select Settings/Privacy/Content Settings to change your cookie settings according to your preferences. If you choose to disable cookies, some parts of the website may not function properly. More information about the types of cookies is available on the website http://www.allaboutcookies.org. If you want to learn how to control or delete cookies, you can visit the website www.AboutCookies.org.
Information on the Processing of Personal Data on Social Media
Clicktotherapy has accounts on the following social media platforms:
On these social media platforms, Clicktotherapy processes personal data (such as your username and possibly your photo) to provide information about our activities and services and as an additional means of communication.
By actions such as liking or following our specific page, you consent to the relevant processing, i.e., the processing of the username you use and any accompanying photo. Withdrawal of consent can be done through the social media platforms using the reverse process (unlike, unfollow).
In any case, we inform you that we do not know and are not responsible for whether these social media platforms further process personal data, have additional processing purposes, transfer data to third countries, use processors and sub-processors for processing, engage in profiling, and how they overall process personal data.
We recommend that before giving any consent, you consult the privacy policy of these social media platforms. In case you upload your own photos or additional personal data to our page on these platforms, you are solely responsible for this processing. Due to the ease of sharing photos and other personal data on social media platforms, we recommend that you use them while considering the possible risks arising from their disclosure.
Clicktotherapy does not and cannot influence or control the nature and extent of the personal data collected and maintained by social media platforms as a condition or result of their use. Clicktotherapy is not responsible for the collection and processing of personal data carried out by these platforms. For more information regarding the purposes of collection, further processing and use of personal data by social media platforms, as well as your rights and available privacy settings, consult the privacy policy of the respective social media platform.
Profiling
Clicktotherapy collects data for the profile of the treated individual based on the answers given in a questionnaire to propose suitable specialized therapists.
The decision is made in accordance with Article 22(2)(g) of the GDPR, only if the individual has given explicit consent. Although the decision is necessary for proposing the appropriate therapist, i.e., entering into a contract between the data subject and the data controller, and this decision is permitted by Union or Member State law which also lays down suitable measures to safeguard the data subject's rights, our company as the Data Controller seeks your consent.
In case the individual does not wish personalized service provision, they can opt out. In such a case, our proposals will be based on a random selection of therapists.
You have the right to object, described clearly and separately from any other information in this paragraph. Additionally, you have the right to request the restriction of processing at any stage, in accordance with Article 18 of the GDPR.
You also have the right to request the restriction of processing at any stage, according to Article 18 of the GDPR.
We, as the data controller, are obliged to delete the related personal data if the basis for profiling is the data subject's consent and it is revoked or if you exercise your right to erase your data, according to Article 17 of the GDPR, provided there is no other legal basis for processing, in accordance with the provisions of the Regulation.
You have the right to object, at any time and for reasons related to your particular situation, to the processing of personal data concerning you, based on Article 6(1)(f) of the Regulation (Article 21(1) of the GDPR). From our side, as the data controller, we will no longer process the personal data, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims (Article 21(2) of the GDPR).
Furthermore, this data will not be subject to processing for commercial promotion purposes (Article 21(3) of the GDPR).
Communication with Natural Persons
To exercise your rights and for any inquiries regarding this Policy, please send a relevant written request to the Company's Data Protection Officer at the email address info[at]clicktotherapy.com.
Modification
This policy may require modification regarding the processing of personal data. In case the modification of the terms is of such nature and extent that it is not covered by the above terms of data processing, Clicktotherapy will publish the new version of the policy.