PRIVACY POLICY

We are delighted that you have visited our website and are interested in our company. Data protection has a particularly high priority for the management of tomoni mental health gGmbH. We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

1. General information

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data by which you can be personally identified. For detailed information on the subject of data protection, please refer to the data protection declaration listed below this text.

The responsible body for data processing on this website is:

tomoni mental health GmbH
Am Pilgerrain 17
61352 Bad Homburg v. d. Höhe
social@tomonimentalhealth.org

Represented by the management:

Alix Puhl
Oliver Puhl

Register Court
Local Court Frankfurt am Main
HRB 127766
Germany

The responsible body is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

The contact details of our data protection officer are:

Dr. Alexander Deicke
Kaffeeberg 11, 71634 Ludwigsburg
E-mail: datenschutzbeuaftragter@k11consulting.de

2. Collection and storage of personal data as well as the type and purpose of their use

a) When visiting the website

When you visit our website www.tomonimentalhealth.org, information is automatically sent to our website server by the browser used on your end device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:

- IP address of the requesting computer,

- Date and time of access,

- name and URL of the file accessed,

- website from which the access was made (referrer URL),

- the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

The aforementioned data is processed by us for the following purposes:

- Ensuring a smooth connection set-up of the website,

- Ensuring a comfortable use of our website,

- evaluating system security and stability, and

- for other administrative purposes.

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. a, f DSGVO. You have the right to give your consent to the processing of personal data concerning you for one or more specific purposes. Our legitimate interest follows from the data collection purposes listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.

We do not combine this data with other data sources.

In addition, we use cookies and analysis services when you visit our website. You can find more detailed explanations of this under points 4 and 5 of this data protection declaration.

b) When using our contact form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions.

These data are: First name, last name, e-mail address.

We do not pass on this data without your consent. The processing of the data entered in the contact form is therefore based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. All you need to do is send us an informal message by e-mail to this address:

social@tomonimentalhealth.org

The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

The data you entered in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected.

3. Transfer of data

Your personal data will not be passed on to third parties for purposes other than those listed below.

We only pass on your personal data to third parties if:

- you have given your express consent in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO,

- on the basis of legitimate interests pursuant to Art. 6 Para. 1 lit. f. DSGVO in the economic and effective operation of our business,

- in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c DSGVO, as well as

- this is legally permissible and necessary according to Art. 6 Para. 1 S. 1 lit. b DSGVO for the processing of contractual relationships with you.

4. Cookies and technology

We use technologies such as "cookies" to provide tailored services and as a means to collect reliable and consistent traffic data. A "cookie" is a small file that is sent from a web server to a user's browser and stored on the user's hard drive.

Types of cookies

Cookies are stored on your terminal device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser. In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company. Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behaviour or display advertising.

Please note that you cannot deselect necessary cookies, as essential functions of our website can then no longer be guaranteed. However, you can set your internet browser to prevent cookies from being saved for all websites or to restrict them to certain websites. Please note, however, that if you deactivate all cookies and thus also the required cookies in your internet browser, you must expect a restricted display of the page and a partially restricted user guidance. This may make it more difficult to use our site.

Necessary/required cookies

Cookies which are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions desired by you (functional cookies, e.g. for the shopping basket function) or to optimise the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 Para. 1 lit. f DSGVO, unless another legal basis is specified. We have a legitimate interest in storing cookies for the technically error-free and optimised provision of our services. If consent to the storage of cookies has been requested, the storage of the cookies in question is based exclusively on this consent (Art. 6 para. 1 lit. a DSGVO); consent can be revoked at any time. The legal basis for the use of necessary cookies is Art. 6 para. 1 lit. f) DSGVO.

Functional cookies

Functional cookies allow us to gain our own insights into how our website is used and enable us to measure the success of our campaigns. This allows us to continuously improve our website both in our interest and in the interest of you as a user. Measuring the success of our advertising campaigns is an essential component for us to control cost efficiency and thus enables us to keep our fees low. The legal basis for the use of functional cookies is Art. 6 (1) lit. f) DSGVO.

Non-classified cookies

Non-classified cookies are cookies that we are in the process of trying to classify, along with providers of individual cookies.

Flash cookies

A Flash cookie (or Local Shared Object, orLSO for short, often inaccurately called a supercookie) is a cookie tied to the Adobe Flash player - i.e. a file in which user-related data is stored on the user's PC for later retrieval by the website or web application in question when surfing the Internet. Flash cookies are not easy to manage on the target computer and usually have a longer retention time than normal text cookies. The Flash cookies used are not collected by your browser, but by your Flash plug-in. Furthermore, we use HTML5 storage objects that are stored on your end device. These objects store the required data independently of the browser you are using and have no automatic expiry date. If you do not want Flash cookies to be processed, you must install an appropriate add-on (e.g. download Flash Cookies Cleaner 1.2 (softpedia.com)). You can prevent the use of HTML5 storage objects by setting your browser to private mode. We also recommend that you regularly delete your cookies and browsing history manually.

5. Cookie settings

You can change your cookie settings and refuse cookies. However, if you choose to block cookies, you may not have full access to all features and pages of our websites. Please note that most browsers allow you to manage your cookie settings by changing your preferences. You can set your browser to: automatically accept or reject all cookies, automatically accept or reject first party cookies and/or third party cookies, or notify you before cookies are set so that you have the opportunity to decide whether or not to accept cookies. In addition, you can usually activate the automatic deletion of cookies when you close your browser.

Therefore, if you initially accept cookies but later change your mind and want to turn them off, you can use your browser settings to delete cookies already set on your electronic devices and/or change your browser settings to reject further cookies or certain further cookies. In addition, you can visit www.aboutcookies.org for comprehensive information on how to implement this on a variety of browsers or visit http://www.youronlinechoices.com/ to manage the advertising cookies placed on your devices.

6. Use of social media plugins

Social media plugins connect the website to social networks such as Facebook, Instagram, Xing, LinkedIn, Twitter and Google Plus. The social media plugins are integrated into web pages and the content is shared on other social channels. The plugins are small buttons, including for example the Facebook Like button or the Share button from Twitter, Google, Instagram, etc. The social media plugins are not integrated into websites. Activities of users who are not logged in or members of these pages can also be tracked in this way. Simply by accessing these pages, user data is automatically forwarded to the social network channels that are represented on the page.

We use plugins from the following companies:

Plugins of the social network instagram.com, which is operated by Meta Platforms Ireland Ltd.

4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland ("Instagram").

Plugins of the social network linkedin.com, which are operated by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland ("LinkedIn").

You can recognise the plugins used by the respective logo of the associated social network or platform (e.g. white "f" on a blue background for Facebook or an "Instagram camera" for Instagram).

Embedding a plugin in a website usually results in your browser establishing a direct connection to the servers of the respective provider when you call up the website and loading the corresponding plugin and its content onto your browser in order to integrate it into the website you are visiting. However, we have integrated the plugins in such a way that contact with the social network/platform concerned is only established when you actively interact with the plugins, for example by clicking the "Like" or "Instagram" button, sharing content via the buttons, starting videos or using the interactive map. If you interact with the plugins without being logged in to the providers, the respective provider initially only receives the information from which website the corresponding page is called up. Only when you confirm that you want to share the information is direct contact established between you and the social network. The shared information may be transmitted directly to the server of the respective provider and stored there. The data collected by the providers may include user data, including your IP address and geographical location, as well as technical data, such as the type of browser or operating system used. We do not control the collection, storage and use of such data by the social networks. We do not gain access to the collected data. For the purpose and scope of the data collection and the further processing and use of the data by the providers, as well as your rights in this regard and setting options for protecting your privacy, please refer to the privacy policies of the providers.

Privacy policy of Instagram: https://help.instagram.com/155833707900388/

Privacy policy of LinkedIn: https://www.linkedin.com/legal/privacy-policy

7. Analysis tools

This site uses Mailchimp, Friendly Captcha and Matomo analytics tools.
 

Mailchimp
We use Mailchimp from The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA (Mailchimp) to send our newsletter. This allows us to contact subscribers directly. In addition, we analyse your usage behaviour in order to optimise our offer. For this purpose, we pass on the following personal data to Mailchimp:

Email address
First name

Our email sends contain a link with which you can update your personal data.

Mailchimp is the recipient of your personal data and acts as a processor for us as far as the sending of our newsletter is concerned. The processing of the data provided under this section is neither legally nor contractually required. Without your consent and the transmission of your personal data, we cannot send out a newsletter to you.

In addition, Mailchimp collects the following personal data using cookies and other tracking methods: Information about your terminal device (IP address, device information, operating system, browser ID, information about the application with which you read your emails and further information about hardware and internet connection. In addition, usage data is collected such as date and time, when you opened the email / campaign and browser activity (e.g. which emails / web pages were opened). Mailchimp needs this data to ensure the security and reliability of the systems, compliance with the terms of use and the prevention of misuse. This corresponds to the legitimate interest of Mailchimp (according to Art. 6 para. 1 lit. f DSGVO) and serves the execution of the contract (according to Art. 6 para. 1 lit. b DSGVO). Mailchimp also evaluates performance data, such as email delivery statistics and other communication data. This information is used to create usage and performance statistics for the services.

Mailchimp also collects information about you from other sources. In an unspecified period and scope, personal data is collected via social media and other third-party data providers. We have no control over this process. You can find more information about objection and removal options vis-à-vis Mailchimp at: https://mailchimp.com/legal/privacy/#3._Privacy_for_Contacts.

The legal basis for these processing operations is your consent pursuant to Art. 6 (1) lit. a DSGVO. You can revoke your consent to the processing of your personal data at any time. A corresponding link can be found in all mailings. In addition, the revocation can be made via the specified contact options. The declaration of revocation does not affect the lawfulness of the processing carried out to date.

Your data will be processed as long as you have given your consent. Apart from that, they will be deleted after the termination of the contract between us and Mailchimp, unless legal requirements make further storage necessary.

Mailchimp has implemented compliance measures for international data transfers. These apply to all global activities where Mailchimp processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit: https://mailchimp.com/legal/data-processing-addendum/

Friendly Captcha

Our website uses the "Friendly Captcha" service (www.friendlycaptcha.com). This service is offered by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany. Friendly Captcha is a novel, privacy-friendly protection solution to make it more difficult for automated programs and scripts (so-called "bots") to use our website.

For this purpose, we have integrated a program code from Friendly Captcha into our website (e.g. for contact forms) so that the visitor's terminal device can establish a connection to the Friendly Captcha servers in order to receive a calculation task from Friendly Captcha. The visitor's terminal solves the calculation task, which requires certain system resources, and sends the calculation result to our web server. The server contacts the Friendly Captcha server via an interface and receives a response stating whether the puzzle was solved correctly by the end device. Depending on the result, we can apply security rules to requests via our website and thus, for example, process or reject them.

The data is used exclusively for the protection against spam and bots described above. Friendly Captcha does not set or read any cookies on the visitor's terminal device. IP addresses are only stored in hashed (one-way encrypted) form and do not allow us and Friendly Captcha to draw any conclusions about an individual person.

If personal data is collected, it is deleted after 30 days at the latest. The legal basis for the processing is our legitimate interests in protecting our website from improper access by bots, i.e. spam protection and protection against attacks (e.g. mass requests), Art. 6 para. 1 lit. f DSGVO. Further information on data protection when using Friendly Captcha can be found at https://friendlycaptcha.com/legal/privacy-end-users/.

Matomo
This website uses Matomo to analyse traffic and help us improve your user experience. Please read the privacy policy to find out more: https://matomo.org/privacy-policy/

8. Your rights

Right of access

You may request information in accordance with Article 15 of the GDPR about your personal data processed by us. In your request for information, you should specify your request to make it easier for me to compile the necessary data.

Right to rectification

If the information concerning you is not (or no longer) accurate, you may request a correction in accordance with Art. 16 DSGVO. If your data is incomplete, you can request that it be completed.

Right to deletion

You can request the deletion of your personal data under the conditions of Art. 17 DSGVO. Your right to erasure depends, among other things, on whether the data relating to you is still required by me for the fulfillment of legal obligations (such as the fulfillment of statutory retention obligations) or for the performance of a contract.

Right to restriction of processing

Within the framework of the provisions of Art. 18 DSGVO, you have the right to request a restriction of the processing of the data concerning you.

Right to object

In accordance with Art. 21 (1) DSGVO, you have the right to object to the processing of data relating to you at any time for reasons arising from your particular situation. However, we cannot always comply with this, e.g. if a legal provision obliges us to process. In addition, you have the right to object to the use of your personal data for advertising purposes in accordance with Art. 21 (2) DSGVO.

Right of revocation

You have the right to revoke your consent to the use and disclosure of your personal data.

Right to data portability

You have the right to have your personal data processed by us transferred to a third party that you designate. In the case of processing of personal data for the performance of tasks in the public interest (Art. 6 para. 1 sentence 1 lit. e DSGVO) or for the performance of legitimate interests (Art. 6 para. 1 sentence 1 lit. f DSGVO), you may object to the processing of personal data relating to you at any time with effect for the future. In the event of an objection, we must refrain from any further processing of your data for the aforementioned purposes, unless there are compelling legitimate grounds for processing which override your interests, rights and freedoms, or processing is necessary for the assertion, exercise or defence of legal claims.

Right to complain

If you believe that we have not complied with data protection regulations when processing your data, you may lodge a complaint with a data protection supervisory authority. The data protection supervisory authority responsible for our registered office is the State Commissioner for Data Protection and Freedom of Information of Hesse.

9. Right of objection

If your personal data is processed on the basis of legitimate interests pursuant to Article 6 (1) sentence 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Article 21 DSGVO, provided that there are grounds for doing so which arise from your particular situation or the objection is directed against direct advertising. In the latter case, they have a general right of objection, which is implemented by us without specifying a particular situation. If you wish to make use of your right of revocation or objection, it is sufficient to send an e-mail to social@tomonimentalhealth.org.

Objection to advertising e-mails

We hereby object to the use of contact data published within the scope of the imprint obligation to send advertising and information material that has not been expressly requested. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example by spam e-mails.

9. Data security

We use the widespread SSL procedure (Secure Socket Layer) in connection with the highest level of encryption supported by your browser when you visit our website. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is encrypted by the closed key or lock symbol in the lower status bar of your browser.

We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in accordance with technological developments.

10. Topicality and amendment of this data protection declaration

This data protection declaration is currently valid and has the status January 2023. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection statement at any time on the website at https://www.tomonimentalhealth.org/privacypolicy.