EN
Book a session

Privacy policy

We take the protection of your data particularly seriously — especially health data.

1. Controller

Controller within the meaning of the GDPR and other data protection laws:
Dr. phil. Leyla Demir, M.Sc.
Friedrichstraße 123, 10117 Berlin, Germany
praxis@praxis-demir.de

2. General notes and special protection of health data

Health data belong to the special categories of personal data under Art. 9 GDPR. We process such data exclusively on the basis of Art. 9 (2) (h) GDPR in conjunction with § 22 (1) No. 1 (b) BDSG (health care) and under our duty of confidentiality (§ 203 StGB).

Therapy content is not processed via the website. Contact via the contact form or by email serves exclusively for appointment coordination and general inquiries. Please do not send us sensitive health information by unencrypted email.

3. Hosting

This website is hosted by a provider with servers in the European Union (Cloudflare Pages / Netlify EU region). With each access, technical data are stored in server logs (IP address, date/time, user agent, referer). These data are deleted after 7 days. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in stable and secure operation).

4. Cookies

This website sets no technically unnecessary cookies. No profiling takes place. A cookie banner is therefore not required.

5. Analytics: Plausible Analytics

Where activated, we use Plausible Analytics (Plausible Insights OÜ, Estonia). Plausible is cookie-free and designed to respect privacy: no personal data is processed, no cookies are set, no cross-device profiles are created. Only aggregate statistics (page views, session length, country — anonymised) are collected. Legal basis: Art. 6 (1) (f) GDPR.

6. Online booking (Cal.com)

For online appointments we use Cal.com (Cal.com Inc., or self-hosting on European servers). When you click the booking button, you are forwarded to the booking page or the embedded widget loads. Cookies may be set by Cal.com. Data you provide for booking (name, email, optional phone, preferred time) are processed for appointment organisation. Legal basis: Art. 6 (1) (b) GDPR (contractual initiation).

7. Contact form and email

When using the contact form, the data you provide (name, email, optional phone, message) are processed to handle your request. Currently the form uses a mailto link to hand the message to your email client — your data only leave your computer when you actively send. Legal basis: Art. 6 (1) (b) GDPR or Art. 6 (1) (a) GDPR (consent via checkbox).

8. Your rights

You have the following rights with respect to your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification or erasure (Art. 16, 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to lodge a complaint with the supervisory authority — for Berlin: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin

9. Security

We use TLS encryption (HTTPS) for the entire website. Health data are not processed via the website, but exclusively in personal conversation or via qualified practice software operated in compliance with GDPR and KHZG.

10. Status

This privacy policy is dated: May 2026. We reserve the right to adapt this declaration if changes in the legal situation or our data processing make this necessary.