Privacy Policy
Last updated: [DATE]. This policy informs you pursuant to Art. 13 / 14 GDPR and § 25 TDDDG about the processing of personal data on vertex-sporttherapie.de.
1. Controller
The controller within the meaning of Art. 4(7) GDPR is:
Julio Abad VeriaVERTEX SPORTTHERAPIE
[FULL ADDRESS]
[POSTCODE] Berlin · Germany
Email: [E-MAIL]
Phone: [TELEFON]
No data protection officer has been appointed (§ 38 BDSG — statutory thresholds not reached).
2. General Principles of Data Processing
We process personal data of our users only to the extent necessary to provide a functional website and our content and services, and only where a legal basis exists (Art. 6 GDPR).
Legal bases include in particular consent (Art. 6(1)(a) GDPR), initiation or performance of a contract (lit. b), compliance with a legal obligation (lit. c) and legitimate interests (lit. f), as well as § 25 TDDDG for access to information stored on end devices.
3. Server Logs (Cloudflare Pages)
When you visit the website, the following data are recorded in server log files:
- IP address (truncated where possible)
- Date and time of access
- HTTP method, URL, HTTP status code
- User agent / browser type
- Referrer URL
The processor is Cloudflare Germany GmbH and Cloudflare, Inc., with edge hosting within the EU. A data processing agreement (DPA) pursuant to Art. 28 GDPR is in place. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and performant operation of the website).
4. Cookies & Consent Management (CMP)
For access to information stored on your end device that is not strictly necessary, we obtain your consent pursuant to § 25(1) TDDDG via a consent management tool (CMP).
CMP provider: [CMP PROVIDER — Usercentrics OR Cookiebot]. A DPA pursuant to Art. 28 GDPR has been concluded.
You may change or withdraw your consent at any time via the "Cookie Settings" link in the footer.
5. Web Analytics — Plausible (cookieless)
We use Plausible Analytics, a privacy-friendly, cookie-free analytics service provided by Plausible Insights OÜ (EU hosting). No cookies are set; IP addresses are used exclusively in hashed form for daily unique-visitor counting and are not stored.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in anonymous reach measurement). A DPA has been concluded.
6. Storyblok CMS
The content of our website is managed and delivered via the headless CMS Storyblok (Storyblok GmbH, Linz/AT — EU hosting). When retrieving public content only, technically necessary connection data are processed. A DPA pursuant to Art. 28 GDPR is in place.
7. Online Booking (Cal.com)
For appointment bookings we use Cal.com (Cal.com, Inc., EU hosting available). When making a booking we process your name, email address, phone number (optional), appointment details and any information you voluntarily provide.
Legal basis: Art. 6(1)(b) GDPR (initiation and performance of a contract). A DPA has been concluded. Retention: until fulfilment of the contract, thereafter in accordance with statutory retention obligations under tax and commercial law.
8. Contact Form
If you contact us via the contact form or by email, your details (name, email address, message) are processed for the purpose of handling your enquiry and any follow-up questions. Legal basis: Art. 6(1)(b)/(f) GDPR.
9. WhatsApp Business
You may also contact us via WhatsApp Business. The provider is WhatsApp Ireland Ltd., a subsidiary of Meta Platforms Ireland Ltd. When you contact us via WhatsApp, metadata (phone number, time, recipient) are transmitted to Meta. A transfer to third countries (USA) may occur; safeguarded by EU Standard Contractual Clauses.
Legal basis: Art. 6(1)(a)/(b) GDPR (consent through active contact initiation). Prior to any substantive exchange we obtain explicit confirmation ("double opt-in").
10. Email Newsletter (Brevo, Double Opt-In)
For the dispatch of our newsletter we use Brevo (sendinblue GmbH, EU hosting). Sign-up is via double opt-in. We store your sign-up IP address, sign-up timestamp and confirmation click as proof of consent pursuant to § 7(2) UWG (German Act Against Unfair Competition).
You may unsubscribe at any time via the unsubscribe link in every newsletter. Legal basis: Art. 6(1)(a) GDPR. A DPA has been concluded.
11. Fonts / Embeds
We use exclusively locally hosted fonts (no Google Fonts CDN). No data are therefore transmitted to third parties when fonts are loaded.
Other embeds (e.g. YouTube, Vimeo), where used, are loaded only after explicit consent via the CMP ("click to load").
12. Data Subject Rights
You have the following rights in relation to us:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to withdraw consent (Art. 7(3) GDPR)
To exercise these rights, please contact [E-MAIL].
13. Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The authority competent for us is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit (BlnBDI)Alt-Moabit 59–61, 10555 Berlin
datenschutz-berlin.de
14. Retention Periods
We store personal data only for as long as necessary for the respective purposes or as required by statutory retention obligations (e.g. § 257 HGB, § 147 AO — German Commercial Code and Fiscal Code). After expiry of the applicable retention period, data are erased or blocked.
15. Transfers to Third Countries
Where transfers to third countries outside the EU/EEA occur (e.g. via Meta/WhatsApp), they are carried out on the basis of EU Standard Contractual Clauses (Art. 46(2)(c) GDPR) and, where applicable, your explicit consent (Art. 49(1)(a) GDPR).
16. Updates to This Policy
We reserve the right to update this Privacy Policy to ensure it continues to comply with current legal requirements. The current version is always available here.