GDPR

Introduction

Dr. Thomas Steinert is fully committed to compliance with the requirements of the General Data Protection Regulation (GDPR). We understand the importance of protecting personal data and take privacy matters seriously. This GDPR Compliance Statement provides information on how we adhere to the principles of data protection and privacy in the context of the use of our application, MentiorMynd®.

Data Protection Principles

We adhere to the principles relating to the processing of personal data set out in the GDPR, which require personal data to be:

  • Processed lawfully, fairly, and in a transparent manner.
  • Collected only for specified, explicit, and legitimate purposes.
  • Adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
  • Accurate and kept up to date.
  • Stored in a form that permits identification of data subjects for no longer than is necessary.
  • Processed in a manner that ensures its security.

We determine data retention periods based on the purpose of collection, legal requirements, and the nature of the data. Once the data is no longer necessary, it is securely deleted in accordance with our data retention policy.

Rights of the Data Subject

The GDPR provides the following rights for individuals, which our application respects and complies with:

  • The right to be informed about the collection and use of their personal data.
  • The right to access their personal data and supplementary information.
  • The right to have inaccurate personal data corrected or completed if it is incomplete.
  • The right to have personal data erased in certain circumstances.
  • The right to restrict processing in certain circumstances.
  • The right to data portability, which allows the data subject to obtain and reuse their personal data for their own purposes across different services.
  • The right to object to processing in certain circumstances, including processing for direct marketing.
  • Rights in relation to automated decision-making and profiling.

Users wishing to exercise any of these rights can contact us via the contact details provided at the end of this policy.

Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Consent: For example, we process personal data based on the consent obtained from the data subject for one or more specific purposes, such as subscribing to newsletters.
  • Contract: Processing is necessary for the performance of a contract to which the data subject is a party, such as providing access to premium features after a purchase.
  • Legal Obligation: Processing is necessary for compliance with a legal obligation, such as tax reporting.
  • Vital Interests: Processing is necessary to protect the vital interests of the data subject or another natural person, such as in emergency scenarios.
  • Public Task: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
  • Legitimate Interests: Processing is necessary for the purposes of legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

We ensure that the lawful basis for processing is clear and that data subjects have appropriate information where necessary.

Security Measures

We are committed to protecting your personal data by implementing robust security measures. These include encryption, access controls, regular security audits, and ongoing staff training to ensure compliance with GDPR’s security requirements.

Contact Information

For any inquiries or complaints regarding our compliance with GDPR, or if you wish to exercise your rights under the GDPR, please contact us through our Contact Page or email us at Thomas@CreativeIQ.de.

Scroll to Top