This Privacy Policy explains the type, scope, and purpose of the processing of personal data (hereinafter referred to as 'data') within the context of our services, as well as within our online offerings and associated websites, functions, and content, including external online presences, such as our social media profiles (hereinafter collectively referred to as 'online offering'). Regarding the terms used, such as 'processing' or 'controller,' we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

1. Contact Information

Name and Contact Information of the Controller

Mindable Health GmbH
Represented by Linda-Marie Weber and Eddie Rietz
Neue Grünstraße 17
10179 Berlin

EMail: info@mindable.health
Telephone: +49 30 62923386

(hereinafter 'Mindable Health,' 'we,' or 'us')

Data Protection Officer

If you have questions about our data protection measures, the processing of your data, or the exercise of your data subject rights, you can reach us and our Data Protection Officer as follows:

External Data Protection Officer
ePrivacy GmbH
Represented by Prof. Dr. Christoph Bauer
Große Bleichen 21, 20354 Hamburg

For all questions and concerns regarding your data, please contact datenschutz@mindable.health.

If you wish to communicate directly with our Data Protection Officer (for example, if you have a particularly sensitive concern), please contact them via postal mail, as email communication may have security vulnerabilities. Please indicate in your request that your concern relates to Mindable Health.

2. Data Processing

As part of using the website, personal data, including sensitive health data, is processed. Personal data includes all information related to an identified or identifiable natural person. Sensitive health data includes information about a person's physical or mental health.

The processing of this data is carried out in compliance with the requirements of the General Data Protection Regulation (GDPR).

2.1 Self-Test

On our website, you have the option to use questionnaires to self-assess the severity of various mental health conditions.

Personal Identifiable Data

• Health data related to your current mental state
• Email address

Purposes of Use

• Determining whether our offering is suitable for you,
• Assessing your health condition,
• Correspondence with you

Legal Basis

We rely on your consent as the legal basis for processing your data, provided you have given it to us (Art. 6(1)(a) GDPR).

Data Recipients

Typeform:
We use the Typeform service provided by TYPEFORM SL, C/Bac de Roda, 163, 08018 Barcelona, Spain, to offer questionnaires. Email addresses are recorded in this process. Further information about the provider can be found at Typeform's terms, conditions & policies.

n8n:
We use the n8n service provided by n8n GmbH, Borsigstr. 27, 10115 Berlin, for contacting you and sending emails to you. Further information about the provider can be found at n8n Legal.

Retention Period

We process your data until you withdraw your consent.

2.2 Use of Our Prescription Service

Mindable Health offers you the option to submit your prescription or indication certificate for a Mindable DiGA to your health insurance company, significantly reducing your effort. Simply use our convenient upload service, which allows you to transmit your data to us. If there are issues on the side of the health insurance, we support you and advocate for your affected rights with health insurance companies and supervisory authorities.

Personal Data

• First and last name
• Address
• Date of birth
• Health insurance number
• Health data

Purposes of Use

• To submit prescriptions to statutory health insurers as part of our prescription service,

• to correspond with you.

Legal Basis

Your data is processed based on your explicit consent (Article 9(2)(a) GDPR for health data and Article 6(1)(a) GDPR for all other data).

Data Recipients

Typeform

We use the Typeform service provided by TYPEFORM SL, C/Bac de Roda, 163, 08018 Barcelona, Spain, to store the submitted documents. The following data is collected: First and last name, address, date of birth, health insurance number, and health data (such as diagnosis, etc.). More information about the provider can be found at Typeform's terms, conditions & policies.

Jira

We use the project management tool Jira provided by Atlassian Pty Ltd (Level 6, 341 George Street, Sydney NSW 2000, Australia) to organize and handle our prescription service. Data related to prescription submission is processed.

More information about the provider can be found at Privacy Policy | Atlassian .

n8n

We use the service n8n provided by n8n GmbH, Borsigstr. 27, 10115 Berlin, to contact you and send prescriptions to health insurers. More information about the provider can be found at n8n Legal .

Retention Period

Your prescriptions and indication certificates will be automatically deleted no later than 12 months after transmission to us, unless there are issues with the health insurance that you have asked us to resolve. In such cases, deletion will occur after the resolution is complete.

2.3 App Purchase

In addition to reimbursement of DiGAs through statutory health insurers, you can purchase access to our apps as a self-payer.

Personal Data

We collect only the personal data necessary to complete a purchase:

• First and last name
• Address
• Email address
• Payment method

Purposes of Use

• To correspond with you,
• To process contracts with you,
• To provide our service,
• To improve our service.

Legal Basis

Your data is collected and processed solely to establish and fulfill the purchase agreement (Article 6(1)(b) GDPR).

Data Recipients

Mollie

We use the payment service provider Mollie B.V. (Keizersgracht 126, 1015 CW Amsterdam, Netherlands) to process your payment. Mollie collects the data necessary for the payment method you selected and receives the product name and price from Mindable Health for billing purposes. All other information is processed independently by Mollie. We do not receive your payment information (e.g., credit card number, expiration date, security code, PayPal login). The provider's privacy policy applies to the processing of your personal data by Mollie. See Mollie's privacy policy.

Lexoffice

We use the service Lexoffice from Haufe-Lexware GmbH & Co. KG, Munzinger Straße 9, 79111 Freiburg, for invoicing. The following data categories are processed: Basic and contact data, transaction and contract data, as well as communication and payment data.

More information about the provider can be found at Data protection - Security for your business data

Open Telekom Cloud (OTC)

We use the cloud service infrastructure of Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn, for the flexible provision of IT services and secure storage or exchange of digital content and information. The following data categories are processed: Basic and contact data, transaction and contract data, as well as communication data. More information about the provider can be found at https://www.t-systems.com/de/de/datenschutz

Retention Period

We retain data for as long as is necessary to fulfill the contract. If legal retention periods exist, your data will be stored until those periods expire (e.g., 10 years for invoices).

2.4 Ordering Information Materials

We offer doctors and therapists the ability to order information material about our products and services through our website.

Personal Data

• Customer data (title, salutation, first name, last name, professional title, practice name)
• Contact data (address, email, phone number)
• Order details

Purposes of Use

• Processing customer inquiries (new and follow-up orders),
• Sending requested informational materials (product and service information).

Legal Basis

We process your data based on the following legal grounds:

• Your consent, if provided (Art. 6(1)(a) GDPR),
• The initiation or performance of a contract with you (Art. 6(1)(b) GDPR),
• The pursuit of our legitimate interests (Art. 6(1)(f) GDPR).

Data processing serves the following legitimate interests:

• Improving our offerings,
• Creating statistics,
• Marketing purposes,
• Maintaining correspondence with you.

Data Recipients

Salesmate

We use Salesmate provided by Rapidops Inc., 525 N Tryon St, Suite 1600 Charlotte, NC 28203 USA, as our CRM system for managing customer and prospect interactions. The following data may be captured (not limited to): Name, title, address, email address, phone number, other contact information, customer history, and meeting notes. More information about the provider can be found at Salesmate's privacy policy.

Open Telekom Cloud (OTC)

We use Telekom Deutschland GmbH's cloud service infrastructure for creating test access accounts. The following data is processed: Name.

More information about the provider can be found at https://www.t-systems.com/de/de/datenschutz

n8n

We use n8n provided by n8n GmbH, Borsigstr. 27, 10115 Berlin, for automating the forwarding of inquiries to Königsdruck. The following data is processed: Name and address. More information about the provider can be found at n8n Legal.

Königsdruck

We use the services of Königsdruck Printmedien und digitale Dienste GmbH, Alt-Reinickendorf 28, 13407 Berlin, for sending informational materials to you. The following data is processed: Name and address.

Retention Period

We review every two years whether the data is still necessary.

2.5 Registration and Participation in CME Webinars and Workshops

We offer participation in CME-certified training and workshops via our website, for which doctors and therapists can register and participate.

Personal Data

• Name
• Practice Name
• Email
• Phone Number
• Optional Uniform Training Number (EFN)
• Optional Specialty

Purposes of Use

• Facilitating participation in training and workshops

Legal Basis

Your consent, provided you have given it to us (Art. 6(1)(a) GDPR).

Data Recipients

Zoom

We use Zoom, provided by Zoom Video Communications, Inc. (55 Almaden Blvd. Suite 600, San Jose, CA 95113, USA), as a video conferencing tool for remote meetings, webinars, interviews, virtual events, or remote training. The following data is collected: Customer content data (e.g., Zoom account data, authentication data, session communication content, chat messages, cloud recordings, participant information, chat information, address book information, calendar information), meeting metadata, telemetry data, other Zoom-generated data, and customer support data.

More information about the provider can be found at Privacy Policy | Zoom

Salesmate

We use Salesmate, provided by Rapidops Inc., 525 N Tryon St, Suite 1600 Charlotte, NC 28203 USA, as our CRM system for managing interactions with customers and prospects. It helps us streamline processes, build customer relationships, improve customer service, and increase profitability. The following data may be collected (but is not limited to): Name, title, address, email address, phone number, other contact information, customer history, and meeting notes. More information about the provider can be found at Privacy Policy - Salesmate.

Typeform

We use Typeform, provided by TYPEFORM SL, C/Bac de Roda, 163, 08018 Barcelona, Spain, to provide registration forms. The following data is collected: Practice name, title, salutation, first name, last name, address, email, and event feedback. More information about the provider can be found at Typeform's Terms, Conditions, and Policies.

Open Telekom Cloud (OTC)

We use the cloud service infrastructure provided by Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn, to create your CME certificates. The following data categories are processed: Core and contact data, event information.

More information about the provider can be found at https://www.t-systems.com/de/de/datenschutz

Amazon Web Services Cloud (AWS)

We use the cloud service infrastructure provided by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg, to send your CME certificates via email. The following data category is processed: Email address.

More information about the provider can be found at GDPR – Amazon Web Services (AWS)

n8n

We use n8n, provided by n8n GmbH, Borsigstr. 27, 10115 Berlin, for automated follow-up. The following data is collected: Name, email address, event information. More information about the provider can be found at n8n Legal.

Retention Period

We store your data as long as it is necessary for the purposes for which you have consented. If you have given consent to receive additional information, your data will be processed until your consent is withdrawn.

2.6 Provision of Newsletter

We provide information and advertising via email for professionals and patients.

Personal Data

• Name
• Email

Purposes of Use

We process your data for the following purposes:

• For promotional purposes, such as sending our newsletter,
• For quality assurance and statistics,
• For your participation in our surveys.

Legal Basis

We rely on the following legal bases for processing your data:

• Your consent, provided you have given it to us (Art. 6(1)(a) GDPR),
• The pursuit of our legitimate interests (Art. 6(1)(f) GDPR).

The processing of your data aims to protect the following legitimate interests:

• Improvement of our offering,
• Marketing purposes.

Data Recipients

Salesmate

We use Salesmate, provided by Rapidops Inc., to send our clinician newsletters and measure open and click rates. It helps us streamline processes, build customer relationships, and increase profitability. More information about the provider can be found at Privacy Policy - Salesmate.

Rapidmail

We use Rapidmail, provided by rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i. Br., to send our patient newsletters and measure open and click rates. For open rate measurement, emails sent with Rapidmail contain a tracking pixel that connects to Rapidmail servers once the email is opened. This measurement also includes information on whether and which links in a newsletter were clicked.

If you have subscribed to our newsletter, we will forward in particular your e-mail address to rapidmail. When you register for the newsletter, the user's IP address and the date and time of the date and time of registration.

Details on the analysis function of rapidmail can be found at the following link: Statistics & Evaluation - rapidmail Help Center.

Retention Period

We process your data until you withdraw your consent.

2.7 Contact via Phone, Email, or Contact Form

We offer you the option to send us a request via email, call us, or contact us through the website.

Personal Data

• First and last name
• Phone number and/or email address
• The content of your message

Purposes of Use

• To correspond with you,
• To process contracts with you,
• To improve our services.

Legal Basis

We rely on the following legal bases for processing your data:

• Your consent, provided you have given it to us (Art. 6(1)(a) GDPR),
• The initiation or performance of a contract with you (Art. 6(1)(b) GDPR),
• Compliance with legal obligations (Art. 6(1)(c) GDPR)
• The pursuit of our legitimate interests (Art. 6(1)(f) GDPR).

The processing of your data aims to protect the following legitimate interests:

• Improving our offering,
• Creating statistics,
• Maintaining correspondence with you.

Data Recipients

Zammad

We use Zammad, provided by Zammad GmbH (Marienstraße 18, 10117 Berlin), to provide contact options via phone, email, and contact form. Zammad helps us classify, organize, and respond to emails personally. The following data is collected: Name and contact details (phone number and email address).

More information about the provider can be found at

Privacy and Security | Zammad

Retention Period

Your data will be deleted after six years, unless other legal retention periods apply.

2.8 Business Contacts (B2B) in CRM

Personal Data

• First and Last Name
• Title
• Specialization
• Company/Institution Name
• Address (business)
• Website
• Email Address
• Phone Number
• Contact Data
• Contact History
• Appointment Data
• Interests
• Data on Ordered Goods or Services
• Communication Data

Purposes of Use

• Maintaining and Building Customer Relationships (B2B)

Legal Basis

• Your consent, if you have given it to us (Art. 6 Para. 1 lit. a) GDPR),
• the initiation or performance of a contract with you (Art. 6 Para. 1 lit. b) GDPR),
• the pursuit of our legitimate interests (Art. 6 Para. 1 lit. f) GDPR).

The processing of your data serves the following legitimate interests:

• Improving our offering,
• Creating statistics,
• Marketing purposes,
• Maintaining correspondence with you.

Data Recipients

Salesmate

We use Salesmate, provided by Rapidops Inc., 525 N Tryon St, Suite 1600 Charlotte, NC 28203 USA, as our CRM system for managing interactions with customers and potential clients. It helps us streamline processes, build customer relationships, increase revenue, improve customer service, and enhance profitability. The following data may be captured (not limited to): Name, title, address, email address, phone number, other contact information, customer history, and meeting notes. More information about the provider can be found at Privacy Policy - Salesmate.

Retention Period

After two years, we review whether we still need the data. Data that is no longer required will be deleted.

2.9 Website Analytics

We analyze website usage to improve the offering for website users.

Personal Data

• IP Address (anonymized) - Country, Region, City
• Device Type
• Operating System
• Browser
• HTTP Referrer
• Page URL of visited pages

Purposes of Use

We process your data for the following purposes:

• Quality assurance and statistics,
• Providing our service,
• Improving our service.

Legal Basis

We rely on the following legal basis for processing your data:

• The pursuit of our legitimate interests (Art. 6 Para. 1 lit. f) GDPR).

The processing of your data serves the following legitimate interests:

• Improving our offering,
• Protecting our systems from misuse,
• Creating statistics.

Data Recipients

Plausible

We use Plausible Analytics, provided by Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia, to analyze website usage to improve the offering for users. The following data is collected: Page URL, HTTP Referrer, Browser, Operating System, Device Type, Country, Region, and City. More information about the provider can be found at Plausible Analytics Privacy Policy | Plausible Analytics.

Retention Period

Personally identifiable data is anonymized immediately by the provider.

2.10 Social Networks

Personal Data

• Your contact information (such as first and last name, address, email address, phone number),
• Your correspondence with us.

Purposes of Use

We process your data for the following purposes:

• To correspond with you,
• To inform you about our services,
• For marketing purposes.

Legal Basis

• Your consent, if you have given it to us (Art. 6 Para. 1 lit. a) GDPR),
• The pursuit of our legitimate interests (Art. 6 Para. 1 lit. f) GDPR).

The processing of your data serves the following legitimate interests:

• Improving our offering,
• Creating statistics,
• Marketing purposes.

Data Recipients

Facebook Fanpage

We operate a Facebook page (so-called “Fanpage”) on Facebook, a service of Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Ireland”).

When visiting our Facebook Fanpage, personal data is processed not only by us but also by Meta Ireland, even if you do not have a Facebook profile or are not logged in. During the use of our Fanpage, user data (such as contact details), content data (such as form entries), usage data (such as visited websites, interests in content, access times), communication data (such as device information, IP addresses) are processed. This is done for purposes of providing information and communication, such as responding to contact inquiries and feedback forms, as well as for marketing purposes.

If you are logged in when accessing our Fanpage, we can view the information contained in your public Facebook profile. Additionally, Meta Ireland provides us with statistics and insights that help us understand the types of actions users take on our pages (“Page Insights”). We use these to improve the user experience. However, we do not have access to the usage data that Meta Ireland uses to create the statistics, only to aggregated Page Insights.

We are jointly responsible with Meta for the collection of data from visitors to our Fanpage and the transmission of this data to Meta (this includes creating the aforementioned events and combining them into Page Insights, which are then provided to us by Meta Ireland). While interests and user profiles can be derived from these data, we cannot draw conclusions about individual users. Meta also uses the data to provide “Page Insights” that offer insights into interactions with the pages and their related content. For this purpose, we have concluded a contract with Meta regarding joint responsibility for the processing of your data pursuant to Art. 26 GDPR. This agreement with Meta also specifies the security measures Meta must observe. Data subject rights, such as access requests or other inquiries, are also to be fulfilled by Meta. The terms of this agreement with Meta can be viewed here: Facebook More information about the personal data processed under joint responsibility can be found at Facebook. Additional processing by Meta is not part of our joint responsibility.

More information about Page Insights and guidance on asserting your data subject rights can be found in the Information on Page Insights Data. Further details about how Meta processes personal data, including information about the legal basis and options to exercise your rights with Meta, can be found in Meta's privacy policy at https://www.facebook.com/about/privacy.

Instagram Fanpage

We operate an Instagram page (so-called “Fanpage”) on Instagram, a service of Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta”).

When visiting our Instagram Fanpage, personal data is processed not only by us but also by Meta, even if you do not have an Instagram profile or are not logged in. During the use of our Fanpage, user data (such as contact details), content data (such as form entries), usage data (such as visited websites, interests in content, access times), communication data (such as device information, IP addresses) are processed. This is done for purposes of providing information and communication, such as responding to contact inquiries and feedback forms, as well as for marketing purposes.

If you are logged in when accessing our Fanpage, we can view the information contained in your public Instagram profile. Additionally, Meta provides us with statistics and insights that help us understand the types of actions users take on our pages (“Page Insights”). We use these to improve the user experience. However, we do not have access to the usage data that Meta uses to create the statistics, only to aggregated Page Insights.

We are jointly responsible with Meta for the collection of data from visitors to our Fanpage and the transmission of this data to Meta (this includes creating the aforementioned events and combining them into Page Insights, which are then provided to us by Meta). While interests and user profiles can be derived from these data, we cannot draw conclusions about individual users. Meta also uses the data to provide “Page Insights” that offer insights into interactions with the pages and their related content. For this purpose, we have concluded a contract with Meta regarding joint responsibility for the processing of your data pursuant to Art. 26 GDPR. This agreement with Meta also specifies the security measures Meta must observe. Data subject rights, such as access requests or other inquiries, are also to be fulfilled by Meta. The terms of this agreement with Meta can be viewed here. Additional processing by Meta is not part of our joint responsibility.

More information about Page Insights and guidance on asserting your data subject rights can be found in the “Information on Page Insights Data.” Further details about how Meta processes personal data, including information about the legal basis and options to exercise your rights with Meta, can be found in Meta's privacy policy at https://www.facebook.com/about/privacy.

LinkedIn Fanpage

We operate a LinkedIn page (so-called “Fanpage”) on linkedin.com, a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

When visiting our LinkedIn Fanpage, personal data is processed not only by us but also by LinkedIn, even if you do not have a LinkedIn profile or are not logged in. During the use of our Fanpage, user data (such as contact details), content data (such as form entries), usage data (such as visited websites, interests in content, access times), and communication data (such as device information, IP addresses) are processed. This is done for purposes of providing information and communication, such as responding to contact inquiries and feedback forms, as well as for marketing purposes.

If you are logged in when accessing our Fanpage, we can view the information contained in your public LinkedIn profile. Additionally, LinkedIn provides us with statistics and insights that help us understand the types of actions users take on our pages (“Page Insights”). We use these to improve the user experience. However, we do not have access to the usage data that LinkedIn uses to create the statistics, only to aggregated Page Insights.

We are jointly responsible with LinkedIn for the collection of data from visitors to our Fanpage and the transmission of this data to LinkedIn (this includes, for example, information about viewed content types, interactions with content, actions taken, technical information such as IP address, operating system, browser type, language settings, and cookie data). While interests and user profiles can be derived from these data, we cannot draw conclusions about individual users. LinkedIn also uses the data to provide “Page Insights” that offer insights into interactions with the pages and their related content. For this purpose, we have concluded a contract with LinkedIn regarding joint responsibility for the processing of your data pursuant to Art. 26 GDPR. This agreement with LinkedIn also specifies the security measures LinkedIn must observe. Data subject rights, such as access requests or other inquiries, are also to be fulfilled by LinkedIn. The terms of this agreement with LinkedIn can be viewed here. Additional processing by LinkedIn is not part of our joint responsibility.

Further details about how LinkedIn processes personal data, including information about the legal basis and options to exercise your rights with LinkedIn, can be found in LinkedIn's privacy policy at LinkedIn Privacy Policy.

Retention Period

The data will be deleted after six years.

2.11 Data Processing for Applicants

We process personal data related to your application. The following personal data may be processed:

• Name
• Date of Birth
• Gender
• Address
• Email Address
• Phone Number
• Details about professional qualifications and education
• Details about professional training
• Publicly available professional information (e.g., LinkedIn, XING)
• Other data you provide in connection with your application.

Purposes of Use

We process your data for the following purposes:

• To correspond with you,
• To manage contractual relationships with you,
• To consider your application.

Legal Basis

We rely on the following legal bases for processing your data:

• Your consent, if provided (Art. 6 Para. 1 lit. a) GDPR),
• The initiation or performance of a contract with you (Art. 6 Para. 1 lit. b) GDPR),
• Compliance with legal obligations (Art. 6 Para. 1 lit. c) GDPR),
• The pursuit of our legitimate interests (Art. 6 Para. 1 lit. f) GDPR),
• The establishment and execution of an employment relationship (§ 26 Para. 1 BDSG).

The processing of your data serves the following legitimate interests:

• The defense of legal claims.

Data Recipients

Personio

We use the service Personio, provided by Personio SE & Co. KG (Seidlstraße 3, 80335 Munich, Germany), for our applicant management. The following data is collected: Contact information (e.g., name, address, date of birth, phone number), application documents (e.g., CV, cover letter), contract data (e.g., details about professional qualifications and education, professional training, other documents). More information about the provider can be found at Privacy Policy | Personio.

Other Data Recipients

• Operators of social networks (LinkedIn, Xing, etc.)
• Job portals
• Employment agencies
• Communication service providers (email providers, messaging service providers, etc.)

Retention Period

We store your personal data as long as necessary for the decision about your application. Your personal data or application documents will be deleted at the latest 6 months after the end of the application process unless a longer retention is legally required or permissible.

2.12 Website Hosting

We use the cloud service and infrastructure provided by Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn, to flexibly deliver IT services and securely store or exchange digital content and information. The following data categories are particularly processed: Core and contact data, transaction and contract data, as well as communication and usage data.

More information about the provider can be found at:  https://www.t-systems.com/de/de/datenschutz

3. Transfer to Third Countries

Data transfer to countries outside the European Economic Area takes place. We only transfer personal data to third countries where the EU Commission has confirmed an adequate level of protection or if we ensure careful handling of personal data through contractual agreements or other suitable guarantees, such as certifications or proven compliance with international security standards.

• USA (Data Privacy Framework)

4. Data Sources

If we do not receive data directly from you or through devices you use, it originates from the following sources:

• Basic data from companies and self-employed individuals from publicly accessible official sources,
• Data on B2B contacts from specialized service providers,

5. Requirement or Obligation to Provide Data

Unless explicitly stated otherwise, providing your data is not required or mandatory. 

6. Your Rights

As a data subject, you have the following rights:

• Request information about the processing of your data and receive a copy of your personal data. For example, you can request information about the purposes of processing, the categories of personal data being processed, the recipients of the data (if applicable), the storage duration, or the criteria for determining the duration;
• Receive your personal data in a structured, commonly used, and machine-readable format or transfer it to another controller;
• Have your data corrected. If your personal data is incomplete, you have the right to complete it, considering the purposes of processing;
• Request the deletion or blocking of your data;
• Restrict the processing of your data;
• Object to the processing of your data;
• Withdraw your consent to the processing of your data for the future; and
• Complain to the competent supervisory authority about unlawful data processing.