This Privacy Policy is a translation of the original German version. In case of discrepancies, the German version shall prevail.
When searching for a therapy service, sensitive personal data may be collected. Protecting this data is very important to us, which is why we adhere to data protection principles.
We practice data minimization by storing only the necessary data required for usage, such as the postal code of the area where a therapy slot is being sought or the type of therapy desired by the user. Additionally, this data is stored exclusively on the user's smartphone and is encrypted.
Furthermore, the app connects to a server in Germany to retrieve therapist data and the necessary information for map display. Only the technically required data is transmitted to the server.
This service (hereinafter referred to as "App") is provided by Ophelia e.V., Rottweiler Str. 8a, 12247 Berlin (hereinafter "we" or "us") as the responsible entity in accordance with applicable data protection laws.
Through the app, we offer digital support for a structured search for therapists.
The protection of your data is particularly important to us. The app processes personal data about you. Personal data includes all information that relates to an identified or identifiable person. Since protecting your privacy is important to us, we want to inform you about which personal data we process when you use the app and how we handle this data. Additionally, we inform you about the legal basis for data processing and, if necessary, our legitimate interests.
You can access this privacy policy at any time under the "Data Privacy Statement" menu item in the app settings.
Certain information is automatically processed when you use the app. Below, we explain which personal data is processed:
When downloading the app, certain required information is transmitted to the app store of your choice (e.g., Google Play or Apple App Store). This includes, among other things, the username, email address, account customer number, time of download, payment information, and unique device identification. This data processing is carried out solely by the Google Play Store or Apple App Store and is beyond our control.
All data you actively store in the app remains exclusively on your device and is encrypted.
Our servers are only contacted to retrieve therapist and map data for display and to request technical data necessary for the app's operation. Each app instance registers with an anonymous ID on the server. This ID remains anonymous and cannot be traced back to a user or device.
To ensure security, all connections to our servers are encrypted using SSL or TLS. For technical reasons, the IP address is transmitted to the server with each request and stored together with the amount of data transferred (in bytes) and the request timestamp. These log data are stored for 14 days and then deleted.
To load therapist data from the server, the app transmits the postal code of the searched area, the search radius (in km), and the identification numbers of therapists saved by the user. This is solely for the targeted retrieval or updating of therapist data. These data are neither stored nor further processed on the server.
The processing of this data is carried out in accordance with Art. 6 para. 1 lit. b GDPR, as it is necessary for the performance of the usage contract. There is no disclosure or further use of the data. However, we reserve the right to subsequently review server log files if there are concrete indications of unlawful use.
Within the app, you can enter and manage various information, including:
Setting filters regarding preferred therapists (filters include therapist gender, therapy form, maximum distance, languages, postal code)
Selecting/saving therapists in a personal list
Assigning a contact and negotiation status (e.g., "contacted," "on waitlist")
Creating individual notes on specific therapists
Editing an email template to facilitate contact with therapists
Most of this data remains encrypted on your device and is inaccessible to us or third parties. However, some data (postal code, search radius, IDs of saved therapists) are required as search parameters to retrieve location-based therapist lists (see section 1.2).
If you choose to contact a therapist, this is done through the general functions of your smartphone (e.g., email or phone) and not via the Tamly app itself. The saved data from the email template is forwarded to your smartphone's email apps. Please review your email provider’s privacy policies, as emails are often sent unencrypted.
If you contact a therapy provider by phone via the app, the call is made through your device’s phone apps. Please note the privacy policies of your mobile provider and the respective apps.
You can further enhance privacy by not entering personal data in the email template or the notes section.
Stored data can be completely deleted using the "Delete All Data" function in the app settings. This function to delete the app data is also available via the smartphone's system settings. Uninstalling the app may leave residual data that could be accessible again after reinstalling. To ensure complete deletion, either use the in-app deletion function before uninstalling or manually delete app data via system settings.
The processing of this data is carried out in accordance with Art. 6 para. 1 lit. b GDPR, as it is necessary for the fulfillment of the usage contract.
The app requests the following permissions:
These permissions can be disabled in the smartphone’s system settings (iOS or Android).
We use a virtual server provided by Alfahosting GmbH (Ankerstraße 3b, 06108 Halle (Saale), Germany), hereinafter referred to as "Alfahosting." The server is located in an ISO/IEC 27001 certified data center in Germany. A data processing agreement has been concluded with Alfahosting.
Data processing by Alfahosting is carried out in accordance with Art. 6 para. 1 lit. b GDPR, as it is necessary for the performance of the user contract. Additionally, we have a legitimate interest in using Alfahosting to optimize the app's functionality, in accordance with Art. 6 para. 1 lit. f GDPR.
We display business-related data of publicly listed psychotherapy providers in our app. These profile details are publicly available from other sources. The collection, storage, listing, and use of publicly available personal data are permissible under Art. 6 para. 1 lit. f GDPR, as the general public has an interest in quick access to therapist information.
Therapist data may be stored and displayed in the app until the legal basis no longer applies or until the therapist ceases operation.
We do not process data outside the European Economic Area ("EEA").
Processing of your personal data for purposes other than those described will only take place if permitted by law or if you have consented to the new purpose. If further processing is required for purposes other than those originally collected, we will inform you before processing and provide all relevant information.
By design, our app does not collect personal user data. If any data is collected, we ensure that it is deleted or anonymized as soon as it is no longer required for the original purpose. Data needed for legal enforcement may be retained longer.
Specific legal retention obligations, especially for tax purposes, remain unaffected.
You have the right to request information from us at any time about the personal data we process that concerns you, in accordance with Article 15 GDPR. You can submit a request by mail or email to the address provided below.
You have the right to request the immediate rectification of personal data concerning you if it is incorrect. Please contact the contact addresses provided below.
You have the right to request the erasure of personal data concerning you under the conditions outlined in Article 17 GDPR. These conditions specifically include a right to erasure if the personal data is no longer necessary for the purposes for which it was collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection, or the existence of an obligation to delete under Union law or the law of the member state to which we are subject. For the retention period of data, please refer to section 5 of this privacy policy. To exercise your right to erasure, please contact the contact addresses provided below.
You have the right to request the restriction of processing from us in accordance with Article 18 GDPR. This right applies particularly when the accuracy of the personal data is disputed between the user and us, for the duration required to verify the accuracy, and in the case where the user requests restricted processing instead of erasure, even though there is a right to erasure. It also applies when the data is no longer required for the purposes pursued by us but is needed by the user to assert, exercise, or defend legal claims, or if the successful exercise of an objection is still disputed between us and the user. To exercise your right to restrict processing, please contact the contact addresses provided below.
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, in accordance with Article 20 GDPR. To exercise your right to data portability, please contact the contact addresses provided below.
You have the right to object to the processing of your personal data at any time, for reasons arising from your particular situation, to the processing based on Article 6(1)(e) or (f) GDPR, under Article 21 GDPR. We will cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves the assertion, exercise, or defense of legal claims.
You also have the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59 - 61
10555 Berlin
If you have any questions or comments about how we handle your personal data or if you wish to exercise the rights mentioned in sections 6 and 7, please contact us at:
Ophelia e.V.
Rottweiler Str. 8a
12247 Berlin
Email: team@tamly.de
We keep this privacy policy up to date. Therefore, we reserve the right to make changes and update it with regard to the collection, processing, or use of your data. The privacy policy is always accessible under "Data Privacy Statement" within the app.
Date: 27.01.2024