Privacy Policy

Last updated: December 7, 2025

1. Data Controller

The data controller responsible for your personal data is:

AfaTech GmbH

Brucknerstraße 78

8010 Graz, Austria

Firmenbuchnummer: FN 633728d

Email: info@afatechco.com

Phone: +43 680 336 8742

For data protection inquiries, please contact us at info@afatechco.com

2. Data We Collect

2.1 Account Information

  • Personal identifiers: Name, email address, phone number
  • Profile data: Display name, date of birth, timezone, profile picture
  • Authentication: Password (encrypted), login timestamps
  • User type: Client or Therapist designation

2.2 Professional Information (Therapists)

  • Professional credentials and licenses
  • Biography and specialties
  • Hourly rates and availability
  • Languages spoken
  • Years of experience

2.3 Session & Health Data (Clients)

  • Booking information and session history
  • Concerns and therapy goals (self-reported)
  • Session notes (if enabled by therapist)
  • Messages between clients and therapists

⚠️ Important: Health-related data is considered special category data under GDPR Article 9 and receives enhanced protection. We process this data based on your explicit consent and for the provision of healthcare services.

2.4 Payment Information

  • Payment method details (processed by Stripe, not stored by us)
  • Transaction history and amounts
  • Billing address
  • VAT/Tax identification numbers (if applicable)

2.5 Technical Data

  • IP address and location data
  • Browser type and version
  • Device information
  • Cookies and similar technologies
  • Usage analytics and interaction patterns

3. Legal Basis for Processing

We process your data under the following legal bases (GDPR Article 6):

Contract Performance (Article 6(1)(b))

Processing necessary to provide therapy marketplace services, bookings, and payments.

Consent (Article 6(1)(a) & Article 9(2)(a))

Processing of health-related data, marketing communications, and optional features.

Legal Obligation (Article 6(1)(c))

Tax compliance, financial record keeping, and regulatory requirements.

Legitimate Interest (Article 6(1)(f))

Fraud prevention, security, platform improvement, and analytics.

4. How We Use Your Data

  • Service delivery: Facilitate bookings, sessions, and communications
  • Payment processing: Handle payments, refunds, and invoicing
  • Account management: Authentication, profile updates, preferences
  • Communication: Booking confirmations, reminders, support messages
  • Platform improvement: Analytics, bug fixes, feature development
  • Compliance: Legal obligations, tax reporting, fraud prevention
  • Marketing: Newsletter and promotional emails (with consent)

5. Data Sharing & Third Parties

We share your data only with the following categories of recipients:

5.1 Essential Service Providers

ProviderPurposeData Location
StripePayment processingEU (GDPR compliant)
Microsoft ClaritySession replay, heatmaps, behavioral analyticsUS (SCCs in place)
Google AnalyticsUsage analyticsUS (SCCs in place)
[HOSTING PROVIDER]Server hosting & database[TO BE SPECIFIED]
[EMAIL PROVIDER]Transactional emails[TO BE SPECIFIED]

5.2 Legal Requirements

We may disclose your data when required by law, court order, or regulatory authority.

5.3 Business Transfers

In case of merger, acquisition, or sale of assets, your data may be transferred to the new entity (you will be notified in advance).

6. International Data Transfers

Your data is primarily stored and processed within the European Economic Area (EEA). When we transfer data outside the EEA, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs): EU-approved data transfer agreements
  • Adequacy decisions: Countries recognized by EU as having adequate protection
  • Appropriate safeguards: Technical and organizational security measures

7. Data Retention

We retain your data for different periods based on data type and legal requirements:

Data TypeRetention Period
Account data (active accounts)Until account deletion requested
Account data (inactive accounts)3 years after last activity, then deleted
Session & health data7 years (healthcare record requirements)
Financial records10 years (Austrian tax law requirement)
Marketing consentUntil withdrawn, max 3 years
Technical logs90 days

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

✓ Right to Access

Request a copy of all data we hold about you

✓ Right to Rectification

Correct inaccurate or incomplete data

✓ Right to Erasure

Request deletion of your data ("right to be forgotten")

✓ Right to Data Portability

Receive your data in machine-readable format

✓ Right to Restrict Processing

Limit how we use your data

✓ Right to Object

Object to data processing for specific purposes

✓ Right to Withdraw Consent

Revoke consent at any time

✓ Right to Complain

Lodge complaint with supervisory authority

How to Exercise Your Rights:

  • Go to your account settings to export or delete your data
  • Email us at info@afatechco.com
  • We will respond within 30 days (or 3 months for complex requests)

9. Security Measures

We implement industry-standard security measures to protect your data:

  • Encryption: TLS/SSL for data in transit, AES-256 for data at rest
  • Access controls: Role-based access, multi-factor authentication
  • Security audits: Regular penetration testing and vulnerability scans
  • Employee training: GDPR and data protection training for all staff
  • Incident response: 72-hour breach notification protocol
  • Secure hosting: EU-based servers with ISO 27001 certification

10. Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided us with personal data, we will delete it immediately.

If you are a parent or guardian and believe your child has provided personal data, please contact us at info@afatechco.com.

11. Cookies & Tracking

We use cookies and similar technologies. For detailed information, please see our Cookie Policy.

11.1 Microsoft Clarity

We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising.

For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

11.2 Google Analytics

We use Google Analytics to analyze website traffic and usage patterns. This service collects information about how visitors use our site, including pages visited, time spent on pages, and referral sources. This data helps us understand user behavior and improve our platform.

For more information about how Google collects and uses your data, visit the Google Privacy Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or prominent notice on our platform. Continued use of our services after changes constitutes acceptance of the updated policy.

13. Supervisory Authority

You have the right to lodge a complaint with the Austrian Data Protection Authority:

Österreichische Datenschutzbehörde

Barichgasse 40-42

1030 Wien, Austria

Phone: +43 1 52 152-0

Email: dsb@dsb.gv.at

Website: www.dsb.gv.at

14. Contact Us

For any privacy-related questions or to exercise your rights, contact us:

Email: info@afatechco.com

Phone: +43-664-4111294

Address: AfaTech GmbH, Brucknerstraße 78, 8010 Graz, Austria

Document Version: 1.0

Effective Date: December 7, 2025

Governing Law: Austrian law and EU GDPR

Emotral - Find Verified Therapists Online