EN
Contact

Data protection

As of: 26 March 2026

1. Controller

Therapie Konzept UG (limited liability)
Weinheimer Str. 12
40229 Düsseldorf

Email: verwaltung@thz-fugmann.de

2. Overview: What happens to your data?

This privacy policy informs you about the nature, scope and purpose of the processing of personal data when using this website as well as our external online presences (e.g., social media profiles). Personal data is any data that can be used to identify you personally.

Some of the data is generated when you provide it to us (e.g., when contacting us or applying for a job). Other data is collected automatically or—where required—after you have given your consent by our IT systems (e.g., technical data).

3. Definitions

Terms such as “processing”, “controller” or “personal data” correspond to the definitions set out in Article 4 GDPR.

4. Relevant legal bases

Unless otherwise stated in this privacy policy, the following legal bases apply:

  • Consent: Art. 6(1)(a) GDPR (e.g., integration of external content), where applicable in addition Section 25(1) TDDDG (access to terminal devices/cookies).
  • Contract / pre-contractual measures: Art. 6(1)(b) GDPR (e.g., enquiries, initiation of services, applications).
  • Legal obligation: Art. 6(1)(c) GDPR (e.g., evidence/documentation of consent).
  • Legitimate interests: Art. 6(1)(f) GDPR (e.g., secure operation/IT security).

5. Hosting

Our website is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. Processing is carried out on the basis of Art. 6(1)(f) GDPR (legitimate interest in stable and secure provision). A data processing agreement (DPA) has been concluded with the hosting provider.

5.1 Website maintenance, monitoring & backups (WP Umbrella)

We use WP Umbrella to manage, maintain and monitor this WordPress website (e.g., monitoring, update management, maintenance reports and backup functions). The provider is LIVEN STUDIO (SAS), 4 rue de Republique, 69001 Lyon, France. WP Umbrella consists of a web application (dashboard) and a WordPress plugin installed on the website.

Data processed (depending on configuration):

  • Technical website and system data (e.g., WordPress/plugin/theme versions, PHP environment, status messages)
  • Monitoring data (e.g., availability/uptime, timestamps, response codes)
  • Administration and log data in the context of maintenance management
  • Backups (database and files): may contain personal data (e.g., form entries, user accounts, content)

Purposes: maintenance, stability, error analysis, security monitoring, recovery/backup and maintenance reports.

Legal basis: Art. 6(1)(f) GDPR; if a maintenance contract exists, additionally Art. 6(1)(b) GDPR.

Backups active: Yes.

Retention: Based on the current status, backups are generally retained for up to 50 days (depending on the tariff/plan).

Further information (provider pages):
https://wp-umbrella.com/de/privacy-policy/
https://wp-umbrella.com/de/terms-conditions/
https://wp-umbrella.com/de/legal-notice/

6. Cookies & consent management (Real Cookie Banner)

To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and the related consents, we use the consent tool “Real Cookie Banner”. Details on how “Real Cookie Banner” works can be found at https://devowl.io/de/rcb/datenverarbeitung/.

The legal bases for the processing of personal data in this context are Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.

The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.

7. Data collection when visiting the website (server logs)

When you access this website, information is processed automatically (e.g., IP address, date/time, page accessed, referrer URL, browser/OS). Processing serves technical provision, error analysis and security.

Legal basis: Art. 6(1)(f) GDPR.
Retention: Server log files are generally stored for up to 14 days and then deleted, unless further retention is required for security-related clarification.

8. Contact (email, telephone)

If you contact us, we process your details to handle your enquiry (e.g., name, contact details, message content).

Legal basis: Art. 6(1)(b) GDPR (pre-contractual/contractual) or Art. 6(1)(f) GDPR (legitimate interest in efficient communication).

8.1 Email delivery (WP Mail SMTP)

We use WP Mail SMTP for the technical sending of emails (e.g., from contact forms). A custom SMTP server is used (host: mail.your-server.de) with authentication (TLS).

8.2 Elementor form submissions (storage of form entries)

Form entries may be stored in the WordPress backend via the “Submissions” function (Elementor Pro).

Retention:

  • Contact form entries are deleted after 6 months, provided no statutory retention obligations apply.
  • Application data is deleted no later than 6 months after completion of the process, unless longer storage is legally permissible/necessary (e.g., for legal defence) or you have expressly consented.

9. IT security (NinjaFirewall / WP Armour)

Security functions are used to protect the website. Security logs are automatically deleted (auto-delete) after 30 days.

Note: IP anonymization is enabled; according to the plugin notice, this does not apply to private IP addresses and the login protection feature.

Legal basis: Art. 6(1)(f) GDPR (IT security/abuse prevention).

10. External content: Google Maps (only with consent)

Google Maps is embedded on the website. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Maps is loaded only after you have given your consent via the consent banner. When loading the map, data (e.g., IP address) may be transmitted to Google.

Legal basis: Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

11. Google Fonts (self-hosted)

This website uses fonts that are stored locally on our server and delivered from there (“self-hosted”). No connection to Google servers is established when displaying the fonts.

12. Analytics and marketing technologies (preparation – currently not active)

The analytics and marketing technologies described below are not yet set up and are currently not active. If planned, activation will take place only after your consent via the consent banner and after this privacy policy has been updated/approved accordingly.

12.1 Google Analytics 4 (GA4) – planned, currently not active

We plan to use Google Analytics 4 (GA4) to statistically analyse website usage (e.g., page views, session duration, interactions). Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When GA4 is used, the following data may be processed in particular: IP address (usually only briefly for determining approximate location), device/browser information, referrer URL, page views, clicks/interactions and timestamps. GA4 may use cookies or similar technologies.

Legal basis: Consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG (cookies/access to terminal devices).
Transfer to third countries: Processing outside the EU/EEA (e.g., USA) cannot be ruled out. Transfers take place only in accordance with the legal requirements (Art. 44 et seq. GDPR), e.g., on the basis of standard contractual clauses and/or, where applicable, an adequacy decision.
Activation note: GA4 will only be loaded after consent via the consent banner.

12.2 Meta Pixel (Facebook/Instagram) – planned, currently not active

We plan to use the Meta Pixel to measure the effectiveness of advertising measures (Facebook/Instagram) and—if used—to build target groups (retargeting). Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

When the pixel is used, data such as IP address, device/browser information, pages visited, interactions (events) and, if applicable, cookie/advertising IDs may be processed. If you are logged in to Meta services, Meta may associate the data with your profile. We generally receive only aggregated evaluations.

Legal basis: Consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG (cookies/access to terminal devices).
Joint controllership: For certain processing operations (e.g., measurement/insights), joint controllership with Meta within the meaning of Art. 26 GDPR may exist. Meta provides the essential information regarding this arrangement.
Transfer to third countries: Processing outside the EU/EEA (e.g., USA) cannot be ruled out. Transfers take place only in accordance with the legal requirements (Art. 44 et seq. GDPR), e.g., on the basis of standard contractual clauses and/or, where applicable, an adequacy decision.
Activation note: The Meta Pixel will only be loaded after consent via the consent banner.

13. Your rights

You have the right of access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction (Art. 18 GDPR), data portability (Art. 20 GDPR) and objection (Art. 21 GDPR).

You may withdraw any consent you have given at any time with effect for the future (Art. 7(3) GDPR). You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).

14. SSL/TLS encryption

This website uses SSL/TLS encryption to protect transmitted content.

Due to our patients, applications can only be submitted in german.

If you would like to apply, please click on the button below.

Apply now
If you do not wish to apply, you may close these windows.

Select Language: