Privacy Policy
Last updated: May 2026
I take the protection of your personal data very seriously. Your personal data is treated confidentially and in accordance with applicable data protection law (GDPR, BDSG, TDDDG) and this privacy policy.
Data controller
Nastassja Volkov – FlexapieFährstraße 217
40221 Düsseldorf, Germany
Email: info@flexapie.de
Phone: +49 175 206 306 4
Supervisory authority (professional law): Psychotherapeutenkammer Nordrhein-Westfalen (PTK NRW), Willstätterstraße 10, 40549 Düsseldorf, Germany.
Website visits
When you visit this website, your browser transmits technical connection data to the web server, which is temporarily stored in server log files: IP address (anonymised after 7 days), date and time of access, file name and URL, browser and operating system, internet service provider.
This data is processed solely to provide the website securely and to defend against attacks. Legal basis: Art. 6(1)(f) GDPR (legitimate interest). Data is deleted once no longer necessary, at the latest after 7 days.
Hosting (Cloudflare)
This website is hosted via Cloudflare Pages, a service of Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare acts as a technical data processor and provides the infrastructure for delivering this website. The connection data described under "Website visits" (including IP addresses) may be transmitted to Cloudflare servers.
Cloudflare operates a global CDN network with data centres in the EU (including Germany), so requests from Germany are typically processed via EU servers. For any transfers to the USA, Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR are in place; additionally, Cloudflare is certified under the EU–US Data Privacy Framework (DPF). A Data Processing Agreement (DPA) pursuant to Art. 28 GDPR has been concluded with Cloudflare. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and reliable website operation). Further information: cloudflare.com/privacypolicy
Health data (Art. 9 GDPR)
As a psychotherapy private practice, I process special categories of personal data within the meaning of Art. 9 GDPR, in particular health data. This processing occurs solely for the purpose of providing therapy and fulfilling statutory documentation obligations.
Legal bases:
- Art. 9(2)(h) GDPR (healthcare and treatment)
- Art. 6(1)(b) GDPR (performance of a treatment contract)
- § 630a and § 630f BGB (statutory documentation obligations for healthcare providers)
Retention period: Therapy records, treatment documents, and billing data are retained for a minimum of 10 years after the end of treatment, in accordance with § 630f BGB and PTK NRW professional rules. After this period, data is securely destroyed.
Professional secrecy: I am subject to professional secrecy (Schweigepflicht) under § 203 StGB (German Criminal Code). All information obtained during therapy is treated in strict confidence and will not be disclosed to third parties without your explicit written consent.
Contact via email or contact form (Tally)
If you contact me by email, your data will be stored to process your enquiry and deleted once the matter is resolved. Legal basis: Art. 6(1)(b) and (f) GDPR.
The contact form is provided by Tally BV, Franklin Rooseveltlaan 348 bus 19, 9000 Ghent, Belgium. A data processing agreement (DPA) pursuant to Art. 28 GDPR is in place with Tally. Tally processes data exclusively within the EU. Further information: tally.so/help/privacy-policy
⚠ Please do not submit confidential health information via the contact form or unencrypted email. Unencrypted email is not suitable for the secure transmission of sensitive data (§ 203 StGB). Use the form only for initial, non-sensitive contact.
Legal basis: Art. 6(1)(a) and (f) GDPR.
Appointment booking
Appointments can be booked directly via Doctolib GmbH, Französische Straße 48, 10117 Berlin, Germany. Alternatively, appointments can also be arranged by email (info@flexapie.de) or through the contact form. A Doctolib account is not required to book.
Doctolib is an EU-based provider designed for healthcare professionals and maintains a high standard of data protection. A DPA pursuant to Art. 28 GDPR is in place with Doctolib. When you use Doctolib to book, your name, email address, phone number, and optionally insurance status and reason for consultation are processed, solely for appointment management and confirmation. Legal basis: Art. 6(1)(b) GDPR. Further information: doctolib.de/datenschutz
For appointment requests by email or contact form, the data protection information under "Contact" applies accordingly.
Fonts (web fonts)
This website uses only locally hosted fonts (PT Serif, Marcellus) served directly from our own server. No external font services such as Google Fonts are used. No connection data is therefore transmitted to third parties when loading fonts.
Disclosure of data
Data collected on this website will not be passed to third parties without your explicit consent, except to the processors named in this privacy policy (Cloudflare, Tally, Doctolib) and where required by law. Data processing agreements pursuant to Art. 28 GDPR are in place with all processors.
Your rights
You have the following rights:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR) – subject to statutory retention obligations
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to withdraw consent (Art. 7(3) GDPR)
- Right to object (Art. 21 GDPR)
To exercise these rights, contact: info@flexapie.de
Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The supervisory authority responsible for me is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)Postfach 20 04 44, 40102 Düsseldorf, Germany
Phone: +49 211 38424-0
Email: poststelle@ldi.nrw.de
Updates to this policy
This privacy policy will be updated when the legal framework or services used change. The current version is always available on this page.