Privacy PolicyDatenschutzerklärung

EN: Riverstone & Willow (“we”, “us”, or “our”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

DE: Riverstone & Willow (“wir”, “uns” oder “unser”) verpflichtet sich zum Schutz Ihrer Privatsphäre und personenbezogenen Daten. Diese Datenschutzerklärung erläutert, wie wir Ihre Informationen gemäß der Datenschutz-Grundverordnung (DSGVO) und anderen anwendbaren Datenschutzgesetzen erheben, verwenden, speichern und schützen.

The data controller responsible for your personal data is:

We collect the following categories of personal data:

4.1 Identity & Contact Data

• Name (first name, last name)
• Email address
• Phone number (optional)
• Preferred language

4.2 Appointment Data

• Booking dates and times
• Service type selected
• Session notes (stored with your consent)
• Appointment history

4.3 Technical Data

• IP address (anonymized after 7 days)
• Browser type and version
• Device type
• Pages visited and usage patterns

4.4 Payment Data

• Transaction records
• Payment method (card details are processed by PCI-compliant payment processors and not stored by us)

4.5 Special Category Data

During counseling sessions, you may share information about your mental health, relationships, or personal circumstances. This information is treated with the highest level of confidentiality and is processed only with your explicit consent for the purpose of providing counseling services.

We process your personal data based on the following legal grounds (Art. 6 GDPR):

• Contract Performance (Art. 6(1)(b)): Processing necessary to provide our counseling services
• Consent (Art. 6(1)(a)): For special category data and marketing communications
• Legitimate Interest (Art. 6(1)(f)): For website analytics and service improvement
• Legal Obligation (Art. 6(1)(c)): For tax and accounting requirements

Processing of special category data (health-related information) is based on your explicit consent (Art. 9(2)(a) GDPR).

We use the following EU-compliant third-party services:

All third-party providers have signed Data Processing Agreements (DPAs) ensuring GDPR compliance.

• Account Data: Retained for the duration of the counseling relationship plus 3 years
• Session Notes: Retained for 5 years after last session (professional standard)
• Payment Records: Retained for 10 years (German tax law requirement)
• Technical Logs: Anonymized or deleted after 7 days
• Marketing Data: Until consent is withdrawn

Under GDPR, you have the following rights:

To exercise these rights, contact us at: contact@riverstonewillow.com

Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority. The relevant authority is:

Our website uses the following types of cookies:

• Essential Cookies: Required for website functionality (no consent needed)
• Analytics Cookies: Help us understand how visitors use our site (consent required)

We use Vercel Analytics for privacy-focused website analytics. This tool is designed to be GDPR-compliant and does not use cookies for tracking visitors across websites.

We implement the following security measures to protect your data:

• TLS/SSL encryption for all data in transit (HTTPS)
• AES-256 encryption for data at rest
• VPN-secured access for remote counselors
• Regular security audits and vulnerability assessments
• Access controls and authentication requirements
• Staff training on data protection

Our services are intended for individuals 18 years of age or older. We do not knowingly collect personal data from children under 16. For minors between 16-18, parental consent is required for counseling services.

We may update this Privacy Policy from time to time. Significant changes will be communicated via email or website notice. The “Last Updated” date at the top of this policy indicates when it was last revised.