top of page

Privacy Policy

1. Controller


PREFUNK Connect GmbH
Seidlgasse 21/1/EG
1030 Vienna, Austria
E-mail: service@mehma.at

Data Protection Officer: Marvin-Matthias Funke
E-mail: service@mehma.at

2. General information on data processing


We process personal data exclusively in accordance with the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).

 

 

3. Purposes and legal bases of data processing

 

We process personal data only to the extent necessary for the provision and operation of our platform. Processing is based on the following legal grounds:

  • Operation of the platform – Art. 6 (1)(b) GDPR (contract)

  • Responding to inquiries – Art. 6 (1)(f) GDPR (legitimate interest)

  • Payment processing (therapists) – Art. 6 (1)(b) GDPR (contract)

  • Security, logging – Art. 6 (1)(f) GDPR

  • Web analytics (with consent) – Art. 6 (1)(a) GDPR

 

 

4. Types of data processed

 

From therapists:

  • Name, photo, address, phone number, e-mail, website

  • Specializations, treatment methods, verification documents

  • Payment data (processed via Stripe/PayPal)

 

From therapy seekers:

  • IP address (in server logs)

  • Location data (for radius search)

  • Matching responses (only temporarily stored in browser)

  • Phone number (only for callback requests, temporary)

  • E-mail address (for contact)

5. Storage and data minimization

 

Matching questionnaire responses are not stored but only processed temporarily. Phone numbers for callbacks are deleted once handled. Therapist data is stored during the contractual relationship. No health-related data is stored. TLS/SSL encryption is used during transmission.

6. Hosting and server location

 

Hosting is provided by Exoscale.
TLS encryption is ensured in all cases.

 

 

7. Third-party providers

  • Stripe / PayPal: payment processing

  • SendGrid (Twilio): e-mail delivery

  • Cloudflare: security and CDN

  • Supabase: authentication and database

  • Mistral: AI-based matching (external API)

  • Matomo: GDPR-compliant web analytics

 

Data Processing Agreements (DPAs) exist with all providers.

 

 

8. Cookies and tracking

  • Technically necessary cookies (login, language settings)

  • Analytics and tracking cookies only with consent

  • Cookie consent banner (Matomo) is used

 

 

9. Contact and support

  • Contact form available

  • Data processed: e-mail, message, category

  • Storage period: max. 6 months

 

 

10. Security and access

  • TLS encryption for all connections

  • Role and rights management: public profiles visible, sensitive data only accessible to authorized persons

  • Developer access only for maintenance

  • Application and database logging in place

  • Regular security updates, penetration tests if required

 

 

11. Storage periods

  • Matching data: not stored

  • Phone numbers: until callback completed

  • Contact data: max. 6 months

  • Therapist data: during contractual relationship

12. Your rights


You have the right to:

  • Access (Art. 15 GDPR)

  • Rectification (Art. 16 GDPR)

  • Erasure (Art. 17 GDPR)

  • Restriction (Art. 18 GDPR)

  • Data portability (Art. 20 GDPR)

  • Objection (Art. 21 GDPR)

  • Withdrawal of consent (Art. 7(3) GDPR)

 

Please contact: service@mehma.at

13. Right to lodge a complaint


You have the right to lodge a complaint with the Austrian Data Protection Authority:


Österreichische Datenschutzbehörde
Barichgasse 40–42, 1030 Vienna
www.dsb.gv.at

14. Changes to this Privacy Policy


We reserve the right to update this policy in the event of legal or technical changes. The version published on the website applies.

bottom of page