S
Soveriaclinical platform
Log InStart Free →
HomeLegalGDPR

GDPR — Your Data Protection Rights

Last updated: March 14, 2026
·
Version 1.1
EU 2016/679Art. 9 Special category data
01

What is GDPR

GDPR (General Data Protection Regulation, EU 2016/679) is the European Union's general regulation on the protection of personal data. It came into effect on May 25, 2018.

As a platform processing health data, Soveria complies with GDPR's heightened requirements for special categories of data.

Health data on Soveria

Clinical data (assessment results, session records) are classified as health data (Art. 4(15) GDPR). We process them exclusively based on your explicit consent (Art. 9(2)(a)).

02

Legal basis

Data typeLegal basisGDPR Article
Registration dataContract performanceArt. 6(1)(b)
Clinical dataExplicit consentArt. 9(2)(a)
Technical logsLegitimate interestArt. 6(1)(f)
Financial dataLegal obligationArt. 6(1)(c)

You may withdraw consent for clinical data processing at any time by contacting dpo@soveria.co. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

03

Your rights

As a data subject under GDPR, you have the following rights:

I

Right to information (Art. 13–14)

Know what data is collected about you, why, and on what legal basis

Implemented on this page
II

Right of access (Art. 15)

Receive a copy of all your personal data within 30 days, free of charge

Request: dpo@soveria.co
III

Right to rectification (Art. 16)

Correct inaccurate or supplement incomplete personal data

Dashboard → Profile
IV

Right to erasure (Art. 17)

"Right to be forgotten" — deletion of your data within 30 days

Timeline: 30 days
V

Right to restriction (Art. 18)

Suspend data processing when disputing data accuracy

Request: dpo@soveria.co
VI

Right to portability (Art. 20)

Receive your data in a machine-readable format (JSON/CSV)

Profile → Data → Export
VII

Right to object (Art. 21)

Object to processing based on legitimate interest

Request: dpo@soveria.co
VIII

Right against automated decisions (Art. 22)

Soveria does not make automated clinical decisions. All decisions are made by the specialist

Implemented architecturally
04

How to submit a request

How to submit a request
1
Email dpo@soveria.co with subject "GDPR request — [right type]"
2
Provide your account email and describe the essence of your request
3
Verify your identity (if necessary — at DPO's request)
4
Receive a response within 30 calendar days
Send DPO request
05

Processing timelines

72 hours

Notification of supervisory authority about data breach (Art. 33 GDPR)

30 days

Standard response time for data subject requests (Art. 12(3))

Up to 90 days

Extended timeline for complex or numerous requests (with notification)

Free of charge

Exercising your GDPR rights is free. Soveria may charge a reasonable fee only for manifestly unfounded or excessive requests (Art. 12(5)).

06

Data transfer outside EU

ProviderCountrySafeguard
Hetzner Online GmbHGermany (EU)Within EU
Resend Inc.USASCC
Stripe Inc.USASCC

Clinical data (assessment results, session records) are stored exclusively on Hetzner servers in Germany and are never transferred outside the EU.

07

Complaints to supervisory authority

If you believe your GDPR rights have been violated, you have the right to file a complaint with a supervisory authority.

BfDI — Bundesbeauftragter für den Datenschutz und die Informationsfreiheit

Germany's data protection supervisory authority: bfdi.bund.de

You may also contact the supervisory authority in your country (Art. 77 GDPR).

08

Contact DPO

Our Data Protection Officer (DPO) is your primary contact for GDPR and privacy matters.

Data Protection Officer
Soveria DPO contact information
dpo@soveria.co
Primary communication channel
30 days
Maximum response time for requests
Hetzner Frankfurt, DE
Server location
BfDI
German supervisory authority
GDPR · Version 1.1 · March 14, 2026
Related documents
Privacy PolicyTerms of UseCookie Policy