Privacy Policy

This page is a secure default template. Content must be legally reviewed and supplemented with your actual company data/partners before going live.

Imprint Terms & Conditions

1. Data Controller

TODO (fill in)

•Company name / Legal form
•Address
•Email (privacy contact)
•Authorized representative
•Data protection officer (if required)

2. What data do we process?

•Account and contact data (e.g. email, phone number if applicable) for verification (OTP), communication and status updates.
•Order/contract data (treatment, shopping cart, billing data, delivery address).
•Health data (questionnaire responses) exclusively for medical review/processing and only to the extent necessary.
•Technical data (log files, security events) for stability, abuse prevention and error analysis.

3. Purposes & Legal Bases

•Contract fulfillment (Art. 6(1)(b) GDPR)
•Security/abuse prevention (Art. 6(1)(f) GDPR)
•Fulfillment of legal obligations (Art. 6(1)(c) GDPR)
•Processing of special categories (health data) under Art. 9 GDPR only when necessary and under appropriate conditions (e.g. healthcare/medical review).

Note:The specific legal justification for health data must exactly match your setup (doctors/partners, documentation obligations, roles).

4. Recipients / Service Providers

•IT hosting/platform (e.g. infrastructure/deployment)
•Communication (email delivery for OTP/notifications)
•Payment service provider (payment processing)
•Shipping/logistics service provider (for delivery)
•Medical service providers/cooperation partners (medical review)

TODO:Name your actual providers/partners specifically (incl. DPA, third-country transfers if applicable).

5. Storage Period

We store data for as short a time as possible and as long as necessary. Contract and billing data may be subject to statutory retention obligations. Health-related documentation obligations may require additional deadlines.

TODO:Define specific deadlines and categories legally.

6. Your Rights

You have the right to access, rectification, erasure, restriction, data portability and objection. You can also file a complaint with a supervisory authority.