Privacy Policy

1. Informational Use of the Website

If you use our website for informational purposes only, we process certain data that your browser automatically transmits to our web server with each request. This includes, in particular, the IP address currently assigned to your device, the date and time of the request, the time zone, the specific page or file requested, the HTTP status code, and the amount of data transferred, as well as the website from which your request originated, the browser used, the operating system of your device, and your language settings.

We process this data to enable your use of our website, to ensure the long-term security and stability of our systems, to administer our network infrastructure, and to optimize our online offering. The legal basis is our legitimate interest pursuant to Art. 6(1)(f) GDPR.

In addition, this data is evaluated solely for internal statistical purposes and to improve our offering. It is subsequently deleted, at the latest after one year, unless longer storage is required for security reasons or due to legal obligations.

We also use cookies and third-party services when you visit our website. Further information can be found in §5.

2. Contacting Us

If you use a button on our website to book an appointment online, you may be redirected to a booking page provided by an appointment scheduling service. In this case, the information under §2(4) also applies.

If you contact us by email, postal mail, telephone, or via our contact form, we process the following data:

• your contact details, depending on the method of contact, in particular your email address, name, address, or telephone number,
• personal data that you provide to us as part of your inquiry.

This data is processed exclusively for the purpose of corresponding with you and handling your request. The legal basis is our legitimate interest in being able to process your request, Art. 6(1)(f) GDPR. If your inquiry is aimed at entering into or performing a contract, Art. 6(1)(b) GDPR is an additional legal basis.

If your inquiry contains special categories of personal data, such as health data, we process this data based on your explicit consent pursuant to Art. 9(2)(a) GDPR or, where applicable, for the purpose of taking pre-contractual steps or performing contractual measures in connection with our services.

Once the processing of your request is no longer necessary, your personal data will be deleted, unless statutory retention obligations prevent deletion.

Please note that communication by unencrypted email, meaning without end-to-end encryption, always involves the risk that unauthorized third parties may gain access to the transmitted data during transmission and potentially use it for their own purposes. If you wish to avoid this risk, please send us your inquiries, especially when transmitting health data, via our contact form or by postal mail.

3. Newsletter

If you subscribe to our newsletter, we process your email address in order to send you marketing and promotional information. If you have additionally provided consent, we may also process further personal data, such as your name, gender, age, postal code, or topic preferences, in order to address you personally in the newsletter and provide content that is individually relevant to you.

The legal basis for this processing is your explicit consent pursuant to Art. 6(1)(a) GDPR. If, in exceptional cases, special categories of personal data, in particular health data, are processed, this is done only on the basis of your explicit consent pursuant to Art. 9(2)(a) GDPR.

We use a double opt-in procedure for the newsletter. After you subscribe, you will receive a confirmation email with a verification link. Your subscription will only be completed, and you will only receive our newsletter, once you have confirmed your subscription.

For sending newsletters, we use Mailchimp, a service provided by The Rocket Science Group LLC d/b/a Mailchimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA, which is part of the Intuit group of companies. Mailchimp processes newsletter data on our behalf pursuant to Art. 28 GDPR. A transfer of personal data to the United States cannot be excluded. Intuit Inc. is certified under the EU-U.S. Data Privacy Framework. In addition, where required, Mailchimp relies on the EU Standard Contractual Clauses for international data transfers.

As a general rule, we do not transmit health data to Mailchimp unless a separate legal basis and appropriate contractual and technical safeguards are in place.

You may withdraw your consent at any time with effect for the future, either via the unsubscribe link in the newsletter or by notifying the controller.

4. Appointment Scheduling, Health Questionnaire, Online Forms, and Initial Consultation

If you are interested in our services and schedule an appointment with us, we store the personal data collected in this context, in particular your name and contact details as well as the details of your request, in order to provide our service to you and fulfill our contractual or pre-contractual obligations. The legal basis for processing your personal data is Art. 6(1)(b) GDPR.

In this context, we also process special categories of personal data, in particular information about your health, which we collect from you via a questionnaire, online forms, and/or during the initial consultation. The purpose of this processing is to offer or arrange further services, in particular medical consultation, medical assessment, coaching, or nutrition counseling. The processing of special categories of personal data is based on your explicit consent pursuant to Art. 9(2)(a) GDPR.

Appointment scheduling for free initial consultations and nutrition coaching may be carried out via the online appointment scheduling service Calendly, provided by Calendly LLC, 115 E Main St., Ste A1B PMB 123, Buford, GA 30518, USA. Calendly processes the data required for appointment booking, in particular name, email address, telephone number where applicable, and preferred appointment time, on our behalf pursuant to Art. 28 GDPR. When using Calendly, data may be transferred to the United States. Calendly is certified under the EU-U.S. Data Privacy Framework and, where required, also relies on the EU Standard Contractual Clauses. Further information about Calendly’s data processing can be found at: https://calendly.com/legal/privacy-notice.

Appointment scheduling for medical consultations is carried out via Doctolib. Please note that you may need a Doctolib account to schedule an appointment. If you create or already have a Doctolib account and book an appointment through the platform, Doctolib is independently responsible for processing your personal data in connection with your Doctolib account within the meaning of Art. 4(7) GDPR. Please refer to Doctolib’s privacy policy in this regard.

For certain online forms, in particular for eligibility checks, program extensions, or the structured submission of information, we use Typeform. The provider is Typeform SL, Via Augusta 29-31, 08006 Barcelona, Spain. Typeform processes the data submitted via the respective form on our behalf pursuant to Art. 28 GDPR.

Depending on the form, the processed data may include, in particular, your name, contact details, information about your request, and health-related information. The processing is carried out to handle your inquiry, assess eligibility for our services, and take pre-contractual or contractual steps on the basis of Art. 6(1)(b) GDPR. Where special categories of personal data, in particular health data, are involved, processing is based on your explicit consent pursuant to Art. 9(2)(a) GDPR. Further information about Typeform’s data processing can be found at: https://www.typeform.com/privacy/.

5. Patient Service, Reminders, and Postal Delivery

We aim to support you as well as possible throughout your program. For this purpose, we use:

• your email address to send you appointment and program reminders, notices about missing documents, such as medical findings or health questionnaires, and treatment-related service information, such as aftercare tips. The processing is based on Art. 6(1)(b) GDPR. Where this concerns communication with existing customers, § 7(3) of the German Act Against Unfair Competition (UWG) may also apply. You may object to this at any time; an unsubscribe link is included in every email.
• your postal address to send you informational materials, goodie bags, and, depending on the medication, any needles required for use by postal mail. The legal basis is Art. 6(1)(b) GDPR.

Any further use of your data for marketing newsletters will only take place with your explicit consent; please see the “Newsletter” section.

6. Payment Processing and Billing

If you use a paid service, we use the payment service provider Adyen to process your payments. The provider is Adyen N.V., Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, Netherlands.

Via the integrated payment form, the payment service provider collects the personal data required for the payment process, in particular billing data and bank or payment data. In this case, the payment service provider is independently responsible for the data processing. Further information about the processing of your personal data by the payment service provider can be found in Adyen’s privacy policy: https://www.adyen.com/de_DE/privacy-policy.

7. Prescription Transmission

If you instruct us to transmit medical prescriptions to a pharmacy of your choice, we process your prescription data and the transmission data required for this purpose on the basis of your consent pursuant to Art. 6(1)(a) GDPR and Art. 9(2)(a) GDPR.

We store this data and delete it afterward unless we are legally required to retain it for a longer period. The transmission of your prescription data to the pharmacy you have selected is also based on your consent pursuant to Art. 6(1)(a) GDPR and Art. 9(2)(a) GDPR.

In this context, we also use the qualified electronic signature solution provided by YOUSIGN SAS, Rue de Suède Avenue Pierre Berthelot, 14000 Caen, France, in order to carry out the transmission process in a privacy-compliant and secure manner. Data processing by Yousign takes place exclusively as part of your instruction and for the purpose of securely and traceably transmitting the medical prescription to the pharmacy. Further information about data processing by Yousign can be found in Yousign’s privacy policy: https://yousign.com/de-de/datenschutz.

Google Analytics 4

For the purpose of tailoring and continuously optimizing our pages, we use Google Analytics 4, a web analytics service provided by Google, if you have given your consent. The provider for users in the European Economic Area and Switzerland is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited may involve services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics 4 uses cookies and similar technologies that enable an analysis of your use of our website. In particular, the following information may be processed:

• pages visited and interactions on the website,
• date and time of access,
• approximate location data,
• technical information about browser, operating system, and device,
• referrer URL,
• interactions with forms, buttons, or booking elements, where configured accordingly.

According to Google, individual IP addresses of users from the EU are not logged or stored in Google Analytics. IP address data for EU traffic is used only to derive coarse location data and is then discarded.

The processing takes place only if you have given us your explicit consent via the cookie banner. The legal basis for accessing your device is § 25(1) TDDDG. The legal basis for the subsequent processing of personal data is Art. 6(1)(a) GDPR.

A transfer of personal data to the United States cannot be excluded. Google LLC is certified under the EU-U.S. Data Privacy Framework. In addition, where required, Google relies on the EU Standard Contractual Clauses for international data transfers.

You may withdraw your consent at any time with effect for the future via our cookie consent tool. In addition, you can prevent Google Analytics from collecting data by downloading and installing the browser add-on provided by Google: https://tools.google.com/dlpage/gaoptout?hl=en. Further information about data protection in connection with Google Analytics can be found at: https://support.google.com/analytics/answer/6004245?hl=en.

Google Ads

We have integrated Google Ads conversion tracking and, where applicable, remarketing functions on our website in order to draw attention to our services on external websites and to determine how successful individual advertising measures are. The provider for users in the European Economic Area and Switzerland is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads may use conversion cookies or similar technologies. This makes it possible to record whether users perform certain actions on our website after clicking an ad, such as contacting us, booking an appointment, or completing another conversion. Google may process technical information, cookie IDs, ad interactions, referrer information, and usage data.

As a general rule, we do not receive any information from Google that allows us to directly identify users. Instead, we receive statistical evaluations to measure the success of our advertising measures. If you are logged into a Google service, Google may associate your visit with your Google account.

The processing takes place only if you have given us your explicit consent via the cookie banner. The legal basis for accessing your device is § 25(1) TDDDG. The legal basis for the subsequent processing of personal data is Art. 6(1)(a) GDPR.

A transfer of personal data to the United States cannot be excluded. Google LLC is certified under the EU-U.S. Data Privacy Framework. In addition, where required, Google relies on the EU Standard Contractual Clauses for international data transfers.

You may withdraw your consent at any time with effect for the future via our cookie consent tool. Further information about Google’s data processing can be found at: https://policies.google.com/privacy?hl=en.

Meta Pixel

If you have given your consent, we have integrated the Meta Pixel provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland, on our website. The Meta Pixel allows us to measure the success of our advertising campaigns on Meta platforms such as Facebook and Instagram and to create target groups for advertising campaigns.

The Meta Pixel may transmit, in particular, the following data to Meta:

• pages or URLs accessed,
• interactions on our website, such as clicks on buttons or form events,
• technical information such as browser, device, screen resolution, and IP address,
• cookie IDs or similar identifiers,
• advertising click IDs if you reached our website via an advertisement.

We configure the Meta Pixel so that no directly identifying information such as name, address, email address, or telephone number, and no health data or information about medications, is actively transmitted to Meta. Nevertheless, Meta may associate the transmitted data with your account, especially if you are logged into Facebook or Instagram, and may process it for its own purposes. We do not have full control over Meta’s further data processing.

The processing takes place only if you have given us your explicit consent via the cookie banner. The legal basis for accessing your device is § 25(1) TDDDG. The legal basis for the subsequent processing of personal data is Art. 6(1)(a) GDPR.

A transfer of personal data to the United States cannot be excluded. Meta Platforms, Inc. is certified under the EU-U.S. Data Privacy Framework. In addition, where required, Meta relies on the EU Standard Contractual Clauses for international data transfers.

You may withdraw your consent at any time with effect for the future via our cookie consent tool. Further information about Meta’s data processing can be found at: https://www.facebook.com/privacy/policy/.

Meta Lookalike Audiences

If you have given your consent, we also use the “Lookalike Audiences” function provided by Meta Platforms Ireland Limited. In this context, event data may be processed that we collect via the Meta Pixel implemented on our website, for example certain interactions or conversion events.

This event data is used to create statistical target groups in order to display advertising campaigns to people who are similar to existing target groups. We make sure that we do not actively transmit directly identifying information such as names or email addresses, or health data or medication-related information, to Meta.

The legal basis for accessing your device is § 25(1) TDDDG. The legal basis for the subsequent processing of personal data is your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future via our cookie consent tool.