Datenschutzerklärung

I. The Handling of Your Data

General Information on Data Processing

Subject Matter of Data Protection

The subject matter of data protection is personal data. According to European law (the General Data Protection Regulation (GDPR)) and German law (the Federal Data Protection Act (BDSG)), these are all pieces of information that relate to an identified or identifiable natural person and thus permit inferences about their personality. This includes, for example, details such as name, postal address, email address, or telephone number, but can also include usage data such as IP addresses.

Scope of Processing

We generally process personal data about you only to the extent necessary to provide a functional website as well as our content and services. Your personal data is usually processed based on your consent. Exceptions apply for the fulfillment of a contract, for processing required by legal provisions, to protect vital interests of the data subject, for reasons of public interest, or to safeguard a legitimate interest of the controller.

Legal Basis for Processing

Where we obtain the data subject’s consent for processing operations involving personal data, Art. 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis. For the processing of personal data necessary for the performance of a contract to which the data subject is party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures. Where processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6(1)(c) GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6(1)(d) GDPR serves as the legal basis. For the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority, Art. 6(1)(e) GDPR serves as the legal basis. If the processing is necessary for the purposes of legitimate interests pursued by our company or a third party, and such interests are not overridden by the interests, fundamental rights, and freedoms of the data subject, Art. 6(1)(f) GDPR serves as the legal basis for the processing.

Data Erasure and Storage Period

The personal data of the data subject will be erased or blocked as soon as the purpose of storage ceases to apply. Storage may also occur if this is provided for by European or national legislators in EU regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or erased when a storage period prescribed by these regulations expires, unless there is a necessity for further storage of the data for entering into or fulfilling a contract.

Definitions

The privacy policy of bodyphoton.com is based on the terminology used by the European legislator when issuing the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for both the public and our customers and business partners. To ensure this, we would like to explain the terminology used in advance. In this privacy policy, we use the following terms, among others:

• Personal data: All information relating to an identified or identifiable natural person.
• Data subject: Any identified or identifiable natural person whose personal data is processed.
• Processing: Any operation related to personal data, such as collecting, storing, processing, transmitting, etc.
• Restriction of processing: The marking of stored personal data with the aim of limiting their future processing.
• Profiling: Automated processing of personal data to evaluate certain personal aspects.
• Pseudonymization: Processing of personal data in such a way that they can no longer be attributed to a specific person without additional information.
• Controller: The natural or legal person who decides on the purposes and means of processing personal data.
• Processor: A natural or legal person who processes personal data on behalf of the controller.
• Recipient: Any natural or legal person to whom personal data is disclosed.
• Third party: Any natural or legal person, public authority, agency, or other body that does not fall under the direct responsibility of the controller.
• Consent: The voluntary, informed, and unequivocal indication of the data subject’s wishes by which they agree to the processing of their personal data.

IP Addresses

As a rule, your provider currently assigns an IP address dynamically. This address usually changes regularly, so we cannot derive any personal reference from the IP address. In individual cases (e.g., with static IP addresses), it would theoretically be possible to establish a personal reference. However, as a provider, we have no interest in establishing a personal reference and will generally not do so. Specifically, each retrieval by your device (PC, mobile phone, etc.) normally stores the following dataset:

• IP address of the requesting device
• Operating system of the requesting device
• Browser version of the requesting device
• Name of the requested file
• Date and time of the request
• Transferred data volume
• Referring URL

The stored data is evaluated only for statistical purposes and not to establish a concrete personal reference. They also serve to identify you with your browser and to allow for error correction. Dynamically assigned IP addresses are deleted immediately, but no later than after seven days. Once IP addresses are deleted, we can no longer establish any personal reference.

Cookies

This website uses cookies. Cookies are small text files that are stored on your device by your browser. They allow user interactions and enable additional functions during your visit to these webpages. For example, we analyze via cookies which pages are accessed particularly frequently, which search terms are used, etc. (“web tracking”). You can prevent the analysis of usage behavior and the use of cookies by blocking cookies for this domain in your browser settings. Alternatively, you can delete cookies in your browser on a case-by-case basis or periodically to prevent or limit an analysis of your usage behavior.

Storage Duration

The criterion for the duration of storage of personal data beyond the respective purpose is the statutory retention period. After this period expires, the relevant data is routinely deleted, provided it is no longer required for the fulfillment or initiation of a contract.

II. Rights of Users and Data Subjects

Rights of the Data Subject

a) Right to Confirmation

Every data subject has the right under the GDPR to obtain from the controller confirmation as to whether personal data concerning them is being processed. If a data subject wishes to exercise this right of confirmation, they can contact Advanced Health Technologies GmbH at any time.

b) Right of Access

Every data subject has the right to obtain information at any time and free of charge about the personal data stored about them, and to receive a copy of this information. This includes, among other things, the following information:

• The purposes of the processing
• The categories of personal data that are processed
• The recipients or categories of recipients to whom the personal data has been or will be disclosed – particularly in the case of recipients in third countries or international organizations
• Where possible, the planned storage period or the criteria used to determine that period
• The existence of a right to rectification or erasure, or restriction of processing
• The existence of a right to lodge a complaint with a supervisory authority
• If the data has not been collected from the data subject: all available information about the origin of the data
• The existence of automated decision-making, including profiling, along with meaningful information about the logic involved and the scope and intended effects of this processing

The data subject also has the right to know whether personal data has been transferred to a third country or an international organization, and if so, to obtain information about the appropriate safeguards. To exercise this right, the data subject may contact Advanced Health Technologies GmbH at any time.

c) Right to Rectification

Every data subject has the right to demand the immediate rectification of inaccurate personal data concerning them, as well as the completion of incomplete data – including by means of a supplementary statement. To assert this right, the data subject may contact any employee of the controller at any time.

d) Right to Erasure (Right to Be Forgotten)

Every data subject has the right to demand that the personal data concerning them be erased if one of the following reasons applies and processing is no longer necessary:

• The data is no longer necessary for the purposes for which it was collected.
• The data subject withdraws their consent, and there is no other legal basis for processing.
• The data subject objects to processing, and there are no overriding legitimate grounds for processing.
• The data was processed unlawfully.
• Erasure is required to fulfill a legal obligation.
• The data was collected in relation to information society services.

If one of these reasons applies and the data subject wishes to request the erasure of personal data, they can contact an employee of Advanced Health Technologies GmbH at any time. The employee will ensure that the request for erasure is complied with promptly. If the data has been made public, reasonable measures will be taken, taking into account available technology, to inform third parties to cease further processing.

e) Right to Restriction of Processing

The data subject has the right, under certain conditions, to demand the restriction of processing. This can apply if:

• The accuracy of the data is contested and needs to be checked.
• The processing is unlawful, but the data subject opposes erasure and instead requests the restriction of use.
• The data is no longer needed for the purposes of processing, but the data subject requires it to establish, exercise, or defend legal claims.
• An objection has been filed under Art. 21(1) GDPR and it is not yet clear whether the legitimate interests prevail.

To enforce this right, the data subject can contact an employee of Advanced Health Technologies GmbH at any time.

f) Right to Data Portability

The data subject has the right to receive the personal data concerning them that they have provided, in a structured, commonly used, and machine-readable format, and to transmit this data to another controller, provided the processing is based on consent or on a contract. In addition, the direct transmission of data from one controller to another may be requested, where technically feasible.

To exercise this right, the data subject may contact Advanced Health Technologies GmbH at any time.

g) Right to Object

Every data subject has the right, for reasons arising from their particular situation, to object at any time to the processing of their personal data when this is based on Art. 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions. In the event of an objection, Advanced Health Technologies GmbH will cease processing the data unless we can demonstrate compelling legitimate grounds for the processing that override the data subject’s interests, rights, and freedoms.

h) Automated Individual Decision-Making, Including Profiling

The data subject has the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning them or similarly significantly affects them, provided the decision is not necessary for entering into or performing a contract or is not permitted by law. If an automated decision is made, appropriate measures will be taken to safeguard the data subject’s rights.

To assert this right, the data subject may contact an employee of Advanced Health Technologies GmbH at any time.

i) Right to Withdraw Consent under Data Protection Law

The data subject has the right to withdraw consent to the processing of personal data at any time. To exercise this right, the data subject may contact an employee of Advanced Health Technologies GmbH at any time.

III. Information on Data Processing

Subscribing to Our Newsletter

The website of Advanced Health Technologies GmbH offers users the opportunity to subscribe to our company’s newsletter. Which personal data is transmitted when ordering the newsletter can be seen from the input form used. Advanced Health Technologies GmbH regularly informs its customers and business partners about the company’s offers. In principle, the newsletter can only be received if (1) the data subject has a valid email address and (2) they register for the newsletter. A confirmation email is sent to the email address entered for the first time as part of the double opt-in procedure.

When registering for the newsletter, we also store the IP address assigned by the Internet service provider (ISP) of the computer system used and the date and time of registration. This data serves as legal protection and to allow us to trace any possible misuse. The data collected is used exclusively for sending the newsletter. It is possible to unsubscribe from the newsletter at any time, for example via a corresponding link in each newsletter or directly via our website.

Email

If you send us an email, we will store it until your inquiry has been handled or until any legal retention periods expire. We ensure that the data is protected against unauthorized access by third parties. Please note that unencrypted emails are not sufficiently protected against unauthorized access. Alternatively, you can use our secure contact form (SSL standard).

Contact Option via the Website

Our website contains information enabling a quick electronic contact to Advanced Health Technologies GmbH, including a general email address. If personal data is transmitted via email or a contact form, this data is stored for the purpose of processing and contacting you. It will not be passed on to third parties.

No Profiling

As a responsible company, we refrain from automatic decision-making or profiling.

IV. Final Provisions

Changes to Our Privacy Policy

To ensure that our privacy policy always complies with current legal requirements, we reserve the right to make changes – also in the event of new or revised services. The new privacy policy will then apply on your next visit.

The Security of Your Data

The data you transmit is protected by appropriate technical and organizational measures to prevent manipulation, loss, destruction, or unauthorized access. Our security measures are continuously reviewed and improved.

Liability for Content

The content of our web pages is intended for general information and not for advice in specific cases. We strive for accuracy and timeliness, but assume no responsibility for completeness, timeliness, or quality. Liability only arises from the point in time at which we become aware of a specific legal violation.

Liability for Links

We are not responsible for the content of websites that can be accessed via hyperlinks. The respective providers are solely responsible for these contents. We checked the linked content at the time of the initial connection but do not undertake ongoing monitoring.

Copyright

The content created by Advanced Health Technologies GmbH is subject to German copyright law. Contributions by third parties are marked as such. Any duplication or use requires the written consent of the respective author, except for private purposes.

Right to Lodge a Complaint with the Supervisory Authority

You have the right under Art. 77 GDPR to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is unlawful. The competent authority for our location is the Hessian Data Protection Officer:

Controller and Service Provider

The controller within the meaning of the Federal Data Protection Act (BDSG) and the General Data Protection Regulation (GDPR), as well as the service provider within the meaning of the Telemedia Act (TMG), is: