Privacy Policy

OUR HANDLING OF YOUR DATA AND YOUR RIGHTS

 

Information in accordance with the statutory requirements of data protection law, in particular the new version of the German Federal Data Protection Act (BDSG) and Articles 13, 14, and 21 of the EU General Data Protection Regulation (GDPR). With the following information, we would like to provide you with an overview of how we process your personal data and your resulting rights. Which data is processed and how it is used depends largely on the services requested or agreed upon. Therefore, not all statements contained herein may apply to you.

In addition, this privacy information may be updated from time to time.

Below you will find the version from October 13, 2025.



WHO IS RESPONSIBLE FOR DATA PROCESSING AND WHO CAN YOU CONTACT?


The responsible body within the meaning of data protection laws, in particular Article 4(7) of the EU General Data Protection Regulation (GDPR), is:

Foundation for Salutogenesis, non-profit GmbH, Barfüßerkloster, 1037581 Bad Gandersheim

Managing Director: Dr. Theodor D. Petzold

Tel.: 0049(0)5382 / 9554730Email: info@salutogenese-zentrum.de

Braunschweig District CourtHRB 111244


WHAT TYPES OF DATA DO WE PROCESS?


We process the following personal data that we receive from you as part of our business relationship:

  • Usage data (access times, websites visited, etc.)
  • Inventory data (name, address, etc.)
  • Contact details (phone number, email, fax, etc.)
  • Communication data (IP address, etc.)
  • Payment data (bank details, account details, payment history, etc.)
  • Contract data (subject of the contract, term, etc.)
  • Content data (text entries, photos, videos, etc.)


PURPOSES OF PROCESSING ACCORDING TO ART. 13 PARA. 1 C) GDPR


We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) and for the following purposes:

  • Processing of contact requests
  • Processing of contracts or agreed services
  • Customer service and customer care
  • Uninterrupted, secure operation of our website
  • Avoiding SPAM and abuse
  • Optimization and statistical evaluation of our services
  • Enabling easy access to the website
  • Technical and economic optimization of the website
  • Creation of statistics

In addition, the disclosure of personal data may be necessary in the context of official/judicial measures for the purposes of gathering evidence, criminal prosecution or enforcement of civil law claims.


CATEGORIES OF DATA SUBJECTS ACCORDING TO ART. 13 PARA. 1 E) GDPR

Customers, suppliers, interested parties, employees and visitors/users of our website are affected by the processing.

The data subjects are collectively referred to as “users”.


WHO GETS YOUR DATA?


Within our house

Primarily, employees who are responsible for contacting you and for contractual cooperation (including the fulfillment of pre-contractual measures). We generally do not share data with third parties without your consent. Should this be the case, the data will be shared on the basis of the aforementioned legal grounds, e.g., due to a court order or a legal obligation to disclose the data for the purposes of criminal prosecution, threat prevention, or the enforcement of intellectual property rights.


Within the scope of order processing

We also use processors (external service providers, e.g., for web hosting our websites and databases) to process your data. If data is transferred to the processors as part of a data processing agreement, this always occurs in accordance with Art. 28 GDPR. We carefully select our processors, monitor them regularly, and have been granted the right to issue instructions regarding the data. Furthermore, the processors must have implemented appropriate technical and organizational measures and comply with the data protection regulations in accordance with the new version of the German Federal Data Protection Act (BDSG) and the GDPR.


Data transfer to third countries

The adoption of the European General Data Protection Regulation (GDPR) created a uniform basis for data protection in Europe. Your data will therefore primarily be processed by companies to which the GDPR applies. Should processing take place by third-party services outside the European Union or the European Economic Area, these third-party services must meet the specific requirements of Art. 44 et seq. GDPR. This means that processing is carried out on the basis of special guarantees, such as the EU Commission's officially recognized determination of a data protection level equivalent to that of the EU or compliance with officially recognized specific contractual obligations, the so-called "standard contractual clauses." For US companies, submission to the so-called "Privacy Shield," the data protection agreement between the EU and the US, fulfills these requirements.


DATA SECURITY


To protect all personal data transmitted to us and to ensure that we and our external service providers adhere to data protection regulations, we have taken appropriate technical and organizational security measures. This is why, among other things, all data between your browser and our server is transmitted encrypted via a secure SSL connection.


HOW LONG WILL YOUR DATA BE STORED?


We process and store your personal data as long as necessary to fulfill our contractual and legal obligations. If the data is no longer required to fulfill contractual or legal obligations, it will be regularly deleted, unless expressly stated otherwise in this privacy policy.

Exceptions arise,

  • To the extent that statutory retention obligations must be met, e.g., the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods specified therein are generally six to ten years;
  • to preserve evidence within the framework of the statutory limitation periods. According to Sections 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being 3 years.

When the prescribed retention period expires, your data will be blocked or deleted unless storage is still required for the conclusion or fulfillment of a contract.

If data processing is carried out in the legitimate interest of us or a third party, the personal data will be deleted as soon as this interest no longer exists. The above-mentioned exceptions apply.


PROVISION OF OUR WEBSITE AND CREATION OF LOG FILES


  • If you use our website for informational purposes only (i.e., you do not transmit any information), we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data:
  • IP Address;
  • User’s Internet service provider;
  • Date and time of retrieval;
  • Browser type;
  • Language and browser version;
  • Content of the retrieval;
  • time zone;
  • Access status/HTTP status code;
  • amount of data;
  • Websites from which the request comes;
  • Operating system.

  • This data will not be stored together with your other personal data.
  • This data serves the purpose of delivering our website to you in a user-friendly, functional and secure manner, with functions and content, as well as their optimization and statistical evaluation.
  • The legal basis for this is our legitimate interest in data processing pursuant to Art. 6 (1) (f) GDPR, which also lies in the above purposes.
  • For security reasons, we store this data in server log files for a period of 365 days. After this period, the data is automatically deleted unless we need to retain it for evidentiary purposes in the event of attacks on the server infrastructure or other violations of law.



COOKIES


  • We use cookies when you visit our website. Cookies are small text files that your internet browser saves on your computer.
  • Our website only uses so-called session cookies. They are used to recognize repeated use of an offering by the same user (e.g., if you have logged in to determine your login status). When you visit our site again, these cookies provide information to automatically recognize you. The information obtained in this way is used to provide you with easier and more secure access to our website. When you close your browser or log out, the session cookies are deleted.
  • The legal basis for this processing is Art. 6 (1) (f) GDPR. We use an editorial system (Typo3) to operate our website, which does not function effectively without session cookies.
  • Objection to the use of cookies: You can prevent the setting of cookies at any time by making the appropriate settings in your internet browser, thus permanently denying the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time using an internet browser or other software programs. This is possible in all common internet browsers; please refer to your browser's user manual or help function for more information. If you deactivate the setting of cookies in your internet browser, our website may no longer function correctly (see point 1).


CONTACT US VIA CONTACT FORM / EMAIL / FAX / POST


  • When you contact us via contact form, fax, post or email, your information will be processed for the purpose of processing your contact request.
  • The legal basis for processing the data, provided you have given your consent, is Art. 6 (1) (a) GDPR. The legal basis for processing data transmitted in the course of a contact request or email, letter or fax is Art. 6 (1) (f) GDPR. The controller has a legitimate interest in processing and storing the data in order to be able to answer user inquiries, to preserve evidence for liability reasons and, if necessary, to comply with its statutory retention periods for business letters. If the aim of the contact is to conclude a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.
  • We may store your information and contact request in our Customer Relationship Management System (“CRM System”) or a similar system.
  • The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data from the contact form input mask and that sent via email, this is the case when the respective conversation with you has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. We store inquiries from users who have an account or contract with us for a period of two years after the contract has ended. In the case of statutory archiving obligations, deletion occurs after these expiration: end of the retention period under commercial law (6 years) and tax law (10 years).
  • You have the right to revoke your consent to the processing of your personal data at any time, in accordance with Art. 6 (1) (a) GDPR. If you contact us by email, you can withdraw your consent to the storage of your personal data at any time.


CONTACT US BY PHONE


  • When you contact us by phone, your telephone number will be processed to process your contact request and its handling. It will be temporarily stored or displayed in the RAM/cache of your phone/display. This storage is done for liability and security reasons, to provide evidence of the call, and for economic reasons, to enable a return call. In the event of unauthorized advertising calls, we will block the phone number.
  • The legal basis for processing the telephone number is Art. 6 (1) (f) GDPR. If the contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.
  • The device cache stores calls for approximately 100 days and gradually overwrites or deletes old data. When the device is disposed of, all data is deleted and the memory may be destroyed. Blocked phone numbers are reviewed annually to determine whether blocking is necessary.

You can prevent the phone number from being displayed by calling with a withheld number.


PROCESSING CONTRACTS


  • We process inventory data (e.g., company, title/academic degree, names and addresses as well as contact details of users, email), contract data (e.g., services used, names of contact persons), and payment data (e.g., bank details, payment history) for the purpose of fulfilling our contractual obligations (knowledge of the contractual partner; justification, content, and execution of the contract; checking the plausibility of the data) and services (e.g., contacting customer service) in accordance with Art. 6 (1) (b) GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.
  • As a general rule, this data will not be passed on to third parties unless it is necessary to pursue our claims (e.g. handing over to a lawyer for debt collection) or to fulfill the contract (e.g. handing over the data to a payment provider) or there is a legal obligation to do so in accordance with Art. 6 (1) (c) GDPR.
  • We may also process the data you provide to inform you about other interesting products from our portfolio or to send you emails with technical information.
  • The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for inventory and contract data when the data is no longer required to execute the contract and no further claims arising from the contract can be asserted because they have expired (warranty: two years / standard limitation period: three years). Due to commercial and tax law requirements, we are obliged to store your address, payment, and order data for a period of ten years. However, upon termination of the contract after three years, we restrict processing; this means your data will only be used to comply with legal obligations. Information in the user account will remain until it is deleted.


NEWSLETTER 


  • You can subscribe to our newsletter with your voluntary consent by entering your email address. Only this is required. Providing further data is voluntary and serves only for the purpose of personal contact. We use the so-called "double opt-in process" for registration. After registering with your email address, you will receive an email from us with a confirmation link to confirm your registration. If you click this confirmation link, your email address will be added to the newsletter distribution list and saved for the purpose of sending emails. If you do not click the confirmation link within 24 hours, your registration data will be blocked and automatically deleted after 30 days.
  • We also log the IP address you used during registration, as well as the date and time of the double opt-in (registration and confirmation). The purpose of this storage is to fulfill legal requirements regarding proof of registration and to prevent misuse of your email address.
  • As part of your declaration of consent, the contents (e.g. advertised products/services, offers, advertising and topics) of the newsletter will be described in detail.
  • We use the service provider Mailchimp (The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Atlanta, GA 30308, USA) to send emails. The service provider's privacy policy can be found at https://mailchimp.com/legal/privacy/. We have concluded a data processing agreement with the service provider in accordance with Art. 28 GDPR.
  • When sending the newsletter, we evaluate your user behavior. The newsletters contain so-called "web beacons" or "tracking pixels," which are called up when the newsletter is opened. For this purpose, we link the web beacons to your email address and a unique ID. Links received in the newsletter also contain this ID. The data is collected exclusively in a pseudonymized form; the IDs are not linked to your other personal data, and direct personal reference is excluded. With this data, we can determine whether and when you opened the newsletter and which links in the newsletter were clicked. This serves the purpose of optimizing and statistically evaluating our newsletter.
  • The legal basis for sending the newsletter, measuring success and storing the email is your consent in accordance with Art. 6 (1) (a) GDPR in conjunction with Section 7 (2) No. 3 UWG and for logging the consent Art. 6 (1) (f) GDPR, as this serves our legitimate interest in legal evidence.
  • You can opt out of tracking at any time by clicking the unsubscribe link at the end of the newsletter. Doing so will also stop your newsletter subscription. If you disable the display of images in your email software, tracking will also be impossible. However, this may limit the functionality of the newsletter, and images contained within will not be displayed.
  • You can revoke your consent to receive the newsletter at any time. You can do so by clicking the unsubscribe link at the end of the newsletter, sending an email, or notifying us using the contact details above. We will store your data for as long as you are subscribed to the newsletter. After unsubscribing, your data will only be stored anonymously for statistical purposes.


LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA


  • If we have obtained your consent to process personal data, Art. 6 (1) (a) GDPR is the legal basis.
  • If processing is necessary to fulfill a contract or to carry out pre-contractual measures taken at your request, Art. 6 (1) (b) GDPR is the legal basis.
  • If processing is necessary to fulfill a legal obligation to which we are subject (e.g. statutory retention periods), Art. 6 (1) (c) GDPR is the legal basis.
  • If processing is necessary to protect the vital interests of the data subject or another natural person, Art. 6 (1) (d) GDPR is the legal basis.
  • If processing is necessary to protect our legitimate interests or the legitimate interests of a third party and your interests or fundamental rights and freedoms do not override them, Art. 6 (1) (f) GDPR is the legal basis.


WHAT DATA PROTECTION RIGHTS DO YOU HAVE?


Right to object or withdraw consent to the processing of your data

To the extent that the processing is based on your consent pursuant to Art. 6 (1) (a) GDPR, Art. 7 GDPR, you have the right to revoke your consent at any time. This does not affect the legality of the processing carried out on the basis of your consent until the revocation.

If we base the processing of your personal data on the balancing of interests pursuant to Art. 6 (1) (f) GDPR, you can object to the processing. This is the case, in particular, if the processing is not necessary to fulfill a contract with you, which we will explain in the following description of the functions. If you exercise such an objection, we ask you to explain the reasons why we should not process your personal data as we do. If your objection is justified, we will examine the situation and will either stop or adapt the data processing or explain to you our compelling legitimate reasons on the basis of which we continue the processing.

You can object to the processing of your personal data for advertising and data analysis purposes at any time. You can exercise your right of objection free of charge. You can inform us of your objection to advertising using the following contact details:

Foundation for Salutogenesis, non-profit GmbH, Barfüßerkloster, 1037581 Bad Gandersheim

Tel.: 0049(0)5382 / 9554730Email: info@salutogenese-zentrum.de

You also have the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR and the right to data portability under Article 20 GDPR.

The right to information and the right to erasure may be subject to restrictions under Sections 34 and 35 of the Federal Data Protection Act (BDSG).

Furthermore, you have the right to lodge a complaint with a competent data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG). The supervisory authority responsible for us is:

The State Commissioner for Data Protection of Lower Saxony Prinzenstraße 5 30159 Hannover Tel. 0511 120-4500 Fax 0511 120-4599 Contact: poststelle@lfd.niedersachsen.de



IS THERE AN OBLIGATION TO PROVIDE DATA?

As part of the contractual relationship, you must provide the personal data that is necessary for the initiation, execution, and termination of the contractual relationship and for the fulfillment of the associated contractual obligations, or which we are legally obligated to collect. Without this data, we will generally not be able to conclude or execute the contract with you.

Stand: 03.12.2018

This privacy policy was created using the sample privacy policy from JuraForum.de and the free customer information letter generator from activeMind AG (version: 2018-07-31).