Privacy Policy

HOW WE HANDLE YOUR DATA AND YOUR RIGHTS

 

Information in accordance with the legal requirements of data protection law, in particular the German Federal Data Protection Act (BDSG nF) and Articles 13, 14 and 21 of the EU General Data Protection Regulation (GDPR). With the following information, we would like to give you an overview of how we process your personal data and your resulting rights. The specific data processed and how it is used depends primarily on the services requested or agreed upon. Therefore, not all statements contained herein may apply to you.

Furthermore, this privacy policy may be updated from time to time.

Below you will find the version dated October 13, 2025.



WHO IS RESPONSIBLE FOR DATA PROCESSING AND WHOM CAN YOU CONTACT?


The responsible body within the meaning of data protection laws, in particular Article 4 No. 7 of the EU General Data Protection Regulation (GDPR), is:

Foundation for Salutogenesis non-profit GmbH, Barfüßerkloster, 1037581 Bad Gandersheim

Managing Director: Dr. med. Theodor D. Petzold

Tel.: 0049(0)5382 / 9554730Email: info@salutogenese-zentrum.de

Braunschweig Local Court HRB 111244


WHAT TYPES OF DATA DO WE PROCESS?


We process the following personal data that we receive from you in the course of our business relationship:

  • Usage data (access times, websites visited, etc.)
  • Inventory data (name, address, etc.)
  • Contact details (phone number, email, fax, etc.)
  • Communication data (IP address etc.)
  • Payment details (bank details, account details, payment history, etc.)
  • Contract details (subject of the contract, duration, etc.)
  • Content data (text entries, photos, videos, etc.)


PURPOSES OF PROCESSING ACCORDING TO ART. 13 PARA. 1 C) GDPR


We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) and for the following purposes:

  • Handling of contact requests
  • Handling of contracts or agreed services
  • Customer service and customer care
  • Uninterrupted, secure operation of our website
  • Avoiding SPAM and abuse
  • Optimization and statistical evaluation of our services
  • Enabling easy access to the website
  • Technical and economic optimization of the website
  • Creation of statistics

Furthermore, the disclosure of personal data may be necessary in the context of official/judicial measures for the purposes of gathering evidence, prosecution or enforcement of civil claims.


CATEGORIES OF DATA SUBJECTS ACCORDING TO ART. 13 PARA. 1 E) GDPR

The processing affects customers, suppliers, prospective customers, employees and visitors/users of our website.

The individuals affected are collectively referred to as "users".


WHO GETS YOUR DATA?


Inside our house

Primarily, your data will be used by employees responsible for contacting you and for contractual cooperation (including fulfilling pre-contractual measures). We generally do not share your data with third parties without your consent. Should this nevertheless occur, the disclosure will be based on the aforementioned legal grounds, e.g., due to a court order or a legal obligation to disclose the data for the purposes of law enforcement, public safety, or the enforcement of intellectual property rights.


In the context of commissioned data processing

We also use data processors (external service providers, e.g., for web hosting of our websites and databases) to process your data. If data is transferred to these processors within the framework of a data processing agreement, this is always done in accordance with Article 28 of the GDPR. We carefully select our data processors, monitor them regularly, and have reserved the right to issue instructions regarding the data. Furthermore, the data processors must have implemented appropriate technical and organizational measures and comply with the data protection regulations according to the German Federal Data Protection Act (BDSG nF) and the GDPR.


Data transfer to third countries

The adoption of the European General Data Protection Regulation (GDPR) established a uniform basis for data protection in Europe. Your data is therefore primarily processed by companies to which the GDPR applies. Should processing by third-party services outside the European Union or the European Economic Area nevertheless take place, these services must meet the specific requirements of Articles 44 et seq. of the GDPR. This means that processing is based on specific safeguards, such as the EU Commission's officially recognized finding of an adequate level of data protection equivalent to that of the EU, or compliance with officially recognized specific contractual obligations, the so-called "standard contractual clauses." For US companies, compliance with the so-called "Privacy Shield," the data protection agreement between the EU and the USA, fulfills these requirements.


DATA SECURITY


To protect all personal data transmitted to us and to ensure that data protection regulations are observed by us and our external service providers, we have implemented appropriate technical and organizational security measures. Therefore, among other things, all data between your browser and our server is transmitted via a secure SSL connection.


HOW LONG WILL YOUR DATA BE STORED?


We process and store your personal data for as long as this is necessary to fulfill our contractual and legal obligations. If the data is no longer required to fulfill contractual or legal obligations, it is routinely deleted, unless expressly stated otherwise in this privacy policy.

There are exceptions,

  • Insofar as statutory retention obligations must be fulfilled, e.g., the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention or documentation periods stipulated therein are generally six to ten years;
  • for the preservation of evidence within the framework of the statutory limitation periods. According to Sections 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the standard limitation period being 3 years.

When the prescribed retention period expires, your data will be blocked or deleted, unless further storage is necessary for entering into or fulfilling a contract.

If data processing is carried out in the legitimate interest of us or a third party, the personal data will be deleted as soon as this interest no longer exists. The aforementioned exceptions apply in this case.


Provision of our website and creation of log files


  • If you use our website for informational purposes only (i.e., without submitting any information), we only collect the personal data that your browser transmits to our server. When you visit our website, we collect the following data:
  • IP Address;
  • User's internet service provider;
  • Date and time of retrieval;
  • Browser type;
  • Language and browser version;
  • Content of the request;
  • Time zone;
  • Access status/HTTP status code;
  • Data volume;
  • Websites from which the request originates;
  • Operating system.

  • This data will not be stored together with any other personal data of yours.
  • This data serves the purpose of delivering our website to you in a user-friendly, functional and secure manner with its features and content, as well as its optimization and statistical evaluation.
  • The legal basis for this is our legitimate interest in data processing, which is also reflected in the purposes stated above, pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR.
  • For security reasons, we store this data in server log files for a period of 365 days. After this period, it is automatically deleted, unless we need to retain it as evidence in the event of attacks on the server infrastructure or other legal violations.



COOKIES


  • We use so-called cookies when you visit our website. Cookies are small text files that your internet browser places and stores on your computer.
  • Our website only uses so-called session cookies. These are used to recognize repeated use of our website by the same user (e.g., to determine your login status after you have logged in). When you revisit our site, these cookies provide information to automatically recognize you. The information obtained in this way is used to provide you with easier and more secure access to our website. Session cookies are deleted when you close your browser or log out.
  • The legal basis for this processing is Article 6(1)(f) GDPR. We use a content management system (Typo3) to operate our website, which does not function effectively without session cookies.
  • Objection to the use of cookies: You can prevent cookies from being set at any time by adjusting the settings of your internet browser and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers; please refer to your browser's user manual or help function for instructions. If you deactivate the setting of cookies in your internet browser, our website may no longer function correctly (see section 1).


CONTACT US VIA CONTACT FORM / EMAIL / FAX / POST


  • When you contact us via contact form, fax, post or email, your information will be processed for the purpose of handling your contact request.
  • The legal basis for processing your data, if you have given your consent, is Article 6(1)(a) GDPR. The legal basis for processing data transmitted in the course of a contact request, email, letter, or fax is Article 6(1)(f) GDPR. The controller has a legitimate interest in processing and storing the data in order to respond to user inquiries, for evidentiary purposes in case of liability claims, and to comply with any legal retention obligations for business correspondence. If the contact aims at concluding a contract, the additional legal basis for processing is Article 6(1)(b) GDPR.
  • We may store your information and contact request in our Customer Relationship Management system (“CRM system”) or a comparable system.
  • The data will be deleted as soon as it is no longer required for the purpose for which it was collected. For personal data from the contact form and data sent via email, this is the case when the respective conversation with you has ended. A conversation is considered ended when it is clear from the circumstances that the matter in question has been resolved. We store inquiries from users who have an account or contract with us for up to two years after the contract ends. In the case of statutory archiving obligations, deletion occurs after their expiry: the end of the commercial (6 years) and tax-related (10 years) retention periods.
  • You have the right to withdraw your consent to the processing of your personal data at any time, in accordance with Article 6(1)(a) of the GDPR. If you contact us by email, you can object to the storage of your personal data at any time.


CONTACT US BY PHONE


  • When you contact us by phone, your phone number is processed to handle your inquiry and is temporarily stored or displayed in the RAM/cache of your phone/display. This storage is for liability and security reasons, to provide proof of the call, and for business reasons, to enable a callback. In the case of unsolicited advertising calls, we block the phone numbers.
  • The legal basis for processing the telephone number is Article 6(1)(f) GDPR. If the contact aims at concluding a contract, the additional legal basis for processing is Article 6(1)(b) GDPR.
  • The device cache stores call logs for approximately 100 days, successively overwriting or deleting older data. When the device is disposed of, all data is erased and the storage medium may be physically destroyed. Blocked phone numbers are reviewed annually to determine if the block is still necessary.

You can prevent your phone number from being displayed by calling with a suppressed phone number.


CONTRACT PROCESSING


  • We process inventory data (e.g., company name, title/academic degree, names and addresses, and contact details of users, email address), contract data (e.g., services used, names of contact persons), and payment data (e.g., bank details, payment history) for the purpose of fulfilling our contractual obligations (knowing who the contractual partner is; establishing, defining the content of, and processing the contract; verifying the plausibility of the data) and providing services (e.g., customer service contact) in accordance with Article 6 Paragraph 1 Sentence 1 Letter b) GDPR. Entries marked as mandatory in online forms are required for the conclusion of the contract.
  • We do not generally pass on this data to third parties, unless it is necessary for the enforcement of our claims (e.g. transfer to a lawyer for debt collection) or for the fulfillment of the contract (e.g. transfer of data to payment providers) or there is a legal obligation to do so pursuant to Art. 6 para. 1 sentence 1 lit. c) GDPR.
  • We may also process the data you provide to inform you about other interesting products from our portfolio or to send you emails with technical information.
  • The data will be deleted as soon as it is no longer required for the purpose for which it was collected. For inventory and contract data, this is the case when the data is no longer needed for the performance of the contract and no further claims can be asserted under the contract because they have expired (warranty: two years / standard limitation period: three years). Due to commercial and tax law requirements, we are obligated to store your address, payment, and order data for a period of ten years. However, after three years following contract termination, we restrict the processing of this data, meaning it will only be used to comply with legal obligations. Information in the user account will remain until the account is deleted.


NEWSLETTER 


  • You can subscribe to our newsletter by voluntarily entering your email address. This is the only required information. Providing any further information is voluntary and is used solely for the purpose of personalizing our communications with you. We use the so-called "double opt-in" procedure for registration. After registering with your email address, you will receive a confirmation email from us containing a link to confirm your subscription. Clicking this confirmation link will add your email address to the newsletter mailing list and store it for the purpose of sending you emails. If you do not click the confirmation link within 24 hours, your registration data will be blocked and automatically deleted after 30 days.
  • In addition, we log your IP address used during registration, as well as the date and time of the double opt-in (registration and confirmation). The purpose of this storage is to fulfill legal requirements regarding proof of your registration and to prevent misuse of your email address.
  • As part of your declaration of consent, the content (e.g., advertised products/services, offers, advertising and topics) of the newsletter is specifically described.
  • We use the email service provider Mailchimp (The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Atlanta, GA 30308, USA) for sending emails. You can find the service provider's privacy policy at https://mailchimp.com/legal/privacy/. We have concluded a data processing agreement with the service provider in accordance with Article 28 of the GDPR.
  • When sending our newsletter, we analyze your user behavior. The newsletters contain so-called "web beacons" or "tracking pixels" that are activated when you open the newsletter. For this analysis, we link the web beacons to your email address and a unique ID. Links in the newsletter also contain this ID. The data is collected exclusively in pseudonymized form; the IDs are not linked to your other personal data, thus preventing any direct identification of individuals. This data allows us to determine if and when you opened the newsletter and which links within it were clicked. This serves the purpose of optimizing and statistically evaluating our newsletter.
  • The legal basis for sending the newsletter, measuring its success and storing the email address is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR in conjunction with § 7 para. 2 no. 3 UWG and for logging the consent Art. 6 para. 1 sentence 1 lit. f) GDPR, as this serves our legitimate interest in legal proof.
  • You can opt out of tracking at any time by clicking the unsubscribe link at the bottom of the newsletter. However, this will also terminate your newsletter subscription. If you disable image display in your email software, tracking is also not possible. However, this may limit the newsletter's functionality, and any images it contains will not be displayed.
  • You can withdraw your consent to receive the newsletter at any time. You can do this by clicking the unsubscribe link at the end of the newsletter, by sending an email, or by contacting us using the contact details above. We store your data for as long as you are subscribed to the newsletter. After you unsubscribe, your data will only be stored anonymously for statistical purposes.


LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA


  • If we have obtained your consent for the processing of personal data, the legal basis is Art. 6 para. 1 sentence 1 lit. a) GDPR.
  • If the processing is necessary for the performance of a contract or for taking steps at your request prior to entering into a contract, the legal basis is Art. 6 para. 1 sentence 1 lit. b) GDPR.
  • If processing is necessary for compliance with a legal obligation to which we are subject (e.g. statutory retention obligations), then Art. 6 para. 1 sentence 1 lit. c) GDPR is the legal basis.
  • If processing is necessary to protect the vital interests of the data subject or of another natural person, then Article 6(1)(d) GDPR is the legal basis.
  • If the processing is necessary to protect our legitimate interests or those of a third party, and your interests or fundamental rights and freedoms do not override these interests, then Article 6(1)(f) GDPR is the legal basis.


WHAT DATA PROTECTION RIGHTS DO YOU HAVE?


Right to object to or withdraw your consent to the processing of your data

Insofar as the processing is based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a), Art. 7 GDPR, you have the right to withdraw your consent at any time. The lawfulness of the processing carried out on the basis of the consent until its withdrawal remains unaffected.

Insofar as we base the processing of your personal data on the balancing of interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR, you may object to the processing. This is the case, in particular, if the processing is not necessary for the performance of a contract with you, which we will explain in the following description of the functions. When exercising such an objection, please state the reasons why we should not process your personal data as we have been doing. In the event of your justified objection, we will review the situation and either cease or adjust the data processing or demonstrate to you our compelling legitimate grounds for continuing the processing.

You can object to the processing of your personal data for advertising and data analysis purposes at any time. You can exercise your right to object free of charge. You can inform us of your objection to advertising using the following contact details:

Foundation for Salutogenesis non-profit GmbH, Barfüßerkloster, 1037581 Bad Gandersheim

Tel.: 0049(0)5382 / 9554730Email: info@salutogenese-zentrum.de

You also have the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, and the right to data portability under Article 20 GDPR.

The right to information and the right to erasure may be subject to restrictions pursuant to Sections 34 and 35 of the German Federal Data Protection Act (BDSG).

Furthermore, you have the right to lodge a complaint with a competent data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG). The supervisory authority responsible for us is:

The State Commissioner for Data Protection of Lower Saxony, Prinzenstraße 5, 30159 Hannover, Tel. 0511 120-4500, Fax 0511 120-4599, Contact: poststelle@lfd.niedersachsen.de



IS THERE AN OBJECTION TO PROVIDE DATA?

As part of the contractual relationship, you must provide the personal data necessary for the establishment, execution, and termination of the contractual relationship and for fulfilling the associated contractual obligations, or which we are legally obligated to collect. Without this data, we will generally be unable to conclude or perform the contract with you.

Stand: 03.12.2018

This privacy policy was created using the sample privacy policy from JuraForum.de and the free customer information letter generator from activeMind AG (version: 2018-07-31).